Fore more details, please read my Advisor:
D-Link DSL-2740B (ADSL Router) Authentication Bypass

MITRE CVE Numbering Authority assigned me CVE-2013-2271 for this vulnerability.

This advisory has been published in the following web sites:
http://www.securityfocus.com/bid/58266/info
http://packetstormsecurity.com/files/120613/dlinkdsl2740b-bypass.txt
http://1337day.com/exploits/20469
http://www.exploit-db.com/exploits/24563/
http://www.osvdb.org/show/osvdb/90822
http://cxsecurity.com/issue/WLB-2013030027
http://www.scip.ch/?vuldb.7851

CSRF Vulnerabilities
Axous 1.1.1 (and below) suffers from multiple CSRF vulnerabilities which could allow an attacker to change any parameters when an authenticated  user/admin browses a special crafted web page. In this Advisory I will only demonstrate how to add a new administrator but, with little modifications to my exploit, you can modify any Axous’s parameters, as Axous does not use an anti-CSRF token.

Persistent XSS Vulnerabilities
Axous 1.1.1 (and below) is prone to multiple persistent XSS vulnerabilities due to an improper input sanitization of the following parameters:
- “page_title” passed to server side logic (path: “admin/content_pages_edit.php”) via http POST method.
Exploiting “page_title” parameter an authenticated administrator could insert arbitrary code in “Title” field, and execute it when another administrator clicks on “Pages” link or on that specific pages under “Title” menu.
Furthermore injected code will generate a persistent XSS for all unauthenticated users visiting that web page.
- “category_name[1]” passed to server side logic (path:”admin/products_category.php”) via http POST method.
Exploiting “category_name[1]” parameter an administrator could insert arbitrary code in “Category” field (under “Control Panel > Products”)
and create a persistent XSS for another administrator who clicks on the “Add New” button (always under “Control Panel > Products”).

-”site_name”, “seo_title” and “meta_keywords” parameters passed to “admin/settings_siteinfo.php” script via http POST method.
Exploiting these parameters an authenticated administrator could insert arbitrary code and create a persistent XSS for another administrator
who clicks “Site info” link under Settings menu.

- “company_name”, “address1″, “address2″, “city”, “state”, “country”, “author_first_name”, “author_last_name”, “author_email”, “contact_first_name”, “contact_last_name”, “contact_email”, “general_email”, “general_phone”, “general_fax”, “sales_email”, “sales_phone”, “support_email”, “support_phone” passed to “admin/settings_company.php” script via http POST method.
Exploiting these parameters an authenticated administrator could insert arbitrary code and create a persistent XSS for another administrator who visits that injected menu.

- “system_email”, “sender_name”, “smtp_server”, “smtp_username”, “smtp_password”, “order_notice_email” parameters passed to “admin/settings_email.php” via httl POSt method.
Exploiting these parameters an authenticated administrator could insert arbitrary code and create a persistent XSS for another administrator who clicks “Site info” link under Settings menu.

Other parameters could be injected!

To view my Original Advisory:
Axous 1.1.1 Multiple Vulnerabilities (CSRF – Persistent XSS)

MITRE CVE Numbering Authority assigned me CVE-2012-2629 for these vulnerabilities.

This advisory has been published in the following web sites:
http://xforce.iss.net/xforce/xfdb/75675
http://osvdb.org/show/osvdb/82075
http://osvdb.org/show/osvdb/82076
http://osvdb.org/show/osvdb/82077
http://osvdb.org/show/osvdb/82078
http://osvdb.org/show/osvdb/82079
http://osvdb.org/show/osvdb/82080
http://packetstormsecurity.org/files/112748/Axous-1.1.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
http://www.exploit-db.com/exploits/18886/
http://www.1337day.com/exploits/18277

• Add admin/user
• Delete Admin/User
• Approve comment
• Unapprove comment
• Delete comment
• Change background image
• Insert custom header image
• Change site title
• Change administrator’s email
• Change WordPress Address
• Change Site Address

Other operations (like insert a new post) are not affected by this CSRF vulnerability.

Probably also version 3.3.2 is affected by this CSRF vulnerability.

To view my Original Advisory:
WordPress 3.3.1 Multiple CSRF Vulnerabilities

MITRE CVE Numbering Authority assigned me CVE-2012-1936 for this vulnerability.

This Security Advisory was also published in the following web sites:
http://www.securityfocus.com/bid/53280
http://osvdb.org/show/osvdb/81588
http://xforce.iss.net/xforce/xfdb/75222
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1936
http://packetstormsecurity.org/files/112253/WordPress-3.3.1-Cross-Site-Request-Forgery.html
http://1337day.com/exploits/18138
http://www.exploit-db.com/exploits/18791/
http://www.cvedetails.com/cve/CVE-2012-1936/
http://www.exploit-id.com/web-applications/wordpress-3-3-1-multiple-csrf-vulnerabilities

• “u_email” and “u_realname” parameters are not correctly sanitized before being passed to server side script “manager/users.php” via http POST method. An attacker – who is able to change his profile settings – could insert malicious code into “Email” and/or “Name” fields- within “Authors” template – in order to create a persistent XSS vulnerability for all user/admin who access to Plume’s management interface.
• An unauthenticated user could insert html/javascript code in “Author” field within “ADD A COMMENT” section – which is present in every web page – due to an incorrect sanitization of “c_author” parameter. This will produce a Persistent XSS vulnerability for all user/admin who will click on “Comments” tab within Plume’s administration interface.

To view my Original Advisory:
PlumeCMS 1.2.4 Multiple Permanent XSS

MITRE CVE Numbering Authority assigned me CVE-2012-2156 for this vulnerability

Other Advisory’s publications:
http://www.securityfocus.com/bid/52890
http://secunia.com/advisories/40133
http://xforce.iss.net/xforce/xfdb/74614
http://osvdb.org/show/osvdb/80960
http://osvdb.org/show/osvdb/80961
http://packetstormsecurity.org/files/111596/PlumeCMS-1.2.4-Cross-Site-Scripting.html
http://www.exploit-db.com/exploits/18699/
http://1337day.com/exploits/17963
http://www.thecybernuxbie.com/exploit-report/plumecms-1-2-4-multiple-persistent-xss.aspx
http://www.x-bug.com/exploits/221

To view my Original Advisory:
CMS Made Simple <= 1.10.3 XSS Original Advisory

MITRE CVE Numbering Authority assigned me CVE-2012-1992 for this vulnerability.

This vulnerability has been also published in the following web sites:
http://osvdb.org/show/osvdb/80918
http://www.securityfocus.com/bid/52850/
http://xforce.iss.net/xforce/xfdb/74563
http://packetstormsecurity.org/files/111486/CMS-Made-Simple-1.10.3-Cross-Site-Scripting.html
http://1337day.com/exploits/17921

Improper input sanitization of “TR_title” parameter causes also a Reflected XSS for the user which inserts html/javascript code.

MITRE CVE Numbering Authority assigned me CVE-2012-1982 for this vulnerability.

To view my Original Advisory:
SocialCMS 1.0.2 XSS (Persistent and Reflected) Advisory

Other related publications:
http://secunia.com/advisories/44313
http://osvdb.org/show/osvdb/80794
http://xforce.iss.net/xforce/xfdb/74540
http://xforce.iss.net/xforce/xfdb/74541
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1982
http://www.us-cert.gov/cas/bulletins/SB12-100.html
http://packetstormsecurity.org/files/111409/SocialCMS-1.0.2-Cross-Site-Scripting.html
http://www.securelist.com/en/advisories/44313
http://1337day.com/exploits/17895
http://www.cvedetails.com/cve/CVE-2012-1982/

MITRE CVE Numbering Authority assigned me CVE-2012-1979 for this vulnerability.

To view my Original Advisory:
SyndeoCMS <= 3.0.01 Persistent XSS Advisory

Other related publications:
http://osvdb.org/show/osvdb/80746
http://www.securityfocus.com/bid/52840
http://xforce.iss.net/xforce/xfdb/74545
http://packetstormsecurity.org/files/111405/SyndeoCMS-3.0.01-Cross-Site-Scripting.html
http://www.exploit-db.com/exploits/18686/
http://1337day.com/exploits/17894
http://www.thecybernuxbie.com/exploit-report/syndeocms-3-0-01-persistent-xss-vulnerability.aspx

To view my Original Advisory:
Simple PHP Agenda 2.2.8 Multiple CSRF Advisory

MITRE CVE Numbering Authority for this vulnerability assigned me CVE-2012-1978

Other related publications:
http://secunia.com/advisories/48685
http://www.osvdb.org/show/osvdb/80793
http://xforce.iss.net/xforce/xfdb/74539
http://packetstormsecurity.org/files/111408/Simple-PHP-Agenda-2.2.8-Cross-Site-Request-Forgery.html
http://www.securelist.com/en/advisories/48685
http://1337day.com/exploits/17893
http://www.thecybernuxbie.com/exploit-report/simple-php-agenda-2-2-8-csrf-add-adminadd-new-event.aspx

CVE-2007-6752 for Drupal 7.12 CSRF Vulnerability (force user/logout – sections 2.2, 3.2)
CVE-2012-1899 for Multiple XSS Vulnerabilities in Webfolio CMS <= 1.1.4
CVE-2012-1900 for CSRF Vulnerability (Delete Web Pages) in Razor CMS <= 1.2.1
CVE-2012-1901 for FlexCMS 3.2.1 Multiple CSRF
CVE-2012-1897 for Multiple XSS in Wolf CMS <= 0.75
CVE-2012-1898 for Multiple CSRF in Wolf CMS <= 0.75
CVE-2012-1921 for Sitecom WLM-2501 Change Wireless Passphrase
CVE-2012-1922 for Sitecom WLM-2501 new Multiple CSRF
CVE-2012-1932 for Wolf CMS <= 0.75 Persistent XSS

Regarding my Drupal 7.12 Advisory, Mitre considers that:

• Sections 2.1 and 3.1  – Poor Session Checking (CSRF to change any Drupal settings) – would be a Drupal’s “Security Improvement”.
• Section 2.3 – Poor Session Checking (POST and GET method) – and section 2.4 - Poor Session Checking (Http Referer) - would be Drupal’s “Potential Security Improvements”.

To view my Original Advisory:
Wolfcms 0.75 new Pesistent XSS

Other related publications:
Packetstorm
Inj3ct0r
Security Focus
CVE-2012-1932
OSVDB