[VIM] vendor dispute for CVE-2006-0669

Stuart Moore smoore at securityglobal.net
Mon Feb 20 00:58:24 EST 2006


Regarding CVE-2006-0669 and SecurityTracker 1015600, the vendor disputes 
the SQL injection claim and indicates that GA Forum Light does not use 
an SQL database (it uses flat files).  I looked through the code and the 
behavior that was originally reported by Dj_Eyes From Crouz Security 
Team appears to be a vbscript parsing error instead of an SQL injection 

We've just written to Dj_Eyes for additional information, but I'm pretty 
sure we'll be able to close this out as an incorrect report.


Stuart Moore
SecurityGlobal.net LLC
smoore at securityglobal.net
+1 301 495 5930 voice
+1 413 691 4346 fax

More information about the VIM mailing list