Show filters
32 Total Results
Displaying 31-32 of 32
Sort by:
Attacker Value
Unknown

CVE-2006-0202

Disclosure Date: January 13, 2006 (last updated February 22, 2025)
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.
0
Attacker Value
Unknown

CVE-2006-0201

Disclosure Date: January 13, 2006 (last updated February 22, 2025)
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.
0