[VIM] Bugtraq IDs 32763 and 42836

rkeith rkeith at securityfocus.com
Tue Sep 21 13:30:26 CDT 2010

I agree, looks like the only 'name' is in a new guestbook entry. We will be retiring 42836 shortly.

Thanks again George.


George A. Theall wrote:
> It seems like Bugtraq ID 42836 covers one of the vulnerabilities in
> Max's Guestbook already covered by Bugtraq ID 32763 -- failure to
> sanitize input to the 'name' parameter.
> While the newer BID talks about this parameter in "the 'Comment'
> section", I'm not clear what that is or if it's different from a
> guestbook message itself. I don't find mention of 'comment' in the PHP
> code. Nor do I see it in any live sites I've look at.
> Rob?
> George

More information about the VIM mailing list