EUVD-2015-4645

Malware in sbrugna...

Design/Logic Flaw

B.A.S C2Box before 4.0.0 r19171 relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft...

CVE-2015-4626

B.A.S C2Box before 4.0.0 r19171 relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft...

CVE-2015-4626

B.A.S C2Box before 4.0.0 r19171 relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft...

CVE-2015-4626

CVE-2015-4626 affects B.A.S C2Box; versions before 4.0.0 (r19171) rely on client-side validation, enabling a remote attacker to bypass validation and corrupt business logic via negative overdraft input. The vulnerability stems from unvalidated client input allowing server-side impact. >=4.0.0 ...

B.A.S C2Box Security Bypass Vulnerability

B.A.S C2Box is a financial management solution for managing domestic and cross-border payment processes from B.A.S France. A security vulnerability exists in B.A.S C2Box 4.0.0 r19171 and prior versions, which stems from a failure to protect server-side code when performing authentication on the...

C2Box 4.0.0(r19171) Validation Bypass

Title: Validation Bypass in C2Box application allows user to input negative value Author: Harish Ramadoss Vendor: boxautomationB.A.S Product: C2Box Version: All versions below 4.0.0r19171 Tested Version: Version 4.0.0r19171 Severity: Medium CVE Reference: 2015-4626 About the Product: B.A.S C2Box...

B.A.S C2Box Cross-Site Request Forgery Vulnerability

B.A.S C2Box is a financial management solution for managing domestic and cross-border payment processes from B.A.S France. A cross-site request forgery vulnerability exists in versions of B.A.S C2Box prior to 4.0.0 that allows remote attackers to hijack an administrator's authentication request t...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 r19171 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors...

CVE-2015-4460

Cross-site request forgery CSRF vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 r19171 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors...

CVE-2015-4460

CVE-2015-4460 describes a Cross‑Site Request Forgery (CSRF) in B.A.S C2Box prior to 4.0.0 (r19171) that lets an unauthenticated attacker hijack an administrator’s session to add an admin account via SecuritySetting/UserSecurity/UserManagement.aspx, potentially compromising the domain. Connected s...

CSRF Vulnerability in C2Box application CVE-2015-4460

Please add this advisory to your archive. Thanks. Title: Cross-Site Request Forgery CSRF Vulnerability in C2Box application Allows adding an Admin User or reset any user's password. Author: Wissam Bashour - Help AG Middle East Vendor: boxautomationB.A.S Product: C2Box Version: All versions below...

C2Box 4.0.0(r19171) - CSRF Vulnerability

Exploit for asp platform in category web applications Title: Cross-Site Request Forgery CSRF Vulnerability in C2Box application Allows adding an Admin User or reset any user's password. Author: Wissam Bashour - Help AG Middle East Vendor: boxautomationB.A.S Product: C2Box Version: All versions...

C2Box 4.0.0(r19171) - Cross-Site Request Forgery

Title: Cross-Site Request Forgery CSRF Vulnerability in C2Box application Allows adding an Admin User or reset any user's password. Author: Wissam Bashour - Help AG Middle East Vendor: boxautomationB.A.S Product: C2Box Version: All versions below 4.0.0r19171 Tested Version: Version 4.0.0r19171...

C2Box 4.0.0(r19171) - Cross-Site Request Forgery

C2Box 4.0.0r19171 - Cross-Site Request Forgery Title: Cross-Site Request Forgery CSRF Vulnerability in C2Box application Allows adding an Admin User or reset any user's password. Author: Wissam Bashour - Help AG Middle East Vendor: boxautomationB.A.S Product: C2Box Version: All versions below...

C2Box 4.0.0 r19171 Cross Site Request Forgery

Please add this advisory to your archive. Thanks. Title: Cross-Site Request Forgery CSRF Vulnerability in C2Box application Allows adding an Admin User or reset any user's password. Author: Wissam Bashour - Help AG Middle East Vendor: boxautomationB.A.S Product: C2Box Version: All versions below...