[VIM] Vulnerability fixed in E-gold (fwd)
Steven M. Christey
coley at linus.mitre.org
Wed Mar 22 19:49:31 EST 2006
On Wed, 22 Mar 2006, security curmudgeon wrote:
> : > I know the VDB's don't track site specific bugs for the most part
> OSVDB is fairly sure that tracking them is important, and will do it at
> some point.
Since this thread started, I'm manually recording new issues as they come
across Bugtraq or other CVE sources, but there aren't a lot so far. You
have a lot more.
> Another big issue. www.example.com is reported as being prone to an XSS or
> SQL injection. The real question is.. is it code they generated, or do
> they use an underlying commercial package that has the vuln? This is
> probably one of the biggest turnoffs for tracking such vulns, especially
> given the lack of detail/research seen in many disclosures.
Makes sense, but we're already seeing this quite a bit even in the
"publicly distributed software" world. Definitely seems like it would be
much worse in the site-specific world.
More information about the VIM