#
Title: Cross-Site Request Forgery (CSRF) Vulnerability in MicroStrategy Web
application allows modifying user's preferences.
Author: Wissam Bashour
Vendor: MicroStrategy
Product: MicroStrategy Web
Version: All versions below 10.4.0026.0049
Tested Version
Title: Boolean-based SQL injection Vulnerability in K2 Platforms.
Author: Wissam Bashour - Help AG Middle East
Vendor: K2
Product: SmartForms, BlackPearl, K2 for sharepoint
Version: 4.6.7
Tested Version: Version 4.6.7
Severity: HIGH
CVE Reference: CVE-2015-7299
# About the Product: K2 smartforms
Please add this advisory to your archive.
Thanks.
#
Title: Cross-Site Request Forgery (CSRF) Vulnerability in C2Box application
Allows adding an Admin User or reset any user's password.
Author: Wissam Bashour - Help AG Middle East
Vendor: boxautomation(B.A.S