Showing 1 - 3 of 3

Files from Arshan Dabirsiaghi

Email address	arshan.dabirsiaghi at aspectsecurity.com
First Active	2008-05-29
Last Active	2017-12-19

Jenkins XStream Groovy Classpath Deserialization: Posted Dec 19, 2017; Authored by Arshan Dabirsiaghi | Site metasploit.com; This Metasploit module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath, which allows remote arbitrary code execution. The issue affects default installations. Authentication is not required to exploit the vulnerability.; tags | exploit, remote, arbitrary, code execution; advisories | CVE-2016-0792; SHA-256 | 52a40982d2eed44b68632a3f6deca119172cfb8a682bb8fd52169cc4b2182bba; Download | Favorite | View

Spring Framework Information Disclosure: Posted Sep 9, 2011; Authored by Stefano Di Paola, Arshan Dabirsiaghi, SpringSource Security Team; Spring Framework versions 3.0.0 to 3.0.5, 2.5.0 to 2.5.6.SEC02, and 2.5.0 to 2.5.7.SR01 suffer from an information disclosure vulnerability.; tags | advisory, info disclosure; advisories | CVE-2011-2730; SHA-256 | f0dc757e73d89236f2c88698d4791d1317a31be811db0b76dade2bee53c8a3d7; Download | Favorite | View

Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf: Posted May 29, 2008; Authored by Arshan Dabirsiaghi; Whitepaper called Bypassing URL Authentication and Authorization with HTTP Verb Tampering.; tags | paper, web; SHA-256 | 89c79276bb60d2a827a2b05125ffbdfb1c71292138a852beeb9e94a711e853bb; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days