Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: FormMail 1.92 Multiple Vulnerabilities
From: David Cantrell <d.cantrell () outcometechnologies com>
Date: Wed, 13 May 2009 11:10:14 +0100

ascii wrote:

FormMail 1.92 Multiple Vulnerabilities  ...

The author's own webpage about formmail mentions the NMS project at the 
bottom of the page, about which he says:

" While the free code found at my web site has not evolved much in
   recent years, the general programming practices and standards of CGI
   programs have. nms is an attempt by very active programmers in the
   Perl community to bring the *quality of code for these types of
   programs up to date and eliminate some of the bad programming
   practices and bugs* found in the existing Matt's Script Archive code.

" I would highly recommend downloading the nms versions if you wish to
   learn CGI programming. The code you find at Matt's Script Archive is
   not representative of how even I would code these days. *My interests
   and activies have moved on, however, and I just have not found the
   time to update all of my scripts*. One of the major reasons for this
   is that they work for many people. For this reason, I will continue to
   provide them to the public, but am also *pleased to make you aware of
   well-coded alternatives*. "

(my emphasis)

which to me looks like he's already addressed the issue by recommending 
that you use NMS formmail if you care about the quality of the code and 
any bugs.

David Cantrell
Outcome Technologies Ltd
BUPA House, 15-19 Bloomsbury Way, London WC1A 2BA
Registered in England, No: 3829851

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]