[VIM] PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities

security curmudgeon jericho at attrition.org
Mon Jul 20 07:27:21 UTC 2009

On Wed, 15 Apr 2009, George A. Theall wrote:

: Hey str0ke, you're aware that milw0rm 8425 is rather old, aren't you? 
: It's a repost of a message Sirdarckcat posted to Bugtraq in 2006 -- 
: http://www.securityfocus.com/archive/1/445007/30/0/threaded.
: I'm not sure why, but SecurityFocus created BID 34505 for the repost 
: even though BID 19818 is for the issues in the original post.

I'm way behind on mail =)

Which means.. Secunia noticed the same thing you did George. Which means 
that when I saw the mail in my inbox, it was 'outstanding' for OSVDB. I 
started going through and figuring which OSVDB refs from 2006 needed the 
new mail list post added, and ended up with 100% as previously disclosed.

Jerk wasted 5 minutes of my time, so I replied to him/bugtraq. Doubt 
Bugtraq will approve though =)


From: security curmudgeon <jericho at attrition.org>
To: marianiscc at hotmail.com
Cc: bugtraq at securityfocus.com
Date: Mon, 20 Jul 2009 07:02:25 +0000 (UTC)
Subject: Re: PHP-Revista Multiple vulnerabilities

On Mon, 13 Apr 2009, marianiscc at hotmail.com wrote:

: Discovered by Sirdarckcat from elhacker.net

By 'discovered', you mean 'copied from the disclosure in September 2006' 

CVE-2006-4605 through CVE-2006-4608.

More information about the VIM mailing list