Hello, The advisory on the virtual shopping cart is incorrect. The actual hole is in another product from this vendor. Due to a lack of communcation with myself and the vendor this advisory was incorrectly formed. There is a security problem in CatalogMgr.pl but it is part of the VirtualCatalog not the VirtualCart as originally stated. Part of this error was caused by loosing some notes that got destroyed in a HD failure and emails between myself and the vendor not being on the same grounds. I had spoken with the vendor in 3 or 4 emails in regards to a hole in the shopping cart and was never once told otherwise until this after this bugtraq posting. They where also aware of a public posting and it seemed to my understanding that we were on the same grounds.(Odviously not) The patch I received was from the vendor and from what I was told was part of this Virtualcart program. I guess this posting is a wake up call to people to make sure before they post something to a mailing list to quadtriple check everything about the advisory and MAKE SURE you and the vendor have a firm understanding of everything going on. I have removed all refrences from the website and will issuing a corrected advisory privatly on the site along with a formal letter on the situation. - zenomorph
This archive was generated by hypermail 2b30 : Tue Jun 12 2001 - 12:40:10 PDT