9 matches found
Callisto 821+R3 Cross Site Request Forgery
Hello list! After all my advisories about vulnerabilities in Callisto 821+ http://seclists.org/fulldisclosure/2011/Aug/1 and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new devices...
CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150
Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...
Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150
Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...
CSRF, XSS and Redirector vulnerabilities in IBM Lotus Notes Traveler
Hello 3APA3A! These are Cross-Site Request Forgery, Cross-Site Scripting and Redirector vulnerabilities in IBM Lotus Notes Traveler. They are similar to CSRF, XSS and Redirector vulnerabilities in IBM Lotus Domino http://securityvulns.ru/docs29060.html, which I announced at 19.05.2012 and disclos...
XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress
Hello 3APA3A! These are Cross-Site Scripting and Full path disclosure vulnerabilities in multiple themes for WordPress with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103. I wrote that this is very...
W-Agora 4.2.1 Cross Site Scripting / Local File Inclusion
Hello list! I want to warn you about Cross-Site Scripting, Local File Inclusion and Brute Force vulnerabilities in W-Agora. SecurityVulns ID: 11499. ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous versions. ---------- Details:...
Firebook 3.100328 Cross Site Scripting / Disclosure
Hello list! I want to warn you about Insufficient Anti-automation, Abuse of Functionality, Information Leakage and Cross-Site Scripting vulnerabilities in Firebook. SecurityVulns ID: 11396. ------------------------- Affected products: ------------------------- Vulnerable are Firebook 3.100328 and...
W-Agora 4.2.1 Cross Site Scripting / Denial Of Service / SQL Injection
Hello Packet Storm! I want to warn you about Cross-Site Scripting, SQL DB Structure Extraction, SQL Injection and Denial of Service vulnerabilities in W-Agora. SecurityVulns ID: 11324. ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous...
Cetera eCommerce 14.0 Cross Site Scripting / SQL Injection
============================================================= I want to warn you about security vulnerabilities in Cetera eCommerce. Which I disclosed already in December 2009 SecurityVulns ID: 10489. ----------------------------- Advisory: Vulnerabilities in Cetera eCommerce...