Some of the bugs that I have found in products. Many are still non public whilst the vendor resolves them. Currently over 60 0day bugs reported in various vendor commercial and open source products.


Rapid 7 NeXpose <5.4.6 – Unquoted Service Path Binaries

https://community.rapid7.com/docs/DOC-2000


SysAid Helpdesk 8.5.04 Blind SQL Injection

http://www.securityfocus.com/archive/1/523950/30/0/threaded


SysAid Helpdesk 8.5.04 Stored XSS

http://www.securityfocus.com/archive/1/523946/30/0/threaded


 Nagios XI Network Monitor OS Command Injection

http://www.securityfocus.com/archive/1/523391


Nagios XI Network Monitor Blind SQL Injection

http://www.securityfocus.com/archive/1/523392


Nagios XI Network Monitor Stored and Reflected XSS

http://www.securityfocus.com/archive/1/523393


Ipswitch Whatsup Gold 14.2-15 Directory Traversal

http://www.securityfocus.com/bid/52745


PRTG Network Monitor 9.2.0 – OS Command Injection

http://www.paessler.com/prtg/prtg9history


Moodle 2.2.1 – Stored XSS

http://www.securityfocus.com/archive/1/523949/30/0/threaded