[VIM] Re: Diabolic Crab history

security curmudgeon jericho at attrition.org
Wed May 25 01:23:48 EDT 2005

: The tarinasworld example is already noted with a question mark in CVE 
: (CAN-2005-0994), but thanks for the info on storelocator_submit.asp not 
: being in ProductCart (CAN-2005-0995).  I've since updated CAN-2005-0995 
: accordingly.

tarinasworld is due to him auditing a live site and finding a 
vulnerability on it.. something that he, Lostmon and several others are 
doing frequently. this is a real bother to me as many of the 
vulnerabilities may be found in modified/custom versions like we've seen. 

so the tarinasworld issue he reported is only vulnerable on a single site 
on the net probable. being site specific, we don't include it.

if the vulnerability lies in the journal code distributed with the 
package, he didn't clearly identify that.

More information about the VIM mailing list