Callisto 821+R3 Cross Site Request Forgery

Hello list! After all my advisories about vulnerabilities in Callisto 821+ http://seclists.org/fulldisclosure/2011/Aug/1 and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new devices...

CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...

Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...

Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...

CSRF, XSS and Redirector vulnerabilities in IBM Lotus Notes Traveler

Hello 3APA3A! These are Cross-Site Request Forgery, Cross-Site Scripting and Redirector vulnerabilities in IBM Lotus Notes Traveler. They are similar to CSRF, XSS and Redirector vulnerabilities in IBM Lotus Domino http://securityvulns.ru/docs29060.html, which I announced at 19.05.2012 and disclos...

XSS and CS vulnerabilities in Dotclear

Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've wrote about vulnerabilities in Swfupload in November 2012...

XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress

Hello 3APA3A! These are Cross-Site Scripting and Full path disclosure vulnerabilities in multiple themes for WordPress with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103. I wrote that this is very...

Dotclear 2.4.4 Cross Site Scripting / Content Spoofing

Hello list! These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've wrote about vulnerabilities in Swfupload in November 2012...

ZeroClipbord.swf Cross Site Scripting / Path Disclosure

Hello list! These are Cross-Site Scripting and Full path disclosure vulnerabilities in multiple themes for WordPress with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103. I wrote that this is very...

Brute Force и XSS уязвимость в Wordpress

Здравствуйте 3APA3A! Сообщаю вам об ещё одной уязвимости в WordPress, о которой мне известно уже давно - это Brute Force через XML-RPC функционал в WordPress. Brute Force WASC-11: http://site/xmlrpc.php В данном функционале нет защиты от Brute Force атак. При отправке соответствующих POST-запросо...

Brute Force и XSS уязвимости в Webglimpse

Здравствуйте 3APA3A! После предыдущих многочисленных Cross-Site Scripting, Full path disclosure, Directory Traversal и Authorization bypass уязвимостей в Webglimpse SecurityVulns ID: 9436, 9443, 9778, 9876, сообщаю вам о найденных мною новых уязвимостях в Webglimpse. Это Brute Force и Cross-Site...

Artefact St. CMS Cross Site Scripting / Path Disclosure

I want to warn you about Cross-Site Scripting, Brute Force and Full path disclosure vulnerabilities in Artefact St. CMS. It's Ukrainian commercial CMS. SecurityVulns ID: 11531. ------------------------- Affected products: ------------------------- Vulnerable are all versions of Artefact St. CMS a...

W-Agora 4.2.1 Cross Site Scripting / Local File Inclusion

Hello list! I want to warn you about Cross-Site Scripting, Local File Inclusion and Brute Force vulnerabilities in W-Agora. SecurityVulns ID: 11499. ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous versions. ---------- Details:...

Firebook 3.100328 Cross Site Scripting / Disclosure

Hello list! I want to warn you about Insufficient Anti-automation, Abuse of Functionality, Information Leakage and Cross-Site Scripting vulnerabilities in Firebook. SecurityVulns ID: 11396. ------------------------- Affected products: ------------------------- Vulnerable are Firebook 3.100328 and...

W-Agora 4.2.1 Cross Site Scripting / Denial Of Service / SQL Injection

Hello Packet Storm! I want to warn you about Cross-Site Scripting, SQL DB Structure Extraction, SQL Injection and Denial of Service vulnerabilities in W-Agora. SecurityVulns ID: 11324. ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous...

Joostina 1.3.0 Cross Site Scripting

Hello Full-Disclosure! I want to warn you about Cross-Site Scripting vulnerability in Joostina. Joostina CMS - it's a fork of Joomla. This vulnerability is similar to XSS vulnerability in Joomla 1.0.x found by Aung Khant...

Fabrica Engine 2.1 Cross Site Scripting / Denial Of Service / SQL Injection

Hello Bugtraq! I want to warn you about Cross-Site Scripting, Denial of Service and SQL Injection vulnerabilities in Fabrica Engine which I found in 2008 and 2009 at web site of one online shop. It's commercial engine for online shops. SecurityVulns ID: 11274. ------------------------- Affected...

CMS WebManager-Pro SQL Injection

Hello Bugtraq! I want to warn you about SQL Injection and Redirector URL Redirector Abuse vulnerabilities in CMS WebManager-Pro SecurityVulns ID:11108. It's Ukrainian commercial CMS. SQL Injection: http://site/c.php?id=1%20and%20version=5 Redirector:...

Cetera eCommerce 14.0 Cross Site Scripting / SQL Injection

============================================================= I want to warn you about security vulnerabilities in Cetera eCommerce. Which I disclosed already in December 2009 SecurityVulns ID: 10489. ----------------------------- Advisory: Vulnerabilities in Cetera eCommerce...

SimpGB 1.37.3 Cross Site Scripting

Hello Full-Disclosure! I want to warn you about security vulnerabilities in SimpGB. Earlier I already wrote about other vulnerabilities in SimpGB - SecurityVulns ID: 10412 http://securityvulns.ru/news/CGI/2009.11.19.html. ----------------------------- Advisory: Cross-Site Scripting vulnerabilitie...