MITRE CVE Numbering Authority

Posted on mercoledì 29 febbraio 2012 by Ivano Binetti

I am proud to announce that "MITRE CVE Numbering Authority" has assigned me eleven (11) CVE numbers for vulnerabilities that I've discovered in last days. In details:

DFLabs PTK <= 1.0.5:
  • CVE-2012-1415 for Multiple Vulnerabilities (Steal Authentication Credentials)
Fork CMS <= 3.2.5:
  • CVE-2012-1306 for "Delete Admins or Users" and "Delete Web Pages" issues.
  • CVE-2012-1307 for "poor logic to manage sessions" form_token issue.
  • CVE-2012-1304 for XSS into private/en/blog/settings and private/en/users/index issues.
  • CVE-2012-1305 for XSS into private/en/pages/settings issue.
D-Link DSL-2640B (ADSL Router):
  • CVE-2012-1308 for CSRF Vulnerability
  • CVE-2012-1309 for Authentication Bypass
 ContaoCMS (fka TYPOlight) <= 2.11:
  • CVE-2012-1297 for CSRF (Delete Admin- Delete Article)
SyndeoCMS <= 3.0:
  • CVE-2012-1203 for CSRF Vulnerability 
SocialCMS <= 1.0.2:
  • CVE-2012-1416 for CSRF Vulnerabilities
PlumeCMS <= 1.2.4:
  • CVE-2012-1414 for CSRF Vulnerability 

0 Responses to "MITRE CVE Numbering Authority":