Public (16.05)

Some information about bugz I found...

Simple example:

(Yeah! Fresh one! ;) )

16.05.2016 - MS Excel 2010 DoS poc
26.12.2015 - LimeSurvey 2.06 - Multiple vulnerabilities
05.01.2015 - HikaShop LFI poc - Metasploit module
24.12.2014 - Few fast notes about Joomla plugins
19.05.2014 - MantisBT 1.2.12/1.2.13  CVE
03.03.2014 - SQL Injection in Welcart e-Commerce
03.03.2014 - Joomla 3.2.2 pre-auth Cross Site Scripting
01.03.2014 - MantisBT SQL Injection, CVE and more details here too
28.02.2014 - webERP 4.11.3 SQL Injection
28.02.2014 - OrangeHRM 3.1.1 Cross Site Scripting
28.02.2014 - doorGets 6.0 Cross Site Scripting
28.02.2014 - EPESI CRM 1.5.5 Cross Site Scripting
27.02.2014 - VideoWhisper Video Conference Cross Site Scripting
27.02.2014 - Open-School Community Edition 2.2 Cross Site Scripting
27.02.2014 - Moodle 2.6.1 Cross Site Scripting
27.02.2014 - PHP Calendar 2.0.1 XSS / Information Disclosure
27.02.2014 - X2Engine 3.7.3 Cross Site Scripting / Shell Upload / SQL Injection
27.02.2014 - PHP-CMDB 0.7.3 Cross Site Scripting / SQL Injection
27.02.2014 - GroupOffice 5.0.44 Cross Site Scripting
27.02.2014 -  WordPress Widget Control Powered By Everyblock Plugin 'admin.php' XSS
27.02.2014 -  WordPress Post to PDF Plugin 'options.php' Cross Site Scripting Vulnerability
27.02.2014 -  WordPress VideoWhisper Live Streaming Plugin Multiple XSS Vulnerabilities
27.02.2014 -  WordPress mp3-jplayer Plugin 'mp3-jplayer.php' Multiple XSS Vulnerabilities
27.02.2014 - WordPress FeedWeb Plugin "_wp_http_referer" Cross-Site Scripting Vulnerability
26.02.2014 - WordPress EasyMedia Gallery 1.2.29 Cross Site Scripting
26.02.2014 - WordPress Zedity 2.4.0 Cross Site Scripting
26.02.2014 - FeedWeb 2.4 Cross Site Scripting
26.02.2014 - WordPress Thanks You Counter Button 1.8.7 Cross Site Scripting
25.02.2014 - Zen Cart "goto" open redirection weakness(1)
25.02.2014 - Zen Cart E-Commerce 1.5.1 XSS / Open Redirect / Shell Upload(2)
25.02.2014 - TYPO3 6.1.7 - Multiple vulnerabilities(1)
25.02.2014 - TYPO3 6.1.7 XSS / Disclosure / Shell Upload (2)
24.02.2014 - CMSMadeSimple 1.11.10 Cross Site Scripting
22.02.2014 - Multiple vulnerabilities in ILIAS 4.4.1
22.02.2014 - XSS in ATutor 2.1.1

20.11.2013 - WikiMedia fixed bug in Bugzilla   
19.11.2013 - Microsoft Hall of Fame (updated 05.12.2013)
19.11.2013 - Linkedin Bugbounty

25.09.2013 - IPBoard 3.x patching   ( detailed also at OSVDB - thanks ;) )

12.08.2005 - SMF 2.0.5 Upgrade
20.08.2013 - Barracuda's Bug Bounty program

22.06.2013 - Wordpress Information Disclosure Bug - Thanks : ZaufanaTrzeciaStrona.pl

25.04.2013 - SMF 2.0.4 PHP injection
24.04.2013 - MyBB 1.6 SQL Injection

21.01.2013 - MantisBT 1.12.12-13 - Persistent XSS in match_type
08.01.2013 - GetSimple 3.1.2 - cookie security bypass
08.01.2013 - GetSimple 3.1.2 - code exec
07.01.2013 - GetSimple 3.1.2 remote code exec (5times)  

18.12.2012 - phpWebSite 1.7.3 patch

31.07.2012 - phpBB3 3.0.10 at PacketStorm
29.07.2012 - vBulletin 4.1.12 CVE-2012-3844 :)
29.07.2012 - e107 CVE-2012-3843
29.07.2012 - Quick.CMS 4.0 CVE-2012-3833


More updates on OSVDB page:
http://osvdb.org/creditees/7132-hauntit

05.05.2012 - vs News at PacketStorm Security
27.04.2012 - vs - Concrete5 "approveImmediately" XSS
11.03.2012 - vs - Wordpress 3.3.1 at PacketStormSecurity
29.01.2012 - vs - Joomla 1.7/2.5 (part1) (part2)
31.01.2012 - vs - PragmaMX 1.2.0

17.10.2011 -     phpMyAdmin / TYPO3advisory
27.09.2011 -     Enticore CMS Directory Traversal (logged only)
02.03.2011 -     bitweaver 2.8.1 Multiple Vulnerabilities   
23.02.2011 -     Clansphere 2010_3 Stored XSS Vulnerability  
22.02.2011 -     Dotproject 2.1.5 Multiple Vulnerabilities  
22.02.2011 -     SiteXCMS 080 build 522 Multiple Vulnerabilities  
22.02.2011 -     Bitweaver 2.8.1 Persistant XSS Vulnerability  
22.02.2011 -     Galilery 1.0 Local File Inclusion Vulnerability


Be cause work on my python src code scanner is still "in progress", there will be more...
...I think. ;)