Bugs

Some of the bugs that I have found in products. Many are still non public whilst the vendor resolves them. Currently over 70 0day bugs reported in various vendor commercial and open source products.

HP StoreFabric B-Series Switch – CLI Privilege Escalation

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05236212

Sophos Web Security Appliance – Directory Traversal

http://wsa.sophos.com/swa_docs/ws1000/concepts/ReleaseNotes_4.0.4.html

Sophos Web Security Appliance – Stored Cross-Site Scripting Vulnerability

http://wsa.sophos.com/swa_docs/ws1000/concepts/ReleaseNotes_4.0.4.html

Splunk Enterprise – Stored Cross-Site Scripting Vulnerability

https://www.splunk.com/view/SP-CAAAN7C

X-Cart Store – Stored Cross-Site Scripting Vulnerability

http://kb.x-cart.com/display/XDD/5.1.11+-+24+Feb+2015

Themify Maps Pro – Stored Cross-Site Script Vulnerability

http://themify.me/changelogs/builder-maps-pro.txt

Rapid 7 NeXpose <5.4.6 - Unquoted Service Path Binaries

https://community.rapid7.com/docs/DOC-2000

SysAid Helpdesk 8.5.04 Blind SQL Injection

http://www.securityfocus.com/archive/1/523950/30/0/threaded

SysAid Helpdesk 8.5.04 Stored XSS

http://www.securityfocus.com/archive/1/523946/30/0/threaded

 Nagios XI Network Monitor OS Command Injection

http://www.securityfocus.com/archive/1/523391

Nagios XI Network Monitor Blind SQL Injection

http://www.securityfocus.com/archive/1/523392

Nagios XI Network Monitor Stored and Reflected XSS

http://www.securityfocus.com/archive/1/523393

Ipswitch Whatsup Gold 14.2-15 Directory Traversal

http://www.securityfocus.com/bid/52745

PRTG Network Monitor 9.2.0 - OS Command Injection

http://www.paessler.com/prtg/prtg9history

Moodle 2.2.1 - Stored XSS

http://www.securityfocus.com/archive/1/523949/30/0/threaded