[VIM] MobileCartly 'savepage.php' Arbitrary File Create Vulnerability

venkat venkat_kantha at securityfocus.com
Tue Sep 11 09:26:08 CDT 2012


Hey,

Both the issues are different. The one created yesterday (BID 55477) is 
affecting a different parameter('module'). BID 39378 is for 'moduleid' 
parameter. You are right CVE-2010-1479 should go for BID 39378, it was 
incorrectly added to yesterday's BID. We have updated both the BIDs 
accordingly.

Thank you once again :)

Regards
Venkat





On 11/09/12 07:22, George A. Theall wrote:
>
> On Sep 10, 2012, at 8:44 AM, venkat <venkat_kantha at securityfocus.com> wrote:
>
>>
>> Hey George,
>>
>> This was an error on our part, the duplicate has been removed.
>>
>> Thanks for pointing it out.
>
> And another -- BID 55477 was created today for a SQL injection in the RokModule component for Joomla!, presumably related to EDB-ID 21221. The new BID references CVE-2010-1479, as does the Exploit DB advisory. Yet that CVE references BID 39378, which appears to cover the same issue.  Thoughts?
>
>>
>>
>> --Venkat
>>
>>
>> On 07/09/12 19:52, George A. Theall wrote:
>>> SecurityFocus created BID 55399 earlier this week based on a Metasploit module from sinn3r. Can anyone (Rob?) explain how this BID differs from 54970, which was created in August  Other than differences in whitespace, the exploits in both BIDs are identical; eg,
>>>
>>>    http://downloads.securityfocus.com/vulnerabilities/exploits/54970.rb
>>>    http://downloads.securityfocus.com/vulnerabilities/exploits/55399.rb
>>>
>>>
>>> George
>>>
>>
>
> George
>



More information about the VIM mailing list