Soroush Dalili – Computer Security Is My Interest!

Soroush Dalili's blog – بلاگ سروش دلیلی
icon
  • Home
  • About Me
  • Advisories
  • Contact Me
  • FAQs
  • Links
  • Projects
    • Burp Suite Beautifier
    • Cross Site Request Forgery (CSRF) PoC Template (by Javascript)
    • Excel Advanced Search Add-In Application
    • Hall of Fame – Challenge Series 1

Microsoft XMLDOM in IE can divulge information of local drive/network in error messages

On April 25, 2013, in My Advisories, Security Articles, by Soroush Dalili
0 Comments
Leave A Response

Tagged with: denial of service • dtd • information disclosure • msxml • xml injection • xmldom • xxe 

IE/Firefox Redirection Issue – FB Oauth2 Bypass – BugCrowd

On March 18, 2013, in My Advisories, Normal Posts, Security Articles, Security Posts, by Soroush Dalili
1 Comments
Leave A Response

 

File in the hole! – HackPra slides

On November 27, 2012, in My Advisories, Security Articles, by Soroush Dalili
2 Comments
Leave A Response

Tagged with: CKFinder • FCKEditor • File in the hole • file upload • file upload vulnerabilities • file uploader bypass methods • file uploader security bypass • Filevista • Hackpra • Unrestricted File Download • Unrestricted File Upload 

IE9 Self-XSS Blackbox Protection bypass

On August 13, 2012, in My Advisories, Security Posts, by Soroush Dalili
1 Comments
Leave A Response

Tagged with: IE File Protocol • IE9 Self XSS Bypass 

Microsoft IIS tilde character “~” Vulnerability/Feature – Short File/Folder Name Disclosure

On June 29, 2012, in My Advisories, Security Articles, by Soroush Dalili
11 Comments
Leave A Response

Tagged with: IIS Tilde bug • IIS Tilde character • IIS tilde feature • IIS tilde vulnerability • Short name scanner 
Previous Entries

Categories 

  • My Advisories (14)
  • Normal Posts (24)
  • Security Articles (26)
  • Security Posts (38)
 

Recent Posts 

  • Microsoft XMLDOM in IE can divulge information of local drive/network in error messages
  • IE/Firefox Redirection Issue – FB Oauth2 Bypass – BugCrowd
  • File in the hole! – HackPra slides
  • XSS by uploading/including a SWF file
  • Don’t trust a string based on TryParse or IsNumeric result! (.Net/VBScript)
 

Tags 

All Facebook Application Walls Anti-XSS bypass AntiXSS bypass block ip block isp Blog Template Burp Suite Beautifier Burp Suite Extension by using iMacros Challenge close advertisment computer science vulnerabilities credit card algorithm credit card algorithm is equal to IMEI algorithm Critical vulnerabilities CSRF Attacks ExternalInterface ExternalInterface.call Facebook Add Friend Facebook Automatic Friend Add Facebook Automation Friend Facebook Game Cheat FaceBook MobWars Cheat file uploader bypass methods file uploader security bypass free web hosting hacking videos IMEI algorithm Javascript javascript to close advertisements logical flaw Microsoft IIS Vulnerability National ID Code Algorithm National ID Code JavaScript Privacy sql injection tutorial travian game travian hack travian online game Unrestricted File Download Unrestricted File Upload weblogs website vulnerability XSS XSS Vulnerability
 

RSS OWASP Feeds 

  • Crypto guru: Don't blame users, get coders security training instead April 23, 2013
  • Kenneth van Wyk: Making safer iOS apps - Computerworld Australia April 23, 2013
  • "jQuery Migrate" is a Sink, too?! April 19, 2013
  • Understanding the OWASP Mobile Top 10 Security Risks | Safari ... April 19, 2013
  • AppSensor at Security B-Sides London April 19, 2013
 

RSS Symantec Security News 

  • Need a refresher about imaging and to know if anything is new or changed April 25, 2013
  • Help with client install packages. April 25, 2013
  • Websites viewed with Symantec 12 are being altered April 25, 2013
  • email duplication April 25, 2013
  • Discover scans of Excel Binary Workbooks .xlsb files April 25, 2013
 

RSS New Vulnerabilities 

  • Vuln: Linux Kernel KVM 'MSR_KVM_SYSTEM_TIME' Use After Free Memory Corruption Vulnerability April 25, 2013
  • Vuln: Linux Kernel KVM CVE-2013-1798 Denial of Service Vulnerability April 25, 2013
  • Vuln: Linux Kernel CVE-2013-1792 Local Denial of Service Vulnerability April 25, 2013
  • Vuln: Linux Kernel NULL Pointer Dereference Denial of Service Vulnerability April 25, 2013
  • Bugtraq: [ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver
  • Bugtraq: Cisco/Linksys HTTP Service Remote DoS (Denial of Service)
  • Bugtraq: [security bulletin] HPSBHF02865 SSRT101158 rev.1 - HP ElitePad 900, Secure Boot Configuration Inconsistency
  • Bugtraq: [SECURITY] [DSA 2663-1] tinc security update
  • More rss feeds from SecurityFocus
 

Soroush Dalili – Computer Security Is My Interest!

Pages

  • About Me
  • Advisories
  • Contact Me
  • FAQs
  • Links
  • Projects
    • Burp Suite Beautifier
    • Cross Site Request Forgery (CSRF) PoC Template (by Javascript)
    • Excel Advanced Search Add-In Application
    • Hall of Fame – Challenge Series 1

Stay In Touch

  • About Me
  • Advisories
  • Contact Me
  • FAQs
  • Links
  • Projects
    • Burp Suite Beautifier
    • Cross Site Request Forgery (CSRF) PoC Template (by Javascript)
    • Excel Advanced Search Add-In Application
    • Hall of Fame – Challenge Series 1

More

Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed.
© Soroush Dalili blog
iBlog by PageLines
Twitter Twitter LinkedIn LinkedIn