NASLDB: PDGSoft Shopping Cart Multiple Vulnerabilities
General
ID: 11723
Name: PDGSoft Shopping Cart Multiple Vulnerabilities
Summary: Checks for PDGSoft Shopping cart executables
Credits: –
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:U/RL:U/RC:ND
Port: 80
Family: CGI abuses
Type: Remote
Description
The executables ‘redirect.exe’ and/or ‘changepw.exe’ exist on this
web server. Some versions of these files are vulnerable to remote
exploit.
An attacker can use this hole to gain access to confidential data
or escalate their privileges on the web server.
- As Nessus solely relied on the existence of the redirect.exe or
- changepw.exe files, this might be a false positive.
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2000-0401
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2000/05/25
Patch Release: –
Plugin Release: 2003/06/11
Plugin
Version: 1.20
Filename: changepw.nasl
Filesize: 2925 bytes
MD5 Hash: ae3da671e635dc80b76b2ce4b9dc8f50
Identification: www/" + port + "/no404
Require Keys: –
Dependencies: "http_version.nasl", "find_service1.nasl", "no404.nasl"
Copyright: This script is Copyright© 2003-2012 John Lampe
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack