VULHUB ™

COWS CGI Online Worldweb Shopping is a commercial shopping system which is written in Perl. COWS will run on most Linux and Unix variants as well as Microsoft Windows operating systems. COWS creates a number of files with world-readable permissions, including user profiles and administrative information. Local attackers may potentially use this as an opportunity to gather sensitive information about users of the service. Furthermore, BugTraq ID 3915 "COWS CGI Online Worldweb Shopping Information Disclosure Vulnerability" details the insecure manner in which sensitive information is stored. Not only is it possible for a local attacker to view this information, but most of the sensitive information stored by COWS is in plaintext.

COWS CGI Online Worldweb Shopping is a commercial shopping system which is written in Perl. COWS will run on most Linux and Unix variants as well as Microsoft Windows operating systems. COWS creates a number of files with world-readable permissions, including user profiles and administrative information. Local attackers may potentially use this as an opportunity to gather sensitive information about users of the service. Furthermore, BugTraq ID 3915 "COWS CGI Online Worldweb Shopping Information Disclosure Vulnerability" details the insecure manner in which sensitive information is stored. Not only is it possible for a local attacker to view this information, but most of the sensitive information stored by COWS is in plaintext.