[28-12-2014] Just to mention
When science rips-off your work/ideas you have done something right. In 2009 i have realased a note at the securityfocus about inactive account hijacking. A good plagiarization can be found from Parwani, Kholoussi and Karras (2013). However, give their paper a try because it has something more to offer then a rip-off of my work. Furthermore, check out this article for new ways to protect against inactive account hijacking.
[17-03-2014] New Advisory
Unprotected Admin-Script "pwd.cgi" in CosmoShop Full-Disclosure
[10-03-2014] New Advisory
Authentication-Bypass in CosmoShop ePRO V10.17.00 (and lower, maybe higher) securityfocus
[11-05-2010] A comment
i cant keep quite on this - i have to comment the HTTP transaction model used on UDP... here