Advisories!
Soroush Dalili’s published/to-be-published advisories (Last update 31 Oct 2020):
Filter by impact
#112: CVE-2020-0618 – RCE in SQL Server Reporting Services (SSRS)
Application: Microsoft SQL Server Reporting Services
Version: prior to February 2020 patch
Date: 11/02/2020
Critical#111: CVE-2020-0646 – Code injection in Workflows leading to SharePoint RCE
Application: .NET Framework
Version: prior to January 2020 patch
Date: 14/01/2020
High#110: CVE-2020-0606 – Code Execution using Malicious Annotation Files for Sticky Notes in WPF apps
Application: .NET Framework
Version: prior to January 2020 patch
Date: 14/01/2020
High#109: CVE-2020-0605 – Code Execution using XPS Files in .NET
Application: .NET Framework
Version: prior to January 2020 patch
Date: 14/01/2020
High#108: CVE-2019-13462 – Unauthenticated SQL Injection in Lansweeper
Application: Lansweeper application
Version: prior to 7.1.117.4
Date: 25/07/2019
Critical when MSSQL database is in use (not default)#107: CVE-2019-12923, CVE-2019-12924, CVE-2019-12925, CVE-2019-12926, CVE-2019-12927 – Multiple Vulnerabilities in MailEnable
Application: MailEnable
Version: versions before 10.24, 9.83, 8.64, 7.62, 6.90 (20th June 2019)
Date: 02/07/2019
Critical, High, and Medium#106: CVE-2019-7214, CVE-2019-7213, CVE-2019-7212, CVE-2019-7211 – Multiple Vulnerabilities in SmarterMail
Application: SmarterMail
Version: prior to Build 6985 (CVE-2019-7214), prior to Build 7040 (CVE-2019-7211, CVE-2019-7212, CVE-2019-7213)
Date: 17/04/2019
Critical and High#105: CVE-2018-18447 – Code Execution in .NET by Reading Serialized Objects from Clipboard
Application: PowerShell, Visual Studio, WPF Applications, Paint.NET, LINQPad, and more
Version: varies – some accepted it as a feature – some patched it (sometimes without a CVE)
Date: 17/12/2018
Medium/High#104: CVE-2018-8421 – RCE during loading or compiling Microsoft XOML workflows using deserialization
Application: Microsoft SharePoint
Version: prior to November 2018 patch
Date: 08/11/2018
Critical#103: CVE-2018-8284 – Remote Code Execution on SharePoint by Bypassing Workflows Protection Mechanisms
Application: Microsoft SharePoint
Version: prior to July 2018 patch
Date: 30/08/2018
Critical#102: Mattermost Server Denial of Service by Uploading an Emoji File
Application: Mattermost Server
Version: Fixed in v5.2.2, 5.1.2, 4.10.4
Date: N/A
Low#101: CVE-2019-0613 – Code Execution in Visual Studio using TBC Files
Application: Visual Studio
Version: prior to February 2019 patch
Date: N/A
Medium#101: CVE-2018-8172 – Code Execution in Visual Studio using XAML Files
Application: Visual Studio
Version: prior to July 2018 patch
Date: N/A
Medium#100: CVE-2018-8172, CVE-2018-8300, CVE-2018-14581, CVE-2018-14878, CVE-2018-15122 – Unsafe Deserialization in Microsoft Resource Files (.RESX) in Multiple Products
Application: Visual Studio, ILSpy, DotPeek, ReSharper Ultimate, .Net Reflector, SmartAssembly, JustDecompile, JustAssembly, IIS, SharePoint, Dynamics365
Version: varies – some accepted it as a feature – some patched it (sometimes without a CVE)
Date: 02/08/2018
High/Critical#99: ASP.NET Request Validation Bypass Using Request Encoding
Application: .NET Framework
Version: any – accepted as a feature
Date: 09/09/2017
Medium#98: Multiple Vulnerabilities in Yahoo Small Business (aabaco and luminate domains)
Application: Yahoo! Aabaco Small Business
Version: N/A
Date: N/A
High#97: CVE-2017-8572, CVE-2017-11927 – SMB hash hijacking & user tracking in MS Outlook
Application: Microsoft Outlook
Version: all versions before May 2018 update
Date: 11/05/2018
Medium#96: CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers
Application: Internet Explorer, Edge
Version: IE 10, 11, and Edge prior to July 2017 patch
Date: 14/07/2017
Low#95: CVE-2016-3327 – Denial of Service in Parsing a URL by ierutil.dll
Application: Microsoft Browser – Any HTML viewer using ierutil.dll
Version: Prior to August 2016 Patch
Date: 12/08/2016
Low#94: CVE-2016-4178, CVE-2016-4277 – Flash “local-with-filesystem” Bypass in navigateToURL
Application: Adobe Flash
Version: 22.0.0.211 and earlier
Date: 13/09/2016
Low#93: Yahoo! Web Hosting – Multiple Security Issues
Application: Yahoo! Aabaco Small Business – Web Hosting
Version: N/A
Date: N/A
High#92: SOP bypass in Google Chrome by redirection using Silverlight
Application: Microsoft Silverlight
Version: wont fix
Date: N/A
High#91: Multiple Vulnerabilities in MailEnable (XXE, XSS, Privilege Escalation, Directory Traversal)
Application: MailEnable
Version: Tested on version 8.56 (versions prior to 8.60, 7.60, 6.88, and 5.62 should be vulnerable)
Date: 10/03/2015
High#90: SmarterMail – Stored XSS in emails
Application: SmarterMail
Version: SmarterMail 13.1.5451
Date: 06/03/2015
High#89: Flash security restrictions bypass
Application: Adobe Flash
Version: 08/07/2015 Patched by Adobe
Date: Reported on 14/11/2014
Low#88: Flash security restrictions bypass
Application: Adobe Flash
Version: 12/03/2015 Patched by Adobe
Date: Reported on 14/11/2014
Low#87: Cross Domain Policy Bypass – Google Chrome Flash
Application: Google Chrome
Version: 12/03/2015 Patched by Adobe
Date: Reported on 20/10/2014
Medium#86: Reflected XSS in SWF file – Camtasia 7 & 8
Application: TechSmith Camtasia
Version: v8.4.4 (latest 8.x 10/01/2014) – v7.1.1 (latest 7.x 10/01/2014)
Date: 10/01/2014
Medium#85: Adobe Flash – Cross Site Information Disclosure
Application: Adobe Flash
Version: Tested on 15.0.0.152 (debug version)
Date: Reported on 02/10/2014
Low#84: DOM Based cross-site scripting in Doc-To-Help 2014 v1
Application: Doc-To-Help
Version: Latest version (still unpatched – 10/01/2015)
Date: Discovered: 18/09/2014 – Reported to the vendor: 14/11/2014
Medium#83: Multiple vulnerabilities in FileVista
Application: FileVista
Version: v6.0.7 and even the latest version (still unpatched – 10/01/2015)
Date: Reported to the vendor 04/08/2014 – still unptached
High#82: Adobe flash sandbox bypass to navigate to local drives (Windows version)
Application: Adobe Flash
Version: 14.0.0.125 (tested with IE 11)
Date: 15/10/2014-12/08/2014
TBA#81: Reflected Cross Site Scripting in Flash version of Flowplayer
Application: Flowplayer
Version: 3.2.17 (latest) – still vulnerable
Date: Discovered: 30/05/2014 – Publicly Reported: 30/09/2014
Medium#80: Facebook – Open Redirection via tpe Parameter in /ajax/payment/token_proxy.php
Application: Facebook
Version: N/A
Date: 07/02/2014
Low#79: Adobe Reader/Acrobat another Use-After-Free in ToolButton
Application: Adobe Reader/Acrobat
Version: 11.0.05/10.1.8 and earlier versions
Date: 06/12/2013
High#78: Flash Security SandBox Bypass by using JAR protocol
Application: Adobe Flash
Version: 11.9.900.170/11.2.202.332 and earlier versions
Date: 15/10/2013
Medium#77: Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability
Application: Microsoft Internet Explorer
Version: IE 10
Date: Reported Dec. 2013
High#76: Yahoo Multiple Vulnerabilities – LFI/XSS/etc
Application: Yahoo websites
Version: N/A
Date: 15/10/2013
Critical#75: Microsoft XMLDOM in IE can divulge information of local drive/network in error messages
Application: Internet Explorer
Version: Tested in IE10 – probably unpatched
Date: 25/04/2013
Low#74: Facebook OAuth2 Redirection Bypass
Application: Facebook
Version: N/A
Date: 18/03/2013
High#73: UnRedirectable Page by using onbeforeunload, setTimeout and a pop-up msg
Application: Firefox
Version: unpatched – 10 Jan 2015
Date: 08/02/2013
Low#72: GleamTech FileVista/FileUltimate Directory Traversal
Application: Jenkins
Version: tested on 4.6
Date: 21/11/2012
Critical#71: FCKEditor/CKFinder Denial of Service on Windows Forbidden Files
Application: Jenkins
Version: FCKEditor 2.6.8 / CKFinder 2.3
Date: 21/11/2012
Low#70: Jenkins XSS, CrLf, and Open Redirect
Application: Jenkins
Version: prior to 1.491 or 1.480.1
Date: 20/11/2012
Low#69: Adobe Reader/Acrobat Use-After-Free in ToolButton
Application: Adobe Acrobat/Reader
Version: 11.0.02/10.1.6 and earlier
Date: 11/09/2013 – reported Sept. 2012
High#68: FCKEditor ASP Version – Multiple File Upload Protection Bypass and XSS vulnerability
Application: FCKEditor
Version: latest version (retired) – 27/11/2012
Date: 21/11/2012
Critical#67: Facebook Privacy Issue
Application: Facebook Website
Version: N/A
Date: Vendor Awareness: March 2012
Moderate#66: Bugzilla – account lockout restriction bypass
Application: Bugzilla
Version: versions 2.17.4 through 3.6.8, 3.7.1 through 4.0.5, and 4.1.1 through 4.2
Date: Vendor Awareness: 18 February 2012
Low#65: Adobe Reader/Acrobat Memory Corruption In The JavaScript Handling
Application: Adobe Reader/Acrobat
Version: Windows and Macintosh: <=10.1.2 and <= 9.5 , Linux: <= 9.4.6
Date: N/A
High#64: Mozilla Firefox – Memory Corruption – More details will be available after the patch
Application: Mozilla Firefox
Version: Should be patched in 16
Date: Vendor Awareness: 9 February 2012
N/A#63: Splunk Reflected XSS
Application: Splunk
Version: Patched in version 4.3.1
Date: N/A
Low#62: Mozilla Firefox Drag and Drop Handling Same Origin Policy Bypass Vulnerability
Application: Mozilla Firefox
Version: Prior to 11.0
Date: 29 December 2011, Vendor Awareness: 21 November 2011
Moderate#61: Adobe Reader/Acrobat Memory Corruption Denial of Service by Javascript
Application: Adobe Reader/Acrobat
Version: 10.0.1, other versions can be vulnerable before applying the 14 June 2011 Patch
Date: 16 June 2011, Vendor Awareness: 24 Feb 2011
Low#60: Mozilla Firefox/Thunderbird/SeaMonkey ‘resource:’ Protocol Directory Traversal Vulnerability
Application: Mozilla Firefox/Thunderbird/SeaMonkey
Version: Fixed in: Firefox 3.6.17, Firefox 3.5.19, Thunderbird 3.1.10, SeaMonkey 2.0.14
Date: 28 April 2011
Moderate#59: Douran Portal File Download/Source Code Disclosure Vulnerability
Application: Douran Portal
Version: 3.9.7.8
Date: 20 March 2011
Moderately critical#58: TASKalfa 500ci Printer – Authentication Bypass
Application: Adobe Reader/Acrobat
Version: Prior to 12.0 Framework – 250, 300, and 400 models were also patched
Date: Vendor Awareness: 1 Dec. 2010 – Fixed on: 14 July 2011
High#57: Microsoft Internet Information Services .Net Denial of Service
Application: Microsoft IIS
Version: All the Latest Versions of IIS and .Net Frameworks – 17/05/2011
Date: Vendor Awareness: 3 August 2010 – Vendor Response: 4 Jan 2011 Recoverable DoS issues will be addressed in a Service Pack or next version fix – Latest State: Kept Private regarding with another 0day file/folder name leakage vulnerability in IIS
Moderate#56: Microsoft Internet Information Services Basic Authentication Security Bypass
Application: Microsoft IIS
Version: 5.1
Date: 1 July 2010
Moderately critical#55: Opera Browser – Scroll Information Leakage
Application: Opera Browser
Version: 10.54 and 10.60 RC (Build 3443)
Date: 30 June 2010
Low#54: AirTight Web Application – File Disclosure/Deletion and XSS
Application: AirTight
Version: Tested on 6.1 – later versions should be safe
Date: Vendor Awareness: June 2010 – Fixed on: 2010
High#53: Mozilla Firefox Error Handling Information Disclosure Vulnerability
Application: Mozilla Firefox
Version: 3.5.10, 3.6.6 and prior versions
Date: 27 May 2010
Low#52: Internet Explorer hard drive information leakage
Application: Internet Explorer
Version: 7, 8, and 9 – 17/05/2011
Date: 4 March 2010
Low#51: Microsoft IIS ASP Multiple Extensions Security Bypass
Application: Microsoft IIS
Version: 6.0
Date: 24 Dec. 2009
Less Critical for IIS][Critical for Web Applications#50: Virtual Support Office-XP Multiple Vulnerabilities.
Application: Virtual Support Office-XP
Version: 3.0.29, 3.0.27 and prior versions
Date: 20 Jun 2008
High#49: eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities
Application: eLineStudio Site Composer (ESC)
Version: 2.6
Date: 19 Jun 2008
High#48: Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities
Application: Academic Web Tools CMS
Version: 1.4.2.8
Date: 19 Jun 2008
Medium#47: doITlive CMS <=2.50 Multiple Vulnerabilities
Application: doITlive CMS
Version: 2.50
Date: 18 Jun 2008
High#46: Pooya Site Builder (PSB) SQL Injection Vulnerabilities
Application: Pooya Site Builder (PSB)
Version: 6.0 (Assembly Version)
Date: 12 Jun 2008
High#45: Realm CMS <= 2.3 Multiple Vulnerabilities
Application: Realm CMS
Version: 2.3
Date: 10 Jun 2008
High#44: QuickerSite <= 1.85 Multiple Vulnerabilities
Application: QuickerSite
Version: 1.85
Date: 4 Jun 2008
High#43: Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability
Application: Dot Net Nuke (DNN)
Version: 4.8.3
Date: 30 May 2008
Low#42: MegaBBS Forum Multiple Vulnerabilities.
Application: MegaBBS
Version: 2.2
Date: 27 Apr 2008
Medium#41: Acidcat CMS Multiple Vulnerabilities.
Application: Acidcat CMS
Version: 3.4.1
Date: 20 Apr 2008
High#40: CandyPress eCommerce suite SQL Injection + XSS + Path Disclosure in CandyPress
Application: CandyPress eCommerce suite
Version: 4.1.1.26
Date: 26 Jan 2008
High#39: Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server
Application: Web Wiz Rich Text Editor
Version: 4.0
Date: 23 Jan 2008
Medium#38: Web Wiz NewsPad Directory traversal
Application: Web Wiz NewsPad
Version: 1.02
Date: 23 Jan 2008
Low#37: Web Wiz Forums Directory traversal
Application: Web Wiz Forums
Version: 9.07
Date: 23 Jan 2008
Low#36: Mozilla Firefox 2.0.0.11 Hide the Source Code
Application: Mozilla Firefox
Version: 2.0.0.11
Date: 22 Jan 2008
Low#35: Hosting Controller 6.1 – Users can change other’s host headers.
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
Medium#34: Hosting Controller 6.1 – Users can enable or disable all Hosting Controller forums by SQL Injection.
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
Medium#33: Hosting Controller 6.1 – Users can find web site path.
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
Medium#32: Hosting Controller 6.1 – Users can import unwanted plan or change the plans.
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
Medium#31: Hosting Controller 6.1 – Users can find Hosting Controller setup directory.
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
Medium#30: Hosting Controller 6.1 – Users can see all usernames in the server.
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
Medium#29: Hosting Controller 6.1 – Users can enable or disable pay type.
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
Medium#28: Hosting Controller 6.1 – Users can delete all of gateway information.
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
Medium#27: Hosting Controller 6.1 – Users can uninstall other’s FrontPage extensions.
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
Medium#26: Hosting Controller 6.1 – Users can change his credit amount or increase his discount.
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
Medium#25: Hosting Controller 6.1 – SQL Injection in “/accounts/accountmanager.asp”
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
Medium#24: Hosting Controller 6.1 – Remote Attacker can change all users’ profiles.
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
Medium#23: Hosting Controller 6.1 – Remote Users Can Make a New User
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
High#22: Hosting Controller 6.1 – Remote Authenticated Users Execute a File Under Administrative Privilege
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
High#21: Hosting Controller 6.1 – Lets Remote Users Gain Admin Privilege
Application: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Date: 13 Dec 2007
High#20: Snitz Forums 2000 Active.asp Remote SQL Injection Vulnerability
Application: Snitz Forums 2000
Version: N/A
Date: 10 Dec 2007
High#19: SkyPortal vRC6 Multiple Remote Vulnerabilities
Application: SkyPortal
Version: vRC6
Date: 22 Nov 2007
High#18: Mozilla Firefox 2.0.0.7 Denial of Service
Application: Mozilla Firefox
Version: 2.0.0.7
Date: 25 Oct 2007
Low#17: Hosting Controller ‘FolderManager.aspx’ Lets Remote Authenticated Users View and Modify Files
Application: Hosting Controller
Version: 7c (7.00.0003)
Date: 27/12/2006
Critical#16: More Than 25 Different Vulnerabilities in Hosting Controller Reported to the Hosting Controller Company
Application: Hosting Controller
Version: 6.1
Date: Never
High#15: MailEnable Enterprise <= 2.0 (ASP Version) Multiple Vulnerabilities
Application: MailEnable
Version: 2.0
Date: 9 June 2006
High#14: Maxwebportal <= 1.36 password.asp Change Password
Application: Maxwebportal
Version: 1.36
Date: 26 May 2005
High#13: Hosting Controller Access Control Bugs Let Remote Users Gain Reseller and Administrative Privileges
Application: Hosting Controller
Version: 6.1 Hotfix 3.1 and prior versions
Date: 6 Jul 2006
High#12: Hosting Controller ‘EnableForum.asp’ and ‘DisableForum.asp’ Scripts Let Remote Users Create or Delete Forums and Virtual Directories
Application: Hosting Controller
Version: 6.1 Hotfix 3.2 and prior versions
Date: 20 Oct 2006
Medium#11: Hosting Controller Input Validation Holes in ‘AddGatewaySettings.asp’ and ‘IPManager.asp’ Permit SQL Injection
Application: Hosting Controller
Version: 6.1 Hotfix 2.8
Date: 4 Feb 2006
High#10: EmailArchitect Email Server Script Filtering Flaw Permits Cross-Site Scripting Attacks
Application: EmailArchitect
Version: 6.1
Date: 6 Jun 2006
Low#9: MailSite Express Lets Remote Users Upload Scripting Files and Execute Them
Application: MailSite Express
Version: 6.1.21.0, 6.1.22.0 (?)
Date: 15 Oct 2005
High#8: Hosting Controller Access Control Bugs Let Remote Authenticated Users View, Edit, and Add Plans
Application: Hosting Controller
Version: 6.1 Hotfix 2.2 and prior versions
Date: 15 Jul 2005
High#7: Hosting Controller ‘AccountActions.asp’ Access Control Bug Lets Remote Authenticated Users Add Usernames
Application: Hosting Controller
Version: 6.1 Hotfix 2.2 and prior versions
Date: 18 Jul 2005
High#6: EmailArchitect Email Server Input Validation Holes Permit Cross-Site Scripting Attacks
Application: EmailArchitect
Version: 6.1
Date: 6 Jun 2006
Low#5: Hosting Controller ‘UserProfile.asp’ Lets Remote Authenticated Users Modify Other User Profiles
Application: Hosting Controller
Version: 6.1 Hotfix 2.0 and prior versions
Date: 26 May 2005
Medium#4: SmarterMail Lets Remote Users Upload Arbitrary Scripting Code and Execute Them
Application: SmarterMail
Version: prior to 2.0.1837
Date: 25 Jan 2005
High#3: Multiple Vulnerabilities in DUclassified
Application: DUclassified
Version: All
Date: 9 Oct 2004
High#2: Multiple Vulnerabilities in DUclassmate
Application: DUclassmate
Version: All
Date: 9 Oct 2004
High#1: Multiple Vulnerabilities in DUforum
Application: DUforum
Version: All
Date: 9 Oct 2004
Medium