My Publications

Following  the list of the main publications related to my security advisories:

Apache Tomcat Manager CSRF Vulnerability
Google Translate Cross Site Request Forgery Vulnerability

US-CERT / Security Bulletin SB13-329 (vulnerability CVE-2013-2271)
US-CERT / Security Bulletin SB13-322 (vulnerability CVE-2013-6357)
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004
http://www.eeye.com/resources/security-center/research/zero-day-tracker/2013/20130210
http://www.securityfocus.com/bid/63515
http://www.securityfocus.com/bid/62356/
http://www.securityfocus.com/bid/58266/
http://www.securityfocus.com/bid/52105
http://www.securityfocus.com/bid/52096
http://www.securityfocus.com/bid/52129
http://www.securityfocus.com/bid/52218
http://www.securityfocus.com/bid/52335
http://www.securityfocus.com/bid/52700
http://www.securityfocus.com/bid/52726
http://www.securityfocus.com/bid/52840
http://www.securityfocus.com/bid/52850
http://www.securityfocus.com/bid/52890
http://www.securityfocus.com/bid/53280
http://www.securityfocus.com/bid/58266/info
http://secunia.com/advisories/48067
http://secunia.com/advisories/48180/
http://secunia.com/advisories/48190
http://secunia.com/advisories/48053
http://secunia.com/advisories/39961
http://secunia.com/advisories/48451
http://secunia.com/advisories/48520
http://secunia.com/advisories/cve_reference/CVE-2007-6752/
http://secunia.com/advisories/48685
http://secunia.com/advisories/44313
http://secunia.com/advisories/48840/
http://secunia.com/advisories/40133
http://secunia.com/advisories/54795
http://osvdb.org/show/osvdb/99375
http://osvdb.org/show/osvdb/79444
http://osvdb.org/show/osvdb/79272
http://osvdb.org/show/osvdb/79658
http://osvdb.org/show/osvdb/79410
http://osvdb.org/show/osvdb/79635
http://osvdb.org/show/osvdb/79658
http://osvdb.org/show/osvdb/80218
http://osvdb.org/show/osvdb/80187
http://osvdb.org/show/osvdb/79617
http://osvdb.org/show/osvdb/80298
http://osvdb.org/show/osvdb/80335
http://osvdb.org/show/osvdb/80538
http://osvdb.org/show/osvdb/80537
http://osvdb.org/show/osvdb/80618
http://osvdb.org/show/osvdb/80746
http://osvdb.org/show/osvdb/80794
http://osvdb.org/show/osvdb/80793
http://osvdb.org/show/osvdb/80809
http://osvdb.org/show/osvdb/80803
http://osvdb.org/show/osvdb/80807
http://osvdb.org/show/osvdb/80918
http://osvdb.org/show/osvdb/80960
http://osvdb.org/show/osvdb/80961
http://osvdb.org/show/osvdb/80665
http://osvdb.org/show/osvdb/80765
http://osvdb.org/show/osvdb/81588
http://osvdb.org/show/osvdb/82075
http://osvdb.org/show/osvdb/82076
http://osvdb.org/show/osvdb/82077
http://osvdb.org/show/osvdb/82078
http://osvdb.org/show/osvdb/82079
http://osvdb.org/show/osvdb/82080
http://www.osvdb.org/show/osvdb/90822
http://osvdb.org/show/osvdb/97278
http://xforce.iss.net/xforce/xfdb/73394
http://xforce.iss.net/xforce/xfdb/73345
http://xforce.iss.net/xforce/xfdb/73379
http://xforce.iss.net/xforce/xfdb/73316
http://xforce.iss.net/xforce/xfdb/73317
http://xforce.iss.net/xforce/xfdb/73319
http://xforce.iss.net/xforce/xfdb/73404
http://xforce.iss.net/xforce/xfdb/73738
http://xforce.iss.net/xforce/xfdb/73674
http://xforce.iss.net/xforce/xfdb/74022
http://xforce.iss.net/xforce/xfdb/73902
http://xforce.iss.net/xforce/xfdb/73479
http://xforce.iss.net/xforce/xfdb/74284
http://xforce.iss.net/xforce/xfdb/74285
http://xforce.iss.net/xforce/xfdb/74539
http://xforce.iss.net/xforce/xfdb/74540
http://xforce.iss.net/xforce/xfdb/74614
http://xforce.iss.net/xforce/xfdb/74128
http://xforce.iss.net/xforce/xfdb/74541
http://xforce.iss.net/xforce/xfdb/74563
http://xforce.iss.net/xforce/xfdb/75222
http://xforce.iss.net/xforce/xfdb/87036
http://www.securelist.com/en/advisories/48067
http://www.securelist.com/en/advisories/48190
http://www.securelist.com/en/advisories/48180
http://www.securelist.com/en/advisories/39961
http://www.securelist.com/en/advisories/48451
http://www.securelist.com/en/advisories/48520
http://www.securelist.com/en/advisories/44313
http://www.securelist.com/en/advisories/48685
http://www.securelist.com/en/advisories/54795
http://www.exploit-db.com/exploits/18487/
http://www.exploit-db.com/exploits/29435/
http://www.exploit-db.com/exploits/18498/
http://www.exploit-db.com/exploits/18502/
http://www.exploit-db.com/exploits/18499/
http://www.exploit-db.com/exploits/18563/
http://www.exploit-db.com/exploits/18503/
http://www.exploit-db.com/exploits/18511/
http://www.exploit-db.com/exploits/18513/
http://www.exploit-db.com/exploits/18527/
http://www.exploit-db.com/exploits/18536/
http://www.exploit-db.com/exploits/18564/
http://www.exploit-db.com/exploits/18575/
http://www.exploit-db.com/exploits/18597/
http://www.exploit-db.com/exploits/18609/
http://www.exploit-db.com/exploits/18652/
http://www.exploit-db.com/exploits/18651/
http://www.exploit-db.com/exploits/18686/
http://www.exploit-db.com/exploits/18694/
http://www.exploit-db.com/exploits/18699/
http://www.exploit-db.com/exploits/18791/
http://www.exploit-db.com/exploits/24563/
http://www.exploit-db.com/exploits/28239/
http://packetstormsecurity.com/files/123894/Apache-Tomcat-5.5.25-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/109979/D-Link-DSL-2640B-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/109978/SyndeoCMS-3.0-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/109980/PlumeCMS-1.2.4-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/110040/Cisco-Linksys-WAG54GS-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/110048/ForkCMS-3.2.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
http://packetstormsecurity.org/files/110069/Secunia-Security-Advisory-48067.html
http://packetstormsecurity.org/files/110102/DFLabs-PTK-1.0.5-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/110117/D-Link-DSL-2640B-Authentication-Bypass.html
http://packetstormsecurity.org/files/110229/Secunia-Security-Advisory-48180.html
http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/110305/Secunia-Security-Advisory-48190.html
http://packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/110404/Drupal-CMS-7.12-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/110546/Jobrapido.com-Cross-Site-Scripting.html
http://packetstormsecurity.org/files/110524/Webfolio-CMS-1.1.4-Cross-Site-Scripting.html
http://packetstormsecurity.org/files/110593/RazorCMS-1.2.1-STABLE-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/110770/Sitecom-WLM-2501-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/110915/FlexCMS-3.2.1-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/110982/Secunia-Security-Advisory-48451.html
http://packetstormsecurity.org/files/111115/Sitecom-WLM-2501-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
http://packetstormsecurity.org/files/111185/Wolf-CMS-0.75-Persistent-Cross-Site-Scripting.html
http://packetstormsecurity.org/files/111405/SyndeoCMS-3.0.01-Cross-Site-Scripting.html
http://packetstormsecurity.org/files/111408/Simple-PHP-Agenda-2.2.8-Cross-Site-Request-Forgery.html
http://packetstormsecurity.org/files/111409/SocialCMS-1.0.2-Cross-Site-Scripting.html
http://packetstormsecurity.org/files/111466/Secunia-Security-Advisory-48685.html
http://packetstormsecurity.org/files/111486/CMS-Made-Simple-1.10.3-Cross-Site-Scripting.html
http://packetstormsecurity.org/files/111596/PlumeCMS-1.2.4-Cross-Site-Scripting.html
http://packetstormsecurity.org/files/111941/Secunia-Security-Advisory-48840.html
http://packetstormsecurity.org/files/112253/WordPress-3.3.1-Cross-Site-Request-Forgery.html
http://packetstormsecurity.com/files/120613/D-Link-DSL-2740B-Authentication-Bypass.html
http://1337day
.com/author/3218
https://bugzilla.redhat.com/show_bug.cgi?id=807859
http://en.securitylab.ru/nvd/422373.php
https://bugs.launchpad.net/bugs/cve/2012-1297
http://cxsecurity.com/cveshow/CVE-2012-1297/
http://www.websecuritywatch.com/sitecom-wlm-2501-multiple-xsrf/
http://www.websecuritywatch.com/razorcms-1-2-1-stable-cross-site-request-forgery/
http://www.websecuritywatch.com/plumecms-1-2-4-cross-site-request-forgery/
http://www.scip.ch/en/?vuldb.7851
http://www.scip.ch/en/?vuldb.11098
http://www.websecuritywatch.com/plumecms-1-2-4-cross-site-request-forgery/

I also received the following CVEs indentifiers from MITRE CVE Numbering Authority:

CVE-2013-5730 for D-link 2740-B Multiple CSRF Vulnerabilities
CVE-2013-2271 for D-link 274-B Authentication Bypass
CVE-2012-1203 for Syndeo CMS <= 3.0
CVE-2012-1297 for Contao CMS (fka TYPOlight) <= 2.11
CVE-2012-1304 for Fork CMS <= 3.2.5
CVE-2012-1305 for Fork CMS <= 3.2.5
CVE-2012-1306 for Fork CMS <= 3.2.5
CVE-2012-1307 for Fork CMS <= 3.2.5
CVE-2012-1308 for D-Link DSL-2640B
CVE-2012-1309 for D-Link DSL-2640B
CVE-2012-1416 for SocialCMS <= 1.0.2
CVE-2012-1414 for PlumeCMS <= 1.2.4 CSRF
CVE-2012-1415 for DFLabs PTK <= 1.0.5
CVE-2012-1498 for WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages)
CVE-2012-1899 for Multiple XSS Vulnerabilities in Webfolio CMS <= 1.1.4
CVE-2012-1900 for CSRF Vulnerability (Delete Web Pages) in Razor CMS <= 1.2.1
CVE-2012-1901 for FlexCMS 3.2.1 Multiple CSRF
CVE-2012-1897 for Multiple XSS in Wolf CMS <= 0.75
CVE-2012-1898 for Multiple CSRF in Wolf CMS <= 0.75
CVE-2012-1921 for Sitecom WLM-2501 Change Wireless Passphrase
CVE-2012-1922 for Sitecom WLM-2501 new Multiple CSRF
CVE-2012-1932 for Wolf CMS <= 0.75 Persistent XSS
CVE-2012-1936 for WordPress 3.3.1 CSRF Vulnerability
CVE-2012-1978 for Simple Php Agenda <= 2.2.8 CSRF
CVE-2012-1979 for SyndeoCMS <= 3.0.01 Persistent XSS
CVE-2012-1982 for SocialCMS <= 1.0.2 XSS (Persistent and Reflected) Vulnerabilities
CVE-2012-1992 for CMS Made Simple <= 1.10.3 XSS Vulnerability
CVE-2012-2156 for PlumeCMS <= 1.2.4 Multiple Persistent XSS
CVE-2007-6752 for Drupal 7.12 CSRF Vulnerability (force user/logout – section 2.2, 3.2)

NIST – NVDB (National Vulnerability Database) published the following my vulnerabilies/exploits:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6357
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1936
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1414
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1992
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1416
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1982
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1979
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1897
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1898
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1900
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1297
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6752
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1498
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1899
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1979
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2156
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1414
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1308
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1922

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>