21 matches found
EUVD-2011-5205
Malware in sbrugna...
CVE-2011-5306
Cross-site request forgery CSRF vulnerability in cgi-bin/admin/setupedit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action...
CVE-2011-5305
Multiple cross-site scripting XSS vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via 1 the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, 2 the typ parameter to cgi-bin/admin/artikeladmin.cgi, or 3 the suchbegriff parameter to...
网达信联电子采购系统 /epro/ebid/viewInvite1.asp 文件 InviteId 参数SQL注入漏洞
No description provided by source...
某电子采购系统通用SQL注入漏洞,影响众多企业
简要描述: 某电子采购系统通用SQL注入漏洞,影响众多企业 详细说明: 软件厂商:北京网达信联科技发展有限公司 系统名称:电子采购平台 漏洞文件:epro/ebid/viewInvite.asp 由于inviteid参数过滤不严格,导致注入存在 漏洞证明: 部分案例: 彩虹集团:http://caigou.irico.com.cn/Rat/ebid/viewInvite.asp?inviteid=0000024185 中国南车:http://zhaobiao.cdjcc.com/epro/ebid/viewInvite.asp?inviteid=0000002597...
CosmoShop ePRO Cross-Site Request Forgery Vulnerability
CosmoShop ePRO is a cloud e-commerce system based on Magento. The system is able to quickly complete domain name setup, online store installation, server deployment and product launch. A cross-site request forgery vulnerability exists in CosmoShop ePRO 10.05.00, which allows remote attackers to...
Multiple Cross-Site Scripting Vulnerabilities in CosmoShop ePRO
CosmoShop ePRO is a cloud e-commerce system based on Magento. The system is able to quickly complete domain name setup, online store installation, server deployment and product launch. CosmoShop ePRO suffers from multiple cross-site scripting vulnerabilities that can be exploited by remote...
CVE-2011-5306
Cross-site request forgery CSRF vulnerability in cgi-bin/admin/setupedit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action...
CVE-2011-5305
Multiple cross-site scripting XSS vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via 1 the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, 2 the typ parameter to cgi-bin/admin/artikeladmin.cgi, or 3 the suchbegriff parameter to...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in cgi-bin/admin/setupedit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via 1 the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, 2 the typ parameter to cgi-bin/admin/artikeladmin.cgi, or 3 the suchbegriff parameter to...
CVE-2011-5306
Cross-site request forgery CSRF vulnerability in cgi-bin/admin/setupedit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action...
CVE-2011-5305
Multiple cross-site scripting XSS vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via 1 the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, 2 the typ parameter to cgi-bin/admin/artikeladmin.cgi, or 3 the suchbegriff parameter to...
CVE-2011-5305
CVE-2011-5305 affects CosmoShop ePRO 10.05.00 with multiple XSS vulnerabilities. The issue arises from unsanitized inputs in: (1) rcopy to cgi-bin/admin/rubrikadmin.cgi, (2) typ to cgi-bin/admin/artikeladmin.cgi, and (3) suchbegriff to cgi-bin/admin/shophilfe_suche.cgi. Remote attackers can injec...
CVE-2011-5306
CVE-2011-5306 describes a Cross-Site Request Forgery (CSRF) vulnerability in CosmoShop ePRO 10.05.00. The flaw affects the CGI component cgi-bin/admin/setup_edit.cgi and enables remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action. T...
Authentication-Bypass in CosmoShop ePRO V10.17.00 (and lower, maybe higher)
Issue: Authentication-Bypass in CosmoShop ePRO V10.17.00 and lower, maybe higher Author: l0om http://l0om.org Date: 26.02.2013 Overview: Cosmoshop provides an admin backup-function which saves .htaccess protected MySQL dump files in a backup directory. This directory does only prevent HTTP...
CosmoShop ePRO安全绕过漏洞
Bugtraq ID:65924 CosmoShop是基于Magento的云电商系统。 CosmoShop不正确限制对数据库备份文件的访问,允许攻击者直接提交请求获取数据库备份文件。 0 Cosmoshop 10.x 目前没有详细解决方案提供: http://www.cosmoshop.de/produkte/cosmoshop-stufenlos-skalierbar.html...
CosmoShop ePRO 10.17.00 Authentication Bypass
Issue: Authentication-Bypass in CosmoShop ePRO V10.17.00 and lower, maybe higher Author: l0om http://l0om.org Date: 26.02.2013 Overview: Cosmoshop provides an admin backup-function which saves .htaccess protected MySQL dump files in a backup directory. This directory does only prevent HTTP...
Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injections
source: https://www.securityfocus.com/bid/46828/info CosmoShop is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal...
HTB22878: XSS vulnerability in CosmoShop
Vulnerability ID: HTB22878 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincosmoshop.html Product: CosmoShop Vendor: Zaunz Publishing GmbH http://www.cosmoshop.de/ Vulnerable Version: ePRO V10.05.00 Vendor Notification: 24 February 2011 Vulnerability Type: Stored XSS Cross Site...