OSVDB (famous Vulnerability DB sponsored by Nessus) has published my Advisory related to SyndeoCMS
For more details about OSVDB 79410 Advsory:
http://osvdb.org/show/osvdb/79410
My original Advisory:
http://ivanobinetti.blogspot.com/2012/02/syndeocms-30-csrf-vulnerability.html
Yesterday IBM X-Force published my Advisory regarding a new CSRF vulneability that I’ve found in SyndeoCMS http://ivanobinetti.blogspot.com/2012/02/syndeocms-30-csrf-vulnerability.html
This vulnerability allows an attacker to change administrator password and gain access to the system.
IBM classified this vulnerability as “Highly Exploitable”.
For more details about IBM X-Force publication:
http://xforce.iss.net/xforce/xfdb/73319
ContaoCMS (fka TYPOlight) 2.11 version (and lower) in affected by a CSRF vulnerability which allows to delete administrator/users, delete article, news, newsletter and so on.
I’ve created an Advisory describing this vulnerability and the methods to exploit it:
ContaoCMS Ivano Binetti’s Advisory
Other web sites have reported my security Advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1297
http://osvdb.org/show/osvdb/79635
http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html
http://www.exploit-db.com/exploits/18527/
http://secunia.com/advisories/48180/
http://www.securelist.com/en/advisories/48180
http://xforce.iss.net/xforce/xfdb/73479
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1297
https://bugs.launchpad.net/bugs/cve/2012-1297
http://cxsecurity.com/cveshow/CVE-2012-1297/
http://www.cvedetails.com/cve/CVE-2012-1297/
Few days ago I discovered a new CSRF vulnerability (http://ivanobinetti.blogspot.com/2012/02/plumecms-124-csrf-0day-vulnerability.html which affects all versions – included latest (1.2.4) – of Pluse CMS.
Today IBM X-Force published my Advisory and classified the “Exploitability:” of this vulnerability as “High”.
Fore more details:
http://xforce.iss.net/xforce/xfdb/73317