Link: SharpReader Atom Feed Script HTML Injection Vulnerability
Link: RSSReader RSS Feeds Atom Feed Multiple HTML Injection Vulnerabilities
Link: RSSOwl Atom Feed Script HTML Injection Vulnerability
Link: NewsGator FeedDemon Active Script Code-Execution Vulnerability
04/13/2005 IBM WebSphere Widespread configuration JSP disclosure
I found a widespread misconfiguration issue in WebSphere allowing for JSP sourcecode disclosure while at my previous
Link: IBM WebSphere Widespread configuration JSP disclosure
5/2003 Internet Information Services 5.0 Denial of service
I found a denial of service in IIS while at my previous employer.
Link: Internet Information Services 5.0 Denial of service
5/2003 Multiple Issues in Sun One Application Server
I found several issues in Sun One while at my previous employer.
Advisory Link: Multiple Vulnerabilities in Sun-One Application Server
4/10/02 Cgisecurity.com Advisory #9 I recently found two Cross Site Scripting holes while helping a friend with a pen test. One in Novell's Websearch product, and the other in Microsoft's IIS 4.0 and 5.0.
6/10/01 Cgisecurity.com Advisory #8
During the writup of my header manipulation paper I found a hole in w3perl stats software. I have decided not to writup a full advisory on it but instead link to the securityfocus mention of my findings. I originally sent out the semi advisory with the paper to show its possibilities.
6/10/01 Cgisecurity.com Advisory #7 We found that mailman a popular email archiving software is affected by a cross site scripting bug. This is a very popular software package and it is recommended to upgrade to version 2.0.8 to fix this problem.
Patch Information included in advisory
6/10/01 Cgisecurity.com Advisory #6
We found that thttpd and mini_httpd are affected by the same hole. This hole allows reading of htpasswd files and possibly other protected files if an attacker has the correct filename.
Patch information is included in the advisory.
6/10/01 Cgisecurity.com Advisory #5 We have found a hole in VirtualCatalog Manager that will allow a attacker to execute commands on a remote system. The vendor has been informed of this problem and upgrading should fix the problem.
(We originally posted this advisory and made a slight error in the product name which has been both corrected publicly but also within this site.)
3/09/01 Cgisecurity.com Advisory #4
The staff at cgisecurity.com have found a security issue in "The Free On-line Dictionary of Computing" which is used on quite a few sites. It allowed LIMITED command execution and allows remote file reading.
Note: Patch included from vendor. It will on the otherhand still allow reading of any file in the present dir which means that if you have any important files with passwords in this directory you have been warned.
This script needs to be able to read various file types and the vendor decided not to limit it to certain file types only. While this may normally be a good idea to incorporate this script lies within its own directory of "foldoc". This means only files within "Foldoc" could be read.
1/08/01 Cgisecurity.com Advisory #3
The staff at cgisecurity.com have found a security issue in bbs_forum.cgi. Every version we have tested allowed command execution and allowed remote file viewing. The vendor has told us that not every version is effected but a great majority are.
11/??/00 Cgisecurity.com Advisory #2
This advisory shows how dcforum.cgi can be used to read remote files otherwise not allowable by the world. There is also a serious side effect of this script which is contained inside.
10/??/00 Cgisecurity.com Advisory #1
This advisory shows how quikstore.cgi can be used to read remote files otherwise not allowable by the world.