| Overview of Advisories |
| No. |
Discovery Date |
Title |
Status |
Advisory Availability |
| 28 |
January 2010 |
Portrait Million Handshakes Cross-Site scripting Vulnerability |
Vendor Corrected | Advisory Public |
| 27 |
May 2009 |
Intel 4965AGN wireless card information disclosure |
Vendor Notified | Advisory Public |
| 26 |
February 2009 |
glFusion CMS-"Comment" Cross-Site scripting Vulnerability |
Vendor Corrected | Advisory Public |
| 25 |
December 2008 |
Samhain IDS Denial of Service |
Vendor Notified | Advisory Private |
| 24 |
December 2008 |
Barracuda Load Balancer XSS |
Vendor Corrected | Advisory Public |
| 23 |
November 2008 |
Microsoft SharePoint Website Source code revealed |
Vendor Notified | Advisory Private |
| 22 |
November 2008 |
Beltane Cross-site scripting |
Vendor Notified | Advisory Private |
| 21 |
November 2008 |
Firebird - Default settings allow file system enumeration |
Vendor Notified | Advisory Private |
| 20 |
November 2008 |
FotoWeb Multiple XSS Vulnerabilities |
Vendor Notified | Advisory Public |
| 19 |
November 2008 |
SiteCore "Page not Found" XSS Vulnerability |
Vendor Corrected | Advisory Public |
| 18 |
June 2008 |
Direct Web Remoting - Cross-Site Scripting on Error Page |
Vendor Notified | Advisory Public |
| 17 |
November 2007 |
PunBB imgUpload extention |
Vendor Notified | Advisory Public |
| 16 |
June 2007 |
DotNetNuke Cross-Site Redirection |
Vendor Corrected | Advisory Public |
| 15 |
June 2007 |
ISPmgr local root |
Vendor Notified | Advisory Public |
| 14 |
June 2007 |
DotNetNuke 4.4.0. admin login bypass |
Vendor Corrected | Advisory Public |
| 13 |
May 2007 |
IDIS NVR format string DoS and code-exec |
Vendor Notified | Advisory Private |
| 12 |
December 2006 |
Citrix Session - Reliability OpenProxy |
Vendor Corrected | Advisory Public |
| 11 |
March 2007 |
Music700 router / VoIP remote command exec |
Vendor Notified | Advisory Public |
| 10 |
February 2007 |
eWire PHP component remote code execution |
Vendor Notified | Advisory Public |
| 9 |
January 2007 |
Steema SL "TeeCharts ActiveX" data proxy |
Vendor Notified | Advisory Public
(See Proof of Concept) |
| 8 |
September 2006 |
Citrix Unspecified Heap & Stack Vulns |
Vendor Corrected | Advisory Public |
| 7 |
May 2006 |
Lotus Notes Pre-login Information Leakage |
Vendor Corrected | Advisory Public |
| 6 |
April 2006 |
Lotus SameTime
Sandbox Escape |
Vendor Corrected | Advisory Public |
| 5 |
March 2006 |
Cisco VPN
Privilege Escalation |
Vendor Corrected | Advisory Public |
| 4 |
March 2006 |
Lotus Domino tunekrnl
priv esc via heap |
Vendor Corrected | Advisory Public |
| 3 |
March 2006 |
Lotus Domino tunekrnl
priv esc via stack |
Vendor Corrected | Advisory Public |
| 2 |
March 2006 |
Cryptomathic Primink_CSP ActiveX Exploit (research assistance to CIRT.DK) |
Vendor Corrected | Advisory Public |
| 1 |
October 2005 |
Paros Proxy Default "sa" password Remote Command Exec / Data Disclosure |
Vendor Corrected | Advisory Public |
