MITRE CVE Numbering Authority

I ‘m proud to announce that “MITRE CVE Numbering Authority” has assigned me eleven (11) CVE numbers for vulnerabilities that I’ve discovered in last days. In details:

DFLabs PTK <= 1.0.5:

  • CVE-2012-1415 for Multiple Vulnerabilities (Steal Authentication Credentials)

Fork CMS <= 3.2.5:

  • CVE-2012-1306 for “Delete Admins or Users” and “Delete Web Pages” issues.
  • CVE-2012-1307 for “poor logic to manage sessions” form_token issue.
  • CVE-2012-1304 for XSS into private/en/blog/settings and private/en/users/index issues.
  • CVE-2012-1305 for XSS into private/en/pages/settings issue.

D-Link DSL-2640B (ADSL Router):

  • CVE-2012-1308 for CSRF Vulnerability
  • CVE-2012-1309 for Authentication Bypass

 ContaoCMS (fka TYPOlight) <= 2.11:

  • CVE-2012-1297 for CSRF (Delete Admin- Delete Article)

SyndeoCMS <= 3.0:

  • CVE-2012-1203 for CSRF Vulnerability

SocialCMS <= 1.0.2:

  • CVE-2012-1416 for CSRF Vulnerabilities

PlumeCMS <= 1.2.4:

  • CVE-2012-1414 for CSRF Vulnerability

Secunia – Contao cms (fka TYPOlight) CSRF Vulnerability

Secunia has published my new security Adsvisory regarding a new vulnerability found in latest release (and lower) of Contao CMS(fka TYPOlight). This vulnerability allows an attacker to delete administrator/users, articles, news, newsletter andmodify many other parameters.

To read Secunia’s Advisory:

To learn more about my Original Advisory:

Secunia – Webfolio cms CSRF Vulnerability

Today Secunia published a my security Adsvisory regarding a new vulnerability found in Webfolio CMS which allows to add a new administrator account, modify published web pages and change many other parameters of latest release (and below) of Webfolio CMS.

To read Secunia’s Advisory:

For know more about my original Advisory: