Advisories

Soroush Dalili’s published/to-be-published advisories (Last update 31 Oct 2020):

#112:
Title: [CVE-2020-0618 – RCE in SQL Server Reporting Services (SSRS)]
Date of Publishing: [11/02/2020]
Application Name: [Microsoft SQL Server Reporting Services]
Version: [prior to February 2020 patch]
Impact: [Critical]

#111:
Title: [CVE-2020-0646 – Code injection in Workflows leading to SharePoint RCE]
Date of Publishing: [14/01/2020]
Application Name: [.NET Framework]
Version: [prior to January 2020 patch]
Impact: [High]

#110:
Title: [CVE-2020-0606 – Code Execution using Malicious Annotation Files for Sticky Notes in WPF apps]
Date of Publishing: [14/01/2020]
Application Name: [.NET Framework]
Version: [prior to January 2020 patch]
Impact: [High]

#109:
Title: [CVE-2020-0605 – Code Execution using XPS Files in .NET]
Date of Publishing: [14/01/2020]
Application Name: [.NET Framework]
Version: [prior to January 2020 patch]
Impact: [High]

#108:
Title: [CVE-2019-13462 – Unauthenticated SQL Injection in Lansweeper]
Date of Publishing: [25/07/2019]
Application Name: [Lansweeper application]
Version: [prior to 7.1.117.4]
Impact: [Critical when MSSQL database is in use (not default)]

#107:
Title: [CVE-2019-12923, CVE-2019-12924, CVE-2019-12925, CVE-2019-12926, CVE-2019-12927 – Multiple Vulnerabilities in MailEnable]
Date of Publishing: [02/07/2019]
Application Name: [MailEnable]
Version: [versions before 10.24, 9.83, 8.64, 7.62, 6.90 (20th June 2019)]
Impact: [Critical, High, nad Medium]

#106:
Title: [CVE-2019-7214, CVE-2019-7213, CVE-2019-7212, CVE-2019-7211 – Multiple Vulnerabilities in SmarterMail]
Date of Publishing: [17/04/2019]
Application Name: [SmarterMail]
Version: [prior to Build 6985 (CVE-2019-7214), prior to Build 7040 (CVE-2019-7211, CVE-2019-7212, CVE-2019-7213)]
Impact: [Critical and High]

#105:
Title: [CVE-2018-18447 – Code Execution in .NET by Reading Serialized Objects from Clipboard]
Date of Publishing: [17/12/2018]
Application Name: [PowerShell, Visual Studio, WPF Applications, Paint.NET, LINQPad, and more]
Version: [varies – some accepted it as a feature – some patched it (sometimes without a CVE)]
Impact: [Medium/High]

#104:
Title: [CVE-2018-8421 – RCE during loading or compiling Microsoft XOML workflows using deserialization]
Date of Publishing: [08/11/2018]
Application Name: [Microsoft SharePoint]
Version: [prior to November 2018 patch]
Impact: [Critical]

#103:
Title: [CVE-2018-8284 – Remote Code Execution on SharePoint by Bypassing Workflows Protection Mechanisms]
Date of Publishing: [30/08/2018]
Application Name: [Microsoft SharePoint]
Version: [prior to July 2018 patch]
Impact: [Critical]

#102:
Title: [Mattermost Server Denial of Service by Uploading an Emoji File]
Date of Publishing: [N/A]
Application Name: [Mattermost Server]
Version: [Fixed in v5.2.2, 5.1.2, 4.10.4]
Impact: [Low]

#101:
Title: [CVE-2019-0613 – Code Execution in Visual Studio using TBC Files]
Date of Publishing: [N/A]
Application Name: [Visual Studio]
Version: [prior to February 2019 patch]
Impact: [Medium]

#101:
Title: [CVE-2018-8172 – Code Execution in Visual Studio using XAML Files]
Date of Publishing: [N/A]
Application Name: [Visual Studio]
Version: [prior to July 2018 patch]
Impact: [Medium]

#100:
Title: [CVE-2018-8172, CVE-2018-8300, CVE-2018-14581, CVE-2018-14878, CVE-2018-15122 – Unsafe Deserialization in Microsoft Resource Files (.RESX) in Multiple Products]
Date of Publishing: [02/08/2018]
Application Name: [Visual Studio, ILSpy, DotPeek, ReSharper Ultimate, .Net Reflector, SmartAssembly ,JustDecompile, JustAssembly, IIS, SharePoint, Dynamics365]
Version: [varies – some accepted it as a feature – some patched it (sometimes without a CVE)]
Impact: [High/Critical]

#99:
Title: [ASP.NET Request Validation Bypass Using Request Encoding]
Date of Publishing: [09/09/2017]
Application Name: [.NET Framework]
Version: [any – accepted as a feature]
Impact: [Medium]

#98:
Title: [Multiple Vulnerabilities in Yahoo Small Business (aabaco and luminate domains)]
Date of Publishing: [N/A]
Application Name: [Yahoo! Aabaco Small Business]
Version: [N/A]
Impact: [High]

#97:
Title: [CVE-2017-8572, CVE-2017-11927 – SMB hash hijacking & user tracking in MS Outlook]
Date of Publishing: [11/05/2018]
Application Name: [Microsoft Outlook]
Version: [all versions before May 2018 update]
Impact: [Medium]

#96:
Title: [CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers]
Date of Publishing: [14/07/2017]
Application Name: [Internet Explorer, Edge]
Version: [IE 10, 11, and Edge prior to July 2017 patch]
Impact: [Low]

#95:
Title: [CVE-2016-3327 – Denial of Service in Parsing a URL by ierutil.dll]
Date of Publishing: [12/08/2016]
Application Name: [Microsoft Browser – Any HTML viewer using ierutil.dll]
Version: [Prior to August 2016 Patch]
Impact: [Low]

#94:
Title: [CVE-2016-4178, CVE-2016-4277 – Flash “local-with-filesystem” Bypass in navigateToURL]
Date of Publishing: [13/09/2016]
Application Name: [Adobe Flash]
Version: [22.0.0.211 and earlier]
Impact: [Low]

#93:
Title: [Yahoo! Web Hosting – Multiple Security Issues]
Date of Publishing: [N/A]
Application Name: [Yahoo! Aabaco Small Business – Web Hosting]
Version: [N/A]
Impact: [High]

#92:
Title: [SOP bypass in Google Chrome by redirection using Silverlight]
Date of Publishing: [N/A]
Application Name: [Microsoft Silverlight]
Version: [wont fix]
Impact: [High]

#91:
Title: [Multiple Vulnerabilities in MailEnable (XXE, XSS, Privilege Escalation, Directory Traversal)]
Date of Publishing: [10/03/2015]
Application Name: [MailEnable]
Version: [Tested on version 8.56 (versions prior to 8.60, 7.60, 6.88, and 5.62 should be vulnerable)]
Impact: [High]

#90:
Title: [SmarterMail – Stored XSS in emails]
Date of Publishing: [06/03/2015]
Application Name: [SmarterMail]
Version: [SmarterMail 13.1.5451]
Impact: [High]

#89:
Title: [Flash security restrictions bypass]
Date of Publishing: [Reported on 14/11/2014]
Application Name: [Adobe Flash]
Version: [08/07/2015 Patched by Adobe]
Impact: [Low]

#88:
Title: [Flash security restrictions bypass]
Date of Publishing: [Reported on 14/11/2014]
Application Name: [Adobe Flash]
Version: [12/03/2015 Patched by Adobe]
Impact: [Low]

#87:
Title: [Cross Domain Policy Bypass – Google Chrome Flash]
Date of Publishing: [Reported on 20/10/2014]
Application Name: [Google Chrome]
Version: [12/03/2015 Patched by Adobe]
Impact: [Medium]

#86:
Title: [Reflected XSS in SWF file – Camtasia 7 & 8]
Date of Publishing: [10/01/2014]
Application Name: [TechSmith Camtasia]
Version: [v8.4.4 (latest 8.x 10/01/2014) – v7.1.1 (latest 7.x 10/01/2014)]
Impact: [Medium]

#85:
Title: [Adobe Flash – Cross Site Information Disclosure]
Date of Publishing: [Reported on 02/10/2014]
Application Name: [Adobe Flash]
Version: [Tested on 15.0.0.152 (debug version)]
Impact: [Low]

#84:
Title: [DOM Based cross-site scripting in Doc-To-Help 2014 v1]
Date of Publishing: [Discovered: 18/09/2014 – Reported to the vendor: 14/11/2014]
Application Name: [Doc-To-Help]
Version: [Latest version (still unpatched – 10/01/2015)]
Impact: [Medium]

#83:
Title: [Multiple vulnerabilities in FileVista]
Date of Publishing: [Reported to the vendor 04/08/2014 – still unptached]
Application Name: [FileVista]
Version: [v6.0.7 and even the latest version (still unpatched – 10/01/2015)]
Impact: [High]

#82:
Title: [Adobe flash sandbox bypass to navigate to local drives (Windows version)]
Date of Publishing: [15/10/2014-12/08/2014]
Application Name: [Adobe Flash]
Version: [14.0.0.125 (tested with IE 11)]
Impact: [TBA]

#81:
Title: [Reflected Cross Site Scripting in Flash version of Flowplayer]
Date of Publishing: [Discovered: 30/05/2014 – Publicly Reported: 30/09/2014]
Application Name: [Flowplayer]
Version: [3.2.17 (latest) – still vulnerable]
Impact: [Medium]

#80:
Title: [Facebook – Open Redirection via tpe Parameter in /ajax/payment/token_proxy.php]
Date of Publishing: [07/02/2014]
Application Name: [Facebook]
Version: [N/A]
Impact: [Low]

#79:
Title: [Adobe Reader/Acrobat another Use-After-Free in ToolButton]
Date of Publishing: [06/12/2013]
Application Name: [Adobe Reader/Acrobat]
Version: [11.0.05/10.1.8 and earlier versions]
Impact: [High]

#78:
Title: [Flash Security SandBox Bypass by using JAR protocol]
Date of Publishing: [15/10/2013]
Application Name: [Adobe Flash]
Version: [11.9.900.170/11.2.202.332 and earlier versions]
Impact: [Medium]

#77:
Title: [Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability]
Date of Publishing: [Reported Dec. 2013]
Application Name: [Microsoft Internet Explorer]
Version: [IE 10]
Impact: [High]

#76:
Title: [Yahoo Multiple Vulnerabilities – LFI/XSS/etc]
Date of Publishing: [15/10/2013]
Application Name: [Yahoo websites]
Version: [N/A]
Impact: [Highly Critical]

#75:
Title: [Microsoft XMLDOM in IE can divulge information of local drive/network in error messages]
Date of Publishing: [25/04/2013]
Application Name: [Internet Explorer]
Version: [Tested in IE10 – probably unpacthed]
Impact: [Low]

#74:
Title: [Facebook OAuth2 Redirection Bypass]
Date of Publishing: [18/03/2013]
Application Name: [Facebook]
Version: [N/A]
Impact: [High]

#73:
Title: [UnRedirectable Page by using onbeforeunload, setTimeout and a pop-up msg]
Date of Publishing: [08/02/2013]
Application Name: [Firefox]
Version: [unpatched – 10 Jan 2015]
Impact: [Low]

#72:
Title: [GleamTech FileVista/FileUltimate Directory Traversal]
Date of Publishing: [21/11/2012]
Application Name: [Jenkins]
Version: [tested on 4.6]
Impact: [Highly Critical]

#71:
Title: [FCKEditor/CKFinder Denial of Service on Windows Forbidden Files]
Date of Publishing: [21/11/2012]
Application Name: [Jenkins]
Version: [FCKEditor 2.6.8 / CKFinder 2.3]
Impact: [Low]

#70:
Title: [Jenkins XSS, CrLf, and Open Redirect]
Date of Publishing: [20/11/2012]
Application Name: [Jenkins]
Version: [prior to 1.491 or 1.480.1]
Impact: [Low]

#69:
Title: [Adobe Reader/Acrobat Use-After-Free in ToolButton]
Date of Publishing: [11/09/2013 – reported Sept. 2012]
Application Name: [Adobe Acrobat/Reader]
Version: [11.0.02/10.1.6 and earliers]
Impact: [High]

#68:
Title: [FCKEditor ASP Version – Multiple File Upload Protection Bypass and XSS vulnerability]
Date of Publishing: [21/11/2012]
Application Name: [FCKEditor]
Version: [latest version (retired) – 27/11/2012]
Impact: [Highly Critical]

#67:
Title: [Facebook Privacy Issue]
Date of Publishing: [Vendor Awareness: March 2012]
Application Name: [Facebook Website]
Version: [N/A]
Impact: [Moderate]

#66:
Title: [Bugzilla – account lockout restriction bypass]
Date of Publishing: [Vendor Awareness: 18 February 2012]
Application Name: [Bugzilla]
Version: [versions 2.17.4 through 3.6.8, 3.7.1 through 4.0.5, and 4.1.1 through 4.2]
Impact: [Low]

#65:
Title: [Adobe Reader/Acrobat Memory Corruption In The JavaScript Handling]
Date of Publishing: [N/A]
Application Name: [Adobe Reader/Acrobat]
Version: [Windows and Macintosh: <=10.1.2 and <= 9.5 , Linux: <= 9.4.6 ]
Impact: [High]

#64:
Title: [Mozilla Firefox – Memory Corruption – More details will be available after the patch]
Date of Publishing: [Vendor Awareness: 9 February 2012]
Application Name: [Mozilla Firefox]
Version: [Should be patched in 16]
Impact: [N/A]

#63:
Title: [Splunk Reflected XSS]
Date of Publishing: [N/A]
Application Name: [Splunk]
Version: [Patched in version 4.3.1]
Impact: [Low]

#62:
Title: [Mozilla Firefox Drag and Drop Handling Same Origin Policy Bypass Vulnerability]
Date of Publishing: [29 December 2011, Vendor Awareness: 21 November 2011]
Application Name: [Mozilla Firefox]
Version: [Prior to 11.0]
Impact: [Moderate]

#61:
Title: [Adobe Reader/Acrobat Memory Corruption Denial of Service by Javascript]
Date of Publishing: [16 June 2011, Vendor Awareness: 24 Feb 2011]
Application Name: [Adobe Reader/Acrobat]
Version: [10.0.1, other versions can be vulnerable before applying the 14 June 2011 Patch]
Impact: [Low]

#60:
Title: [Mozilla Firefox/Thunderbird/SeaMonkey ‘resource:’ Protocol Directory Traversal Vulnerability]
Date of Publishing: [28 April 2011]
Application Name: [Mozilla Firefox/Thunderbird/SeaMonkey]
Version: [Fixed in: Firefox 3.6.17, Firefox 3.5.19, Thunderbird 3.1.10, SeaMonkey 2.0.14]
Impact: [Moderate]

#59:
Title: [Douran Portal File Download/Source Code Disclosure Vulnerability]
Date of Publishing: [20 March 2011]
Application Name: [Douran Portal]
Version: [3.9.7.8]
Impact: [Moderately critical] yahoo [dot] com)
]

#58:
Title: [TASKalfa 500ci Printer – Authentication Bypass]
Date of Publishing: [Vendor Awareness: 1 Dec. 2010 – Fixed on: 14 July 2011]
Application Name: [Adobe Reader/Acrobat]
Version: [Prior to 12.0 Framework – 250, 300, and 400 models were also patched]
Impact: [High]

#57:
Title: [Microsoft Internet Information Services .Net Denial of Service]
Date of Publishing: [Vendor Awareness: 3 August 2010 – Vendor Response: 4 Jan 2011 Recoverable DoS issues will be addressed in a Service Pack or next version fix – Latest State: Kept Private regarding with another 0day file/folder name leakage vulnerability in IIS]
Application Name: [Microsoft IIS]
Version: [All the Latest Versions of IIS and .Net Frameworks – 17/05/2011]
Impact: [Moderate]

#56:
Title: [Microsoft Internet Information Services Basic Authentication Security Bypass]
Date of Publishing: [1 July 2010]
Application Name: [Microsoft IIS]
Version: [5.1]
Impact: [Moderately critical]

#55:
Title: [Opera Browser – Scroll Information Leakage]
Date of Publishing: [30 June 2010]
Application Name: [Opera Browser]
Version: [10.54 and 10.60 RC (Build 3443)]
Impact: [Low]

#54:
Title: [AirTight Web Application – File Disclosure/Deletion and XSS]
Date of Publishing: [Vendor Awareness: June 2010 – Fixed on: 2010]
Application Name: [AirTight]
Version: [Tested on 6.1 – later versions should be safe]
Impact: [High]

#53:
Title: [Mozilla Firefox Error Handling Information Disclosure Vulnerability]
Date of Publishing: [27 May 2010]
Application Name: [Mozilla Firefox]
Version: [3.5.10, 3.6.6 and prior versions]
Impact: [Low]

#52:
Title: [Internet Explorer hard drive information leakage]
Date of Publishing: [4 March 2010]
Application Name: [Internet Explorer]
Version: [7, 8, and 9 – 17/05/2011]
Impact: [Low]

#51:
Title: [Microsoft IIS ASP Multiple Extensions Security Bypass]
Date of Publishing: [24 Dec. 2009]
Application Name: [Microsoft IIS]
Version: [6.0]
Impact: [Less Critical for IIS][Highly Critical for Web Applications]

#50:
Title: [Virtual Support Office-XP Multiple Vulnerabilities.]
Date of Publishing: [20 Jun 2008]
Application Name: [Virtual Support Office-XP]
Version: [3.0.29, 3.0.27 and prior versions]
Impact: [High]

#49:
Title: [eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities]
Date of Publishing: [19 Jun 2008]
Application Name: [eLineStudio Site Composer (ESC)]
Version: [2.6]
Impact: [High]

#48:
Title: [Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities]
Date of Publishing: [19 Jun 2008]
Application Name: [Academic Web Tools CMS]
Version: [1.4.2.8]
Impact: [Medium]

#47:
Title: [doITlive CMS <=2.50 Multiple Vulnerabilities]
Date of Publishing: [18 Jun 2008]
Application Name: [doITlive CMS]
Version: [2.50]
Impact: [High]

#46:
Title: [Pooya Site Builder (PSB) SQL Injection Vulnerabilities]
Date of Publishing: [12 Jun 2008]
Application Name: [Pooya Site Builder (PSB)]
Version: [6.0 (Assembly Version)]
Impact: [High]

#45:
Title: [Realm CMS <= 2.3 Multiple Vulnerabilities]
Date of Publishing: [10 Jun 2008]
Application Name: [Realm CMS]
Version: [2.3]
Impact: [High]

#44:
Title: [QuickerSite <= 1.85 Multiple Vulnerabilities]
Date of Publishing: [4 Jun 2008]
Application Name: [QuickerSite]
Version: [1.85]
Impact: [High]

#43:
Title: [Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability]
Date of Publishing: [30 May 2008]
Application Name: [Dot Net Nuke (DNN)]
Version: [4.8.3]
Impact: [Low]

#42:
Title: [MegaBBS Forum Multiple Vulnerabilities.]
Date of Publishing: [27 Apr 2008]
Application Name: [MegaBBS]
Version: [2.2]
Impact: [Medium]

#41:
Title: [Acidcat CMS Multiple Vulnerabilities.]
Date of Publishing: [20 Apr 2008]
Application Name: [Acidcat CMS]
Version: [3.4.1]
Impact: [High]

#40:
Title: [CandyPress eCommerce suite SQL Injection + XSS + Path Disclosure in CandyPress]
Date of Publishing: [26 Jan 2008]
Application Name: [CandyPress eCommerce suite]
Version: [4.1.1.26]
Impact: [High]

#39:
Title: [Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server]
Date of Publishing: [23 Jan 2008]
Application Name: [Web Wiz Rich Text Editor]
Version: [4.0]
Impact: [Medium]

#38:
Title: [Web Wiz NewsPad Directory traversal]
Date of Publishing: [23 Jan 2008]
Application Name: [Web Wiz NewsPad]
Version: [1.02]
Impact: [Low]

#37:
Title: [Web Wiz Forums Directory traversal]
Date of Publishing: [23 Jan 2008]
Application Name: [Web Wiz Forums]
Version: [9.07]
Impact: [Low]

#36:
Title: [Mozilla Firefox 2.0.0.11 Hide the Source Code]
Date of Publishing: [22 Jan 2008]
Application Name: [Mozilla Firefox]
Version: [2.0.0.11]
Impact: [Low]

#35:
Title: [Hosting Controller 6.1 – Users can change other’s host headers.]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [Medium]

#34:
Title: [Hosting Controller 6.1 – Users can enable or disable all Hosting Controller forums by SQL Injection.]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [Medium]

#33:
Title: [Hosting Controller 6.1 – Users can find web site path.]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [Medium]

#32:
Title: [Hosting Controller 6.1 – Users can import unwanted plan or change the plans.]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [Medium]

#31:
Title: [Hosting Controller 6.1 – Users can find Hosting Controller setup directory.]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [Medium]

#30:
Title: [Hosting Controller 6.1 – Users can see all usernames in the server.]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [Medium]

#29:
Title: [Hosting Controller 6.1 – Users can enable or disable pay type.]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [Medium]

#28:
Title: [Hosting Controller 6.1 – Users can delete all of gateway information.]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [Medium]

#27:
Title: [Hosting Controller 6.1 – Users can uninstall other’s FrontPage extensions.]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [Medium]

#26:
Title: [Hosting Controller 6.1 – Users can change his credit amount or increase his discount.]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [Medium]

#25:
Title: [Hosting Controller 6.1 – SQL Injection in “/accounts/accountmanager.asp”]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [Medium]

#24:
Title: [Hosting Controller 6.1 – Remote Attacker can change all users’ profiles.]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [Medium]

#23:
Title: [Hosting Controller 6.1 – Remote Users Can Make a New User]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [High]

#22:
Title: [Hosting Controller 6.1 – Remote Authenticated Users Execute a File Under Administrative Privilege]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [High]

#21:
Title: [Hosting Controller 6.1 – Lets Remote Users Gain Admin Privilege]
Date of Publishing: [13 Dec 2007]
Application Name: [Hosting Controller]
Version: [6.1 Hot fix <= 3.3]
Impact: [High]

#20:
Title: [Snitz Forums 2000 Active.asp Remote SQL Injection Vulnerability]
Date of Publishing: [10 Dec 2007]
Application Name: [Snitz Forums 2000]
Version: [N/A]
Impact: [High]

#19:
Title: [SkyPortal vRC6 Multiple Remote Vulnerabilities]
Date of Publishing: [22 Nov 2007]
Application Name: [SkyPortal]
Version: [vRC6]
Impact: [High]

#18:
Title: [Mozilla Firefox 2.0.0.7 Denial of Service]
Date of Publishing: [25 Oct 2007]
Application Name: [Mozilla Firefox]
Version: [2.0.0.7]
Impact: [Low]

#17:
Title: [Hosting Controller ‘FolderManager.aspx’ Lets Remote Authenticated Users View and Modify Files]
Date of Publishing: [27/12/2006]
Application Name: [Hosting Controller]
Version: [7c (7.00.0003)]
Impact: [Highly Critical]
More information: [
– By using this bug and another technique, attacker can get windows administrator’s privilege.
]

#16:
Title: [More Than 25 Different Vulnerabilities in Hosting Controller Reported to the Hosting Controller Company]
Date of Publishing: [Never]
Application Name: [Hosting Controller]
Version: [6.1]
Impact: [High]

#15:
Title: [MailEnable Enterprise <= 2.0 (ASP Version) Multiple Vulnerabilities]
Date of Publishing: [9 June 2006]
Application Name: [MailEnable]
Version: [2.0]
Impact: [High]

#14:
Title: [Maxwebportal <= 1.36 password.asp Change Password]
Date of Publishing: [26 May 2005]
Application Name: [Maxwebportal]
Version: [1.36]
Impact: [High]

#13:
Title: [Hosting Controller Access Control Bugs Let Remote Users Gain Reseller and Administrative Privileges]
Date of Publishing: [6 Jul 2006]
Application Name: [Hosting Controller]
Version: [6.1 Hotfix 3.1 and prior versions]
Impact: [High]

#12:
Title: [Hosting Controller ‘EnableForum.asp’ and ‘DisableForum.asp’ Scripts Let Remote Users Create or Delete Forums and Virtual Directories]
Date of Publishing: [20 Oct 2006]
Application Name: [Hosting Controller]
Version: [6.1 Hotfix 3.2 and prior versions]
Impact: [Medium]

#11:
Title: [Hosting Controller Input Validation Holes in ‘AddGatewaySettings.asp’ and ‘IPManager.asp’ Permit SQL Injection]
Date of Publishing: [4 Feb 2006]
Application Name: [Hosting Controller]
Version: [6.1 Hotfix 2.8]
Impact: [High]

#10:
Title: [EmailArchitect Email Server Script Filtering Flaw Permits Cross-Site Scripting Attacks]
Date of Publishing: [6 Jun 2006]
Application Name: [EmailArchitect]
Version: [6.1]
Impact: [Low]

#9:
Title: [MailSite Express Lets Remote Users Upload Scripting Files and Execute Them]
Date of Publishing: [15 Oct 2005]
Application Name: [MailSite Express]
Version: [6.1.21.0], [6.1.22.0 (?)]
Impact: [High]

#8:
Title: [Hosting Controller Access Control Bugs Let Remote Authenticated Users View, Edit, and Add Plans]
Date of Publishing: [15 Jul 2005]
Application Name: [Hosting Controller]
Version: [6.1 Hotfix 2.2 and prior versions]
Impact: [High]

#7:
Title: [Hosting Controller ‘AccountActions.asp’ Access Control Bug Lets Remote Authenticated Users Add Usernames]
Date of Publishing: [18 Jul 2005]
Application Name: [Hosting Controller]
Version: [6.1 Hotfix 2.2 and prior versions]
Impact: [High]

#6:
Title: [EmailArchitect Email Server Input Validation Holes Permit Cross-Site Scripting Attacks]
Date of Publishing: [6 Jun 2006]
Application Name: [EmailArchitect]
Version: [6.1]
Impact: [Low]

#5:
Title: [Hosting Controller ‘UserProfile.asp’ Lets Remote Authenticated Users Modify Other User Profiles]
Date of Publishing: [26 May 2005]
Application Name: [Hosting Controller]
Version: [6.1 Hotfix 2.0 and prior versions]
Impact: [Medium]

#4:
Title: [SmarterMail Lets Remote Users Upload Arbitrary Scripting Code and Execute Them]
Date of Publishing: [25 Jan 2005]
Application Name: [SmarterMail]
Version: [prior to 2.0.1837]
Impact: [High]

#3:
Title: [Multiple Vulnerabilities in DUclassified]
Date of Publishing: [9 Oct 2004]
Application Name: [DUclassified]
Version: [All]
Impact: [High]

#2:
Title: [Multiple Vulnerabilities in DUclassmate]
Date of Publishing: [9 Oct 2004]
Application Name: [DUclassmate]
Version: [All]
Impact: [High]

#1:
Title: [Multiple Vulnerabilities in DUforum]
Date of Publishing: [9 Oct 2004]
Application Name: [DUforum]
Version: [All]
Impact: [Medium]