[VIM] arfis: automated grep-and-gripe
str0ke at milw0rm.com
Tue Sep 18 19:27:41 UTC 2007
I received a bunch of these as well. Out of 8 or so that were
submitted, 2 were actual vulnerabilities. 1 of those 2 were already
cve'ed in 2005.
Steven M. Christey wrote:
> Hey Jericho,
> Turns out that all our lost sleep was not in vain.
> the "arfis project", a simple perl script. It automatically
> downloads and extract PHP projects from sourceforge.net and checks
> for Remote File Inclusion vulnerabilities. It then post's the
> potential (now it's -potential-, cause the script is in an early
> stadium) vuln to this blog.
> CVE has picked up some of these and disputed a chunk of 'em, but some
> appear legit. At this instant, I'm of the mindset of de-prioritizing
> them as unreliable, but neither do I like the upward trend of
> increasing numbers of disputes.
> - Steve
More information about the VIM