Re: Is perl still the No.1 language for sysadmin?
On Tue, Apr 04, 2023 at 06:29:50PM +0100, debian-user@howorth.org.uk wrote:
> But cropping and ignoring the actual point of Stefan's mail rather
> misses the point and insults him. For example, three CVEs chosen at
> random from the 'vim' list:
>
> CVE-2010-3481 Multiple SQL injection vulnerabilities in
> login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is
> disabled, allow remote attackers to execute arbitrary SQL commands via
> the (1) user_name and (2) password variables, possibly related to
> include/classes/Login.php. NOTE: some of these details are obtained
> from third party information. NOTE: the password vector might not be
> vulnerable.
>
> CVE-2010-2704 Buffer overflow in HP OpenView
> Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to
> execute arbitrary code via a long HTTP request to nnmrptconfig.exe.
>
> CVE-2010-2703 Stack-based buffer overflow in the execvp_nc
> function in the ov.dll module in HP OpenView Network Node Manager (OV
> NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to
> execute arbitrary code via a long HTTP request to webappmon.exe.
>
> FWIW, the word SQL appears 127 times in the 'vim' CVEs, and the word
> 'vim' doesn't appear in most so I'm not sure how helpful these numbers
> actually are.
The word "via" appears in all three of your selections. That makes me
think that the web site is using some kind of a "close-enough match"
heuristic, and is (unhelpfully) matching "via" as close enough to "vim".
Reply to: