Publicly Disclosed Advisories:
Advisory #MSA110615-3: Concrete5 <= 5.7.3.1 SQL Injection
Advisory #MSA110615-2: Concrete5 <= 5.7.3.1 Multiple Reflected Cross Site Scripting
Advisory #MSA110615-1: Concrete5 <= 5.7.3.1 Sendmail Remote Code Execution
Advisory: Chrome cross window & cross domain object access (more information on Bounty Winner)
Advisory: SAP vulnerability id 1548548 (for SAP customers only)
Advisory: Java Applet Same IP Host Access
Advisory: DNS Rebinding on Java Applets
Advisory: Http Request Splitting and Header Abuse with Java AddRequestProperty
Advisory: Java-JNLP-Applet User Assisted Arbitrary Code Execution
Advisory: Get Internal Network Information with Java Applets
Advisory #MSA260209: New Atlanta Servlet Exec Multiple Security Issues.
Advisory #MSA100410: CA Oneview Monitor "DoSave.jsp" path manipulation.
Advisory #MSA130510: JForum <= 2.08 is vulnerable to Stored Cross Site Scripting in BBCode.
Advisory #MSA261009: Liferay Calendar "exportFileName" path manipulation
Advisory #MSA251009: Liferay Json Service Multiple Information Leakage
Advisory #MSA030409: JMX Console Authentication Bypass via Verb Tampering
Advisory #MSA210509: Yahoo! Classic Mail Client side HPP Vulnerability
Advisory #MSA01111108: Opera Xss leads to command execution.
Advisory #MSA080801: Apache Tomcat access and execution of arbitrary file.
Advisory #MSA02240108: Microsoft Internet Explorer allows overwriting of several headers leading to Http request Splitting and smuggling.
Advisory #MSA01240108: Microsoft Internet Explorer "Transfer-Encoding: chunked" allows Request Splitting/Smuggling.
Advisory #MSA01150108: Apache mod_negotiation Xss and Http Response Splitting.
Advisory: MSXML Header Request Vulnerability (CVE-2008-4033).
Advisory: Plain Old Webserver Directory Traversal Vulnerability.
Advisory #MSA01110707: Flash Player/Plugin Video file parsing Remote Code Execution
IE and Firefox Digest Authentication Request Splitting (04/2007)
Advisory: Php import_req_var globals overwrite Advisory (03/2007)
Acrobat Reader Plugin Multiple Vulnerabilities (01/2007)
MySQL Server COM_TABLE_DUMP Information Leakage and Arbitrary command execution.(04/2006)
MySQL Server Anonymous Login Handshake Information Leakage. (04/2006)
MySQL Server CREATE FUNCTION libc arbitrary code execution (03/2005)
MySQL Server CREATE FUNCTION mysql.func table arbitrary library injection (03/2005)
MySQL Server insecure temporary File Creation (03/2005)
Php RFC1867 Arbitrary File Upload (10/2004)
Php shmop safemode bypass and write to arbitrary locations (10/2004)