[18-02-2015] New Advisory
Cosmoshop XSS here
[28-12-2014] Just to mention
When science rips-off your work/ideas you have done something right. In 2009 i have realased a note
at the securityfocus about inactive account hijacking. A good plagiarization
can be found from Parwani, Kholoussi and Karras (2013). However, give their
paper a try because it has something more to offer then a rip-off of my
work. Furthermore, check out this article for new ways to protect
against inactive account hijacking.
[17-03-2014] New Advisory
Unprotected Admin-Script "pwd.cgi" in CosmoShop
Full-Disclosure
[10-03-2014] New Advisory
Authentication-Bypass in CosmoShop ePRO V10.17.00 (and lower, maybe higher)
securityfocus
