[28-12-2014] Just to mention
When science rips-off your work/ideas you have done something right. In 2009 i have realased a note
at the securityfocus about inactive account hijacking. A good plagiarization
can be found from Parwani, Kholoussi and Karras (2013). However, give their
paper a try because it has something more to offer then a rip-off of my
work. Furthermore, check out this article for new ways to protect
against inactive account hijacking.
[17-03-2014] New Advisory
Unprotected Admin-Script "pwd.cgi" in CosmoShop
[10-03-2014] New Advisory
Authentication-Bypass in CosmoShop ePRO V10.17.00 (and lower, maybe higher)
[11-05-2010] A comment
i cant keep quite on this - i have to comment the HTTP transaction model used on UDP...