Adobe ColdFusion 7 Cross Site Scripting

Hello list! I want to warn you about new security vulnerabilities in Adobe ColdFusion. These are Cross-Site Scripting and Full path disclosure vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are Adobe ColdFusion 7 and previous versions to XSS, an...

Уязвимости в JBoss Application Server

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage и Brute Force уязвимостях в JBoss Application Server. Information Leakage WASC-13: http://site/status http://site/status?full=true Публично доступная статистика работы сервера с перечнем всех его сервисов. Brute Force WASC-11:...

Joomla Bookman Denial Of Service

Hello list! I want to warn you about Insufficient Anti-automation and Denial of Service vulnerabilities in combookman for Joomla. Also this component is included in Reservation Manager for Joomla. This is another one of few advisories which I've made in April 2010. In this advisory I'm continue t...

Multiple CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new multiple security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem wa...

Drupal 6.22 Cross Site Scripting

------------------------- Affected products: ------------------------- Vulnerable are Drupal 6.22 and previous versions. Taking into account that developers didn't fixed these holes, then versions 7.x also must be vulnerable. ---------- Details: ---------- XSS WASC-08: At pages with forms i.e. at...

New DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Denial of Service, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and thi...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...

CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...

IL и XSS уязвимости во многих темах для WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage и Cross-Site Scripting уязвимостях во многих темах для WordPress. В разных шаблонах имеется test.php - скрипт с phpinfo - что приводит к Information Leakage утечка FPD и другой важной информации о сервере и XSS в PHP 4.4.1,...

Multiple WordPress Themes Cross Site Scripting

Hello list! I want to warn you about Information Leakage and Cross-Site Scripting vulnerabilities in multiple themes for WordPress. ------------------------- Affected products: ------------------------- Vulnerable are the next themes by WooThemes: Live Wire all three themes from Live Wire series,...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. Which I've found in your modem. In April I've already drew attention of Ukrtelecom's representativ...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...

Vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Predictable Resource Location and Brute Force vulnerabilities. Predictable Resource Location WASC-34: http://192.168.1.1 web server on 80 and 8008 ports. The control...

CSRF vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at Ukrtelecom about multiple...

CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. These attacks should be conducted on modem owner, which is logged into control panel. Taking into...

FPD и XSS уязвимости в Easy Contact для WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Full path disclosure и Cross-Site Scripting уязвимостях в плагине Easy Contact для WordPress. Full path disclosure WASC-13: http://site/wp-content/plugins/easy-contact/econtact.php http://site/wp-content/plugins/easy-contact/econtact-menu.php XSS...