[CLOSE] OSVDB ID : 26089 - Disclosed: 2006-05-25

Description:

CosmicShoppingCart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the \'max\' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26090 - Disclosed: 2006-05-25

Description:

CosmicShoppingCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'query\' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26091 - Disclosed: 2006-05-25

Description:

CosmicShoppingCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'doc\' variable upon submission to the search_cat.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26092 - Disclosed: 2006-05-25

Description:

CosmicShoppingCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the search_price.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 9739 - Disclosed: 2004-09-07

Description:

Cosminexus Portal Framework contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an unspecified error within the <ut:cache> tag library occurs, which will disclose a user's personal information in the cache being displayed to another user resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 43199 - Disclosed: 2008-02-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 43468 - Disclosed: 2008-03-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 71174 - Disclosed: 2011-03-10

Description:

Cosmoshop contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'typ' parameter upon submission to the admin/artikeladmin.cgi script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71176 - Disclosed: 2011-03-10

Description:

Cosmoshop contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'text-de' parameter upon submission to the admin/edit_startseitentext.cgi script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71177 - Disclosed: 2011-03-10

Description:

Cosmoshop contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/index.cgi script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71173 - Disclosed: 2011-03-10

Description:

Cosmoshop contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'rcopy' parameter upon submission to the admin/rubrikadmin.cgi script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 73577 - Disclosed: 2011-03-10

Description:

CosmoShop contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'hauptwaehrung' parameter upon submission to the admin/setup_edit.cgi script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71175 - Disclosed: 2011-03-10

Description:

Cosmoshop contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'suchbegriff' parameter upon submission to the admin/shophilfe_suche.cgi script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 25648 - Disclosed: 2006-05-18

Description:

Cosmoshop contains a flaw that allows a remote attacker to disclose the content of arbitrary files outside of the web path. The issue is due to the bestmail.cgi script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'file' variable.

[CLOSE] OSVDB ID : 19078 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter.

[CLOSE] OSVDB ID : 19077 - Disclosed: 2005-08-30

Description:

(Description Provided by CVE) : cosmoshop 8.10.78 and earlier stores passwords in plaintext in the database, which allows local users to obtain sensitive information.

[CLOSE] OSVDB ID : 25647 - Disclosed: 2006-05-18

Description:

Cosmoshop contains a flaw that allows a remote attacker to disclose the content of arbitrary files outside of the web path. The issue is due to the edit_mailtexte.cgi script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'file' variable.

[CLOSE] OSVDB ID : 19076 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : SQL injection vulnerability in the login function for the administration login panel in cosmoshop 8.10.78 allows remote attackers to execute arbitrary SQL commands and bypass authentication via unspecified vectors.

[CLOSE] OSVDB ID : 25649 - Disclosed: 2006-05-18

Description:

Cosmoshop contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the lshop.cgi script not properly sanitizing user-supplied input to the 'artnum' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 85667 - Disclosed: 2012-09-17

Description:

CoSoSys Endpoint Protector contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by the application generating predictable passwords for the EPProot account. This may allow an attacker to gain access to password information via a brute force attack.

[CLOSE] OSVDB ID : 83469 - Disclosed: 2011-10-10

Description:

Cotonti contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'w' and 'id' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 83468 - Disclosed: 2011-10-10

Description:

Cotonti contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker supplied specially crafted input to the 'sq' parameter, which is then submitted to the index.php script. This discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 83470 - Disclosed: 2011-10-10

Description:

Cotonti contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'redirect' parameter upon submission to the message.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 75530 - Disclosed: 2011-04-26

Description:

Cotonti contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to the system/users/users.functions.php or page.php scripts, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 67976 - Disclosed: 2010-08-24

Description:

(Description Provided by CVE) : Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory.

[CLOSE] OSVDB ID : 61588 - Disclosed: 2010-01-07

Description:

Couffin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'id' parameter upon submission to the 'product.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 90893 - Disclosed: 2013-03-05

Description:

Count Per Day Plugin for WordPress contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'daytoshow' parameter upon submission to the /wp-content/wp-admin/index.php script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 91491 - Disclosed: 2013-03-19

Description:

Count Per Day Plugin for WordPress contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via HTTP Referer headers upon submission to the counter.php script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 90832 - Disclosed: 2013-03-04

Description:

Count Per Day Plugin for WordPress contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request for the counter.php, massbots.php, and userperspan.php scripts, or the notes.php script if no notes are present. This discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks. Note: It has been reported that the counter-core.php and counter-options.php scripts are vulnerable, however this seems incorrect based on testing by OSVDB.

[CLOSE] OSVDB ID : 90833 - Disclosed: 2013-03-04

Description:

Count Per Day Plugin for WordPress contains a flaw that may allow a remote denial of service. The issue is triggered when handling malformed requests sent for the notes.php script. With a specially crafted request, a remote attacker can cause the program to crash.