exploit the possibilities
Showing 1 - 23 of 23 RSS Feed

Files from Soroush Dalili

Email addressirsdl at yahoo.com
First Active2005-05-27
Last Active2020-07-31
SharePoint DataSet / DataTable Deserialization
Posted Jul 31, 2020
Authored by Soroush Dalili, mr_me, Spencer McIntyre | Site metasploit.com

A remotely exploitable vulnerability exists within SharePoint that can be leveraged by a remote authenticated attacker to execute code within the context of the SharePoint application service. The privileges in this execution context are determined by the account that is specified when SharePoint is installed and configured. The vulnerability is related to a failure to validate the source of XML input data, leading to an unsafe deserialization operation that can be triggered from a page that initializes either the ContactLinksSuggestionsMicroView type or a derivative of it. In a default configuration, a Domain User account is sufficient to access SharePoint and exploit this vulnerability.

tags | exploit, remote
advisories | CVE-2020-1147
MD5 | 1951b8a6649841f289b9e4feb3f9e3b0
SharePoint Workflows XOML Injection
Posted Mar 26, 2020
Authored by Soroush Dalili, Spencer McIntyre | Site metasploit.com

This Metasploit module exploits a vulnerability within SharePoint and its .NET backend that allows an attacker to execute commands using specially crafted XOML data sent to SharePoint via the Workflows functionality.

tags | exploit
advisories | CVE-2020-0646
MD5 | 5b6ade0c1b4442dfc1e0314f571595ad
SQL Server Reporting Services (SSRS) ViewState Deserialization
Posted Mar 12, 2020
Authored by Soroush Dalili, Spencer McIntyre | Site metasploit.com

A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server.

tags | exploit, remote, web, code execution
advisories | CVE-2020-0618
MD5 | 0c8baebbb6c756de8b19d1b75adb66b5
TechSmith Camtasia 7 / 8 Cross Site Scripting
Posted Jan 14, 2015
Authored by Soroush Dalili

TechSmith Camtasia versions 7 and 8 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 36803f7721accb233c739a4f49f8edc4
Adobe Reader ToolButton Use After Free
Posted Dec 17, 2013
Authored by Soroush Dalili, sinn3r, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits an use after free condition on Adobe Reader versions 11.0.2, 10.1.6 and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where the cEnable callback can be used to early free the object memory. Later use of the object allows triggering the use after free condition. This Metasploit module has been tested successfully on Adobe Reader 11.0.2 and 10.0.4, with IE and Windows XP SP3, as exploited in the wild in November, 2013. At the moment, this module doesn't support Adobe Reader 9 targets; in order to exploit Adobe Reader 9 the fileformat version of the exploit can be used.

tags | exploit
systems | windows, xp
advisories | CVE-2013-3346, OSVDB-96745
MD5 | 331a6848bb1a597a72b8e41a22f16ec3
Adobe Reader ToolButton Use After Free
Posted Dec 17, 2013
Authored by Soroush Dalili, sinn3r, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits an use after free condition on Adobe Reader versions 11.0.2, 10.1.6 and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where the cEnable callback can be used to early free the object memory. Later use of the object allows triggering the use after free condition. This Metasploit module has been tested successfully on Adobe Reader 11.0.2, 10.0.4 and 9.5.0 on Windows XP SP3, as exploited in the wild in November, 2013.

tags | exploit
systems | windows, xp
advisories | CVE-2013-3346, OSVDB-96745
MD5 | 8cf37b140ac27d2a3fe8b52dc9949433
Gleamtech FileVista / FileUltimate 4.6 Directory Traversal
Posted Nov 28, 2012
Authored by Soroush Dalili

Gleamtech FileVista / FileUltimate version 4.6 suffers from a directory traversal vulnerability.

tags | advisory, file inclusion
MD5 | 671ad03b151daa224d4ee3bf9c2b8079
FCKEditor 2.6.8 ASP File Upload Protection Bypass
Posted Nov 28, 2012
Authored by Soroush Dalili

FCKEditor version 2.6.8 ASP version suffers from a file upload protection bypass.

tags | advisory, asp, bypass, file upload
MD5 | 220d912d0f1646c9e97383f3e3f657e3
CKFinder 2.3 / FCKEditor 2.6.8 SWF Cross Site Scripting
Posted Nov 12, 2012
Authored by Soroush Dalili

CK Finder version 2.3 and FCKEditor version 2.6.8 allow uploads of malicious swf files that can allow for cross site scripting attacks.

tags | exploit, xss
MD5 | 2eda3301d34b7c61132c342d69a71c9b
Microsoft IIS Tilde Character Name Disclosure / Denial Of Service
Posted Jul 2, 2012
Authored by Soroush Dalili

Microsoft IIS suffers from a short file/folder name disclosure vulnerability when handling tilde characters. The .NET framework may also suffer from a denial of service condition relating to the handling of tilde. Proof of concept scanner included.

tags | exploit, denial of service, proof of concept
systems | linux
MD5 | 2b424f4a874aa574d9d64507b3cab96a
Bugzilla Unauthorized Access / Cross Site Scripting
Posted Apr 19, 2012
Authored by Soroush Dalili, Frederic Buclin, Byron Jones | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 3.5.3 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from an authorized access vulnerability. Bugzilla versions 2.17.4 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2012-0465, CVE-2012-0466
MD5 | 080f4edb5da8c3f2bcc784a578a6d7a2
Adobe Reader / Acrobat 10.0.1 Denial Of Service
Posted Jun 17, 2011
Authored by Soroush Dalili

This is a proof of concept denial of service exploit for Adobe Reader / Acrobat 10.0.1.

tags | exploit, denial of service, proof of concept
systems | linux
MD5 | 4731cd285bed8022afbaec5b944bd27d
Douran Portal 3.9.7.8 File Disclosure
Posted Mar 21, 2011
Authored by Soroush Dalili, HUrr!c4nE!

Douran Portal version 3.9.7.8 suffers from a file download / source code disclosure vulnerability.

tags | exploit, info disclosure
MD5 | e95381f61f875f2a9f13422d9beb6d26
IIS 5 Authentication Bypass
Posted Jul 3, 2010
Authored by Soroush Dalili | Site soroush.secproject.com

IIS 5 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 07c656d13fd4460e1535a801e74a424d
Cross Site URL Hijacking Using Error Object In Firefox
Posted May 28, 2010
Authored by Soroush Dalili

Whitepaper called Cross Site URL Hijacking by using Error Object in Mozilla Firefox.

tags | paper
MD5 | e198c417ab153ee6038aa9568c6ec459
Improve File Uploaders' Protections
Posted May 28, 2010
Authored by Soroush Dalili

Whitepaper called Improve File Uploaders' Protections. It focuses on Windows-based web applications.

tags | paper, web, file upload
systems | windows
MD5 | 6a508de757b22246e88626379c618976
Findings Vulnerabilities In YaFtp 1.0.14
Posted May 28, 2010
Authored by Soroush Dalili

Whitepaper called Finding vulnerabilities in YaFtp version 1.0.14.

tags | paper, vulnerability
MD5 | 85795579fbd0d50695a215a4bf9d2766
Microsoft IIS Semi-Colon Execution
Posted Dec 29, 2009
Authored by Soroush Dalili

Microsoft IIS servers suffer from a semi-colon bug where any file can be executed as an Active Server Page.

tags | exploit
MD5 | fa69b52eb5e40c6ae92b438cd0074d53
ASP And JSP Security
Posted Sep 2, 2009
Authored by Soroush Dalili

Whitepaper called ASP and JSP security. Written in Persian.

tags | paper, asp
MD5 | 9efe0660e8ab5e14374459ac161795d0
Web Application Security Consortium Glossary
Posted Feb 10, 2009
Authored by Soroush Dalili | Site soroush.secproject.com

The Web Application Security Consortium Glossary. Written in Persian.

tags | paper, web
MD5 | ff91eb9f6619b159e42f04e1558e4bfc
hc-bugs.txt
Posted Jul 9, 2006
Authored by Soroush Dalili

Hosting Controller version 6.1 Hotfix (versions 3.2 and below) suffer from flaws that allow an attacker the ability to gain reseller privileges and administrative privileges.

tags | advisory
MD5 | 211368bf13f6d3ee51d523e2203c598c
maxwebportal136-2.txt
Posted May 27, 2005
Authored by Soroush Dalili

Maxwebportal versions 1.36 and below password.asp Change Password exploit using php.

tags | exploit, php, asp
MD5 | 302aa48df93961153e18933592ec3faf
maxwebportal136-1.txt
Posted May 27, 2005
Authored by Soroush Dalili

Maxwebportal versions 1.36 and below password.asp Change Password exploit using html.

tags | exploit, asp
MD5 | b68ee3614c49826f12f1b68c0251ad82
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close