Computer Security Is My Interest!

Soroush Dalili’s Weblog

Advisories

Soroush Dalili’s published advisories:

/**************************************************************************/

51. Title: [Microsoft IIS ASP Multiple Extensions Security Bypass]
51.1. Date of Publishing: [24 Dec. 2009]
51.2. Application Name: [Microsoft IIS]
51.3. Version: [6.0]
51.4. Impact: [Less Critical for IIS][Highly Critical for Web Applications]
51.5. Reference(s): [
- http://secunia.com/advisories/37831/
]
51.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
51.7. Supporter:[
- N/A
]

/**************************************************************************/

50. Title: [Virtual Support Office-XP Multiple Vulnerabilities.]
50.1. Date of Publishing: [20 Jun 2008]
50.2. Application Name: [Virtual Support Office-XP]
50.3. Version: [3.0.29, 3.0.27 and prior versions]
50.4. Impact: [High]
50.5. Reference(s): [
- http://www.bugreport.ir/index_47.htm
]
50.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
- Maryam Chenari
]
50.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]

/**************************************************************************/
49. Title: [eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities]
49.1. Date of Publishing: [19 Jun 2008]
49.2. Application Name: [eLineStudio Site Composer (ESC)]
49.3. Version: [2.6]
49.4. Impact: [High]
49.5. Reference(s): [
- http://www.bugreport.ir/index_45.htm
]
49.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
49.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/

48. Title: [Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities]
48.1. Date of Publishing: [19 Jun 2008]
48.2. Application Name: [Academic Web Tools CMS]
48.3. Version: [1.4.2.8]
48.4. Impact: [Medium]
48.5. Reference(s): [
- http://www.bugreport.ir/index_44.htm
]
48.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
48.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]

/**************************************************************************/
47. Title: [doITlive CMS <=2.50 Multiple Vulnerabilities]
47.1. Date of Publishing: [18 Jun 2008]
47.2. Application Name: [doITlive CMS]
47.3. Version: [2.50]
47.4. Impact: [High]
47.5. Reference(s): [
- http://www.bugreport.ir/index_43.htm
]
47.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
47.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]

/**************************************************************************/
46. Title: [Pooya Site Builder (PSB) SQL Injection Vulnerabilities]
46.1. Date of Publishing: [12 Jun 2008]
46.2. Application Name: [Pooya Site Builder (PSB)]
46.3. Version: [6.0 (Assembly Version)]
46.4. Impact: [High]
46.5. Reference(s): [
- http://www.bugreport.ir/index_42.htm
]
46.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
46.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]

/**************************************************************************/
45. Title: [Realm CMS <= 2.3 Multiple Vulnerabilities.]
45.1. Date of Publishing: [10 Jun 2008]
45.2. Application Name: [Realm CMS]
45.3. Version: [2.3]
45.4. Impact: [High]
45.5. Reference(s): [
- http://www.bugreport.ir/index_40.htm
]
45.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
45.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
44. Title: [QuickerSite <= 1.85 Multiple Vulnerabilities]
44.1. Date of Publishing: [4 Jun 2008]
44.2. Application Name: [QuickerSite]
44.3. Version: [1.85]
44.4. Impact: [High]
44.5. Reference(s): [
- http://www.bugreport.ir/index_39.htm
]
44.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
44.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
43. Title: [Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability]
43.1. Date of Publishing: [30 May 2008]
43.2. Application Name: [Dot Net Nuke (DNN)]
43.3. Version: [4.8.3]
43.4. Impact: [Low]
43.5. Reference(s): [
- http://www.bugreport.ir/index_38.htm
]
43.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
43.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
42. Title: [MegaBBS Forum Multiple Vulnerabilities.]
42.1. Date of Publishing: [27 Apr 2008]
42.2. Application Name: [MegaBBS]
42.3. Version: [2.2]
42.4. Impact: [Medium]
42.5. Reference(s): [
- http://www.bugreport.ir/index_37.htm
]
42.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
42.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
41. Title: [Acidcat CMS Multiple Vulnerabilities.]
41.1. Date of Publishing: [20 Apr 2008]
41.2. Application Name: [Acidcat CMS]
41.3. Version: [3.4.1]
41.4. Impact: [High]
41.5. Reference(s): [
- http://www.bugreport.ir/index_36.htm
]
41.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
41.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
40. Title: [CandyPress eCommerce suite SQL Injection + XSS + Path Disclosure in CandyPress]
40.1. Date of Publishing: [26 Jan 2008]
40.2. Application Name: [CandyPress eCommerce suite]
40.3. Version: [4.1.1.26]
40.4. Impact: [High]
40.5. Reference(s): [
- http://www.bugreport.ir/index_32.htm
]
40.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
40.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]

/**************************************************************************/
39. Title: [Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server]
39.1. Date of Publishing: [23 Jan 2008]
39.2. Application Name: [Web Wiz Rich Text Editor]
39.3. Version: [4.0]
39.4. Impact: [Medium]
39.5. Reference(s): [
- http://www.bugreport.ir/index_31.htm
]
39.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
39.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
38. Title: [Web Wiz NewsPad Directory traversal]
38.1. Date of Publishing: [23 Jan 2008]
38.2. Application Name: [Web Wiz NewsPad]
38.3. Version: [1.02]
38.4. Impact: [Low]
38.5. Reference(s): [
- http://www.bugreport.ir/index_30.htm
]
38.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
38.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
37. Title: [Web Wiz Forums Directory traversal]
37.1. Date of Publishing: [23 Jan 2008]
37.2. Application Name: [Web Wiz Forums]
37.3. Version: [9.07]
37.4. Impact: [Low]
37.5. Reference(s): [
- http://www.bugreport.ir/index_29.htm
]
37.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
37.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
36. Title: [Mozilla Firefox 2.0.0.11 Hide The Source Code]
36.1. Date of Publishing: [22 Jan 2008]
36.2. Application Name: [Mozilla Firefox]
36.3. Version: [2.0.0.11]
36.4. Impact: [Low]
36.5. Reference(s): [
- http://www.bugreport.ir/index_28.htm
]
36.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
36.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
35. Title: [Hosting Controller 6.1 - Users can change other's host headers.]
35.1. Date of Publishing: [13 Dec 2007]
35.2. Application Name: [Hosting Controller]
35.3. Version: [6.1 Hot fix <= 3.3]
35.4. Impact: [Medium]
35.5. Reference(s): [
- http://www.bugreport.ir/index_21.htm
]
35.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
35.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
34. Title: [Hosting Controller 6.1 - Users can enable or disable all Hosting Controller forums by SQL Injection.]
34.1. Date of Publishing: [13 Dec 2007]
34.2. Application Name: [Hosting Controller]
34.3. Version: [6.1 Hot fix <= 3.3]
34.4. Impact: [Medium]
34.5. Reference(s): [
- http://www.bugreport.ir/index_20.htm
]
34.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
34.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
33. Title: [Hosting Controller 6.1 - Users can find web site path.]
33.1. Date of Publishing: [13 Dec 2007]
33.2. Application Name: [Hosting Controller]
33.3. Version: [6.1 Hot fix <= 3.3]
33.4. Impact: [Medium]
33.5. Reference(s): [
- http://www.bugreport.ir/index_19.htm
]
33.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
33.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
32. Title: [Hosting Controller 6.1 - Users can import unwanted plan or change the plans.]
32.1. Date of Publishing: [13 Dec 2007]
32.2. Application Name: [Hosting Controller]
32.3. Version: [6.1 Hot fix <= 3.3]
32.4. Impact: [Medium]
32.5. Reference(s): [
- http://www.bugreport.ir/index_18.htm
]
32.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
32.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
31. Title: [Hosting Controller 6.1 - Users can find Hosting Controller setup directory.]
31.1. Date of Publishing: [13 Dec 2007]
31.2. Application Name: [Hosting Controller]
31.3. Version: [6.1 Hot fix <= 3.3]
31.4. Impact: [Medium]
31.5. Reference(s): [
- http://www.bugreport.ir/index_17.htm
]
31.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
31.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
30. Title: [Hosting Controller 6.1 - Users can see all usernames in the server.]
30.1. Date of Publishing: [13 Dec 2007]
30.2. Application Name: [Hosting Controller]
30.3. Version: [6.1 Hot fix <= 3.3]
30.4. Impact: [Medium]
30.5. Reference(s): [
- http://www.bugreport.ir/index_16.htm
]
30.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
30.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
29. Title: [Hosting Controller 6.1 - Users can enable or disable pay type.]
29.1. Date of Publishing: [13 Dec 2007]
29.2. Application Name: [Hosting Controller]
29.3. Version: [6.1 Hot fix <= 3.3]
29.4. Impact: [Medium]
29.5. Reference(s): [
- http://www.bugreport.ir/index_15.htm
]
29.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
29.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
28. Title: [Hosting Controller 6.1 - Users can delete all of gateway information.]
28.1. Date of Publishing: [13 Dec 2007]
28.2. Application Name: [Hosting Controller]
28.3. Version: [6.1 Hot fix <= 3.3]
28.4. Impact: [Medium]
28.5. Reference(s): [
- http://www.bugreport.ir/index_14.htm
]
28.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
28.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
27. Title: [Hosting Controller 6.1 - Users can uninstall other's FrontPage extensions.]
27.1. Date of Publishing: [13 Dec 2007]
27.2. Application Name: [Hosting Controller]
27.3. Version: [6.1 Hot fix <= 3.3]
27.4. Impact: [Medium]
27.5. Reference(s): [
- http://www.bugreport.ir/index_13.htm
]
27.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
27.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
26. Title: [Hosting Controller 6.1 - Users can change his credit amount or increase his discount.]
26.1. Date of Publishing: [13 Dec 2007]
26.2. Application Name: [Hosting Controller]
26.3. Version: [6.1 Hot fix <= 3.3]
26.4. Impact: [Medium]
26.5. Reference(s): [
- http://www.bugreport.ir/index_12.htm
]
26.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
26.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
25. Title: [Hosting Controller 6.1 - SQL Injection in "/accounts/accountmanager.asp"]
25.1. Date of Publishing: [13 Dec 2007]
25.2. Application Name: [Hosting Controller]
25.3. Version: [6.1 Hot fix <= 3.3]
25.4. Impact: [Medium]
25.5. Reference(s): [
- http://www.bugreport.ir/index_11.htm
]
25.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
25.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
24. Title: [Hosting Controller 6.1 - Remote Attacker can change all user's profiles.]
24.1. Date of Publishing: [13 Dec 2007]
24.2. Application Name: [Hosting Controller]
24.3. Version: [6.1 Hot fix <= 3.3]
24.4. Impact: [Medium]
24.5. Reference(s): [
- http://www.bugreport.ir/index_10.htm
]
24.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
24.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
23. Title: [Hosting Controller 6.1 - Remote Users Can Make a New User]
23.1. Date of Publishing: [13 Dec 2007]
23.2. Application Name: [Hosting Controller]
23.3. Version: [6.1 Hot fix <= 3.3]
23.4. Impact: [High]
23.5. Reference(s): [
- http://www.bugreport.ir/index_9.htm
]
23.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
23.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
22. Title: [Hosting Controller 6.1 - Remote Authenticated Users Execute a File Under Administrative Priviledge]
22.1. Date of Publishing: [13 Dec 2007]
22.2. Application Name: [Hosting Controller]
22.3. Version: [6.1 Hot fix <= 3.3]
22.4. Impact: [High]
22.5. Reference(s): [
- http://www.bugreport.ir/index_8.htm
]
22.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
22.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
21. Title: [Hosting Controller 6.1 - Lets Remote Users Gain Admin Priviledge]
21.1. Date of Publishing: [13 Dec 2007]
21.2. Application Name: [Hosting Controller]
21.3. Version: [6.1 Hot fix <= 3.3]
21.4. Impact: [High]
21.5. Reference(s): [
- http://www.bugreport.ir/index_7.htm
]
21.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
21.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
20. Title: [Snitz Forums 2000 Active.asp Remote SQL Injection Vulnerability]
20.1. Date of Publishing: [10 Dec 2007]
20.2. Application Name: [Snitz Forums 2000]
20.3. Version: [N/A]
20.4. Impact: [High]
20.5. Reference(s): [
- http://www.bugreport.ir/index_6.htm
]
20.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
20.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
19. Title: [SkyPortal vRC6 Multiple Remote Vulnerabilities]
19.1. Date of Publishing: [22 Nov 2007]
19.2. Application Name: [SkyPortal]
19.3. Version: [vRC6]
19.4. Impact: [High]
19.5. Reference(s): [
- http://www.bugreport.ir/index_3.htm
]
19.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
19.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
18. Title: [Mozilla Firefox 2.0.0.7 Denial of Service]
18.1. Date of Publishing: [25 Oct 2007]
18.2. Application Name: [Mozilla Firefox]
18.3. Version: [2.0.0.7]
18.4. Impact: [Low]
18.5. Reference(s): [
- http://www.bugreport.ir/index_1.htm
]
18.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
18.7. Supporter:[
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
17. Title: [Hosting Controller 'FolderManager.aspx' Lets Remote Authenticated Users View and Modify Files ]
17.1. Date of Publishing: [27/12/2006]
17.2. Application Name: [Hosting Controller]
17.3. Version: [7c (7.00.0003)]
17.4. Impact: [Highly Critical]
17.5. Reference(s): [
- http://securitytracker.com/alerts/2006/Dec/1017447.html
]
17.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
17.7. Supporter:[
- N/A
]
17.8. More information:[
- By using this bug and another technique, attacker can get windows administrator's privilege.
]
/**************************************************************************/
16. Title: [More Than 25 Different Vulnerabilities in Hosting Controller Reported to the Hosting Controller Company]
16.1. Date of Publishing: [Never]
16.2. Application Name: [Hosting Controller]
16.3. Version: [6.1]
16.4. Impact: [High]
16.5. Reference(s): [
- Hosting Controller Support Team and irsdl Emails
]
16.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
16.7. Supporter:[
- N/A
]
/**************************************************************************/
15. Title: [MailEnable Enterprise <= 2.0 (ASP Version) Multiple Vulnerabilities]
15.1. Date of Publishing: [9 June 2006]
15.2. Application Name: [MailEnable]
15.3. Version: [2.0]
15.4. Impact: [High]
15.5. Reference(s): [
- http://securitytracker.com/alerts/2006/Jun/1016265.html
- http://www.milw0rm.com/exploits/1893
]
15.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
15.7. Supporter:[
- N/A
]
/**************************************************************************/
14. Title: [Maxwebportal <= 1.36 password.asp Change Password]
14.1. Date of Publishing: [26 May 2005]
14.2. Application Name: [Maxwebportal]
14.3. Version: [1.36]
14.4. Impact: [High]
14.5. Reference(s): [
- http://www.milw0rm.com/exploits/1012
]
14.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
14.7. Supporter:[
- N/A
]
/**************************************************************************/
13. Title: [Hosting Controller Access Control Bugs Let Remote Users Gain Reseller and Administrative Privileges]
13.1. Date of Publishing: [6 Jul 2006]
13.2. Application Name: [Hosting Controller]
13.3. Version: [6.1 Hotfix 3.1 and prior versions ]
13.4. Impact: [High]
13.5. Reference(s): [
- http://securitytracker.com/id?1016444
]
13.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
13.7. Supporter:[
- N/A
]
/**************************************************************************/
12. Title: [Hosting Controller 'EnableForum.asp' and 'DisableForum.asp' Scripts Let Remote Users Create or Delete Forums and Virtual Directories ]
12.1. Date of Publishing: [20 Oct 2006]
12.2. Application Name: [Hosting Controller]
12.3. Version: [6.1 Hotfix 3.2 and prior versions ]
12.4. Impact: [Medium]
12.5. Reference(s): [
- http://securitytracker.com/id?1017103
]
12.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
12.7. Supporter:[
- N/A
]
/**************************************************************************/
11. Title: [Hosting Controller Input Validation Holes in 'AddGatewaySettings.asp' and 'IPManager.asp' Permit SQL Injection ]
11.1. Date of Publishing: [4 Feb 2006]
11.2. Application Name: [Hosting Controller]
11.3. Version: [6.1 Hotfix 2.8 ]
11.4. Impact: [High]
11.5. Reference(s): [
- http://securitytracker.com/id?1015584
]
11.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
11.7. Supporter:[
- N/A
]
/**************************************************************************/
10. Title: [EmailArchitect Email Server Script Filtering Flaw Permits Cross-Site Scripting Attacks ]
10.1. Date of Publishing: [6 Jun 2006]
10.2. Application Name: [EmailArchitect]
10.3. Version: [6.1 ]
10.4. Impact: [Low]
10.5. Reference(s): [
- http://securitytracker.com/id?1016243
]
10.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
10.7. Supporter:[
- N/A
]
/**************************************************************************/
9. Title: [MailSite Express Lets Remote Users Upload Scripting Files and Execute Them ]
9.1. Date of Publishing: [15 Oct 2005]
9.2. Application Name: [MailSite Express]
9.3. Version: [6.1.21.0], [6.1.22.0 (?)]
9.4. Impact: [High]
9.5. Reference(s): [
- http://securitytracker.com/id?1015063
]
9.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
9.7. Supporter:[
- N/A
]
/**************************************************************************/
8. Title: [Hosting Controller Access Control Bugs Let Remote Authenticated Users View, Edit, and Add Plans ]
8.1. Date of Publishing: [15 Jul 2005]
8.2. Application Name: [Hosting Controller]
8.3. Version: [6.1 HotFix 2.2 and prior versions ]
8.4. Impact: [High]
8.5. Reference(s): [
- http://securitytracker.com/id?1014071
]
8.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
8.7. Supporter:[
- N/A
]
/**************************************************************************/
7. Title: [Hosting Controller 'AccountActions.asp' Access Control Bug Lets Remote Authenticated Users Add Usernames ]
7.1. Date of Publishing: [18 Jul 2005]
7.2. Application Name: [Hosting Controller]
7.3. Version: [6.1 HotFix 2.2 and prior versions ]
7.4. Impact: [High]
7.5. Reference(s): [
- http://securitytracker.com/id?1014518
]
7.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
7.7. Supporter:[
- N/A
]
/**************************************************************************/
6. Title: [EmailArchitect Email Server Input Validation Holes Permit Cross-Site Scripting Attacks ]
6.1. Date of Publishing: [6 Jun 2006]
6.2. Application Name: [EmailArchitect]
6.3. Version: [6.1 ]
6.4. Impact: [Low]
6.5. Reference(s): [
- http://securitytracker.com/id?1016237
]
6.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
6.7. Supporter:[
- N/A
]
/**************************************************************************/
5. Title: [Hosting Controller 'UserProfile.asp' Lets Remote Authenticated Users Modify Other User Profiles]
5.1. Date of Publishing: [26 May 2005]
5.2. Application Name: [Hosting Controller]
5.3. Version: [6.1 HotFix 2.0 and prior versions ]
5.4. Impact: [Medium]
5.5. Reference(s): [
- http://securitytracker.com/id?1014062
]
5.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
5.7. Supporter:[
- N/A
]
/**************************************************************************/
4. Title: [SmarterMail Lets Remote Users Upload Arbitrary Scripting Code and Execute Them ]
4.1. Date of Publishing: [25 Jan 2005]
4.2. Application Name: [SmarterMail]
4.3. Version: [prior to 2.0.1837 ]
4.4. Impact: [High]
4.5. Reference(s): [
- http://securitytracker.com/id?1013021
]
4.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
4.7. Supporter:[
- N/A
]
/**************************************************************************/
3. Title: [Multiple Vulnerabilities in DUclassified]
3.1. Date of Publishing: [9 Oct 2004]
3.2. Application Name: [DUclassified]
3.3. Version: [All]
3.4. Impact: [High]
3.5. Reference(s): [
- http://securitytracker.com/id?1011596
]
3.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
3.7. Supporter:[
- N/A
]
/**************************************************************************/
2. Title: [Multiple Vulnerabilities in DUclassmate]
2.1. Date of Publishing: [9 Oct 2004]
2.2. Application Name: [DUclassmate]
2.3. Version: [All]
2.4. Impact: [High]
2.5. Reference(s): [
- http://securitytracker.com/id?1011597
]
2.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
2.7. Supporter:[
- N/A
]
/**************************************************************************/
1. Title: [Multiple Vulnerabilities in DUforum]
1.1. Date of Publishing: [9 Oct 2004]
1.2. Application Name: [DUforum]
1.3. Version: [All]
1.4. Impact: [Medium]
1.5. Reference(s): [
- http://securitytracker.com/id?1011595
]
1.6. Finder(s):[
- Soroush Dalili (Irsdl@yahoo.com)
]
1.7. Supporter:[
- N/A
]

Free WordPress Themes

Links

SecurityFocus News

News: Change in Focus March 10, 2010
Change in Focus […]
News: Twitter attacker had proper credentials December 18, 2009
Twitter attacker had proper credentials […]
News: PhotoDNA scans images for child abuse December 18, 2009
PhotoDNA scans images for child abuse >> Advertisement […]

Google Reader

Let’s talk about the End in End-to-End Trust, or the Human Being March 10, 2010
Let’s talk about End in End-to-End Trust, or, in other words, the Human Being. Focus on the human subject – the beneficiary of technology We’re pretty good at dealing with everything from the digital perimeter through to the protected resources the person wants to access. But the big problem, the very old problem, that we’ve made little progress in solving, […]
Noted cryptographer on SSL, encryption and cloud computing March 10, 2010
Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks. […]
Bejtlich OWASP Podcast Posted March 10, 2010
My appearance on OWASP Podcast 61 is available. The .mp3 is 36 MB. Thanks to Jim Manico for inviting me to participate. We recorded the podcast in late January. Jim asked me the following questions:Would you care to tell us how did you get into IT and what lead you into a career in information security? What keeps you busy these days?What's the differen […]

Computer Security Is My Interest!

Advisories

Categories

Recent Posts

Links

SecurityFocus News

Google Reader

New Vulnerabilities