SEC Consult Vulnerability Lab Security Advisory < 20180312-0 >
===
title: Multiple Critical Vulnerabilities
product: SecurEnvoy SecurMail
vulnerable version: 9.1.501
fixed version: 9.2.501 or hotfix
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4135-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 13, 2018
Advisory: Shopware Cart Accessible by Third-Party Websites
RedTeam Pentesting discovered that the shopping cart implemented by Shopware
offers an insecure API. Malicious, third-party websites may abuse this API to
list, add or remove products from a user's cart.
Details
===
Product: Shopwar