[VIM] Phpauction GPL security vulnerability question

security curmudgeon jericho at attrition.org
Mon Jul 18 02:57:25 EDT 2005


On July 08, 2005, a security researched named Diabolic Crab posted a
security advisory related to the Phpauction GPL product. You can find the 
full advisory and various vulnerability database entries at the following:


Based on the original report, it appears that some of these issues may not 
be accurate. The main two that stand out from this advisory are:

   Cross Site Scripting

   Cross Site Scripting

The login.php appears to be the PHPAUCTION web site client login, and not 
necessarily part of the Phpauction software package. The viewnews.php 
script appears to be the PHPAUCTION web site news links for clients as 
well, and likely not part of the Phpauction package.

Can you confirm these two scripts are not part of the Phpauction software? 
Can you also confirm the other vulnerabilities listed in the advisory?

Thank you!


More information about the VIM mailing list