Skip to content

Catégorie : CVE-advisories

Amazon’s API cryptographic verification badly implemented

Written on : 2015/11/03
Author: John JEAN / @johnjean on twitter)
Affected application: Amazon API
Evaluated Risk : Medium
Solution Status : A patch has been released which fixes these vulnerabilities
References : https://johnjean.io/2015/11/03/amazons-api-cryptographic-verification-badly-implemented/
References : https://github.com/PrestaShop/amzpayments/issues/13
CVE: NA
Leave a Comment

IPB (Invision Power Board) all versions (1.x? / 2.x / 3.x) Admin account Takeover leading to code execution

Written on : 2013/05/02
Released on : 2013/05/13
Author: John JEAN / @johnjean on twitter)
Affected application: Invision Power Board <= 3.4.4
Type of vulnerability: Logical Vulnerability / Bad Sanitization
Required informations : Administrator's email
Evaluated Risk : Critical
Solution Status : A patch has been released which fixes these vulnerabilities
References : https://johnjean.io/2013/05/13/ipb-invision-power-board-all-versions-1-x-2-x-3-x-admin-account-takeover-leading-to-code-execution/
CVE: CVE-2013-3725
6 Comments

Facebook: Vers XSS/CSRF sur le réseau social

Written on : 2010/10/03
Released on : 2010/10/05
Author: John JEAN / @johnjean on twitter)
Affected application: Facebook
Type of vulnerability: Logical Vulnerability / XSS / CSRF
Required informations : Nothing
Evaluated Risk : Critical
Solution Status : Facebook patched this issue
References :  https://johnjean.io/2010/10/05/facebook-vulnerabilites-csrf-et-xss-ver-destructeurs-sur-un-reseau-social/
7 Comments

Facebook: XSS / CSRF worms on the social network

Written on : 2010/10/03
Released on : 2010/10/05
Author: John JEAN / @johnjean on twitter)
Affected application: Facebook
Type of vulnerability: Logical Vulnerability / XSS / CSRF
Required informations : Nothing
Evaluated Risk : Critical
Solution Status : Facebook patched this issue
References :  https://johnjean.io/2010/10/05/facebook-csrf-and-xss-vulnerabilities-destructive-worms-on-a-social-network/
Leave a Comment

PunBB <= 1.2.13 Multiple Vulnerabilities

Written on : 2006/10/10
Released on : 2006/10/29
Author: John JEAN / @johnjean on twitter)
Affected application: PunBB <= 1.2.13 Multiple Vulnerabilities
Evaluated Risk : Critical
Solution Status : A patch has been released which fixes these vulnerabilities
References : https://johnjean.io/2006/10/29/punbb-multiple-vulnerabilities/
CVE: CVE-2006-5735 / CVE-2006-5736 / CVE-2006-5737
Leave a Comment