EUVD-2015-4645

Malware in sbrugna...

Design/Logic Flaw

B.A.S C2Box before 4.0.0 r19171 relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft...

CVE-2015-4626

B.A.S C2Box before 4.0.0 r19171 relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft...

CVE-2015-4626

B.A.S C2Box before 4.0.0 r19171 relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft...

CVE-2015-4626

CVE-2015-4626 affects B.A.S C2Box; versions before 4.0.0 (r19171) rely on client-side validation, enabling a remote attacker to bypass validation and corrupt business logic via negative overdraft input. The vulnerability stems from unvalidated client input allowing server-side impact. >=4.0.0 ...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 r19171 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors...

CVE-2015-4460

Cross-site request forgery CSRF vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 r19171 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors...

CVE-2015-4460

CVE-2015-4460 describes a Cross‑Site Request Forgery (CSRF) in B.A.S C2Box prior to 4.0.0 (r19171) that lets an unauthenticated attacker hijack an administrator’s session to add an admin account via SecuritySetting/UserSecurity/UserManagement.aspx, potentially compromising the domain. Connected s...