[VIM] arfis: automated grep-and-gripe

Steven M. Christey coley at mitre.org
Tue Sep 18 19:12:33 UTC 2007

Hey Jericho,

Turns out that all our lost sleep was not in vain.

  the "arfis project", a simple perl script. It automatically
  downloads and extract PHP projects from sourceforge.net and checks
  for Remote File Inclusion vulnerabilities. It then post's the
  potential (now it's -potential-, cause the script is in an early
  stadium) vuln to this blog.


CVE has picked up some of these and disputed a chunk of 'em, but some
appear legit.  At this instant, I'm of the mindset of de-prioritizing
them as unreliable, but neither do I like the upward trend of
increasing numbers of disputes.

- Steve

More information about the VIM mailing list