SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   PDG Shopping Cart Vendors:   PDG Software
PDG Shopping Cart Lets Remote Users Obtain Customer Information, Including Credit Card Data
SecurityTracker Alert ID:  1001574
SecurityTracker URL:  http://securitytracker.com/id/1001574
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 18 2001
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to version 1.63
Description:   NIPC announced last month that PDG Software's PDG Shopping Cart software contains a vulnerability that allows remote users to obtain customer information, including credit card data.

NIPC reported that PDG Software, Inc. issued an advisory to customers of its Shopping Cart software regarding a potential security vulnerability that is known
to affect versions prior to version 1.63.

NIPC reports that the vulnerability has already resulted in compromise and theft of important information, including consumer data.

Impact:   A remote user can obtain customer information, including credit card data.
Solution:   A new version has been released. See the Vendor URL for upgrade information.
Vendor URL:  www.pdgsoft.com/security-upgrade.htm (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (DGUX), UNIX (FreeBSD), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  "PDG Shopping Cart Software" Vulnerability


ADVISORY 01-007

"PDG Shopping Cart Software" Vulnerability Affecting E-Commerce
Issued 04/06/2001

PDG Software, Inc. has issued an advisory to customers of its Shopping
Cart software regarding a potential security vulnerability that is known
to affect earlier versions of this Software (prior to version
1.63). The company has developed a free patch, available on its
website at http://www.pdgsoft.com/security-upgrade.htm.

The NIPC is issuing this advisory to confirm the significance of this
vulnerability and to let ystems administrators know that hackers are 
actively exploiting it. Based on ongoing investigations,
including information immediately provided to the FBI by PDG Software
and numerous victim companies, the NIPC is aware that the vulnerability 
has already resulted in compromise and theft of important information, 
including consumer data.

The NIPC emphasizes the recommendation that all computer network
systems administrators check relevant systems and consider applying updated 
patches as necessary, especially for systems related to e-commerce.

Recipients of this advisory are encouraged to report computer crime to
their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) or the NIPC, 
and to other appropriate authorities. Incidents may
be reported online at http://www.NIPC.gov/incident/cirr.htm.

The NIPC Watch and Warning Unit can be reached at (202) 323-3204/3205/3206 or
NIPC.Watch@fbi.gov.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC