• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: SmartWin CyberOffice Shopping Cart 2.0 Client Information Disclosure Vulnerability

Severity: HIGH

Description:

Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000.

It is possible for a remote user to gain read access to the _private directory on a website running CyberOffice Shopping Cart 2.0. By default the _private directory has world readable permissions. The Microsoft Access Database which contains confidential client details (such as customer orders and unencrypted credit card information) is stored in the _private directory and is thus accessible to attackers. An attacker need only request "http://target/_private/shopping_cart.mdb" with a browser to access it.

Affected Products:

• SmartWin Technology CyberOffice Shopping Cart 2.0.0

References:

• SmartWin Technologies: SmartWin CyberOffice Shopping Cart

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.