Vulnerabilities

Here are some vulnerabilities I’ve found and responsibly disclosed:

2017

• Remote Code Execution in Mercurial via forcecommand wrapper abuse - CVE-2017-9462
• Request Hijacking Vulnerability In RubyGems
• Open Redirect in mozilla-django-oidc

2015

• Request Hijacking Vulnerability In RubyGems - CVE-2015-3900

2014

• Cisco ASA ASDM Privilege Escalation Vulnerability (cisco-sa-20140409-asa) - CVE-2014-2126

2013

• Persistent Denial of Service Vulnerability in Vino VNC Server - CVE-2013-5745

2012

• Multiple Vulnerabilities in Bitweaver - CVE-2012-5192 CVE-2012-5193

• Cross-Site Scripting Vulnerability in Support Incident Tracker - CVE-2012-4346

• Multiple Vulnerabilities in Dell Scrutinizer NetFlow & sFlow Analyzer - CVE-2012-2626 CVE-2012-2627 CVE-2012-3848 CVE-2012-3951

• Cross-Site Scripting Vulnerability in ZenCart - CVE-2012-2433

• Cross-Site Scripting Vulnerability in Support Incident Tracker - CVE-2012-2235

• Cross-Site Scripting Vulnerability in osCommerce - CVE-2012-1792

• Cross-Site Scripting Vulnerability in Movable Type - CVE-2012-1262

2011

• Multiple Vulnerabilities in WordPress - CVE-2011-4899 CVE-2012-0782 CVE-2011-4898

• Cross-Site Scripting Vulnerability in Textpattern - CVE-2011-5019