IT Pro Today is part of the Informa Tech Division of Informa PLC

INFORMA PLC|ABOUT US|INVESTOR RELATIONS|TALENT

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Documents Online Events Advertise About

Newsletter Sign-Up

Cloud

Recent in Cloud

SEE ALL Cloud

Laws and regulations with padlock on cloud icons on laptop computer, blue tone

Cloud Security

Cloud Security Assurance: Is Automation Changing the Game?Cloud Security Assurance: Is Automation Changing the Game?

byKlaus Haller, Data Center Knowledge

Sep 6, 2024

6 Min Read

code-filled DevOps symbol in front of more code

DevOps

Unlock Business Value Through Effective DevOps Infrastructure Management Unlock Business Value Through Effective DevOps Infrastructure Management

byIndustry Perspectives

Sep 6, 2024

7 Min Read

Recent in OS

See All OS

A cartoon of a person sitting at a computer, with speech bubbles—one from the person saying Hello and one from the computer responding with Hello

PowerShell

PowerShell Speech Recognition: How To Set up Voice Commands and Responses PowerShell Speech Recognition: How To Set up Voice Commands and Responses

byBrien Posey

Sep 6, 2024

10 Min View

a laptop infected with a virus and above it the words linux ransomware

Linux OS

Linux Ransomware Threats: How Attackers Target Linux Systems Linux Ransomware Threats: How Attackers Target Linux Systems

byGrant Knoetze

Sep 4, 2024

8 Min Read

IT Mgmt

Recent in IT Mgmt

See All IT Mgmt

person placing a block between two columns of blocks

IT Management

Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?

byNathan Eddy

Sep 7, 2024

7 Min Read

code-filled DevOps symbol in front of more code

DevOps

Unlock Business Value Through Effective DevOps Infrastructure Management Unlock Business Value Through Effective DevOps Infrastructure Management

byIndustry Perspectives

Sep 6, 2024

7 Min Read

Career

Recent in Career

See All Career Mgmt

person placing a block between two columns of blocks

IT Management

Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?

byNathan Eddy

Sep 7, 2024

7 Min Read

"Gen Z" written on wooden tiles

Career Tips

The Gen Z Guide to Getting Ahead at Work The Gen Z Guide to Getting Ahead at Work

byThe Washington Post

Sep 2, 2024

6 Min Read

Storage

Recent in Security

See All IT Security

Laws and regulations with padlock on cloud icons on laptop computer, blue tone

Cloud Security

Cloud Security Assurance: Is Automation Changing the Game?Cloud Security Assurance: Is Automation Changing the Game?

byKlaus Haller, Data Center Knowledge

Sep 6, 2024

6 Min Read

code-filled DevOps symbol in front of more code

DevOps

Unlock Business Value Through Effective DevOps Infrastructure Management Unlock Business Value Through Effective DevOps Infrastructure Management

byIndustry Perspectives

Sep 6, 2024

7 Min Read

Dev

Recent in Dev

See All Software Dev

a stack of servers with a "no" symbol over it

Software Development Techniques

Serverless Is Trending Again in Modern Application Development Serverless Is Trending Again in Modern Application Development

byForrester Blog Network

Sep 5, 2024

5 Min Read

brown paper peeled back to reveal the word "accessibility?

IT Operations

Building an Accessible Future in the Private Sector Building an Accessible Future in the Private Sector

byIndustry Perspectives

Sep 3, 2024

5 Min Read

Recent in DX

See All Digital Transformation

person using chatbot with laptop at work

AI & Machine Learning

Slack: There Are Five Types of AI Users Slack: There Are Five Types of AI Users

byLisa Schmeiser, No Jitter

Sep 6, 2024

3 Min Read

a robot hand puts the letters 'AI' to the word sustainable

AI & Machine Learning

AI and the Green Market Revolution Will Intertwine AI and the Green Market Revolution Will Intertwine

byForrester Blog Network

Sep 6, 2024

4 Min Read

Infrastructure

Recent in Infrastructure

See All Infrastructure

semiconductor

High Performance Computing

Taiwan Accuses China of 'Poaching' Talent From Its Tech Firms Taiwan Accuses China of 'Poaching' Talent From Its Tech Firms

byBloomberg News

Sep 3, 2024

1 Min Read

quantum computing abstract concept

High Performance Computing

Quantum Computing ‘Making Progress Faster Than Expected’Quantum Computing ‘Making Progress Faster Than Expected’

byIoT World Today, Enter Quantum

Aug 9, 2024

2 Min Read

Newsletters
How To…?
Industry Perspectives
Business Resources
Reports/Research
Online Events

Live Events
Videos
White Papers
Advertise With Us
About Us

Resource Library

Attacks & Breaches
IT Security

Cart 32 Vulnerable to Information Leakage and DoS Attack

More issues have been discovered with Card 32 software. This time it is a DoS attack and an information leakage attack.

Steve Manzuik

November 8, 2000

1 Min Read

Reported November 9, 2000 by Xato Network Security

VERSIONS AFFECTED

DESCRIPTIONTwo issues have been discovered with Cart 32 version 3.5 and below. The first being a denial of service and the second is information leakage via specially crafted URLs.

DEMONSTRATION

The denial of service is accomplished by entering the following url; http://www.example.com/cgi-bin/c32web.exe/ShowProgress

This will cause CPU usage to jump to 100%.

The second issue, information leakage displaying full physical paths of directories can be accomplished with the following URLs;

http://www.example.com/cgi-bin/cart32.exe/error

http://www.example.com/cgi-bin/c32web.exe/ShowAdminDir

http://www.example.com/cgi-bin/c32web.exe/CheckError?error=53

VENDOR RESPONSE

The Cart 32 team at McMurtrey/Whitaker & Associates has addressed these issues in the latest version 3.5a and has recommended that users read the knowledge base articles provided on their web site. http://www.cart32.com

CREDITDiscovered by Xato Network Security

About the Author

Steve Manzuik

See more from Steve Manzuik

Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

Newsletter Sign-Up

Editor's Choice

drawings of people with different colored brains

IT Management

Embracing Neurodiversity in IT Workplace to Bridge Talent Gaps Embracing Neurodiversity in IT Workplace to Bridge Talent Gaps

byNathan Eddy

Sep 2, 2024

6 Min Read

circuit board inside a cloud

Cloud Computing

Microclouds: The Next Big Thing in Cloud Computing or Just Another Edge Strategy?Microclouds: The Next Big Thing in Cloud Computing or Just Another Edge Strategy?

byChristopher Tozzi

Sep 5, 2024

4 Min Read

a laptop infected with a virus and above it the words linux ransomware

Linux OS

Linux Ransomware Threats: How Attackers Target Linux Systems Linux Ransomware Threats: How Attackers Target Linux Systems

byGrant Knoetze

Sep 4, 2024

8 Min Read

Exclusive ITPro Resources

Migrating From VMware: Guide to a Successful Transition
September 3, 2024
|
1 Min Read
Developing Immersive HoloLens Apps (Download Your Free Guide)
August 26, 2024
|
1 Min Read
Data Privacy Quick Reference Guide
July 17, 2024
|
1 Min Read
ITPro Today 2024 IT Salary Survey Report
June 20, 2024
|
1 Min Read