2012
Synology : Simple user can download all syno fs | Soon |
Synology : DOS on syno via a crafted url | Soon |
Synology : Anonymous users can get files on syno | Soon |
Owncloud : Code execution | Securityfocus |
Owncloud : Authentication bypass | Securityfocus |
Owncloud : Cross-Site Scripting Vulnerabilities | Securityfocus |
openupload : Cross-Site Scripting and Arbitrary Code Execution Vulnerabilities | Securityfocus |
2010
Hastymail Webmail: XSS in E-mail | Not publish |
Artica : File open, SQL Injection, XSS | Secunia |
Ajaxplorer : Code exe, Open local file, Cross Site scripting | SecurityFocus |
Syncrify (Reset admin password / open local directory in anonymous / Open local file) | SecurityFocus |
2009
Roundcube : Email body javascript insertion | SecurityFocus |
TrendMicro : Elevate privileges | SecurityFocus |
Atmail :Email body script insertion vulnerability | Secunia |
Zarafa : DOS, get session | Not published |
Centreon : Anonymous remote code exec | SecurityFocus |
2008
XSS + SQL Injection + System injection on Olfeo < 4.0 (filtering solution) | Not published |
Centreon : ‘color_picker.php’ Multiple Cross-Site Scripting Vulnerabilities | SecurityFocus |
Centreon : ‘get_image.php’ Local File Include Vulnerability | SecurityFocus |
Centreon : Include Vulnerability | SecurityFocus |
SAN RAIDSONIC : Javascript Injection in FTP logs | SecurityFocus |
SAN RAIDSONIC : ByPass Authentification | SecurityFocus |
SPIP : Blind SQL Injection | SecurityFocus |
2007
Présentation de revhosts au SSTIC | |
MoinMoin : Index.PHP Cross-Site Scripting Vulnerability | SecurityFocus |
SNMPC : Username/Password Remote Denial of Service Vulnerability | SecurityFocus |
2006
Cerberus Helpdesk : Spellwin.PHP Cross-Site Scripting Vulnerability | SecurityFocus |