Advisories

Soroush Dalili’s published/to-be-published advisories (Last update 25 Jan. 2014):

/**************************************************************************/
79. Title: [Adobe Reader/Acrobat another Use-After-Free in ToolButton]
79.1. Date of Publishing: [06/12/2013]
79.2. Application Name: [Adobe Reader/Acrobat]
79.3. Version: [11.0.05/10.1.8 and earlier versions]
79.4. Impact: [High]
79.5. Reference(s): [
- http://helpx.adobe.com/security/products/reader/apsb14-01.html (CVE-2014-0496)
]
79.6. Finder(s): [
- Soroush Dalili
]
79.7. Supporter: [
- N/A
]
/**************************************************************************/
78. Title: [Flash Security SandBox Bypass by using JAR protocol]
78.1. Date of Publishing: [15/10/2013]
78.2. Application Name: [Adobe Flash]
78.3. Version: [11.9.900.170/11.2.202.332 and earlier versions]
78.4. Impact: [Medium]
78.5. Reference(s): [
- http://soroush.secproject.com/blog/2013/10/catch-up-on-flash-xss-exploitation-part-2-navigatetourl-and-jar-protocol/
- http://soroush.secproject.com/blog/2014/01/catch-up-on-flash-xss-exploitation-part-3-xss-by-embedding-a-flash-file/
- http://helpx.adobe.com/security/products/flash-player/apsb14-02.html (reported to Adobe by Masato Kinugawa)
]
78.6. Finder(s): [
- Soroush Dalili
]
78.7. Supporter: [
- N/A
]
/**************************************************************************/
77. Title: [Internet Explorer 10 Memory Corruption Issue via ZDI]
77.1. Date of Publishing: [Reported Dec. 2013]
77.2. Application Name: [TBA]
77.3. Version: [TBA]
77.4. Impact: [High]
77.5. Reference(s): [
- http://www.zerodayinitiative.com/advisories/upcoming/
]
77.6. Finder(s): [
- Soroush Dalili
]
77.7. Supporter: [
- ZDI
]
/**************************************************************************/
76. Title: [Yahoo Multiple Vulnerabilities - LFI/XSS/etc]
76.1. Date of Publishing: [15/10/2013]
76.2. Application Name: [Yahoo websites]
76.3. Version: [N/A]
76.4. Impact: [Highly Critical]
76.5. Reference(s): [
- http://soroush.secproject.com/blog/2013/10/yahoo-bug-bounty-program-lfi-reported-and-patched/
- http://bugbounty.yahoo.com/security_wall.html
]
76.6. Finder(s): [
- Soroush Dalili
]
76.7. Supporter: [
- N/A
]
/**************************************************************************/
75. Title: [Microsoft XMLDOM in IE can divulge information of local drive/network in error messages]
75.1. Date of Publishing: [25/04/2013]
75.2. Application Name: [Internet Explorer]
75.3. Version: [Tested in IE10 - probably unpacthed]
75.4. Impact: [Low]
75.5. Reference(s): [
- http://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/
]
75.6. Finder(s): [
- Soroush Dalili
]
75.7. Supporter: [
- N/A
]
/**************************************************************************/
74. Title: [Facebook OAuth2 Redirection Bypass]
74.1. Date of Publishing: [18/03/2013]
74.2. Application Name: [Facebook]
74.3. Version: [N/A]
74.4. Impact: [High]
74.5. Reference(s): [
- http://soroush.secproject.com/blog/2013/03/iefirefox-redirection-issue-fb-oauth2-bypass-bugcrowd/
]
74.6. Finder(s): [
- Soroush Dalili
]
74.7. Supporter: [
- N/A
]
/**************************************************************************/
73. Title: [UnRedirectable Page by using onbeforeunload, setTimeout and a pop-up msg]
73.1. Date of Publishing: [08/02/2013]
73.2. Application Name: [Firefox]
73.3. Version: [unpatched - 25 Jan 2014]
73.4. Impact: [Low]
73.5. Reference(s): [
- https://bugzilla.mozilla.org/show_bug.cgi?id=839470
- http://soroush.secproject.com/blog/2013/03/iefirefox-redirection-issue-fb-oauth2-bypass-bugcrowd/
]
73.6. Finder(s): [
- Soroush Dalili
]
73.7. Supporter: [
- N/A
]
/**************************************************************************/
72. Title: [GleamTech FileVista/FileUltimate Directory Traversal]
72.1. Date of Publishing: [21/11/2012]
72.2. Application Name: [Jenkins]
72.3. Version: [tested on 4.6]
72.4. Impact: [Highly Critical]
72.5. Reference(s): [
- http://soroush.secproject.com/blog/2012/11/file-in-the-hole/
- http://www.youtube.com/v/HjS6Pob5t34?version=3&hl=en_US&rel=0&vq=hd720
]
72.6. Finder(s): [
- Soroush Dalili
]
72.7. Supporter: [
- N/A
]
/**************************************************************************/
71. Title: [FCKEditor/CKFinder Denial of Service on Windows Forbidden Files]
71.1. Date of Publishing: [21/11/2012]
71.2. Application Name: [Jenkins]
71.3. Version: [FCKEditor 2.6.8 / CKFinder 2.3]
71.4. Impact: [Low]
71.5. Reference(s): [
- http://soroush.secproject.com/blog/2012/11/file-in-the-hole/
]
71.6. Finder(s): [
- Soroush Dalili
]
71.7. Supporter: [
- N/A
]
/**************************************************************************/
70. Title: [Jenkins XSS, CrLf, and Open Redirect]
70.1. Date of Publishing: [20/11/2012]
70.2. Application Name: [Jenkins]
70.3. Version: [prior to 1.491 or 1.480.1]
70.4. Impact: [Low]
70.5. Reference(s): [
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
- http://secunia.com/advisories/51392/
]
70.6. Finder(s): [
- Soroush Dalili
]
70.7. Supporter: [
- N/A
]
/**************************************************************************/
69. Title: [Adobe Reader/Acrobat Use-After-Free in ToolButton]
69.1. Date of Publishing: [11/09/2013 - reported Sept. 2012]
69.2. Application Name: [Adobe Acrobat/Reader]
69.3. Version: [11.0.02/10.1.6 and earliers]
69.4. Impact: [High]
69.5. Reference(s): [
- http://www.zerodayinitiative.com/advisories/ZDI-13-212/
- http://www.adobe.com/support/security/bulletins/apsb13-15.html (CVE-2013-3346)
- http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html
]
69.6. Finder(s): [
- Soroush Dalili
]
69.7. Supporter: [
- ZDI
]
/**************************************************************************/
68. Title: [FCKEditor ASP Version - Multiple File Upload Protection Bypass and XSS vulnerability]
68.1. Date of Publishing: [21/11/2012]
68.2. Application Name: [FCKEditor]
68.3. Version: [latest version (retired) - 27/11/2012]
68.4. Impact: [Highly Critical]
68.5. Reference(s): [
- http://ckfinder.com/blog/CKFinder_2.2_released
- http://soroush.secproject.com/blog/2012/11/file-in-the-hole/
- http://www.youtube.com/v/1VpxlJ5jLO8?version=3&hl=en_US&rel=0&vq=hd720
- http://soroush.secproject.com/blog/2012/11/xss-by-uploadingincluding-a-swf-file/
- Another XSS is still private
]
68.6. Finder(s): [
- Soroush Dalili (@irsdl)
- Mostafa Azizi (@0daynet) (duplicate file logical issue)
]
68.7. Supporter: [
- N/A
]
/**************************************************************************/
67. Title: [Facebook Privacy Issue]
67.1. Date of Publishing: [Vendor Awareness: March 2012]
67.2. Application Name: [Facebook Website]
67.3. Version: [N/A]
67.4. Impact: [Moderate]
67.5. Reference(s): [
- http://www.facebook.com/whitehat
]
67.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
67.7. Supporter: [
- Facebook Security Bug Bounty Program
]
/**************************************************************************/
66. Title: [Bugzilla - account lockout restriction bypass]
66.1. Date of Publishing: [Vendor Awareness: 18 February 2012]
66.2. Application Name: [Bugzilla]
66.3. Version: [versions 2.17.4 through 3.6.8, 3.7.1 through 4.0.5, and 4.1.1 through 4.2]
66.4. Impact: [Low]
66.5. Reference(s): [
- https://bugzilla.mozilla.org/show_bug.cgi?id=728639
- http://secunia.com/advisories/48835/
]
66.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
66.7. Supporter: [
- Mozilla Security Bug Bounty Program
]
/**************************************************************************/
65. Title: [Adobe Reader/Acrobat Memory Corruption In The JavaScript Handling]
65.1. Date of Publishing: [N/A]
65.2. Application Name: [Adobe Reader/Acrobat]
65.3. Version: [Windows and Macintosh: <=10.1.2 and <= 9.5 , Linux: <= 9.4.6 ]
65.4. Impact: [High]
65.5. Reference(s): [
- http://www.adobe.com/support/security/bulletins/apsb12-08.html
- http://secunia.com/advisories/48733/
]
65.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
65.7. Supporter: [
- N/A
]
/**************************************************************************/
64. Title: [Mozilla Firefox - Memory Corruption - More details will be available after the patch]
64.1. Date of Publishing: [Vendor Awareness: 9 February 2012]
64.2. Application Name: [Mozilla Firefox]
64.3. Version: [Should be patched in 16]
64.4. Impact: [N/A]
64.5. Reference(s): [
- https://bugzilla.mozilla.org/show_bug.cgi?id=725770
]
64.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
64.7. Supporter: [
- Mozilla Security Bug Bounty Program
]
/**************************************************************************/
63. Title: [Splunk Reflected XSS]
63.1. Date of Publishing: [N/A]
63.2. Application Name: [Splunk]
63.3. Version: [Patched in version 4.3.1]
63.4. Impact: [Low]
63.5. Reference(s): [
- http://www.splunk.com/view/SP-CAAAGTK
- http://secunia.com/advisories/48283/
]
63.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
63.7. Supporter: [
- N/A
]
/**************************************************************************/
62. Title: [Mozilla Firefox Drag and Drop Handling Same Origin Policy Bypass Vulnerability]
62.1. Date of Publishing: [29 December 2011, Vendor Awareness: 21 November 2011]
62.2. Application Name: [Mozilla Firefox]
62.3. Version: [Prior to 11.0]
62.4. Impact: [Moderate]
62.5. Reference(s): [
- http://soroush.secproject.com/blog/2011/12/drag-and-drop-xss-in-firefox-by-html5-cross-domain-in-frames/
- http://secunia.com/advisories/47400
- https://bugzilla.mozilla.org/show_bug.cgi?id=704354
]
62.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
62.7. Supporter: [
- Mozilla Security Bug Bounty
]
/**************************************************************************/
61. Title: [Adobe Reader/Acrobat Memory Corruption Denial of Service by Javascript]
61.1. Date of Publishing: [16 June 2011, Vendor Awareness: 24 Feb 2011]
61.2. Application Name: [Adobe Reader/Acrobat]
61.3. Version: [10.0.1, other versions can be vulnerable before applying the 14 June 2011 Patch]
61.4. Impact: [Low]
61.5. Reference(s): [
- http://www.exploit-db.com/exploits/17405/
]
61.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
61.7. Supporter: [
- N/A
]
/**************************************************************************/
60. Title: [Mozilla Firefox/Thunderbird/SeaMonkey 'resource:' Protocol Directory Traversal Vulnerability]
60.1. Date of Publishing: [28 April 2011]
60.2. Application Name: [Mozilla Firefox/Thunderbird/SeaMonkey]
60.3. Version: [Fixed in: Firefox 3.6.17, Firefox 3.5.19, Thunderbird 3.1.10, SeaMonkey 2.0.14]
60.4. Impact: [Moderate]
60.5. Reference(s): [
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071
- https://bugzilla.mozilla.org/show_bug.cgi?id=624764
- http://www.mozilla.org/security/announce/2011/mfsa2011-16.html
]
60.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
60.7. Supporter: [
- Mozilla Bug Bounty Program
]
/**************************************************************************/
59. Title: [Douran Portal File Download/Source Code Disclosure Vulnerability]
59.1. Date of Publishing: [20 March 2011]
59.2. Application Name: [Douran Portal]
59.3. Version: [3.9.7.8]
59.4. Impact: [Moderately critical]
59.5. Reference(s): [
- http://www.exploit-db.com/exploits/17011/
- http://secunia.com/advisories/43792/
- http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/
]
59.6. Finder(s): [
- Soroush Dalili (@irsdl)
- HUrr!c4nE! (bl4ck.k3yv4n [at] yahoo [dot] com)
]
59.7. Supporter: [
- N/A
]
/**************************************************************************/
58. Title: [TASKalfa 500ci Printer - Authentication Bypass]
58.1. Date of Publishing: [Vendor Awareness: 1 Dec. 2010 - Fixed on: 14 July 2011]
58.2. Application Name: [Adobe Reader/Acrobat]
58.3. Version: [Prior to 12.0 Framework - 250, 300, and 400 models were also patched]
58.4. Impact: [High]
58.5. Reference(s): [
- Details are private
]
58.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
58.7. Supporter: [
- N/A
]
/**************************************************************************/
57. Title: [Microsoft Internet Information Services .Net Denial of Service]
57.1. Date of Publishing: [Vendor Awareness: 3 August 2010 - Vendor Response: 4 Jan 2011 Recoverable DoS issues will be addressed in a Service Pack or next version fix - Latest State: Kept Private regarding with another 0day file/folder name leakage vulnerability in IIS]
57.2. Application Name: [Microsoft IIS]
57.3. Version: [All the Latest Versions of IIS and .Net Frameworks - 17/05/2011]
57.4. Impact: [Moderate]
57.5. Reference(s): [
- Not available yet
]
57.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
57.7. Supporter: [
- N/A
]
/**************************************************************************/
56. Title: [Microsoft Internet Information Services Basic Authentication Security Bypass]
56.1. Date of Publishing: [1 July 2010]
56.2. Application Name: [Microsoft IIS]
56.3. Version: [5.1]
56.4. Impact: [Moderately critical]
56.5. Reference(s): [
- http://www.securityfocus.com/bid/41314/
- http://secunia.com/advisories/40412/
- http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/
]
56.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
56.7. Supporter: [
- N/A
]
/**************************************************************************/
55. Title: [Opera Browser – Scroll Information Leakage]
55.1. Date of Publishing: [30 June 2010]
55.2. Application Name: [Opera Browser]
55.3. Version: [10.54 and 10.60 RC (Build 3443)]
55.4. Impact: [Low]
55.5. Reference(s): [
- http://soroush.secproject.com/blog/2010/06/opera-browser-scroll-information-leakage/
- Opera Browser fixed it in 10.60 without giving me any credit
]
55.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
55.7. Supporter: [
- N/A
]
/**************************************************************************/
54. Title: [AirTight Web Application - File Disclosure/Deletion and XSS]
54.1. Date of Publishing: [Vendor Awareness: June 2010 - Fixed on: 2010]
54.2. Application Name: [AirTight]
54.3. Version: [Tested on 6.1 - later versions should be safe]
54.4. Impact: [High]
54.5. Reference(s): [
- Details are private
]
54.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
54.7. Supporter: [
- N/A
]
/**************************************************************************/
53. Title: [Mozilla Firefox Error Handling Information Disclosure Vulnerability]
53.1. Date of Publishing: [27 May 2010]
53.2. Application Name: [Mozilla Firefox]
53.3. Version: [3.5.10, 3.6.6 and prior versions]
53.4. Impact: [Low]
53.5. Reference(s): [
- http://www.securityfocus.com/bid/40401
- http://secunia.com/advisories/39925
- http://soroush.secproject.com/blog/2010/05/cross-site-url-hijacking-by-using-error-object-in-mozilla-firefox/
]
53.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
53.7. Supporter: [
- N/A
]
/**************************************************************************/
52. Title: [Internet Explorer hard drive information leakage]
52.1. Date of Publishing: [4 March 2010]
52.2. Application Name: [Internet Explorer]
52.3. Version: [7, 8, and 9 - 17/05/2011]
52.4. Impact: [Low]
52.5. Reference(s): [
- http://soroush.secproject.com/blog/2010/03/ie7-8-drive-list-enumeration/
]
52.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
52.7. Supporter: [
- N/A
]
/**************************************************************************/
51. Title: [Microsoft IIS ASP Multiple Extensions Security Bypass]
51.1. Date of Publishing: [24 Dec. 2009]
51.2. Application Name: [Microsoft IIS]
51.3. Version: [6.0]
51.4. Impact: [Less Critical for IIS][Highly Critical for Web Applications]
51.5. Reference(s): [
- http://secunia.com/advisories/37831/
]
51.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
51.7. Supporter: [
- N/A
]
/**************************************************************************/
50. Title: [Virtual Support Office-XP Multiple Vulnerabilities.]
50.1. Date of Publishing: [20 Jun 2008]
50.2. Application Name: [Virtual Support Office-XP]
50.3. Version: [3.0.29, 3.0.27 and prior versions]
50.4. Impact: [High]
50.5. Reference(s): [
- http://www.bugreport.ir/index_47.htm
]
50.6. Finder(s): [
- Soroush Dalili (@irsdl)
- Maryam Chenari
]
50.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
49. Title: [eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities]
49.1. Date of Publishing: [19 Jun 2008]
49.2. Application Name: [eLineStudio Site Composer (ESC)]
49.3. Version: [2.6]
49.4. Impact: [High]
49.5. Reference(s): [
- http://www.bugreport.ir/index_45.htm
]
49.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
49.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/

48. Title: [Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities]
48.1. Date of Publishing: [19 Jun 2008]
48.2. Application Name: [Academic Web Tools CMS]
48.3. Version: [1.4.2.8]
48.4. Impact: [Medium]
48.5. Reference(s): [
- http://www.bugreport.ir/index_44.htm
]
48.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
48.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
47. Title: [doITlive CMS <=2.50 Multiple Vulnerabilities]
47.1. Date of Publishing: [18 Jun 2008]
47.2. Application Name: [doITlive CMS]
47.3. Version: [2.50]
47.4. Impact: [High]
47.5. Reference(s): [
- http://www.bugreport.ir/index_43.htm
]
47.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
47.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
46. Title: [Pooya Site Builder (PSB) SQL Injection Vulnerabilities]
46.1. Date of Publishing: [12 Jun 2008]
46.2. Application Name: [Pooya Site Builder (PSB)]
46.3. Version: [6.0 (Assembly Version)]
46.4. Impact: [High]
46.5. Reference(s): [
- http://www.bugreport.ir/index_42.htm
]
46.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
46.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
45. Title: [Realm CMS <= 2.3 Multiple Vulnerabilities.]
45.1. Date of Publishing: [10 Jun 2008]
45.2. Application Name: [Realm CMS]
45.3. Version: [2.3]
45.4. Impact: [High]
45.5. Reference(s): [
- http://www.bugreport.ir/index_40.htm
]
45.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
45.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
44. Title: [QuickerSite <= 1.85 Multiple Vulnerabilities]
44.1. Date of Publishing: [4 Jun 2008]
44.2. Application Name: [QuickerSite]
44.3. Version: [1.85]
44.4. Impact: [High]
44.5. Reference(s): [
- http://www.bugreport.ir/index_39.htm
]
44.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
44.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
43. Title: [Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability]
43.1. Date of Publishing: [30 May 2008]
43.2. Application Name: [Dot Net Nuke (DNN)]
43.3. Version: [4.8.3]
43.4. Impact: [Low]
43.5. Reference(s): [
- http://www.bugreport.ir/index_38.htm
]
43.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
43.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
42. Title: [MegaBBS Forum Multiple Vulnerabilities.]
42.1. Date of Publishing: [27 Apr 2008]
42.2. Application Name: [MegaBBS]
42.3. Version: [2.2]
42.4. Impact: [Medium]
42.5. Reference(s): [
- http://www.bugreport.ir/index_37.htm
]
42.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
42.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
41. Title: [Acidcat CMS Multiple Vulnerabilities.]
41.1. Date of Publishing: [20 Apr 2008]
41.2. Application Name: [Acidcat CMS]
41.3. Version: [3.4.1]
41.4. Impact: [High]
41.5. Reference(s): [
- http://www.bugreport.ir/index_36.htm
]
41.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
41.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
40. Title: [CandyPress eCommerce suite SQL Injection + XSS + Path Disclosure in CandyPress]
40.1. Date of Publishing: [26 Jan 2008]
40.2. Application Name: [CandyPress eCommerce suite]
40.3. Version: [4.1.1.26]
40.4. Impact: [High]
40.5. Reference(s): [
- http://www.bugreport.ir/index_32.htm
]
40.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
40.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
39. Title: [Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server]
39.1. Date of Publishing: [23 Jan 2008]
39.2. Application Name: [Web Wiz Rich Text Editor]
39.3. Version: [4.0]
39.4. Impact: [Medium]
39.5. Reference(s): [
- http://www.bugreport.ir/index_31.htm
]
39.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
39.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
38. Title: [Web Wiz NewsPad Directory traversal]
38.1. Date of Publishing: [23 Jan 2008]
38.2. Application Name: [Web Wiz NewsPad]
38.3. Version: [1.02]
38.4. Impact: [Low]
38.5. Reference(s): [
- http://www.bugreport.ir/index_30.htm
]
38.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
38.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
37. Title: [Web Wiz Forums Directory traversal]
37.1. Date of Publishing: [23 Jan 2008]
37.2. Application Name: [Web Wiz Forums]
37.3. Version: [9.07]
37.4. Impact: [Low]
37.5. Reference(s): [
- http://www.bugreport.ir/index_29.htm
]
37.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
37.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
36. Title: [Mozilla Firefox 2.0.0.11 Hide the Source Code]
36.1. Date of Publishing: [22 Jan 2008]
36.2. Application Name: [Mozilla Firefox]
36.3. Version: [2.0.0.11]
36.4. Impact: [Low]
36.5. Reference(s): [
- http://www.bugreport.ir/index_28.htm
]
36.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
36.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
35. Title: [Hosting Controller 6.1 - Users can change other's host headers.]
35.1. Date of Publishing: [13 Dec 2007]
35.2. Application Name: [Hosting Controller]
35.3. Version: [6.1 Hot fix <= 3.3]
35.4. Impact: [Medium]
35.5. Reference(s): [
- http://www.bugreport.ir/index_21.htm
]
35.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
35.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
34. Title: [Hosting Controller 6.1 - Users can enable or disable all Hosting Controller forums by SQL Injection.]
34.1. Date of Publishing: [13 Dec 2007]
34.2. Application Name: [Hosting Controller]
34.3. Version: [6.1 Hot fix <= 3.3]
34.4. Impact: [Medium]
34.5. Reference(s): [
- http://www.bugreport.ir/index_20.htm
]
34.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
34.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
33. Title: [Hosting Controller 6.1 - Users can find web site path.]
33.1. Date of Publishing: [13 Dec 2007]
33.2. Application Name: [Hosting Controller]
33.3. Version: [6.1 Hot fix <= 3.3]
33.4. Impact: [Medium]
33.5. Reference(s): [
- http://www.bugreport.ir/index_19.htm
]
33.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
33.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
32. Title: [Hosting Controller 6.1 - Users can import unwanted plan or change the plans.]
32.1. Date of Publishing: [13 Dec 2007]
32.2. Application Name: [Hosting Controller]
32.3. Version: [6.1 Hot fix <= 3.3]
32.4. Impact: [Medium]
32.5. Reference(s): [
- http://www.bugreport.ir/index_18.htm
]
32.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
32.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
31. Title: [Hosting Controller 6.1 - Users can find Hosting Controller setup directory.]
31.1. Date of Publishing: [13 Dec 2007]
31.2. Application Name: [Hosting Controller]
31.3. Version: [6.1 Hot fix <= 3.3]
31.4. Impact: [Medium]
31.5. Reference(s): [
- http://www.bugreport.ir/index_17.htm
]
31.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
31.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
30. Title: [Hosting Controller 6.1 - Users can see all usernames in the server.]
30.1. Date of Publishing: [13 Dec 2007]
30.2. Application Name: [Hosting Controller]
30.3. Version: [6.1 Hot fix <= 3.3]
30.4. Impact: [Medium]
30.5. Reference(s): [
- http://www.bugreport.ir/index_16.htm
]
30.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
30.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
29. Title: [Hosting Controller 6.1 - Users can enable or disable pay type.]
29.1. Date of Publishing: [13 Dec 2007]
29.2. Application Name: [Hosting Controller]
29.3. Version: [6.1 Hot fix <= 3.3]
29.4. Impact: [Medium]
29.5. Reference(s): [
- http://www.bugreport.ir/index_15.htm
]
29.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
29.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
28. Title: [Hosting Controller 6.1 - Users can delete all of gateway information.]
28.1. Date of Publishing: [13 Dec 2007]
28.2. Application Name: [Hosting Controller]
28.3. Version: [6.1 Hot fix <= 3.3]
28.4. Impact: [Medium]
28.5. Reference(s): [
- http://www.bugreport.ir/index_14.htm
]
28.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
28.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
27. Title: [Hosting Controller 6.1 - Users can uninstall other's FrontPage extensions.]
27.1. Date of Publishing: [13 Dec 2007]
27.2. Application Name: [Hosting Controller]
27.3. Version: [6.1 Hot fix <= 3.3]
27.4. Impact: [Medium]
27.5. Reference(s): [
- http://www.bugreport.ir/index_13.htm
]
27.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
27.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
26. Title: [Hosting Controller 6.1 - Users can change his credit amount or increase his discount.]
26.1. Date of Publishing: [13 Dec 2007]
26.2. Application Name: [Hosting Controller]
26.3. Version: [6.1 Hot fix <= 3.3]
26.4. Impact: [Medium]
26.5. Reference(s): [
- http://www.bugreport.ir/index_12.htm
]
26.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
26.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
25. Title: [Hosting Controller 6.1 - SQL Injection in "/accounts/accountmanager.asp"]
25.1. Date of Publishing: [13 Dec 2007]
25.2. Application Name: [Hosting Controller]
25.3. Version: [6.1 Hot fix <= 3.3]
25.4. Impact: [Medium]
25.5. Reference(s): [
- http://www.bugreport.ir/index_11.htm
]
25.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
25.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
24. Title: [Hosting Controller 6.1 - Remote Attacker can change all users’ profiles.]
24.1. Date of Publishing: [13 Dec 2007]
24.2. Application Name: [Hosting Controller]
24.3. Version: [6.1 Hot fix <= 3.3]
24.4. Impact: [Medium]
24.5. Reference(s): [
- http://www.bugreport.ir/index_10.htm
]
24.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
24.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
23. Title: [Hosting Controller 6.1 - Remote Users Can Make a New User]
23.1. Date of Publishing: [13 Dec 2007]
23.2. Application Name: [Hosting Controller]
23.3. Version: [6.1 Hot fix <= 3.3]
23.4. Impact: [High]
23.5. Reference(s): [
- http://www.bugreport.ir/index_9.htm
]
23.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
23.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
22. Title: [Hosting Controller 6.1 - Remote Authenticated Users Execute a File Under Administrative Privilege]
22.1. Date of Publishing: [13 Dec 2007]
22.2. Application Name: [Hosting Controller]
22.3. Version: [6.1 Hot fix <= 3.3]
22.4. Impact: [High]
22.5. Reference(s): [
- http://www.bugreport.ir/index_8.htm
]
22.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
22.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
21. Title: [Hosting Controller 6.1 - Lets Remote Users Gain Admin Privilege]
21.1. Date of Publishing: [13 Dec 2007]
21.2. Application Name: [Hosting Controller]
21.3. Version: [6.1 Hot fix <= 3.3]
21.4. Impact: [High]
21.5. Reference(s): [
- http://www.bugreport.ir/index_7.htm
]
21.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
21.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
20. Title: [Snitz Forums 2000 Active.asp Remote SQL Injection Vulnerability]
20.1. Date of Publishing: [10 Dec 2007]
20.2. Application Name: [Snitz Forums 2000]
20.3. Version: [N/A]
20.4. Impact: [High]
20.5. Reference(s): [
- http://www.bugreport.ir/index_6.htm
]
20.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
20.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
19. Title: [SkyPortal vRC6 Multiple Remote Vulnerabilities]
19.1. Date of Publishing: [22 Nov 2007]
19.2. Application Name: [SkyPortal]
19.3. Version: [vRC6]
19.4. Impact: [High]
19.5. Reference(s): [
- http://www.bugreport.ir/index_3.htm
]
19.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
19.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
18. Title: [Mozilla Firefox 2.0.0.7 Denial of Service]
18.1. Date of Publishing: [25 Oct 2007]
18.2. Application Name: [Mozilla Firefox]
18.3. Version: [2.0.0.7]
18.4. Impact: [Low]
18.5. Reference(s): [
- http://www.bugreport.ir/index_1.htm
]
18.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
18.7. Supporter: [
- AmnPardaz Company (www.amnpardaz.com)
]
/**************************************************************************/
17. Title: [Hosting Controller 'FolderManager.aspx' Lets Remote Authenticated Users View and Modify Files]
17.1. Date of Publishing: [27/12/2006]
17.2. Application Name: [Hosting Controller]
17.3. Version: [7c (7.00.0003)]
17.4. Impact: [Highly Critical]
17.5. Reference(s): [
- http://securitytracker.com/alerts/2006/Dec/1017447.html
]
17.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
17.7. Supporter: [
- N/A
]
17.8. More information: [
- By using this bug and another technique, attacker can get windows administrator's privilege.
]
/**************************************************************************/
16. Title: [More Than 25 Different Vulnerabilities in Hosting Controller Reported to the Hosting Controller Company]
16.1. Date of Publishing: [Never]
16.2. Application Name: [Hosting Controller]
16.3. Version: [6.1]
16.4. Impact: [High]
16.5. Reference(s): [
- Hosting Controller Support Team and irsdl Emails
]
16.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
16.7. Supporter: [
- N/A
]
/**************************************************************************/
15. Title: [MailEnable Enterprise <= 2.0 (ASP Version) Multiple Vulnerabilities]
15.1. Date of Publishing: [9 June 2006]
15.2. Application Name: [MailEnable]
15.3. Version: [2.0]
15.4. Impact: [High]
15.5. Reference(s): [
- http://securitytracker.com/alerts/2006/Jun/1016265.html
- http://www.milw0rm.com/exploits/1893
]
15.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
15.7. Supporter: [
- N/A
]
/**************************************************************************/
14. Title: [Maxwebportal <= 1.36 password.asp Change Password]
14.1. Date of Publishing: [26 May 2005]
14.2. Application Name: [Maxwebportal]
14.3. Version: [1.36]
14.4. Impact: [High]
14.5. Reference(s): [
- http://www.milw0rm.com/exploits/1012
]
14.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
14.7. Supporter: [
- N/A
]
/**************************************************************************/
13. Title: [Hosting Controller Access Control Bugs Let Remote Users Gain Reseller and Administrative Privileges]
13.1. Date of Publishing: [6 Jul 2006]
13.2. Application Name: [Hosting Controller]
13.3. Version: [6.1 Hotfix 3.1 and prior versions]
13.4. Impact: [High]
13.5. Reference(s): [
- http://securitytracker.com/id?1016444
]
13.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
13.7. Supporter: [
- N/A
]
/**************************************************************************/
12. Title: [Hosting Controller 'EnableForum.asp' and 'DisableForum.asp' Scripts Let Remote Users Create or Delete Forums and Virtual Directories]
12.1. Date of Publishing: [20 Oct 2006]
12.2. Application Name: [Hosting Controller]
12.3. Version: [6.1 Hotfix 3.2 and prior versions]
12.4. Impact: [Medium]
12.5. Reference(s): [
- http://securitytracker.com/id?1017103
]
12.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
12.7. Supporter: [
- N/A
]
/**************************************************************************/
11. Title: [Hosting Controller Input Validation Holes in 'AddGatewaySettings.asp' and 'IPManager.asp' Permit SQL Injection]
11.1. Date of Publishing: [4 Feb 2006]
11.2. Application Name: [Hosting Controller]
11.3. Version: [6.1 Hotfix 2.8]
11.4. Impact: [High]
11.5. Reference(s): [
- http://securitytracker.com/id?1015584
]
11.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
11.7. Supporter: [
- N/A
]
/**************************************************************************/
10. Title: [EmailArchitect Email Server Script Filtering Flaw Permits Cross-Site Scripting Attacks]
10.1. Date of Publishing: [6 Jun 2006]
10.2. Application Name: [EmailArchitect]
10.3. Version: [6.1]
10.4. Impact: [Low]
10.5. Reference(s): [
- http://securitytracker.com/id?1016243
]
10.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
10.7. Supporter: [
- N/A
]
/**************************************************************************/
9. Title: [MailSite Express Lets Remote Users Upload Scripting Files and Execute Them]
9.1. Date of Publishing: [15 Oct 2005]
9.2. Application Name: [MailSite Express]
9.3. Version: [6.1.21.0], [6.1.22.0 (?)]
9.4. Impact: [High]
9.5. Reference(s): [
- http://securitytracker.com/id?1015063
]
9.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
9.7. Supporter: [
- N/A
]
/**************************************************************************/
8. Title: [Hosting Controller Access Control Bugs Let Remote Authenticated Users View, Edit, and Add Plans]
8.1. Date of Publishing: [15 Jul 2005]
8.2. Application Name: [Hosting Controller]
8.3. Version: [6.1 Hotfix 2.2 and prior versions]
8.4. Impact: [High]
8.5. Reference(s): [
- http://securitytracker.com/id?1014071
]
8.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
8.7. Supporter: [
- N/A
]
/**************************************************************************/
7. Title: [Hosting Controller 'AccountActions.asp' Access Control Bug Lets Remote Authenticated Users Add Usernames]
7.1. Date of Publishing: [18 Jul 2005]
7.2. Application Name: [Hosting Controller]
7.3. Version: [6.1 Hotfix 2.2 and prior versions]
7.4. Impact: [High]
7.5. Reference(s): [
- http://securitytracker.com/id?1014518
]
7.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
7.7. Supporter: [
- N/A
]
/**************************************************************************/
6. Title: [EmailArchitect Email Server Input Validation Holes Permit Cross-Site Scripting Attacks]
6.1. Date of Publishing: [6 Jun 2006]
6.2. Application Name: [EmailArchitect]
6.3. Version: [6.1]
6.4. Impact: [Low]
6.5. Reference(s): [
- http://securitytracker.com/id?1016237
]
6.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
6.7. Supporter: [
- N/A
]
/**************************************************************************/
5. Title: [Hosting Controller 'UserProfile.asp' Lets Remote Authenticated Users Modify Other User Profiles]
5.1. Date of Publishing: [26 May 2005]
5.2. Application Name: [Hosting Controller]
5.3. Version: [6.1 Hotfix 2.0 and prior versions]
5.4. Impact: [Medium]
5.5. Reference(s): [
- http://securitytracker.com/id?1014062
]
5.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
5.7. Supporter: [
- N/A
]
/**************************************************************************/
4. Title: [SmarterMail Lets Remote Users Upload Arbitrary Scripting Code and Execute Them]
4.1. Date of Publishing: [25 Jan 2005]
4.2. Application Name: [SmarterMail]
4.3. Version: [prior to 2.0.1837]
4.4. Impact: [High]
4.5. Reference(s): [
- http://securitytracker.com/id?1013021
]
4.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
4.7. Supporter: [
- N/A
]
/**************************************************************************/
3. Title: [Multiple Vulnerabilities in DUclassified]
3.1. Date of Publishing: [9 Oct 2004]
3.2. Application Name: [DUclassified]
3.3. Version: [All]
3.4. Impact: [High]
3.5. Reference(s): [
- http://securitytracker.com/id?1011596
]
3.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
3.7. Supporter: [
- N/A
]
/**************************************************************************/
2. Title: [Multiple Vulnerabilities in DUclassmate]
2.1. Date of Publishing: [9 Oct 2004]
2.2. Application Name: [DUclassmate]
2.3. Version: [All]
2.4. Impact: [High]
2.5. Reference(s): [
- http://securitytracker.com/id?1011597
]
2.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
2.7. Supporter: [
- N/A
]
/**************************************************************************/
1. Title: [Multiple Vulnerabilities in DUforum]
1.1. Date of Publishing: [9 Oct 2004]
1.2. Application Name: [DUforum]
1.3. Version: [All]
1.4. Impact: [Medium]
1.5. Reference(s): [
- http://securitytracker.com/id?1011595
]
1.6. Finder(s): [
- Soroush Dalili (@irsdl)
]
1.7. Supporter: [
- N/A
]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>