skip to main | skip to sidebar

Ivano Binetti

In this blog are reported some of my observations about information security. I hope they can be useful for you.

  • Home
  • About Me
  • Contact

ForkCMS 3.2.5 CSRF and XSS "0day" Vulnerabilities

Posted on martedì 21 febbraio 2012 by Ivano Binetti

Today I've discovered multiple vulnerability into Fork CMS 3.2.5. I think there are also  this vulnerabilities  in version 3.2.6.
To download my Original Advisory:
https://sites.google.com/site/ivanobinetti/ForkCMS%203.2.5%20CSRF%20and%20XSS%20vulnetabilities.txt?attredirects=0&d=1

Other pubblication related to these vulnerabilities:
http://packetstormsecurity.org/files/110048/ForkCMS-3.2.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
http://www.exploit-db.com/exploits/18505/
http://secunia.com/advisories/48067
http://osvdb.org/show/osvdb/79444 
http://xforce.iss.net/xforce/xfdb/73394
http://www.securelist.com/en/advisories/48067
www.1337day.com/exploits/17557


   

0 Responses to "ForkCMS 3.2.5 CSRF and XSS "0day" Vulnerabilities":

Posta un commento

Post più recente Post più vecchio Home page
Iscriviti a: Commenti sul post (Atom)

Categories

  • 0day Vulnerabilities
  • Browser
  • Bugtraq ID - Security Focus
  • CVE MITRE
  • ftp
  • hardware
  • IBM X-Force
  • Javascript
  • Kaspersky Lab
  • Linux bash
  • Metasploit
  • Netcat
  • OSVDB
  • Perl
  • Secunia
  • web
  • Web Vulnerabilities

Pages

  • Home page
  • About Me
  • Contact
Powered by Blogger.

Blog Archive

  • ▼ 2012 (43)
    • ► marzo (17)
    • ▼ febbraio (25)
      • MITRE CVE Numbering Authority
      • Kaspersky Lab - Webfolio CMS Vulnerability
      • Secunia - Contao cms (fka TYPOlight) CSRF Vulnerab...
      • Secunia - Webfolio cms CSRF Vulnerability
      • WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages)
      • OSVDB 79410
      • IBM X-Force published my SyndeoCMS Advisory
      • ContaoCMS (fka TYPOlight) 2.11 CSRF (Delete Admin...
      • IBM X-Force published my PlumeCMS Advisory
      • IBM X-Force published my D-Link DSL-2640B Advisories
      • IBM X-Force published my Cisco Linksys WAG54GS Adv...
      • Kaspersky Lab published my ForkCMS 3.2.6 Advisory
      • IBM X-Force published ForkCMS 3.2.6 "0day" vulnera...
      • OSVDB 79444 : Fork CMS Multiple Function CSRF
      • Secunia - Fork CMS Vulnerability
      • D-Link DSL-2640B "0day" Vulnerabilities
      • DFLabs PTK <= 1.0.5 Multiple Vulnerabilities (Stea...
      • DFLabs PTK <= 1.0.5 Multiple Vulnerabilities (Stea...
      • D-Link DSL-2640B Authentication Bypass
      • ForkCMS 3.2.5 CSRF and XSS "0day" Vulnerabilities
      • Cisco Linksys WAG54GS (ADSL Router) change admin p...
      • PlumeCMS <= 1.2.4 CSRF "0day" Vulnerability
      • D-Link DSL-2640B (ADSL Router) CSRF "0day" Vulnera...
      • SyndeoCMS <= 3.0 CSRF "0day" Vulnerability
      • SocialCMS CSRF "0day" Vulnerability
    • ► gennaio (1)
  • ► 2011 (5)
    • ► ottobre (1)
    • ► giugno (1)
    • ► marzo (1)
    • ► gennaio (2)
  • ► 2010 (7)
    • ► dicembre (2)
    • ► novembre (3)
    • ► ottobre (2)
Follow @IvanoBinetti