RSS   Vulnerabilities for 'Php toolkit'   RSS

2006-01-13
 
CVE-2006-0202

 

 
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.

 
 
CVE-2006-0201

 

 
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.

 

 >>> Vendor: Paypal 19 Products
Php toolkit
Ubercart payflow
Website payments standard module
Mass pay
Payments pro
Transactional information soap
Merchant sdk
IPN
Payments standard
Invoicing
Paypal pro
Payflow pro express checkout
Paypal
Instant payment notification
Wps toolkit
Merchant-sdk-php
Php invoice sdk
Php permissions sdk
Adaptive payments sdk


Copyright 2020, cxsecurity.com

 

Back to Top