[VIM] ListMessenger dispute CVE-2006-3692
smoore at securityglobal.net
Tue Jul 25 23:16:33 EDT 2006
Matt Simpson (author of ListMessenger) wrote to say that the xoron
posting regarding an include file vuln in ListMessenger is false.
He pointed to line 26 of listmessenger.php:
$lm_path = "/my/full/path/to/listmessenger/directory/";
Code inspection confirms that lm_path is defined to be a local file
before it is used in any include statement.
Perhaps this is a site-specific bug. Sound familiar?
We've asked xoron for clarification.
More information about the VIM