I ‘m proud to announce that “MITRE CVE Numbering Authority” has assigned me eleven (11) CVE numbers for vulnerabilities that I’ve discovered in last days. In details:
DFLabs PTK <= 1.0.5:
- CVE-2012-1415 for Multiple Vulnerabilities (Steal Authentication Credentials)
Fork CMS <= 3.2.5:
- CVE-2012-1306 for “Delete Admins or Users” and “Delete Web Pages” issues.
- CVE-2012-1307 for “poor logic to manage sessions” form_token issue.
- CVE-2012-1304 for XSS into private/en/blog/settings and private/en/users/index issues.
- CVE-2012-1305 for XSS into private/en/pages/settings issue.
D-Link DSL-2640B (ADSL Router):
- CVE-2012-1308 for CSRF Vulnerability
- CVE-2012-1309 for Authentication Bypass
ContaoCMS (fka TYPOlight) <= 2.11:
- CVE-2012-1297 for CSRF (Delete Admin- Delete Article)
SyndeoCMS <= 3.0:
- CVE-2012-1203 for CSRF Vulnerability
SocialCMS <= 1.0.2:
- CVE-2012-1416 for CSRF Vulnerabilities
PlumeCMS <= 1.2.4:
- CVE-2012-1414 for CSRF Vulnerability