Re: Vulernability in /cgi-bin/shopper.exe?

From: David Kennedy CISSP (
Date: 07/27/01

Message-Id: <>
Date: Fri, 27 Jul 2001 03:30:56 -0400
To: <>, <>
From: David Kennedy CISSP <>
Subject: Re: Vulernability in /cgi-bin/shopper.exe?


At 12:38 PM 7/26/01 -0700, Michael Katz wrote:
>I have been unable to find any specific vulnerabilities with
>I believe that there are either new unpubished vulnerabilities in
>the shopper.exe executable or attackers are looking to exploit the
>existing vulnerabilities listed above.
>If you have PDGSoft's Shopping Cart package, be warned.


"PDG Shopping Cart Software" Vulnerability Affecting E-Commerce

Downloading the W32 version of the patch, a new version of
shopper.exe is in the archive.

To give a little credit where credit is due, AFAIK this was the only
time NIPC issued an advisory before a problem was common knowledge by
anyone not living in a cave. To what extent there were already
victims of the problem is something we'll probably never know. I do
wonder if it had anything to do with their investigation that yielded
one of their "DOH" advisories:

Version: PGP Personal Privacy 6.5.8
Comment: hacker=cybercriminal the definition has changed; get over it



David Kennedy CISSP Director of Research Services, TruSecure Corp. Protect what you connect. Look both ways before crossing the Net.

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see:

Relevant Pages

  • [NEWS] Vulnerability Issues in Implementations of the H.323 Protocol (Generic)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: ... Get your security news from a reliable source. ... discovered a number of implementation specific vulnerabilities in the ... The severity of these vulnerabilities varies by vendor. ...
  • [NEWS] Openfire Multiple Vulnerabilities
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: ... Openfire Multiple Vulnerabilities ...
  • Re: SECUNIA warning:[SA16041] Kerberos V5 Multiple Vulnerabilities
    ... the Kerberos v5 specification, done by Microsoft. ... Kerberos V5 Multiple Vulnerabilities ... > Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- ... > SECUNIA ADVISORY ID: ...
  • RE: php pack() security update
    ... I'm waiting for redhat to release updates for php on as3. ... SECUNIA ADVISORY ID: ... Multiple vulnerabilities have been reported in PHP, ... Successful exploitation requires that PHP runs on a multi-threaded ...
  • Simple PHP Blog Multiple Vulnerabilities
    ... Secure Network - Security Research Advisory ... Simple PHP Blog is a blogging application that was written with simplicity of installation and maintenance in mind. ... Multiple vulnerabilities have been reported in the latest version of this web application; probably all previous versions are affected to the same issues. ...