Hi all, I saw a web server scan this week for /cgi-bin/shopper.exe (from PDG Software) which I have not seen previously. While I'm aware of the vulnerabilities of buffer overflows in redirect.exe and changepw.exe (http://www.securityfocus.com/vdb/bottom.html?vid=1256) and customer order information in world readable plain text log files (http://www.securityfocus.com/vdb/bottom.html?vid=2315), I have been unable to find any specific vulnerabilities with shopper.exe. I believe that there are either new unpubished vulnerabilities in the shopper.exe executable or attackers are looking to exploit the existing vulnerabilities listed above. If you have PDGSoft's Shopping Cart package, be warned. Michael Katz mikeat_private Responsible Solutions, Ltd. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 13:29:57 PDT