Thomas Pollet

home

List of software security vulnerabilities I found which haven been publicly disclosed:

CVE-2014-0835 IBM QRADAR Multiple Vulnerabilities
CVE-2014-0836 IBM QRADAR Multiple Vulnerabilities
CVE-2014-0837 IBM QRADAR Multiple Vulnerabilities
PaloAlto Networks PAN-OS <= 5.0.8 XSS
CVE-2013-213: rrdtool format string vulnerability
Zenoss 4.2.1 Various bugs
CVE-2010-3865: Linux Kernel RDS Integer Overflow
10-2010: Linux Kernel "remap_file_pages" system call Integer Overflow - Overflow 2
CVE-2009-1265: Linux Kernel AF_ROSE Integer Overflow
02-2009: Microsoft Online Services
12-2008: Microsoft Online Services
CVE-2008-6832: Atlassian JIRA Cross Site Scripting
CVE-2008-6831: Atlassian JIRA HTML Injection
CVE-2008-4729: Hummingbird Exceed XWeb Activex Buffer Overflow
CVE-2008-3130: Opencart Script Insertion
CVE-2008-2064: phpGedView Script Insertion
CVE-2008-1988: EncapsGallery File Upload
CVE-2008-1987: EncapsGallery Cross-Site Scripting
CVE-2008-1965: Lotus Expeditor Uri Handler Command Execution
CVE-2008-1833: ClamAV Heap Overflow
CVE-2008-1722: CUPS PNG Filter Integer Overflow
CVE-2008-1469: Gallarific Multiple Vulnerabilities
CVE-2008-0516: SQLiteManager Remote File Inclusion
CVE-2007-4959: osCmax Cross-Site scripting
CVE-2007-2434: Aventail Connect Hostname Buffer Overfow
CVE-2006-4563: PHP-Nuke MyHeadlines Module "myh_op" Cross-Site Scripting
CVE-2006-4299: TikiWiki "highlight" Cross-Site Scripting
CVE-2006-0886: DEV web management system Cross-Site Scripting and Script Insertion
CVE-2006-0933: PHPX "url" XCode Script Insertion
CVE-2006-0934: WEBInsta Limbo Contact Form Script Insertion
CVE-2006-0842: @Mail Webmail Image Tag Script Insertion
CVE-2006-0796: Clever Copy Private Message "Subject" Script Insertion
CVE-2006-0682: e107 script insertion
CVE-2006-0499: phpBB Rlink Module "url" Cross-Site Scripting
CVE-2006-0091: Open-Xchange Webmail HTML Attachment Script Insertion
Papoo Username Script Insertion Vulnerability
Exponent Cms script insertion

Links to entries in various vulnerability databases:

OSVDB
Packetstorm
Secunia
Linux kernel git

Blog : thomas pollet

Comments