This are the public security advisories that I already found:
2016
- OLX Stored XSS
- Microsoft Office 365 Reflected File Download
- Flash XSS on typewrite_header.swf
- Adobe Reflected XSS
2015
- Google Finance Reflected File Download
- Bing Reflected File Download
- Wikiloc XXE vulnerability
- MailChimp Reflected File Download
- Multiple vulns on mTouch Quiz WordPress plugin
- Workable Reflected File Download
- DepositFiles ZeroClipboard.swf XSS
- Bytes That Rock voting manipulation
- Edmodo XSS and HTML Injection
- SendGrid Reflected File Download
- Events Made Easy WordPress Plugin CSRF + Persistent XSS
- Komento Joomla! component Persistent XSS
- Shopify opened to a RFD attack
- Acunetix got RFDed!
- OWASP ZAP XXE vulnerability
- Linkedin Reflected Filename Download
- DOM XSS in all Condé Nast sites network
- Google Reflected Filename Download
- ArubaNetworks Avatar Image XSPA
- Desk.com Reflected Filename Download
- Open Redirect and Reflected XSS on 123ContactForm
- DOM XSS on Nexmo Blog NXWP
- DOM XSS on Nexmo Blog
- Full Path Disclosure on Nexmo
- How I hacked a HP printer
- Reflected Filename Download on Google
- GitHub Username and Email Enumeration and RFD
- Instagram Reflected Filename Download
- Kaspersky Social Sharing WordPress Plugin RFD
- Trello Username Enumeration Vulnerability
- Facebook RFD: The final chapter
- Facebook RFD and Open File Upload
- Trello Reflected Filename Download
- Open Redirect in Yahoo Store
2014 to 2012
- phpList CSRF on subscription page
- My ad on your OLX favourites – CSRF style
- 3 Open Redirect on Google
- How it was possible to run a XSS worm on RunKeeper
- How a salesman could hack Prestashop
- Tumblr got DOM XSSed
- Gizmodo, Lifehacker, Gawker – reflected DOM XSS
- Mashable DOM XSS
- ESET and Symantec victims of vulnerable JW Player
- Vulnerable JW Player on two Yahoo sites
- Dowjones.com DOM XSS
- Prestashop persistent XSS and CSRF vulnerability
- Issuu DOM XSS
- Microsoft Pinpoint vulnerable to DOM XSS
- Jobs.cz XSS vulnerability
- IDG Now! vulnerable to reflected XSS
- phpMyAdmin XSS
- XSS on FCKeditor
- Alexa reflected DOM XSS
- McAfee DOM XSS
- DOM XSS vulnerabilities on Booking.com
- eBay XSS vulnerability
- Disable Blogger.com toolbar
- Kaspersky DOM XSS
- AVG vulnerable to DOM XSS
- Panda Security vulnerable to DOM XSS
- Google Orkut HTML limitations bypass
- PrestaShop <= 1.5.1 Persistent XSS
- Hootsuite labels XSS
2012 to 2003
- IXXO Cart Products “parent” SQL Injection Vulnerability
- Zoki Catalog “search_text” SQL Injection Vulnerability
- EasyRealtorPRO Multiple SQL Injection Vulnerabilities
- phpAdultSite CMS SQL Injection And Cross-Site Scripting
- SamTodo “tid” and “completed” Cross-Site Scripting Vulnerabilities
- ACG News Multiple SQL Injection Vulnerabilities
- Arcadem “loadpage” File Inclusion Vulnerability
- LineShout Two Script Insertion Vulnerabilities
- MidiCart ASP Item_Show.ASP Code_No Parameter SQL Injection Vulnerability
- Mall23 eCommerce “idOption_Dropdown_2” SQL Injection Vulnerability
- Comdev eCommerce Cross-Site Scripting Vulnerabilities
- MPM Guestbook Pro “header” File Inclusion Vulnerability
- SunShop Shopping Cart Cross-Site Scripting Vulnerability
- VoteBox “VoteBoxPath” File Inclusion Vulnerability
- MX Shop Index.PHP Multiple SQL Injection Vulnerabilities
- e107 “Login Name/Author” Script Insertion Vulnerability
- iG FREE Shopping Cart “type_id” Parameter Input Validation Error
- Online Store Kit SQL Injection and Cross Site Scripting Vulnerability
- phpWebSite SQL Injection Vulnerabilities
- JShop Server Cross Site Scripting Vulnerability
- Mambo “Itemid” Parameter Cross-Site Scripting Vulnerability
- Private Message System Cross-Site Scripting Vulnerability
- My Little Forum Cross-Site Scripting Vulnerabilities
1 comment