[VIM] Bogus RFI Reports Getting Out of Hand

security curmudgeon jericho at attrition.org
Mon Jan 8 02:02:48 EST 2007

I know we're all getting tired of them, but this one takes the cake so 

Fri Jun 16 2006
(1) path/action.php, and to files in path/nucleus including (2) media.php, 
(3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php

Sat Jun 17 2006
Demonstrated that the vulnerability is bogus.

Mon Oct 30 2006

Mon Oct 30 2006
Demonstrated (again) that the vulnerability is bogus.

So not only is it fake, it was previously disclosed and debunked, and 
these people still don't get it...

I swear, Bugtraq moderators should seriously consider blocking any RFI 
disclosure from hotmail.com. Would save us a lot of time.

More information about the VIM mailing list