Security Incidents mailing list archives
Vulernability in /cgi-bin/shopper.exe?
From: "Michael Katz" <mike () responsible com>
Date: Thu, 26 Jul 2001 12:38:13 -0700
Hi all, I saw a web server scan this week for /cgi-bin/shopper.exe (from PDG Software) which I have not seen previously. While I'm aware of the vulnerabilities of buffer overflows in redirect.exe and changepw.exe (http://www.securityfocus.com/vdb/bottom.html?vid=1256) and customer order information in world readable plain text log files (http://www.securityfocus.com/vdb/bottom.html?vid=2315), I have been unable to find any specific vulnerabilities with shopper.exe. I believe that there are either new unpubished vulnerabilities in the shopper.exe executable or attackers are looking to exploit the existing vulnerabilities listed above. If you have PDGSoft's Shopping Cart package, be warned. Michael Katz mike () responsible com Responsible Solutions, Ltd. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Vulernability in /cgi-bin/shopper.exe? Michael Katz (Jul 26)
- Re: Vulernability in /cgi-bin/shopper.exe? David Kennedy CISSP (Jul 29)