Some of the bugs that I have found in products. Many are still non public whilst the vendor resolves them. Currently over 70 0day bugs reported in various vendor commercial and open source products.

HP StoreFabric B-Series Switch – CLI Privilege Escalation

Sophos Web Security Appliance – Directory Traversal

Sophos Web Security Appliance – Stored Cross-Site Scripting Vulnerability

Splunk Enterprise – Stored Cross-Site Scripting Vulnerability

X-Cart Store – Stored Cross-Site Scripting Vulnerability

Themify Maps Pro – Stored Cross-Site Script Vulnerability

Rapid 7 NeXpose <5.4.6 - Unquoted Service Path Binaries

SysAid Helpdesk 8.5.04 Blind SQL Injection

 Nagios XI Network Monitor OS Command Injection

Nagios XI Network Monitor Blind SQL Injection

Nagios XI Network Monitor Stored and Reflected XSS

Ipswitch Whatsup Gold 14.2-15 Directory Traversal

PRTG Network Monitor 9.2.0 - OS Command Injection