Vulernability in /cgi-bin/shopper.exe?

From: Michael Katz (mikeat_private)
Date: Thu Jul 26 2001 - 12:38:13 PDT

  • Next message: H C: "Re: Network attack from S1 Corporation"

    Hi all,
    
    I saw a web server scan this week for /cgi-bin/shopper.exe (from PDG Software) which I have not seen previously.
    
    While I'm aware of the vulnerabilities of buffer overflows in redirect.exe and changepw.exe (http://www.securityfocus.com/vdb/bottom.html?vid=1256) and customer order information in world readable plain text log files (http://www.securityfocus.com/vdb/bottom.html?vid=2315), I have been unable to find any specific vulnerabilities with shopper.exe.
    
    I believe that there are either new unpubished vulnerabilities in the shopper.exe executable or attackers are looking to exploit the existing vulnerabilities listed above.
    
    If you have PDGSoft's Shopping Cart package, be warned.
    
    Michael Katz
    mikeat_private
    Responsible Solutions, Ltd.
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 13:29:57 PDT