Soroosh Dalili

5 exploits Active since Dec 2004
CVE-2004-2202 EXPLOITDB text WRITEUP
DUware DUclassified <4.3 - SQL Injection
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.
CVE-2004-2198 EXPLOITDB text WRITEUP
DUware DUclassmate 1.0-1.1 - Unauthenticated Arbitrary Password Change via MM_recordId Parameter
account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page.
CVE-2004-2201 EXPLOITDB text WRITEUP
DUware DUforum <3.1 - SQL Injection
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.
CVE-2004-2201 EXPLOITDB text WRITEUP
DUware DUforum <3.1 - SQL Injection
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.
CVE-2004-2201 EXPLOITDB text WRITEUP
DUware DUforum <3.1 - SQL Injection
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.