Advisories

Soroush Dalili’s published/to-be-published advisories (Last update 27 Jan. 2017):

/**************************************************************************/
95. Title: [Denial of Service in Parsing a URL by ierutil.dll]
95.1. Date of Publishing: [12/08/2016]
95.2. Application Name: [Microsoft Browser – Any HTML viewer using ierutil.dll]
95.3. Version: [Prior to August 2016 Patch]
95.4. Impact: [Low]
95.5. Reference(s): [
– https://technet.microsoft.com/en-us/library/security/mt674627.aspx
– CVE-2016-3327
– https://www.nccgroup.trust/uk/our-research/denial-of-service-in-parsing-a-url-by-ierutildll/
]
95.6. Finder(s): [
– Soroush Dalili
]
95.7. Supporter: [
– N/A
]
/**************************************************************************/
94. Title: [Flash “local-with-filesystem” Bypass in navigateToURL]
94.1. Date of Publishing: [13/09/2016]
94.2. Application Name: [Adobe Flash]
94.3. Version: [22.0.0.211 and earlier]
94.4. Impact: [Low]
94.5. Reference(s): [
– https://www.nccgroup.trust/uk/our-research/flash-local-with-filesystem-bypass-in-navigatetourl/
– https://helpx.adobe.com/security/products/flash-player/apsb16-25.html
– https://helpx.adobe.com/security/products/flash-player/apsb16-29.html
]
94.6. Finder(s): [
– Soroush Dalili
]
94.7. Supporter: [
– Hackerone
]
/**************************************************************************/
93. Title: Yahoo! Web Hosting – Multiple Security Issues
93.1. Date of Publishing: [NA]
93.2. Application Name: [Yahoo! Web Hosting]
93.3. Version: [NA]
93.4. Impact: [Yahoo! Aabaco Small Business]
93.5. Reference(s): [
– https://hackerone.com/yahoo : #141589, #142764, #140444, #142776, #143911, #142771, #141599, #142546, #142762
]
93.6. Finder(s): [
– Soroush Dalili
]
93.7. Supporter: [
– Hackerone
]
/**************************************************************************/
92. Title: SOP bypass in Google Chrome by redirection using Silverlight
92.1. Date of Publishing: [TBA]
92.2. Application Name: [Microsoft Silverlight]
92.3. Version: [wont fix]
92.4. Impact: [High]
92.5. Reference(s): [
– MSRC 0052700
– This extension has been removed from Chrome
]
92.6. Finder(s): [
– Soroush Dalili
]
92.7. Supporter: [
– N/A
]
/**************************************************************************/
91. Title: [Multiple Vulnerabilities in MailEnable (XXE, XSS, Privilege Escalation, Directory Traversal)]
91.1. Date of Publishing: [10/03/2015]
91.2. Application Name: [MailEnable]
91.3. Version: [Tested on version 8.56 (versions prior to 8.60, 7.60, 6.88, and 5.62 should be vulnerable)]
91.4. Impact: [High]
91.5. Reference(s): [
– https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/
]
91.6. Finder(s): [
– Soroush Dalili
]
91.7. Supporter: [
– N/A
]
/**************************************************************************/
90. Title: [SmarterMail – Stored XSS in emails]
90.1. Date of Publishing: [06/03/2015]
90.2. Application Name: [SmarterMail]
90.3. Version: [SmarterMail 13.1.5451]
90.4. Impact: [High]
90.5. Reference(s): [
– https://www.nccgroup.com/en/learning-and-research-centre/technical-advisories/smartermail-stored-xss-in-emails/
]
90.6. Finder(s): [
– Soroush Dalili
]
90.7. Supporter: [
– N/A
]
/**************************************************************************/
89. Title: [Flash security restrictions bypass]
89.1. Date of Publishing: [Reported on 14/11/2014]
89.2. Application Name: [Adobe Flash]
89.3. Version: [Not patched yet (08/07/2015)]
89.4. Impact: [Low]
89.5. Reference(s): [
– PSIRT-3145
– CVE-2015-3114
]
89.6. Finder(s): [
– Soroush Dalili
]
89.7. Supporter: [
– N/A
]
/**************************************************************************/
88. Title: [Flash security restrictions bypass]
88.1. Date of Publishing: [Reported on 14/11/2014]
88.2. Application Name: [Adobe Flash]
88.3. Version: [12/03/2015]
88.4. Impact: [Low]
88.5. Reference(s): [
– PSIRT-3146
– CVE-2015-0340
]
88.6. Finder(s): [
– Soroush Dalili
]
88.7. Supporter: [
– N/A
]
/**************************************************************************/
87. Title: [Cross Domain Policy Bypass – Google Chrome Flash]
87.1. Date of Publishing: [Reported on 20/10/2014]
87.2. Application Name: [Google Chrome]
87.3. Version: [12/03/2015 Patched by Adobe Flash]
87.4. Impact: [Medium]
87.5. Reference(s): [
– https://code.google.com/p/chromium/issues/detail?id=425280
– CVE-2015-0337
– https://helpx.adobe.com/security/products/flash-player/apsb15-05.html
]
87.6. Finder(s): [
– Soroush Dalili
]
87.7. Supporter: [
– N/A
]
/**************************************************************************/
86. Title: [Reflected XSS in SWF file – Camtasia 7 & 8]
86.1. Date of Publishing: [10/01/2014]
86.2. Application Name: [TechSmith Camtasia]
86.3. Version: [v8.4.4 (latest 8.x 10/01/2014) – v7.1.1 (latest 7.x 10/01/2014)]
86.4. Impact: [Medium]
86.5. Reference(s): [
– Vendor did not want to patch the SWF files. Issues are not disclosed publicly.
]
86.6. Finder(s): [
– Soroush Dalili
]
86.7. Supporter: [
– N/A
]
/**************************************************************************/
85. Title: [Adobe Flash – Cross Site Information Disclosure]
85.1. Date of Publishing: [Reported on 02/10/2014]
85.2. Application Name: [Adobe Flash]
85.3. Version: [Tested on 15.0.0.152 (debug version)]
85.4. Impact: [Low]
85.5. Reference(s): [
– PSIRT-3067
– CVE-2014-0578
]
85.6. Finder(s): [
– Soroush Dalili
]
85.7. Supporter: [
– NCC Group
]
/**************************************************************************/
84. Title: [DOM Based cross-site scripting in Doc-To-Help 2014 v1]
84.1. Date of Publishing: [Discovered: 18/09/2014 – Reported to the vendor: 14/11/2014]
84.2. Application Name: [Doc-To-Help]
84.3. Version: [Latest version (still unpatched – 10/01/2015)]
84.4. Impact: [Medium]
84.5. Reference(s): [
– Issues are not disclosed publicly. Vendor confirmed but did not give any credit!
]
84.6. Finder(s): [
– Soroush Dalili
]
84.7. Supporter: [
– N/A
]
/**************************************************************************/
83. Title: [Multiple vulnerabilities in FileVista]
83.1. Date of Publishing: [Reported to the vendor 04/08/2014 – still unptached]
83.2. Application Name: [FileVista]
83.3. Version: [v6.0.7 and even the latest version (still unpatched – 10/01/2015)]
83.4. Impact: [High]
83.5. Reference(s): [
– http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx – Vendor did not give me any credit even for partial fixes! Issues are not disclosed publicly.
]
83.6. Finder(s): [
– Soroush Dalili
]
83.7. Supporter: [
– NCC Group
]
/**************************************************************************/
82. Title: [Adobe flash sandbox bypass to navigate to local drives (Windows version)]
82.1. Date of Publishing: [15/10/2014-12/08/2014]
82.2. Application Name: [Adobe Flash]
82.3. Version: [14.0.0.125 (tested with IE 11)]
82.4. Impact: [TBA]
82.5. Reference(s): [
– https://soroush.secproject.com/blog/2013/10/catch-up-on-flash-xss-exploitation-part-2-navigatetourl-and-jar-protocol/
– http://helpx.adobe.com/uk/security/products/flash-player/apsb14-18.html (CVE-2014-0541 – PSIRT-2823)
]
82.6. Finder(s): [
– Soroush Dalili
]
82.7. Supporter: [
– NCC Group
]
/**************************************************************************/
81. Title: [Reflected Cross Site Scripting in Flash version of Flowplayer]
81.1. Date of Publishing: [Discovered: 30/05/2014 – Publicly Reported: 30/09/2014]
81.2. Application Name: [Flowplayer]
81.3. Version: [3.2.17 (latest) – still vulnerable]
81.4. Impact: [Medium]
81.5. Reference(s): [
– https://github.com/flowplayer/flash/issues/263
]
81.6. Finder(s): [
– Soroush Dalili
]
81.7. Supporter: [
– N/A
]
/**************************************************************************/
80. Title: [Facebook – Open Redirection via tpe Parameter in /ajax/payment/token_proxy.php]
80.1. Date of Publishing: [07/02/2014]
80.2. Application Name: [Facebook]
80.3. Version: [N/A]
80.4. Impact: [Low]
80.5. Reference(s): [
– https://www.facebook.com/whitehat/thanks/
]
80.6. Finder(s): [
– Soroush Dalili
]
80.7. Supporter: [
– N/A
]
/**************************************************************************/
79. Title: [Adobe Reader/Acrobat another Use-After-Free in ToolButton]
79.1. Date of Publishing: [06/12/2013]
79.2. Application Name: [Adobe Reader/Acrobat]
79.3. Version: [11.0.05/10.1.8 and earlier versions]
79.4. Impact: [High]
79.5. Reference(s): [
– http://helpx.adobe.com/security/products/reader/apsb14-01.html (CVE-2014-0496)
]
79.6. Finder(s): [
– Soroush Dalili
]
79.7. Supporter: [
– N/A
]
/**************************************************************************/
78. Title: [Flash Security SandBox Bypass by using JAR protocol]
78.1. Date of Publishing: [15/10/2013]
78.2. Application Name: [Adobe Flash]
78.3. Version: [11.9.900.170/11.2.202.332 and earlier versions]
78.4. Impact: [Medium]
78.5. Reference(s): [
– http://soroush.secproject.com/blog/2013/10/catch-up-on-flash-xss-exploitation-part-2-navigatetourl-and-jar-protocol/
– http://soroush.secproject.com/blog/2014/01/catch-up-on-flash-xss-exploitation-part-3-xss-by-embedding-a-flash-file/
– http://helpx.adobe.com/security/products/flash-player/apsb14-02.html (reported to Adobe by Masato Kinugawa)
]
78.6. Finder(s): [
– Soroush Dalili
]
78.7. Supporter: [
– N/A
]
/**************************************************************************/
77. Title: [Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability]
77.1. Date of Publishing: [Reported Dec. 2013]
77.2. Application Name: [Microsoft Internet Explorer]
77.3. Version: [IE 10]
77.4. Impact: [High]
77.5. Reference(s): [
– http://www.zerodayinitiative.com/advisories/ZDI-14-178/
– https://technet.microsoft.com/library/security/ms14-035 (CVE-2014-1780)
]
77.6. Finder(s): [
– Soroush Dalili
]
77.7. Supporter: [
– ZDI
]
/**************************************************************************/
76. Title: [Yahoo Multiple Vulnerabilities – LFI/XSS/etc]
76.1. Date of Publishing: [15/10/2013]
76.2. Application Name: [Yahoo websites]
76.3. Version: [N/A]
76.4. Impact: [Highly Critical]
76.5. Reference(s): [
– http://soroush.secproject.com/blog/2013/10/yahoo-bug-bounty-program-lfi-reported-and-patched/
– http://bugbounty.yahoo.com/security_wall.html
]
76.6. Finder(s): [
– Soroush Dalili
]
76.7. Supporter: [
– N/A
]
/**************************************************************************/
75. Title: [Microsoft XMLDOM in IE can divulge information of local drive/network in error messages]
75.1. Date of Publishing: [25/04/2013]
75.2. Application Name: [Internet Explorer]
75.3. Version: [Tested in IE10 – probably unpacthed]
75.4. Impact: [Low]
75.5. Reference(s): [
– http://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/
]
75.6. Finder(s): [
– Soroush Dalili
]
75.7. Supporter: [
– N/A
]
/**************************************************************************/
74. Title: [Facebook OAuth2 Redirection Bypass]
74.1. Date of Publishing: [18/03/2013]
74.2. Application Name: [Facebook]
74.3. Version: [N/A]
74.4. Impact: [High]
74.5. Reference(s): [
– http://soroush.secproject.com/blog/2013/03/iefirefox-redirection-issue-fb-oauth2-bypass-bugcrowd/
]
74.6. Finder(s): [
– Soroush Dalili
]
74.7. Supporter: [
– N/A
]
/**************************************************************************/
73. Title: [UnRedirectable Page by using onbeforeunload, setTimeout and a pop-up msg]
73.1. Date of Publishing: [08/02/2013]
73.2. Application Name: [Firefox]
73.3. Version: [unpatched – 10 Jan 2015]
73.4. Impact: [Low]
73.5. Reference(s): [
– https://bugzilla.mozilla.org/show_bug.cgi?id=839470
– http://soroush.secproject.com/blog/2013/03/iefirefox-redirection-issue-fb-oauth2-bypass-bugcrowd/
]
73.6. Finder(s): [
– Soroush Dalili
]
73.7. Supporter: [
– N/A
]
/**************************************************************************/
72. Title: [GleamTech FileVista/FileUltimate Directory Traversal]
72.1. Date of Publishing: [21/11/2012]
72.2. Application Name: [Jenkins]
72.3. Version: [tested on 4.6]
72.4. Impact: [Highly Critical]
72.5. Reference(s): [
– http://soroush.secproject.com/blog/2012/11/file-in-the-hole/
– http://www.youtube.com/v/HjS6Pob5t34?version=3&hl=en_US&rel=0&vq=hd720
]
72.6. Finder(s): [
– Soroush Dalili
]
72.7. Supporter: [
– N/A
]
/**************************************************************************/
71. Title: [FCKEditor/CKFinder Denial of Service on Windows Forbidden Files]
71.1. Date of Publishing: [21/11/2012]
71.2. Application Name: [Jenkins]
71.3. Version: [FCKEditor 2.6.8 / CKFinder 2.3]
71.4. Impact: [Low]
71.5. Reference(s): [
– http://soroush.secproject.com/blog/2012/11/file-in-the-hole/
]
71.6. Finder(s): [
– Soroush Dalili
]
71.7. Supporter: [
– N/A
]
/**************************************************************************/
70. Title: [Jenkins XSS, CrLf, and Open Redirect]
70.1. Date of Publishing: [20/11/2012]
70.2. Application Name: [Jenkins]
70.3. Version: [prior to 1.491 or 1.480.1]
70.4. Impact: [Low]
70.5. Reference(s): [
– https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
– http://secunia.com/advisories/51392/
]
70.6. Finder(s): [
– Soroush Dalili
]
70.7. Supporter: [
– N/A
]
/**************************************************************************/
69. Title: [Adobe Reader/Acrobat Use-After-Free in ToolButton]
69.1. Date of Publishing: [11/09/2013 – reported Sept. 2012]
69.2. Application Name: [Adobe Acrobat/Reader]
69.3. Version: [11.0.02/10.1.6 and earliers]
69.4. Impact: [High]
69.5. Reference(s): [
– http://www.zerodayinitiative.com/advisories/ZDI-13-212/
– http://www.adobe.com/support/security/bulletins/apsb13-15.html (CVE-2013-3346)
– http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html
]
69.6. Finder(s): [
– Soroush Dalili
]
69.7. Supporter: [
– ZDI
]
/**************************************************************************/
68. Title: [FCKEditor ASP Version – Multiple File Upload Protection Bypass and XSS vulnerability]
68.1. Date of Publishing: [21/11/2012]
68.2. Application Name: [FCKEditor]
68.3. Version: [latest version (retired) – 27/11/2012]
68.4. Impact: [Highly Critical]
68.5. Reference(s): [
– http://ckfinder.com/blog/CKFinder_2.2_released
– http://soroush.secproject.com/blog/2012/11/file-in-the-hole/
– http://www.youtube.com/v/1VpxlJ5jLO8?version=3&hl=en_US&rel=0&vq=hd720
– http://soroush.secproject.com/blog/2012/11/xss-by-uploadingincluding-a-swf-file/
– Another XSS is still private
]
68.6. Finder(s): [
– Soroush Dalili (@irsdl)
– Mostafa Azizi (@0daynet) (duplicate file logical issue)
]
68.7. Supporter: [
– N/A
]
/**************************************************************************/
67. Title: [Facebook Privacy Issue]
67.1. Date of Publishing: [Vendor Awareness: March 2012]
67.2. Application Name: [Facebook Website]
67.3. Version: [N/A]
67.4. Impact: [Moderate]
67.5. Reference(s): [
– http://www.facebook.com/whitehat
]
67.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
67.7. Supporter: [
– Facebook Security Bug Bounty Program
]
/**************************************************************************/
66. Title: [Bugzilla – account lockout restriction bypass]
66.1. Date of Publishing: [Vendor Awareness: 18 February 2012]
66.2. Application Name: [Bugzilla]
66.3. Version: [versions 2.17.4 through 3.6.8, 3.7.1 through 4.0.5, and 4.1.1 through 4.2]
66.4. Impact: [Low]
66.5. Reference(s): [
– https://bugzilla.mozilla.org/show_bug.cgi?id=728639
– http://secunia.com/advisories/48835/
]
66.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
66.7. Supporter: [
– Mozilla Security Bug Bounty Program
]
/**************************************************************************/
65. Title: [Adobe Reader/Acrobat Memory Corruption In The JavaScript Handling]
65.1. Date of Publishing: [N/A]
65.2. Application Name: [Adobe Reader/Acrobat]
65.3. Version: [Windows and Macintosh: <=10.1.2 and <= 9.5 , Linux: <= 9.4.6 ]
65.4. Impact: [High]
65.5. Reference(s): [
– http://www.adobe.com/support/security/bulletins/apsb12-08.html
– http://secunia.com/advisories/48733/
]
65.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
65.7. Supporter: [
– N/A
]
/**************************************************************************/
64. Title: [Mozilla Firefox – Memory Corruption – More details will be available after the patch]
64.1. Date of Publishing: [Vendor Awareness: 9 February 2012]
64.2. Application Name: [Mozilla Firefox]
64.3. Version: [Should be patched in 16]
64.4. Impact: [N/A]
64.5. Reference(s): [
– https://bugzilla.mozilla.org/show_bug.cgi?id=725770
]
64.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
64.7. Supporter: [
– Mozilla Security Bug Bounty Program
]
/**************************************************************************/
63. Title: [Splunk Reflected XSS]
63.1. Date of Publishing: [N/A]
63.2. Application Name: [Splunk]
63.3. Version: [Patched in version 4.3.1]
63.4. Impact: [Low]
63.5. Reference(s): [
– http://www.splunk.com/view/SP-CAAAGTK
– http://secunia.com/advisories/48283/
]
63.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
63.7. Supporter: [
– N/A
]
/**************************************************************************/
62. Title: [Mozilla Firefox Drag and Drop Handling Same Origin Policy Bypass Vulnerability]
62.1. Date of Publishing: [29 December 2011, Vendor Awareness: 21 November 2011]
62.2. Application Name: [Mozilla Firefox]
62.3. Version: [Prior to 11.0]
62.4. Impact: [Moderate]
62.5. Reference(s): [
– http://soroush.secproject.com/blog/2011/12/drag-and-drop-xss-in-firefox-by-html5-cross-domain-in-frames/
– http://secunia.com/advisories/47400
– https://bugzilla.mozilla.org/show_bug.cgi?id=704354
]
62.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
62.7. Supporter: [
– Mozilla Security Bug Bounty
]
/**************************************************************************/
61. Title: [Adobe Reader/Acrobat Memory Corruption Denial of Service by Javascript]
61.1. Date of Publishing: [16 June 2011, Vendor Awareness: 24 Feb 2011]
61.2. Application Name: [Adobe Reader/Acrobat]
61.3. Version: [10.0.1, other versions can be vulnerable before applying the 14 June 2011 Patch]
61.4. Impact: [Low]
61.5. Reference(s): [
– http://www.exploit-db.com/exploits/17405/
]
61.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
61.7. Supporter: [
– N/A
]
/**************************************************************************/
60. Title: [Mozilla Firefox/Thunderbird/SeaMonkey ‘resource:’ Protocol Directory Traversal Vulnerability]
60.1. Date of Publishing: [28 April 2011]
60.2. Application Name: [Mozilla Firefox/Thunderbird/SeaMonkey]
60.3. Version: [Fixed in: Firefox 3.6.17, Firefox 3.5.19, Thunderbird 3.1.10, SeaMonkey 2.0.14]
60.4. Impact: [Moderate]
60.5. Reference(s): [
– http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071
– https://bugzilla.mozilla.org/show_bug.cgi?id=624764
– http://www.mozilla.org/security/announce/2011/mfsa2011-16.html
]
60.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
60.7. Supporter: [
– Mozilla Bug Bounty Program
]
/**************************************************************************/
59. Title: [Douran Portal File Download/Source Code Disclosure Vulnerability]
59.1. Date of Publishing: [20 March 2011]
59.2. Application Name: [Douran Portal]
59.3. Version: [3.9.7.8]
59.4. Impact: [Moderately critical]
59.5. Reference(s): [
– http://www.exploit-db.com/exploits/17011/
– http://secunia.com/advisories/43792/
– http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/
]
59.6. Finder(s): [
– Soroush Dalili (@irsdl)
– HUrr!c4nE! (bl4ck.k3yv4n [at] yahoo [dot] com)
]
59.7. Supporter: [
– N/A
]
/**************************************************************************/
58. Title: [TASKalfa 500ci Printer – Authentication Bypass]
58.1. Date of Publishing: [Vendor Awareness: 1 Dec. 2010 – Fixed on: 14 July 2011]
58.2. Application Name: [Adobe Reader/Acrobat]
58.3. Version: [Prior to 12.0 Framework – 250, 300, and 400 models were also patched]
58.4. Impact: [High]
58.5. Reference(s): [
– Details are private
]
58.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
58.7. Supporter: [
– N/A
]
/**************************************************************************/
57. Title: [Microsoft Internet Information Services .Net Denial of Service]
57.1. Date of Publishing: [Vendor Awareness: 3 August 2010 – Vendor Response: 4 Jan 2011 Recoverable DoS issues will be addressed in a Service Pack or next version fix – Latest State: Kept Private regarding with another 0day file/folder name leakage vulnerability in IIS]
57.2. Application Name: [Microsoft IIS]
57.3. Version: [All the Latest Versions of IIS and .Net Frameworks – 17/05/2011]
57.4. Impact: [Moderate]
57.5. Reference(s): [
– Not available yet
]
57.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
57.7. Supporter: [
– N/A
]
/**************************************************************************/
56. Title: [Microsoft Internet Information Services Basic Authentication Security Bypass]
56.1. Date of Publishing: [1 July 2010]
56.2. Application Name: [Microsoft IIS]
56.3. Version: [5.1]
56.4. Impact: [Moderately critical]
56.5. Reference(s): [
– http://www.securityfocus.com/bid/41314/
– http://secunia.com/advisories/40412/
– http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/
]
56.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
56.7. Supporter: [
– N/A
]
/**************************************************************************/
55. Title: [Opera Browser – Scroll Information Leakage]
55.1. Date of Publishing: [30 June 2010]
55.2. Application Name: [Opera Browser]
55.3. Version: [10.54 and 10.60 RC (Build 3443)]
55.4. Impact: [Low]
55.5. Reference(s): [
– http://soroush.secproject.com/blog/2010/06/opera-browser-scroll-information-leakage/
– Opera Browser fixed it in 10.60 without giving me any credit
]
55.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
55.7. Supporter: [
– N/A
]
/**************************************************************************/
54. Title: [AirTight Web Application – File Disclosure/Deletion and XSS]
54.1. Date of Publishing: [Vendor Awareness: June 2010 – Fixed on: 2010]
54.2. Application Name: [AirTight]
54.3. Version: [Tested on 6.1 – later versions should be safe]
54.4. Impact: [High]
54.5. Reference(s): [
– Details are private
]
54.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
54.7. Supporter: [
– N/A
]
/**************************************************************************/
53. Title: [Mozilla Firefox Error Handling Information Disclosure Vulnerability]
53.1. Date of Publishing: [27 May 2010]
53.2. Application Name: [Mozilla Firefox]
53.3. Version: [3.5.10, 3.6.6 and prior versions]
53.4. Impact: [Low]
53.5. Reference(s): [
– http://www.securityfocus.com/bid/40401
– http://secunia.com/advisories/39925
– http://soroush.secproject.com/blog/2010/05/cross-site-url-hijacking-by-using-error-object-in-mozilla-firefox/
]
53.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
53.7. Supporter: [
– N/A
]
/**************************************************************************/
52. Title: [Internet Explorer hard drive information leakage]
52.1. Date of Publishing: [4 March 2010]
52.2. Application Name: [Internet Explorer]
52.3. Version: [7, 8, and 9 – 17/05/2011]
52.4. Impact: [Low]
52.5. Reference(s): [
– http://soroush.secproject.com/blog/2010/03/ie7-8-drive-list-enumeration/
]
52.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
52.7. Supporter: [
– N/A
]
/**************************************************************************/
51. Title: [Microsoft IIS ASP Multiple Extensions Security Bypass]
51.1. Date of Publishing: [24 Dec. 2009]
51.2. Application Name: [Microsoft IIS]
51.3. Version: [6.0]
51.4. Impact: [Less Critical for IIS][Highly Critical for Web Applications]
51.5. Reference(s): [
– http://secunia.com/advisories/37831/
]
51.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
51.7. Supporter: [
– N/A
]
/**************************************************************************/
50. Title: [Virtual Support Office-XP Multiple Vulnerabilities.]
50.1. Date of Publishing: [20 Jun 2008]
50.2. Application Name: [Virtual Support Office-XP]
50.3. Version: [3.0.29, 3.0.27 and prior versions]
50.4. Impact: [High]
50.5. Reference(s): [
– http://www.bugreport.ir/index_47.htm
]
50.6. Finder(s): [
– Soroush Dalili (@irsdl)
– Maryam Chenari
]
50.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
49. Title: [eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities]
49.1. Date of Publishing: [19 Jun 2008]
49.2. Application Name: [eLineStudio Site Composer (ESC)]
49.3. Version: [2.6]
49.4. Impact: [High]
49.5. Reference(s): [
– http://www.bugreport.ir/index_45.htm
]
49.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
49.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/

48. Title: [Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities]
48.1. Date of Publishing: [19 Jun 2008]
48.2. Application Name: [Academic Web Tools CMS]
48.3. Version: [1.4.2.8]
48.4. Impact: [Medium]
48.5. Reference(s): [
– http://www.bugreport.ir/index_44.htm
]
48.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
48.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
47. Title: [doITlive CMS <=2.50 Multiple Vulnerabilities]
47.1. Date of Publishing: [18 Jun 2008]
47.2. Application Name: [doITlive CMS]
47.3. Version: [2.50]
47.4. Impact: [High]
47.5. Reference(s): [
– http://www.bugreport.ir/index_43.htm
]
47.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
47.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
46. Title: [Pooya Site Builder (PSB) SQL Injection Vulnerabilities]
46.1. Date of Publishing: [12 Jun 2008]
46.2. Application Name: [Pooya Site Builder (PSB)]
46.3. Version: [6.0 (Assembly Version)]
46.4. Impact: [High]
46.5. Reference(s): [
– http://www.bugreport.ir/index_42.htm
]
46.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
46.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
45. Title: [Realm CMS <= 2.3 Multiple Vulnerabilities.]
45.1. Date of Publishing: [10 Jun 2008]
45.2. Application Name: [Realm CMS]
45.3. Version: [2.3]
45.4. Impact: [High]
45.5. Reference(s): [
– http://www.bugreport.ir/index_40.htm
]
45.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
45.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
44. Title: [QuickerSite <= 1.85 Multiple Vulnerabilities]
44.1. Date of Publishing: [4 Jun 2008]
44.2. Application Name: [QuickerSite]
44.3. Version: [1.85]
44.4. Impact: [High]
44.5. Reference(s): [
– http://www.bugreport.ir/index_39.htm
]
44.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
44.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
43. Title: [Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability]
43.1. Date of Publishing: [30 May 2008]
43.2. Application Name: [Dot Net Nuke (DNN)]
43.3. Version: [4.8.3]
43.4. Impact: [Low]
43.5. Reference(s): [
– http://www.bugreport.ir/index_38.htm
]
43.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
43.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
42. Title: [MegaBBS Forum Multiple Vulnerabilities.]
42.1. Date of Publishing: [27 Apr 2008]
42.2. Application Name: [MegaBBS]
42.3. Version: [2.2]
42.4. Impact: [Medium]
42.5. Reference(s): [
– http://www.bugreport.ir/index_37.htm
]
42.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
42.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
41. Title: [Acidcat CMS Multiple Vulnerabilities.]
41.1. Date of Publishing: [20 Apr 2008]
41.2. Application Name: [Acidcat CMS]
41.3. Version: [3.4.1]
41.4. Impact: [High]
41.5. Reference(s): [
– http://www.bugreport.ir/index_36.htm
]
41.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
41.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
40. Title: [CandyPress eCommerce suite SQL Injection + XSS + Path Disclosure in CandyPress]
40.1. Date of Publishing: [26 Jan 2008]
40.2. Application Name: [CandyPress eCommerce suite]
40.3. Version: [4.1.1.26]
40.4. Impact: [High]
40.5. Reference(s): [
– http://www.bugreport.ir/index_32.htm
]
40.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
40.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
39. Title: [Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server]
39.1. Date of Publishing: [23 Jan 2008]
39.2. Application Name: [Web Wiz Rich Text Editor]
39.3. Version: [4.0]
39.4. Impact: [Medium]
39.5. Reference(s): [
– http://www.bugreport.ir/index_31.htm
]
39.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
39.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
38. Title: [Web Wiz NewsPad Directory traversal]
38.1. Date of Publishing: [23 Jan 2008]
38.2. Application Name: [Web Wiz NewsPad]
38.3. Version: [1.02]
38.4. Impact: [Low]
38.5. Reference(s): [
– http://www.bugreport.ir/index_30.htm
]
38.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
38.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
37. Title: [Web Wiz Forums Directory traversal]
37.1. Date of Publishing: [23 Jan 2008]
37.2. Application Name: [Web Wiz Forums]
37.3. Version: [9.07]
37.4. Impact: [Low]
37.5. Reference(s): [
– http://www.bugreport.ir/index_29.htm
]
37.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
37.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
36. Title: [Mozilla Firefox 2.0.0.11 Hide the Source Code]
36.1. Date of Publishing: [22 Jan 2008]
36.2. Application Name: [Mozilla Firefox]
36.3. Version: [2.0.0.11]
36.4. Impact: [Low]
36.5. Reference(s): [
– http://www.bugreport.ir/index_28.htm
]
36.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
36.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
35. Title: [Hosting Controller 6.1 – Users can change other’s host headers.]
35.1. Date of Publishing: [13 Dec 2007]
35.2. Application Name: [Hosting Controller]
35.3. Version: [6.1 Hot fix <= 3.3]
35.4. Impact: [Medium]
35.5. Reference(s): [
– http://www.bugreport.ir/index_21.htm
]
35.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
35.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
34. Title: [Hosting Controller 6.1 – Users can enable or disable all Hosting Controller forums by SQL Injection.]
34.1. Date of Publishing: [13 Dec 2007]
34.2. Application Name: [Hosting Controller]
34.3. Version: [6.1 Hot fix <= 3.3]
34.4. Impact: [Medium]
34.5. Reference(s): [
– http://www.bugreport.ir/index_20.htm
]
34.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
34.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
33. Title: [Hosting Controller 6.1 – Users can find web site path.]
33.1. Date of Publishing: [13 Dec 2007]
33.2. Application Name: [Hosting Controller]
33.3. Version: [6.1 Hot fix <= 3.3]
33.4. Impact: [Medium]
33.5. Reference(s): [
– http://www.bugreport.ir/index_19.htm
]
33.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
33.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
32. Title: [Hosting Controller 6.1 – Users can import unwanted plan or change the plans.]
32.1. Date of Publishing: [13 Dec 2007]
32.2. Application Name: [Hosting Controller]
32.3. Version: [6.1 Hot fix <= 3.3]
32.4. Impact: [Medium]
32.5. Reference(s): [
– http://www.bugreport.ir/index_18.htm
]
32.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
32.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
31. Title: [Hosting Controller 6.1 – Users can find Hosting Controller setup directory.]
31.1. Date of Publishing: [13 Dec 2007]
31.2. Application Name: [Hosting Controller]
31.3. Version: [6.1 Hot fix <= 3.3]
31.4. Impact: [Medium]
31.5. Reference(s): [
– http://www.bugreport.ir/index_17.htm
]
31.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
31.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
30. Title: [Hosting Controller 6.1 – Users can see all usernames in the server.]
30.1. Date of Publishing: [13 Dec 2007]
30.2. Application Name: [Hosting Controller]
30.3. Version: [6.1 Hot fix <= 3.3]
30.4. Impact: [Medium]
30.5. Reference(s): [
– http://www.bugreport.ir/index_16.htm
]
30.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
30.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
29. Title: [Hosting Controller 6.1 – Users can enable or disable pay type.]
29.1. Date of Publishing: [13 Dec 2007]
29.2. Application Name: [Hosting Controller]
29.3. Version: [6.1 Hot fix <= 3.3]
29.4. Impact: [Medium]
29.5. Reference(s): [
– http://www.bugreport.ir/index_15.htm
]
29.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
29.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
28. Title: [Hosting Controller 6.1 – Users can delete all of gateway information.]
28.1. Date of Publishing: [13 Dec 2007]
28.2. Application Name: [Hosting Controller]
28.3. Version: [6.1 Hot fix <= 3.3]
28.4. Impact: [Medium]
28.5. Reference(s): [
– http://www.bugreport.ir/index_14.htm
]
28.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
28.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
27. Title: [Hosting Controller 6.1 – Users can uninstall other’s FrontPage extensions.]
27.1. Date of Publishing: [13 Dec 2007]
27.2. Application Name: [Hosting Controller]
27.3. Version: [6.1 Hot fix <= 3.3]
27.4. Impact: [Medium]
27.5. Reference(s): [
– http://www.bugreport.ir/index_13.htm
]
27.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
27.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
26. Title: [Hosting Controller 6.1 – Users can change his credit amount or increase his discount.]
26.1. Date of Publishing: [13 Dec 2007]
26.2. Application Name: [Hosting Controller]
26.3. Version: [6.1 Hot fix <= 3.3]
26.4. Impact: [Medium]
26.5. Reference(s): [
– http://www.bugreport.ir/index_12.htm
]
26.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
26.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
25. Title: [Hosting Controller 6.1 – SQL Injection in “/accounts/accountmanager.asp”]
25.1. Date of Publishing: [13 Dec 2007]
25.2. Application Name: [Hosting Controller]
25.3. Version: [6.1 Hot fix <= 3.3]
25.4. Impact: [Medium]
25.5. Reference(s): [
– http://www.bugreport.ir/index_11.htm
]
25.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
25.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
24. Title: [Hosting Controller 6.1 – Remote Attacker can change all users’ profiles.]
24.1. Date of Publishing: [13 Dec 2007]
24.2. Application Name: [Hosting Controller]
24.3. Version: [6.1 Hot fix <= 3.3]
24.4. Impact: [Medium]
24.5. Reference(s): [
– http://www.bugreport.ir/index_10.htm
]
24.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
24.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
23. Title: [Hosting Controller 6.1 – Remote Users Can Make a New User]
23.1. Date of Publishing: [13 Dec 2007]
23.2. Application Name: [Hosting Controller]
23.3. Version: [6.1 Hot fix <= 3.3]
23.4. Impact: [High]
23.5. Reference(s): [
– http://www.bugreport.ir/index_9.htm
]
23.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
23.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
22. Title: [Hosting Controller 6.1 – Remote Authenticated Users Execute a File Under Administrative Privilege]
22.1. Date of Publishing: [13 Dec 2007]
22.2. Application Name: [Hosting Controller]
22.3. Version: [6.1 Hot fix <= 3.3]
22.4. Impact: [High]
22.5. Reference(s): [
– http://www.bugreport.ir/index_8.htm
]
22.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
22.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
21. Title: [Hosting Controller 6.1 – Lets Remote Users Gain Admin Privilege]
21.1. Date of Publishing: [13 Dec 2007]
21.2. Application Name: [Hosting Controller]
21.3. Version: [6.1 Hot fix <= 3.3]
21.4. Impact: [High]
21.5. Reference(s): [
– http://www.bugreport.ir/index_7.htm
]
21.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
21.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
20. Title: [Snitz Forums 2000 Active.asp Remote SQL Injection Vulnerability]
20.1. Date of Publishing: [10 Dec 2007]
20.2. Application Name: [Snitz Forums 2000]
20.3. Version: [N/A]
20.4. Impact: [High]
20.5. Reference(s): [
– http://www.bugreport.ir/index_6.htm
]
20.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
20.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
19. Title: [SkyPortal vRC6 Multiple Remote Vulnerabilities]
19.1. Date of Publishing: [22 Nov 2007]
19.2. Application Name: [SkyPortal]
19.3. Version: [vRC6]
19.4. Impact: [High]
19.5. Reference(s): [
– http://www.bugreport.ir/index_3.htm
]
19.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
19.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
18. Title: [Mozilla Firefox 2.0.0.7 Denial of Service]
18.1. Date of Publishing: [25 Oct 2007]
18.2. Application Name: [Mozilla Firefox]
18.3. Version: [2.0.0.7]
18.4. Impact: [Low]
18.5. Reference(s): [
– http://www.bugreport.ir/index_1.htm
]
18.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
18.7. Supporter: [
– AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
17. Title: [Hosting Controller ‘FolderManager.aspx’ Lets Remote Authenticated Users View and Modify Files]
17.1. Date of Publishing: [27/12/2006]
17.2. Application Name: [Hosting Controller]
17.3. Version: [7c (7.00.0003)]
17.4. Impact: [Highly Critical]
17.5. Reference(s): [
– http://securitytracker.com/alerts/2006/Dec/1017447.html
]
17.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
17.7. Supporter: [
– N/A
]
17.8. More information: [
– By using this bug and another technique, attacker can get windows administrator’s privilege.
]
/**************************************************************************/
16. Title: [More Than 25 Different Vulnerabilities in Hosting Controller Reported to the Hosting Controller Company]
16.1. Date of Publishing: [Never]
16.2. Application Name: [Hosting Controller]
16.3. Version: [6.1]
16.4. Impact: [High]
16.5. Reference(s): [
– Hosting Controller Support Team and irsdl Emails
]
16.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
16.7. Supporter: [
– N/A
]
/**************************************************************************/
15. Title: [MailEnable Enterprise <= 2.0 (ASP Version) Multiple Vulnerabilities]
15.1. Date of Publishing: [9 June 2006]
15.2. Application Name: [MailEnable]
15.3. Version: [2.0]
15.4. Impact: [High]
15.5. Reference(s): [
– http://securitytracker.com/alerts/2006/Jun/1016265.html
– http://www.milw0rm.com/exploits/1893
]
15.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
15.7. Supporter: [
– N/A
]
/**************************************************************************/
14. Title: [Maxwebportal <= 1.36 password.asp Change Password]
14.1. Date of Publishing: [26 May 2005]
14.2. Application Name: [Maxwebportal]
14.3. Version: [1.36]
14.4. Impact: [High]
14.5. Reference(s): [
– http://www.milw0rm.com/exploits/1012
]
14.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
14.7. Supporter: [
– N/A
]
/**************************************************************************/
13. Title: [Hosting Controller Access Control Bugs Let Remote Users Gain Reseller and Administrative Privileges]
13.1. Date of Publishing: [6 Jul 2006]
13.2. Application Name: [Hosting Controller]
13.3. Version: [6.1 Hotfix 3.1 and prior versions]
13.4. Impact: [High]
13.5. Reference(s): [
– http://securitytracker.com/id?1016444
]
13.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
13.7. Supporter: [
– N/A
]
/**************************************************************************/
12. Title: [Hosting Controller ‘EnableForum.asp’ and ‘DisableForum.asp’ Scripts Let Remote Users Create or Delete Forums and Virtual Directories]
12.1. Date of Publishing: [20 Oct 2006]
12.2. Application Name: [Hosting Controller]
12.3. Version: [6.1 Hotfix 3.2 and prior versions]
12.4. Impact: [Medium]
12.5. Reference(s): [
– http://securitytracker.com/id?1017103
]
12.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
12.7. Supporter: [
– N/A
]
/**************************************************************************/
11. Title: [Hosting Controller Input Validation Holes in ‘AddGatewaySettings.asp’ and ‘IPManager.asp’ Permit SQL Injection]
11.1. Date of Publishing: [4 Feb 2006]
11.2. Application Name: [Hosting Controller]
11.3. Version: [6.1 Hotfix 2.8]
11.4. Impact: [High]
11.5. Reference(s): [
– http://securitytracker.com/id?1015584
]
11.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
11.7. Supporter: [
– N/A
]
/**************************************************************************/
10. Title: [EmailArchitect Email Server Script Filtering Flaw Permits Cross-Site Scripting Attacks]
10.1. Date of Publishing: [6 Jun 2006]
10.2. Application Name: [EmailArchitect]
10.3. Version: [6.1]
10.4. Impact: [Low]
10.5. Reference(s): [
– http://securitytracker.com/id?1016243
]
10.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
10.7. Supporter: [
– N/A
]
/**************************************************************************/
9. Title: [MailSite Express Lets Remote Users Upload Scripting Files and Execute Them]
9.1. Date of Publishing: [15 Oct 2005]
9.2. Application Name: [MailSite Express]
9.3. Version: [6.1.21.0], [6.1.22.0 (?)]
9.4. Impact: [High]
9.5. Reference(s): [
– http://securitytracker.com/id?1015063
]
9.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
9.7. Supporter: [
– N/A
]
/**************************************************************************/
8. Title: [Hosting Controller Access Control Bugs Let Remote Authenticated Users View, Edit, and Add Plans]
8.1. Date of Publishing: [15 Jul 2005]
8.2. Application Name: [Hosting Controller]
8.3. Version: [6.1 Hotfix 2.2 and prior versions]
8.4. Impact: [High]
8.5. Reference(s): [
– http://securitytracker.com/id?1014071
]
8.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
8.7. Supporter: [
– N/A
]
/**************************************************************************/
7. Title: [Hosting Controller ‘AccountActions.asp’ Access Control Bug Lets Remote Authenticated Users Add Usernames]
7.1. Date of Publishing: [18 Jul 2005]
7.2. Application Name: [Hosting Controller]
7.3. Version: [6.1 Hotfix 2.2 and prior versions]
7.4. Impact: [High]
7.5. Reference(s): [
– http://securitytracker.com/id?1014518
]
7.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
7.7. Supporter: [
– N/A
]
/**************************************************************************/
6. Title: [EmailArchitect Email Server Input Validation Holes Permit Cross-Site Scripting Attacks]
6.1. Date of Publishing: [6 Jun 2006]
6.2. Application Name: [EmailArchitect]
6.3. Version: [6.1]
6.4. Impact: [Low]
6.5. Reference(s): [
– http://securitytracker.com/id?1016237
]
6.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
6.7. Supporter: [
– N/A
]
/**************************************************************************/
5. Title: [Hosting Controller ‘UserProfile.asp’ Lets Remote Authenticated Users Modify Other User Profiles]
5.1. Date of Publishing: [26 May 2005]
5.2. Application Name: [Hosting Controller]
5.3. Version: [6.1 Hotfix 2.0 and prior versions]
5.4. Impact: [Medium]
5.5. Reference(s): [
– http://securitytracker.com/id?1014062
]
5.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
5.7. Supporter: [
– N/A
]
/**************************************************************************/
4. Title: [SmarterMail Lets Remote Users Upload Arbitrary Scripting Code and Execute Them]
4.1. Date of Publishing: [25 Jan 2005]
4.2. Application Name: [SmarterMail]
4.3. Version: [prior to 2.0.1837]
4.4. Impact: [High]
4.5. Reference(s): [
– http://securitytracker.com/id?1013021
]
4.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
4.7. Supporter: [
– N/A
]
/**************************************************************************/
3. Title: [Multiple Vulnerabilities in DUclassified]
3.1. Date of Publishing: [9 Oct 2004]
3.2. Application Name: [DUclassified]
3.3. Version: [All]
3.4. Impact: [High]
3.5. Reference(s): [
– http://securitytracker.com/id?1011596
]
3.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
3.7. Supporter: [
– N/A
]
/**************************************************************************/
2. Title: [Multiple Vulnerabilities in DUclassmate]
2.1. Date of Publishing: [9 Oct 2004]
2.2. Application Name: [DUclassmate]
2.3. Version: [All]
2.4. Impact: [High]
2.5. Reference(s): [
– http://securitytracker.com/id?1011597
]
2.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
2.7. Supporter: [
– N/A
]
/**************************************************************************/
1. Title: [Multiple Vulnerabilities in DUforum]
1.1. Date of Publishing: [9 Oct 2004]
1.2. Application Name: [DUforum]
1.3. Version: [All]
1.4. Impact: [Medium]
1.5. Reference(s): [
– http://securitytracker.com/id?1011595
]
1.6. Finder(s): [
– Soroush Dalili (@irsdl)
]
1.7. Supporter: [
– N/A
]

Leave a Reply

Your email address will not be published. Required fields are marked *