My Publications

Following  the list of the main publications related to my security advisories:

Apache Tomcat Manager CSRF Vulnerability
Google Translate Cross Site Request Forgery Vulnerability

US-CERT / Security Bulletin SB13-329 (vulnerability CVE-2013-2271)
US-CERT / Security Bulletin SB13-322 (vulnerability CVE-2013-6357)

I also received the following CVEs indentifiers from MITRE CVE Numbering Authority:

CVE-2013-5730 for D-link 2740-B Multiple CSRF Vulnerabilities
CVE-2013-2271 for D-link 274-B Authentication Bypass
CVE-2012-1203 for Syndeo CMS <= 3.0
CVE-2012-1297 for Contao CMS (fka TYPOlight) <= 2.11
CVE-2012-1304 for Fork CMS <= 3.2.5
CVE-2012-1305 for Fork CMS <= 3.2.5
CVE-2012-1306 for Fork CMS <= 3.2.5
CVE-2012-1307 for Fork CMS <= 3.2.5
CVE-2012-1308 for D-Link DSL-2640B
CVE-2012-1309 for D-Link DSL-2640B
CVE-2012-1416 for SocialCMS <= 1.0.2
CVE-2012-1414 for PlumeCMS <= 1.2.4 CSRF
CVE-2012-1415 for DFLabs PTK <= 1.0.5
CVE-2012-1498 for WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages)
CVE-2012-1899 for Multiple XSS Vulnerabilities in Webfolio CMS <= 1.1.4
CVE-2012-1900 for CSRF Vulnerability (Delete Web Pages) in Razor CMS <= 1.2.1
CVE-2012-1901 for FlexCMS 3.2.1 Multiple CSRF
CVE-2012-1897 for Multiple XSS in Wolf CMS <= 0.75
CVE-2012-1898 for Multiple CSRF in Wolf CMS <= 0.75
CVE-2012-1921 for Sitecom WLM-2501 Change Wireless Passphrase
CVE-2012-1922 for Sitecom WLM-2501 new Multiple CSRF
CVE-2012-1932 for Wolf CMS <= 0.75 Persistent XSS
CVE-2012-1936 for WordPress 3.3.1 CSRF Vulnerability
CVE-2012-1978 for Simple Php Agenda <= 2.2.8 CSRF
CVE-2012-1979 for SyndeoCMS <= 3.0.01 Persistent XSS
CVE-2012-1982 for SocialCMS <= 1.0.2 XSS (Persistent and Reflected) Vulnerabilities
CVE-2012-1992 for CMS Made Simple <= 1.10.3 XSS Vulnerability
CVE-2012-2156 for PlumeCMS <= 1.2.4 Multiple Persistent XSS
CVE-2007-6752 for Drupal 7.12 CSRF Vulnerability (force user/logout – section 2.2, 3.2)

NIST – NVDB (National Vulnerability Database) published the following my vulnerabilies/exploits:

Leave a Reply

Your email address will not be published. Required fields are marked *