C2Box
Monthly
B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.