[18-02-2015] New Advisory
Cosmoshop XSS here
[28-12-2014] Just to mention
When science rips-off your work/ideas you have done something right. In 2009 i have realased a note at the securityfocus about inactive account hijacking. A good plagiarization can be found from Parwani, Kholoussi and Karras (2013). However, give their paper a try because it has something more to offer then a rip-off of my work. Furthermore, check out this article for new ways to protect against inactive account hijacking.
[17-03-2014] New Advisory
Unprotected Admin-Script "pwd.cgi" in CosmoShop Full-Disclosure
[10-03-2014] New Advisory
Authentication-Bypass in CosmoShop ePRO V10.17.00 (and lower, maybe higher) securityfocus