MITRE CVE Numbering Authority

Posted on mercoledì 29 febbraio 2012 by Ivano Binetti

I am proud to announce that "MITRE CVE Numbering Authority" has assigned me eleven (11) CVE numbers for vulnerabilities that I've discovered in last days. In details:

DFLabs PTK <= 1.0.5:
  • CVE-2012-1415 for Multiple Vulnerabilities (Steal Authentication Credentials)
Fork CMS <= 3.2.5:
  • CVE-2012-1306 for "Delete Admins or Users" and "Delete Web Pages" issues.
  • CVE-2012-1307 for "poor logic to manage sessions" form_token issue.
  • CVE-2012-1304 for XSS into private/en/blog/settings and private/en/users/index issues.
  • CVE-2012-1305 for XSS into private/en/pages/settings issue.
D-Link DSL-2640B (ADSL Router):
  • CVE-2012-1308 for CSRF Vulnerability
  • CVE-2012-1309 for Authentication Bypass
 ContaoCMS (fka TYPOlight) <= 2.11:
  • CVE-2012-1297 for CSRF (Delete Admin- Delete Article)
SyndeoCMS <= 3.0:
  • CVE-2012-1203 for CSRF Vulnerability 
SocialCMS <= 1.0.2:
  • CVE-2012-1416 for CSRF Vulnerabilities
PlumeCMS <= 1.2.4:
  • CVE-2012-1414 for CSRF Vulnerability 





Kaspersky Lab - Webfolio CMS Vulnerability

Posted on by Ivano Binetti

Kaspersky Lab published my new Advisory regarding a new vulnerability which affects all versions of Webfolio CMS.
For read Kaspersky Lab's Advisory:
http://www.securelist.com/en/advisories/48190

For read my Original Advisory:
http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html

Secunia - Contao cms (fka TYPOlight) CSRF Vulnerability

Posted on by Ivano Binetti

Secunia has published my new security Adsvisory regarding a new vulnerability found in latest release (and lower) of Contao CMS(fka TYPOlight). This vulnerability allows an attacker to delete administrator/users, articles, news, newsletter andmodify many other parameters.

To read Secunia's Advisory:
http://secunia.com/advisories/48180/

To learn more about my Original Advisory:

http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html

Secunia - Webfolio cms CSRF Vulnerability

Posted on by Ivano Binetti

Today Secunia published a my security Adsvisory regarding a new vulnerability found in Webfolio CMS which allows to add a new administrator account, modify published web pages and change many other parameters of latest release (and below) of Webfolio CMS.

To read Secunia's Advisory:
http://secunia.com/advisories/48190

For know more about my original Advisory:
http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html

WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages)

Posted on martedì 28 febbraio 2012 by Ivano Binetti

Today I've discovered a new CSRF vulnerability which affects WebfolioCMS 1.1.4 (and lower) and which allows to modify any parameter. In my Advisory I've demonstrated how to add a new administrator account and how to modify a published web page.

Download my Original Advisory

Some other pubblication related to this vulnerability:
http://packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html
http://www.exploit-db.com/exploits/18536/

OSVDB 79410

Posted on lunedì 27 febbraio 2012 by Ivano Binetti

OSVDB (famous Vulnerability DB sponsored by Nessus) has published my Advisory related to SyndeoCMS <= 3.0.

For more details about OSVDB 79410 Advsory:
http://osvdb.org/show/osvdb/79410

My original Advisory:
http://ivanobinetti.blogspot.com/2012/02/syndeocms-30-csrf-vulnerability.html

IBM X-Force published my SyndeoCMS Advisory

Posted on by Ivano Binetti

Yesterday IBM X-Force published my Advisory regarding a new CSRF vulneability that I've found in SyndeoCMS <= 3.0 http://ivanobinetti.blogspot.com/2012/02/syndeocms-30-csrf-vulnerability.html
This vulnerability allows an attacker to change administrator password and gain access to the system.

IBM classified this vulnerability as "Highly Exploitable".

For more details about IBM X-Force publication:
http://xforce.iss.net/xforce/xfdb/73319

ContaoCMS (fka TYPOlight) 2.11 CSRF (Delete Admin- Delete Article)

Posted on by Ivano Binetti

ContaoCMS (fka TYPOlight) 2.11 version (and lower) in affected by a CSRF vulnerability which allows to delete administrator/users, delete article, news, newsletter and so on.
I've created an Advisory describing this vulnerability and the methods to exploit it:
ContaoCMS Ivano Binetti's Advisory

There are other web sites which have reported my security Advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1297
http://osvdb.org/show/osvdb/79635
http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html
http://www.exploit-db.com/exploits/18527/
http://secunia.com/advisories/48180/
http://www.securelist.com/en/advisories/48180
http://xforce.iss.net/xforce/xfdb/73479
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1297
https://bugs.launchpad.net/bugs/cve/2012-1297
http://cxsecurity.com/cveshow/CVE-2012-1297/

IBM X-Force published my PlumeCMS Advisory

Posted on domenica 26 febbraio 2012 by Ivano Binetti

Few days ago I discovered a new CSRF vulnerability (http://ivanobinetti.blogspot.com/2012/02/plumecms-124-csrf-0day-vulnerability.html which affects all versions - included latest (1.2.4) - of Pluse CMS.
Today IBM X-Force published my Advisory and classified the "Exploitability:" of this vulnerability as "High".
Fore more details:
http://xforce.iss.net/xforce/xfdb/73317

IBM X-Force published my D-Link DSL-2640B Advisories

Posted on by Ivano Binetti

Today IBM X-Force published two of my advisories related to vulnerabilities discoverd into D-Link DSL-2640B ADSL Router / Access Point.
If you would like to read more about them:
http://xforce.iss.net/xforce/xfdb/73316
http://xforce.iss.net/xforce/xfdb/73379

IBM X-Force published my Cisco Linksys WAG54GS Advisory

Posted on by Ivano Binetti

Today IBM X-Force has published my Advisory related to a security flaw which I've discovered in Cisco Linksys WAG54GS router which allow an attacker to change administrator password.

For more informations:
http://xforce.iss.net/xforce/xfdb/73345

Kaspersky Lab published my ForkCMS 3.2.6 Advisory

Posted on by Ivano Binetti

Today Kaspersky Lab (http://www.securelist.com/) published my ForkCMS 3.2.6 vulnerability.
For more details:
http://www.securelist.com/en/advisories/48067

IBM X-Force published ForkCMS 3.2.6 "0day" vulnerability

Posted on venerdì 24 febbraio 2012 by Ivano Binetti

IBM X-Force (http://xforce.iss.net/) published my new "0day" vulnerability regarding Multiple Vulnerabilities discovered in ForkCMS 3.2.6 and lower:
http://xforce.iss.net/xforce/xfdb/73394

OSVDB 79444 : Fork CMS Multiple Function CSRF

Posted on by Ivano Binetti

OSVDB (http://osvdb.org) - vulnerability DB sponsored by Nessus (http://www.tenable.com) - published my ForkCMS 3.2.6 (and lower) vulnerability.
Here you can read more details:
http://osvdb.org/show/osvdb/79444

Secunia - Fork CMS Vulnerability

Posted on giovedì 23 febbraio 2012 by Ivano Binetti

Secunia has published an advisory related to a "0day" vulnerabilty (http://ivanobinetti.blogspot.com/2012/02/forkcms-325-csrf-and-xss-0day.html which I've discovered in the past days and regarding a CSRF (Cross Site Request Forgery) which affects ForkCMS 3.2.5 and lower.
Secunia tested this vulnerability also in 3.2.6 version, latest release which ForkCMS team published few days ago.
As I already said in my advisory I think that ForkCMS in a very nice CMS which, with some security improvements, can become a great cms. May be that I will use it in the future.

Following you can read more details about Secunia Advisory:
https://secunia.com/advisories/48067

Also PacketStorm has published this Advisory:
http://packetstormsecurity.org/files/110069/sa48067.txt

D-Link DSL-2640B "0day" Vulnerabilities

Posted on by Ivano Binetti

SecurityFocus (http://www.securityfocus.com/) has assigned me three BID (Bugtraq ID) related to "0day" Dlink and Cisco Linksys vulnerabilities regarding design flaws and exploitable using CSRF:

Following you can read more details about them:
http://www.securityfocus.com/bid/52096
http://www.securityfocus.com/bid/52129
http://www.securityfocus.com/bid/52105

DFLabs PTK <= 1.0.5 Multiple Vulnerabilities (Steal Authentication Credentials)

Posted on by Ivano Binetti

Today also PacketStorm published the new "0day" vulnerability that affects DFLabs PTK 1.0.5 and lower versions.

http://packetstormsecurity.org/files/110102/DFLabs-PTK-1.0.5-Cross-Site-Request-Forgery.html

DFLabs PTK <= 1.0.5 Multiple Vulnerabilities (Steal Authentication Credentials)

Posted on mercoledì 22 febbraio 2012 by Ivano Binetti

Today I've discovered multiple vulnerabilities into DFLabs PTK 1.0.5 (latest release) and lower.
Offensive Security Exploit DB has already published this "0day" vulnerability:
http://www.exploit-db.com/exploits/18513/

D-Link DSL-2640B Authentication Bypass

Posted on by Ivano Binetti

New "0day" vulnerability found.
For more details:

http://www.exploit-db.com/exploits/18511/
http://packetstormsecurity.org/files/110117/D-Link-DSL-2640B-Authentication-Bypass.html
http://www.securityfocus.com/bid/52129

ForkCMS 3.2.5 CSRF and XSS "0day" Vulnerabilities

Posted on martedì 21 febbraio 2012 by Ivano Binetti

Cisco Linksys WAG54GS (ADSL Router) change admin password

Posted on by Ivano Binetti

Today I found a new "0day" vulnerability into Cisco Linksys WAG54GS Wifi Adsl Router and published related exploit in order to change default administrator ("admin") password. For more details:

http://www.exploit-db.com/exploits/18503/
http://packetstormsecurity.org/files/110040/Cisco-Linksys-WAG54GS-Cross-Site-Request-Forgery.html
http://www.securityfocus.com/bid/52105

You can simply modify this exploit in order to change other router's parameters.
Enjoy it!

PlumeCMS <= 1.2.4 CSRF "0day" Vulnerability

Posted on lunedì 20 febbraio 2012 by Ivano Binetti

New "0day" vulnerability discovered regarding PluseCMS.

For more details:

http://www.exploit-db.com/author/?a=3557
http://packetstormsecurity.org/files/author/9536/

D-Link DSL-2640B (ADSL Router) CSRF "0day" Vulnerability

Posted on by Ivano Binetti

I've discovered a new "0day" vulnerability:

http://www.securityfocus.com/bid/52096/info
http://www.exploit-db.com/author/?a=3557
http://packetstormsecurity.org/files/author/9536/

This vulnerability allows to change administrator password of D-Link DSL-2640B ADSL Router.

SyndeoCMS <= 3.0 CSRF "0day" Vulnerability

Posted on domenica 19 febbraio 2012 by Ivano Binetti

Today I've found a new "0day" vulnerability into Syndeocms 3.0 - and lower version - and I've created an exploit in order to automatically add an administrator account when the real administrator browses an "ad hoc" created web page containing a simple html/javascript code.

For more details:

http://www.exploit-db.com/author/?a=3557
http://packetstormsecurity.org/files/author/9536/

Some web sites which published my "0day" vulnerability:

http://1337day.com/exploits/17544
http://exploitsdownload.com/exploit/php/syndeocms-30-csrf-vulnerabili
http://www.allinfosec.com/2012/02/19/webapps-0day-syndeocms-3-0-csrf-vulnerability/
http://www.silobreaker.com/webapps--syndeocms-lt-30-csrf-vulnerability-5_2265494154572201984
http://eternal-todo.com/aggregator/categories/1
http://www.morningstarsecurity.com/news
http://unsecure-os.org/index.php/exploits
http://securit.se/it-sakerhetsnyheter/
http://cxsecurity.com/
http://www.bugsearch.net/

SocialCMS CSRF "0day" Vulnerability

Posted on venerdì 17 febbraio 2012 by Ivano Binetti

Yestarday I found a "0day" vulnerability into latest version (1.0.2) of "Socialcms" cms (socialcms.com) and created an exploit in order to add an  Administrator account. The vulnerability and related exploit  have been published into Offensive Security Exploit Database. You can find more details here:

http://www.exploit-db.com/author/?a=3557

Other web site have published this "oday" vulnerability:

http://www.allinfosec.com/2012/02/16/webapps-0day-socialcms-csrf-vulnerability
http://www.1337day.com/exploits/17527
http://www.realhacker.net/tag/webapps
http://94hi.com/exploit/html/3244.html