6 matches found
D-Link DIR-300NRUB5 Firmware 1.2.94 Cross Site Request Forgery
Hello list! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DIR-300. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DIR-300NRUB5, Firmware 1.2.94. All previous versions also must be...
WordPress 3.5.1 Cross Site Scripting
Hello list! These are Cross-Site Scripting vulnerabilities in WordPress. Which I've disclosed last week. At WordPress 3.5.2 release, WP developers mentioned about three holes as "security hardenings" to decrease their importance and to make it looks like there were less fixed holes. One of these...
Multiple XSS vulnerabilities in IBM Lotus Domino
Hello 3APA3A! I want to warn you about multiple Cross-Site Scripting vulnerabilities in IBM Lotus Domino. Last year I've announced multiple vulnerabilities in IBM software and after IBM fixed many of them, I've disclosed them. These are new vulnerabilities in Domino, which I've found at 03.05.201...
D-Link DAP 1150 Cross Site Request Forgery
Hello! Here is exploit for D-Link DAP 1150. About vulnerabilities in it, which were used in this exploit, I've wrote in 2011. I've presented this exploit in my article "CSRF Attacks on Network Devices" in the magazine PenTest Extra 02/2012 http://pentestmag.com/pentestextra022012/, released in...
CakePHP / Squiz CMS XXE Injection
Hello! I'll give you additional information concerning advisories CakePHP 2.x-2.2.0-RC2 XXE Injection http://securityvulns.ru/docs28331.html and Squiz CMS Multiple Vulnerabilities http://securityvulns.ru/docs28220.html. It's about XXE Injection in CakePHP and Squiz CMS. Similarly to earlier...
MC Content Manager 10.1.1 Cross Site Scripting
Hello list! I want to warn you about Cross-Site Scripting, Abuse of Functionality and Insufficient Anti-automation vulnerabilities in MC Content Manager. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are potentially all versions o...