Security Incidents mailing list archives

Vulernability in /cgi-bin/shopper.exe?

From: "Michael Katz" <mike () responsible com>
Date: Thu, 26 Jul 2001 12:38:13 -0700

Hi all,

I saw a web server scan this week for /cgi-bin/shopper.exe (from PDG Software) which I have not seen previously.

While I'm aware of the vulnerabilities of buffer overflows in redirect.exe and changepw.exe 
(http://www.securityfocus.com/vdb/bottom.html?vid=1256) and customer order information in world readable plain text log 
files (http://www.securityfocus.com/vdb/bottom.html?vid=2315), I have been unable to find any specific vulnerabilities 
with shopper.exe.

I believe that there are either new unpubished vulnerabilities in the shopper.exe executable or attackers are looking 
to exploit the existing vulnerabilities listed above.

If you have PDGSoft's Shopping Cart package, be warned.

Michael Katz
mike () responsible com
Responsible Solutions, Ltd.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Current thread:

Vulernability in /cgi-bin/shopper.exe? Michael Katz (Jul 26)
- Re: Vulernability in /cgi-bin/shopper.exe? David Kennedy CISSP (Jul 29)