A listing of the security vulnerabilities I have identified in the past. My more recent advisories usually remain undisclosed to the public or are released by other companies such as the ZDI. Since 2010 I have discovered security vulnerabilities in products from Adobe, Cisco, Oracle, Foxit, Sun, HP, Novell, Symantec, Trend Micro, McAfee and Microsoft.

Novell ZENworks umaninv Information Disclosure Vulnerability2013-11-24 Apache 2.2.14 mod_isapi Dangling Pointer Vulnerability2010-03-06 TheGreenBow VPN Client Local Stack Overflow Vulnerability2010-03-06 SafeNet SoftRemote Local Buffer Overflow Vulnerability2010-03-06 Quiksoft EasyMail 6 (AddAttachment) Remote Buffer Overflow Exploit2009-09-17 FreeSSHd 1.2.1 (rename) Remote Buffer Overflow Exploit2009-03-26 Linksys Wireless ADSL Router (WAG54G V.2) httpd DoS Exploit2008-12-21 CoolPlayer 2.19 (Skin File) Local Buffer Overflow Exploit2008-12-21 FreeSSHd Multiple Remote Stack Overflow Vulnerabilities2008-12-21 W3C Amaya Browser (URL Bar) Remote Stack Overflow Vulnerability2008-11-24 W3C Amaya Browser (id) Remote Stack Overflow Vulnerability2008-11-24 PDFView (OpenPDF) ActiveX Heap Overflow Vulnerability2008-11-15 GoodTech SSH Remote Buffer Overflow Exploit2008-10-23 IntelliTamper 2.07 (imgsrc) Remote Buffer Overflow Exploit2008-08-03 IntelliTamper 2.07 (html parser) Remote Buffer Overflow Exploit (c)2008-07-24 FreeSSHd (rename) Remote Buffer Overflow Exploit2008-07-12 Document Imaging SDK 10.95 ActiveX Buffer Overflow Vulnerability2008-06-30 PHP 5.2.3 imagepsloadfont Buffer Overflow Vulnerability2007-07-26 W3Filer <= 2.1.3 Remote Stack Overflow Vulnerability2007-06-29 VicFTPs Server < 5.0 CWD Remote Buffer Overflow Vulnerability2007-02-12 XNews <= 1.0.1 Remote File Disclosure Vulnerability2007-01-28 Vote-Pro <= 4.0 Remote Code Injection Vulnerability2007-01-23 Peak CMS <= 6.02 Admin Authentication Bypass (advisory private)2007-01-05 TorrentFlux <= 2.2 Remote Command Execution Vulnerability2006-12-09 TorrentFlux-b4rt "path" File Disclosure Vulnerability2006-12-09 TorrentFlux <= 2.2 Database Credentials Exposure Vulnerability2006-12-09 ThinkEdit <= 1.9.2 Remote File Include Vulnerability2006-12-08 QuickCart <= 2.0 Multiple Vulnerabilities2006-12-03 TorrentFlux <= 2.1 (Arbitrary File Creation/Overwrite/Deletion & Command Execution Vulnerablities)2006-11-15 TorrentFlux-b4rt <= 2.1 (Arbitrary File Creation/Overwrite/Deletion & Command Execution Vulnerablities)2006-11-15 ContentNow 1.30 (Local/Upload/Delete) Multiple Remote Vulnerabilities2006-11-13 Extreme CMS Multiple Vulnerabilities2006-10-24 CMS Faethon <= 2.0 (mainpath) Remote File Include Vulnerabiltiy2006-10-24 PHPRecipeBook 2.36 (g_rb_basedir) Remote File Include Vulnerability2006-10-17 phpBurningPortal <= 1.0.1 (lang_path) Remote File Include Exploit2006-10-16 Redaction System 1.0 (lang_prefix) Remote File Include Vulnerabilities2006-10-13 DeluxeBB (templatefolder) File Inclusion Vulnerability2006-10-02 Simplog Multiple SQL Injection Vulnerabilities2005-09-21 b2evolution (title) SQL Injection Vulnerability2005-01-06 PHP-Fusion SQL Injection (index.php)2004-12-12 PHP-Fusion SQL Injection and Script Insertion Vulnerabilities2004-09-30