Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

Bugtraq report of Vanilla 1.0.1 security vulnerability

2»

Comments

  • Options
    It is now showing as disputed on several of the other sites that reported this. Here is another message on the erroneus report: http://www.attrition.org/pipermail/vim/2006-July/000944.html
  • Options
    They say it is now 'Retired'.
    http://www.securityfocus.com/bid/19127/info
    Further information reports that this issue cannot be exploited because the vulnerable parameter is defined with a hard-coded value. Therefore this BID is being retired.
    I guess someone finally listened.
  • Options
    TreyTrey Charlotte NC New
    someone at the securityfocus.com site listened, but what about the <a href="http://seclists.org/bugtraq/2006/Jul/0409.html">seclist.org</a>? Theres gotta be a way to report that the 'error' noted there was falsely presented, and should be taken down.
This discussion has been closed.