40 matches found
CVE-2018-25361
Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...
EUVD-2018-21883
Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...
CVE-2018-25361
Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...
CVE-2018-25361 Soroush IM Desktop App 0.17.0 Authentication Bypass via Database Injection
Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...
CVE-2018-25361
Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability via database injection. A local attacker can inject pre-encrypted database entries using a constant encryption key to remove passcodes and unlock the client, gaining access to all stored data, chats, images, and files w...
PT-2026-43214
Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...
Microsoft IIS Shortname Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft IIS shortname vulnerability scanner', 'Description' = %q The vulnerability is caused by a tilde character "" in a GET or OPTIONS reques...
MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass', 'Description' = %q This module bypasses basic authentication for Internet Informatio...
MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure", 'Description' = %q This module will use the Microsoft XMLDOM object to enumerat...
Metasploit Weekly Wrap-Up
Authentication bypass in Wordpress Plugin WooCommerce Payments This week's Metasploit release includes a module for CVE-2023-28121 by h00die. This module can be used against any wordpress instance that uses WooCommerce payments 5.6.1. This module exploits an auth by-pass vulnerability in the...
About the security content of Safari 15.2
About the security content of Safari 15.2 This document describes the security content of Safari 15.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
Description According to the WordPress release notes: "Props to Soroush Dalili @irsdl from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting XSS attacks." PoC Thanks to @irsdl's Hacker1 disclosure: JS - Numerical Entities JS - Hex Entities...
Soroush IM Desktop App 0.17.0 - Authentication Bypass Vulnerability
Exploit for windows platform in category local exploits Exploit Title: Soroush IM Desktop App 0.17.0 - Authentication Bypass Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: http://54.36.43.176/SoroushSetup0.17.0.exe Version: 0.17.0 BETA Tested on: Windows 10 18...
Microsoft IIS shortname vulnerability scanner
The vulnerability is caused by a tilde character "" in a GET or OPTIONS request, which could allow remote attackers to disclose 8.3 filenames short names. In 2010, Soroush Dalili and Ali Abbasnejad discovered the original bug GET request. This was publicly disclosed in 2012. In 2014, Soroush...
Soroush IM Desktop App 0.17.0 - Authentication Bypass
Soroush IM Desktop App 0.17.0 - Authentication Bypass Exploit Title: Soroush IM Desktop App 0.17.0 - Authentication Bypass Date: 2018-08-08 Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: http://54.36.43.176/SoroushSetup0.17.0.exe Version: 0.17.0 BETA Tested on...
Soroush IM Desktop App 0.17.0 - Authentication Bypass
Exploit Title: Soroush IM Desktop App 0.17.0 - Authentication Bypass Date: 2018-08-08 Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: http://54.36.43.176/SoroushSetup0.17.0.exe Version: 0.17.0 BETA Tested on: Windows 10 1803 and windows server 2016 14393 Securi...
Soroush IM Desktop app 0.15 - Authentication Bypass Vulnerability
Exploit for linux platform in category local exploits Exploit Title: Soroush IM Desktop app 0.15 - Authentication Bypass Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: https://soroush-app.ir/UploadedData/Soroush.exe Version: 0.15 BETA Tested on: Windows 10 180...
Soroush IM Desktop App 0.15 (beta) - Authentication Bypass
Exploit Title: Soroush IM Desktop app 0.15 - Authentication Bypass Date: 2018-06-13 Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: https://soroush-app.ir/UploadedData/Soroush.exe Version: 0.15 BETA Tested on: Windows 10 1803 Security Issue: Attackers can unloc...
Soroush IM Desktop App 0.15 (beta) - Authentication Bypass
Soroush IM Desktop App 0.15 beta - Authentication Bypass Exploit Title: Soroush IM Desktop app 0.15 - Authentication Bypass Date: 2018-06-13 Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: https://soroush-app.ir/UploadedData/Soroush.exe Version: 0.15 BETA Teste...
Soroush IM Desktop App 0.15 Authentication Bypass
Exploit Title: Soroush IM Desktop app 0.15 - Authentication Bypass Date: 2018-06-13 Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: https://soroush-app.ir/UploadedData/Soroush.exe Version: 0.15 BETA Tested on: Windows 10 1803 Security Issue: Attackers can unloc...