OSVDB (famous Vulnerability DB sponsored by Nessus) has published my Advisory related to SyndeoCMS
For more details about OSVDB 79410 Advsory:
My original Advisory:
Yesterday IBM X-Force published my Advisory regarding a new CSRF vulneability that I’ve found in SyndeoCMS http://ivanobinetti.blogspot.com/2012/02/syndeocms-30-csrf-vulnerability.html
This vulnerability allows an attacker to change administrator password and gain access to the system.
IBM classified this vulnerability as “Highly Exploitable”.
For more details about IBM X-Force publication:
Few days ago I discovered a new CSRF vulnerability (http://ivanobinetti.blogspot.com/2012/02/plumecms-124-csrf-0day-vulnerability.html which affects all versions – included latest (1.2.4) – of Pluse CMS.
Today IBM X-Force published my Advisory and classified the “Exploitability:” of this vulnerability as “High”.
Fore more details: