Silent Services | Archives | 2010

[Security Advisory] OXID eShop Enterprise: Session Fixation and XSS

Posted on 30/03/2010 by c0rnholio

OXID eShop Enterprise Edition
– Session Fixation Vulnerability
– Stored Cross Site Scripting Vulnerability
Date: 30.03.2010

– Description

OXID eShop EE is a widespread and popular CMS for online shops.
The current release (4.2.0) has been found vulnerable to a session fixation and a XSS attack.

Continue reading →

[Security Advisory] Multiple Vulnerabilities in EASY Enterprise DMS

Posted on 25/03/2010 by c0rnholio

Multiple Vulnerabilities in EASY Enterprise DMS

– Stored XSS
– XSS
– Content Injection / Phishing through Frames
– Unauthorized access to files
– Unauthorized manipulation of data

Date: 25.03.2010

Continue reading →