Some of the bugs that I have found in products. Many are still non public whilst the vendor resolves them. Currently over 60 0day bugs reported in various vendor commercial and open source products.

Rapid 7 NeXpose <5.4.6 – Unquoted Service Path Binaries

SysAid Helpdesk 8.5.04 Blind SQL Injection

SysAid Helpdesk 8.5.04 Stored XSS

 Nagios XI Network Monitor OS Command Injection

Nagios XI Network Monitor Blind SQL Injection

Nagios XI Network Monitor Stored and Reflected XSS

Ipswitch Whatsup Gold 14.2-15 Directory Traversal

PRTG Network Monitor 9.2.0 – OS Command Injection

Moodle 2.2.1 – Stored XSS