Callisto 821+R3 Cross Site Request Forgery

Hello list! After all my advisories about vulnerabilities in Callisto 821+ http://seclists.org/fulldisclosure/2011/Aug/1 and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new devices...

Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...

CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...

Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...

CSRF, XSS and Redirector vulnerabilities in IBM Lotus Notes Traveler

Hello 3APA3A! These are Cross-Site Request Forgery, Cross-Site Scripting and Redirector vulnerabilities in IBM Lotus Notes Traveler. They are similar to CSRF, XSS and Redirector vulnerabilities in IBM Lotus Domino http://securityvulns.ru/docs29060.html, which I announced at 19.05.2012 and disclos...

XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress

Hello 3APA3A! These are Cross-Site Scripting and Full path disclosure vulnerabilities in multiple themes for WordPress with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103. I wrote that this is very...

XSS and CS vulnerabilities in Dotclear

Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've wrote about vulnerabilities in Swfupload in November 2012...

Dotclear 2.4.4 Cross Site Scripting / Content Spoofing

Hello list! These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've wrote about vulnerabilities in Swfupload in November 2012...

ZeroClipbord.swf Cross Site Scripting / Path Disclosure

Hello list! These are Cross-Site Scripting and Full path disclosure vulnerabilities in multiple themes for WordPress with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103. I wrote that this is very...

Brute Force и XSS уязвимость в Wordpress

Здравствуйте 3APA3A! Сообщаю вам об ещё одной уязвимости в WordPress, о которой мне известно уже давно - это Brute Force через XML-RPC функционал в WordPress. Brute Force WASC-11: http://site/xmlrpc.php В данном функционале нет защиты от Brute Force атак. При отправке соответствующих POST-запросо...

Brute Force и XSS уязвимости в Webglimpse

Здравствуйте 3APA3A! После предыдущих многочисленных Cross-Site Scripting, Full path disclosure, Directory Traversal и Authorization bypass уязвимостей в Webglimpse SecurityVulns ID: 9436, 9443, 9778, 9876, сообщаю вам о найденных мною новых уязвимостях в Webglimpse. Это Brute Force и Cross-Site...

Artefact St. CMS Cross Site Scripting / Path Disclosure

I want to warn you about Cross-Site Scripting, Brute Force and Full path disclosure vulnerabilities in Artefact St. CMS. It's Ukrainian commercial CMS. SecurityVulns ID: 11531. ------------------------- Affected products: ------------------------- Vulnerable are all versions of Artefact St. CMS a...

W-Agora 4.2.1 Cross Site Scripting / Local File Inclusion

Hello list! I want to warn you about Cross-Site Scripting, Local File Inclusion and Brute Force vulnerabilities in W-Agora. SecurityVulns ID: 11499. ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous versions. ---------- Details:...

Firebook 3.100328 Cross Site Scripting / Disclosure

Hello list! I want to warn you about Insufficient Anti-automation, Abuse of Functionality, Information Leakage and Cross-Site Scripting vulnerabilities in Firebook. SecurityVulns ID: 11396. ------------------------- Affected products: ------------------------- Vulnerable are Firebook 3.100328 and...

W-Agora 4.2.1 Cross Site Scripting / Denial Of Service / SQL Injection

Hello Packet Storm! I want to warn you about Cross-Site Scripting, SQL DB Structure Extraction, SQL Injection and Denial of Service vulnerabilities in W-Agora. SecurityVulns ID: 11324. ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous...

Joostina 1.3.0 Cross Site Scripting

Hello Full-Disclosure! I want to warn you about Cross-Site Scripting vulnerability in Joostina. Joostina CMS - it's a fork of Joomla. This vulnerability is similar to XSS vulnerability in Joomla 1.0.x found by Aung Khant...

Fabrica Engine 2.1 Cross Site Scripting / Denial Of Service / SQL Injection

Hello Bugtraq! I want to warn you about Cross-Site Scripting, Denial of Service and SQL Injection vulnerabilities in Fabrica Engine which I found in 2008 and 2009 at web site of one online shop. It's commercial engine for online shops. SecurityVulns ID: 11274. ------------------------- Affected...

CMS WebManager-Pro SQL Injection

Hello Bugtraq! I want to warn you about SQL Injection and Redirector URL Redirector Abuse vulnerabilities in CMS WebManager-Pro SecurityVulns ID:11108. It's Ukrainian commercial CMS. SQL Injection: http://site/c.php?id=1%20and%20version=5 Redirector:...

Cetera eCommerce 14.0 Cross Site Scripting / SQL Injection

============================================================= I want to warn you about security vulnerabilities in Cetera eCommerce. Which I disclosed already in December 2009 SecurityVulns ID: 10489. ----------------------------- Advisory: Vulnerabilities in Cetera eCommerce...

SimpGB 1.37.3 Cross Site Scripting

Hello Full-Disclosure! I want to warn you about security vulnerabilities in SimpGB. Earlier I already wrote about other vulnerabilities in SimpGB - SecurityVulns ID: 10412 http://securityvulns.ru/news/CGI/2009.11.19.html. ----------------------------- Advisory: Cross-Site Scripting vulnerabilitie...