26 matches found
Microsoft IIS Shortname Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft IIS shortname vulnerability scanner', 'Description' = %q The vulnerability is caused by a tilde character "" in a GET or OPTIONS reques...
MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure", 'Description' = %q This module will use the Microsoft XMLDOM object to enumerat...
MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass', 'Description' = %q This module bypasses basic authentication for Internet Informatio...
Metasploit Weekly Wrap-Up
Authentication bypass in Wordpress Plugin WooCommerce Payments This week's Metasploit release includes a module for CVE-2023-28121 by h00die. This module can be used against any wordpress instance that uses WooCommerce payments 5.6.1. This module exploits an auth by-pass vulnerability in the...
WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
Description According to the WordPress release notes: "Props to Soroush Dalili @irsdl from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting XSS attacks." PoC Thanks to @irsdl's Hacker1 disclosure: JS - Numerical Entities JS - Hex Entities...
Microsoft IIS shortname vulnerability scanner
The vulnerability is caused by a tilde character "" in a GET or OPTIONS request, which could allow remote attackers to disclose 8.3 filenames short names. In 2010, Soroush Dalili and Ali Abbasnejad discovered the original bug GET request. This was publicly disclosed in 2012. In 2014, Soroush...
Adobe Reader/Acrobat 10.0.1 DoS Exploit
No description provided by source. Title: Adobe Reader/Acrobat Memory Corruption Denial of Service Report to Vendor: 24 Feb 2011 Application Name: Adobe Reader/Acrobat Version: 10.0.1, other versions can be vulnerable before applying the 14 June 2011 Patch References: -...
gleamtech filevista/fileultimate 4.6 - Directory Traversal
No description provided by source. Hello I have recently released this vulnerability in a talk: http://soroush.secproject.com/blog/2012/11/file-in-the-hole/ - Title: GleamtechFileVista/FileUltimate 4.6 Directory Traversal can lead to file upload attack - Credit goes to: Soroush Dalili -...
Microsoft Internet Explorer 'MSXML'错误文件枚举漏洞
BUGTRAQ ID: 59657 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 Internet Explorer 10.0.9200.16540(Windows 7 Professional)内的XMLDOM存在文件枚举漏洞和拒绝服务漏洞,XMLDOM会根据文件或目录的存在情况,在错误信息里泄露客户端驱动/网络的信息,攻击者可利用此漏洞获取有用信息,例如系统root目录的文件存在情况等。 0 Microsoft Internet Explorer 10.x 厂商补丁: Microsoft ---------...
CKFinder 2.3 / FCKEditor 2.6.8 SWF Cross Site Scripting
Hello The latest versions of CKFinder 2.3 and FCKEditor2.6.8 are accepting SWF as a valid extension. As a result, it is possible to make a website vulnerable to an XSS attack by uploading a malicious SWF file. Source: http://soroush.secproject.com/blog/2012/11/xss-by-uploadingincluding-a-swf-file...
DOS and crash with full screen and history navigation — Mozilla
Security researcher Soroush Dalili reported that a combination of invoking full screen mode and navigating backwards in history could, in some circumstances, cause a hang or crash due to a timing dependent use-after-free pointer reference. This crash may be potentially exploitable...
.Net Framework Tilde Character DoS - Sorry, exploit-db link corrected
Link: http://soroush.secproject.com/downloadable/iistildedos.txt Exploit-db link: www.exploit-db.com/exploits/19575 ---------------------------- Security Research - .Net Framework Tilde Character DoS Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- "The .NET...
MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
This module bypasses basic authentication for Internet Information Services IIS. By appending the NTFS stream name to the directory name in a request, it is possible to bypass authentication. This module requires Metasploit: https://metasploit.com/download Current source:...
XSS with Drag and Drop and Javascript: URL — Mozilla
Firefox prevents the dropping of javascript: links onto a frame to prevent malicious sites from tricking users into performing a cross-site scripting XSS attacks on themselves. Security researcher Soroush Dalili reported a way to bypass this protection...
Mandriva Update for mozilla-thunderbird MDVSA-2011:080 (mozilla-thunderbird)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Mozilla Foundation Security Advisory 2011-16
Mozilla Foundation Security Advisory 2011-16 Title: Directory traversal in resource: protocol Impact: Moderate Announced: April 28, 2011 Reporter: Soroush Dalili Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.17 Firefox 3.5.19 Thunderbird 3.1.10 SeaMonkey 2.0.14 Description...
Mozilla Foundation Security Advisory 2010-47
Mozilla Foundation Security Advisory 2010-47 Title: Cross-origin data leakage from script filename in error messages Impact: Moderate Announced: July 20, 2010 Reporter: Soroush Dalili Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.7 Firefox 3.5.11 Thunderbird 3.1.1 Thunderbird...
Cross-origin data leakage from script filename in error messages — Mozilla
Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message...
Mozilla Firefox出错处理信息泄露漏洞
BUGTRAQ ID: 40401 Firefox是非常流行的开源WEB浏览器。 Firefox的window.onerror处理器允许读取重新定向的目标URL。如果通过HTML script标签引用了重新定向站点的话,就可以读取目标URL中所包含的会话特定查询参数。 Mozilla Firefox 3.6.3 Mozilla Firefox 3.5.9 厂商补丁: Mozilla ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.mozilla.org/ XSUH Cross Site URL...
Microsoft IIS Semi-Colon Execution
Microsoft IIS 0Day Vulnerability in Parsing Files semi-colon bug Application: Microsoft Internet Information Services - IIS All versions Impact: Highly Critical for Web Applications Finding Date: April 2007 Report Date: Dec. 2009 Found by: Soroush Dalili Irsdl 4t yahoo d0t com Website:...