MITRE CVE Numbering Authority

Posted on February 29, 2012

I ‘m proud to announce that “MITRE CVE Numbering Authority” has assigned me eleven (11) CVE numbers for vulnerabilities that I’ve discovered in last days. In details:

DFLabs PTK <= 1.0.5:

CVE-2012-1415 for Multiple Vulnerabilities (Steal Authentication Credentials)

Fork CMS <= 3.2.5:

CVE-2012-1306 for “Delete Admins or Users” and “Delete Web Pages” issues.
CVE-2012-1307 for “poor logic to manage sessions” form_token issue.
CVE-2012-1304 for XSS into private/en/blog/settings and private/en/users/index issues.
CVE-2012-1305 for XSS into private/en/pages/settings issue.

D-Link DSL-2640B (ADSL Router):

CVE-2012-1308 for CSRF Vulnerability
CVE-2012-1309 for Authentication Bypass

ContaoCMS (fka TYPOlight) <= 2.11:

CVE-2012-1297 for CSRF (Delete Admin- Delete Article)

SyndeoCMS <= 3.0:

CVE-2012-1203 for CSRF Vulnerability

SocialCMS <= 1.0.2:

CVE-2012-1416 for CSRF Vulnerabilities

PlumeCMS <= 1.2.4:

CVE-2012-1414 for CSRF Vulnerability

Kaspersky Lab – Webfolio CMS Vulnerability

Posted on February 29, 2012

Kaspersky Lab published my new Advisory regarding a new vulnerability which affects all versions of Webfolio CMS.

For read Kaspersky Lab’s Advisory:
http://www.securelist.com/en/advisories/48190

For read my Original Advisory:
http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html

Secunia – Contao cms (fka TYPOlight) CSRF Vulnerability

Posted on February 29, 2012

Secunia has published my new security Adsvisory regarding a new vulnerability found in latest release (and lower) of Contao CMS(fka TYPOlight). This vulnerability allows an attacker to delete administrator/users, articles, news, newsletter andmodify many other parameters.

To read Secunia’s Advisory:
http://secunia.com/advisories/48180/

To learn more about my Original Advisory:

http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html

Secunia – Webfolio cms CSRF Vulnerability

Posted on February 29, 2012

Today Secunia published a my security Adsvisory regarding a new vulnerability found in Webfolio CMS which allows to add a new administrator account, modify published web pages and change many other parameters of latest release (and below) of Webfolio CMS.

To read Secunia’s Advisory:
http://secunia.com/advisories/48190

For know more about my original Advisory:
http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html

Ivano Binetti

Personal Blog

Daily Archives: February 29, 2012

MITRE CVE Numbering Authority

Kaspersky Lab – Webfolio CMS Vulnerability

Secunia – Contao cms (fka TYPOlight) CSRF Vulnerability

Secunia – Webfolio cms CSRF Vulnerability

February 2012
M	T	W	T	F	S	S
« Jan				Mar »
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29