Soroush Dalili

43 exploits Active since May 2005
CVE-2005-2219 EXPLOITDB text WORKING POC
Hosting Controller 6.1 - Privilege Escalation
Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.
CVE-2013-3346 EXPLOITDB CRITICAL ruby WORKING POC
Adobe Acrobat and Reader 9.x < 9.5.5, 10.x < 10.1.7, 11.x < 11.0.03 - Remote Code Execution via Memory Corruption
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
CVSS 9.8
EIP-2026-114819 EXPLOITDB text WORKING POC
.NET Framework - Tilde Character Denial of Service
EIP-2026-114868 EXPLOITDB text WORKING POC
Adobe Reader/Acrobat 10.0.1 - Denial of Service
EIP-2026-103567 EXPLOITDB text WORKING POC
Mozilla Firefox 2.0.0.7 - Remote Denial of Service
EIP-2026-103566 EXPLOITDB html WORKING POC
Mozilla Firefox 2.0.0.7 - Malformed XBL Constructor Remote Denial of Service
EIP-2026-100350 EXPLOITDB text WORKING POC
Hosting Controller 6.1 - Multiple SQL Injections
CVE-2020-1147 EXPLOITDB HIGH python WORKING POC
.NET Framework, SharePoint Server, and Visual Studio - Remote Code Execution via XML Input Deserialization
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
CVSS 7.8
CVE-2007-6240 EXPLOITDB html WORKING POC
Snitz Forums 2000 3.4.06 - SQL Injection
SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.
CVE-2005-1779 EXPLOITDB text WORKING POC
MaxWebPortal 1.35, 1.36, 2.0, 20050418 Next - SQL Injection via memKey Parameter
SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter.
EIP-2026-100402 EXPLOITDB text WORKING POC
MailEnable Enterprise 2.0 - 'ASP' Multiple Vulnerabilities
CVE-2006-5629 EXPLOITDB text WORKING POC
Hosting Controller < 6.1 Hotfix 3.3 - SQL Injection via ForumID Parameter
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
CVE-2006-3147 EXPLOITDB text WORKING POC
Hosting Controller <6.1 - Privilege Escalation
Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788.
EIP-2026-100352 EXPLOITDB text WORKING POC
Hosting Controller 6.1 HotFix 2.2 - Add Domain without Quota
CVE-2005-1784 EXPLOITDB text WORKING POC
Hosting Controller <6.1.2.0 - Info Disclosure
Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.
CVE-2008-6644 EXPLOITDB text WORKING POC
DotNetNuke < 4.8.3 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
EIP-2026-100324 EXPLOITDB text WRITEUP
FCKEditor Core ASP 2.6.8 - Arbitrary File Upload Protection Bypass
CVE-2011-1569 EXPLOITDB text WRITEUP
Douran Portal 3.9.7.8 - Info Disclosure
download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter.