Bugtraq mailing list archives
Re: Another hole in Cart32
From: sert_is () HOTMAIL COM (sert sert)
Date: Mon, 22 May 2000 23:08:27 PDT
I attempted to contact the vendor earlier last month about resolving this problem and received the attached reply. They seem to be relying on the client to properly use the security options available in the package. John Scimone johnscimone () hotmail com
From: Elias Levy <aleph1 () SECURITYFOCUS COM> Reply-To: aleph1 () SECURITYFOCUS COM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: Another hole in Cart32 Date: Mon, 22 May 2000 12:30:13 -0700 Notice that this is the same or a similar vulnerability reported by ISS in their February 1, 200 security alert "Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications". Although they don't give enough details to tell one way or another. In that alert they mention Cart32 2.6. It seems the vendor has not learned from their earlier mistake. -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com <HR NOSHADE> <UL> <LI>text/plain attachment: letter.txt </UL>
Current thread:
- Re: Another hole in Cart32 sert sert (May 22)
- Qpopper 2.53 remote problem, user can gain gid=mail Prizm (May 23)
- Re: Qpopper 2.53 remote problem, user can gain gid=mail Jose Nazario (May 24)
- Re: Qpopper 2.53 remote problem, user can gain gid=mail Qpopper Support (May 24)
- Re: Qpopper 2.53 remote problem, user can gain gid=mail Sebastian (May 25)
- RFP2K05 - NetProwler "Fragmentation" Issue AXENT Security Team (May 23)
- Re: Another hole in Cart32 CDI (May 23)
- <Possible follow-ups>
- Re: Another hole in Cart32 Clover Andrew (May 23)
- Re: Another hole in Cart32 Justin King (May 24)
- Qpopper 2.53 remote problem, user can gain gid=mail Prizm (May 23)