OSVDB (http://osvdb.org) – vulnerability DB sponsored by Nessus (http://www.tenable.com) – published my ForkCMS 3.2.6 (and lower) vulnerability.
Here you can read more details:
http://osvdb.org/show/osvdb/79444
Category Archives: OSVDB
DFLabs PTK <= 1.0.5 Multiple Vulnerabilities (Steal Authentication Credentials)
To view my Original Advisory:
DFLabs PTK 1.0.5 Multiple Vulnerabilities (Steal Authentication Credentials)
Other related publications:
http://osvdb.org/show/osvdb/80765
http://xforce.iss.net/xforce/xfdb/73404
http://www.exploit-db.com/exploits/18513/
http://packetstormsecurity.org/files/110102/DFLabs-PTK-1.0.5-Cross-Site-Request-Forgery.html
http://1337day.com/exploits/17564
D-Link DSL-2640B Authentication Bypass
This router allows an attacker to bypass authentication and to login with administrator (“admin”) credentials. In fact when the administrator is logged in and an internal attacker will connect to web management interface (default is http://192.168.1.1:80) he will be able to see the MAC Address of logged admin. Symply changing his MAC Address the attacker can bypass authentication and login as administrator.
Fore more details
http://www.exploit-db.com/exploits/18511/
http://packetstormsecurity.org/files/110117/D-Link-DSL-2640B-Authentication-Bypass.html
http://www.securityfocus.com/bid/52129
http://xforce.iss.net/xforce/xfdb/73379
http://osvdb.org/79617
http://1337day.com/exploit/17562
Cisco Linksys WAG54GS (ADSL Router) change admin password
Today I found a new “0day” vulnerability into Cisco Linksys WAG54GS Wifi Adsl Router and published related exploit in order to change default administrator (“admin”) password.
To view my Original Advisory:
Cisco Linksys WAG54GS CSRF Original Advisory
Other related publications:
http://osvdb.org/show/osvdb/80809
http://www.exploit-db.com/exploits/18503/
http://packetstormsecurity.org/files/110040/Cisco-Linksys-WAG54GS-Cross-Site-Request-Forgery.html
http://www.securityfocus.com/bid/52105
You can simply modify this exploit in order to change other router’s parameters.
PlumeCMS <= 1.2.4 CSRF "0day" Vulnerability
New “0day” vulnerability discovered regarding PluseCMS.
For more details:
http://osvdb.org/show/osvdb/80807
http://www.exploit-db.com/author/?a=3557
http://packetstormsecurity.org/files/author/9536/