Soheil Samanabadi

3 exploits Active since Oct 2020
CVE-2020-25824 WRITEUP LOW WRITEUP
Telegram Desktop < 2.4.3 - Missing Authentication
Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export key. This attacker may consequently gain access to all chat conversation and media files.
CVSS 2.4
CVE-2022-32294 WRITEUP CRITICAL WRITEUP
Zimbra Collaboration - Incorrect Authorization
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.
CVSS 9.8
CVE-2023-23566 WRITEUP CRITICAL WRITEUP
Axigen Mail Server - Incorrect Default Permissions
A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code.
CVSS 9.8