- McAfee ePO (4.6 & 5) – Multiple XSS and SQLi Vulnerabilities
- IBM WebSphere XSS
- Multiple Vulnerabilities in BMC SDE
- McAfee Vulnerability Manager (XSS) – (CVE-2014-1472)
- McAfee Vulnerability Manager (XSRF)
- McAfee Vulnerability Manager (Weak Authentication)
- WAF Bypass – Barracuda Web Application Firewall – Oct 2013
- Multiple Reflected XSS – CVE-2013-5222 – ESRI – ArcGIS for Server 10.1, 10.2 – Sep 2013
- Unrestricted File Upload – CVE-2013-5221 – ESRI – ArcGIS for Server 10.1, 10.2 – Sep 2013
- Cross Context Scripting (XCS) – about:history – Remote Code Execution – Maxthon – Dec 2012
- Cross Context Scripting (XCS) – RSS – Remote Code Execution – Maxthon – Dec 2012
- Privileged API Available On i.maxthon.com – Maxthon – Dec 2012
- Cross Context Scripting (XCS) – Bookmark Toolbar and Bookmark Sidebar – Maxthon – Dec 2012
- Incorrect Executable File Handling and Same Origin Policy Implementation – Maxthon – Dec 2012
- Same of Origin Policy Bypass – browser:home – Avant Browser – Dec 2012
- Cross Context Scripting – browser:home – Most Visited And History Tabs – Avant Browser – Dec 2012
- Avant Browser – Stored Cross Site Scripting – Feed Reader (browser://localhost/lst?*) – Avant Browser – Dec 2012
- CSRF – CVE 2012-0550 – Oracle GlassFish Server – Apr 2012
- Multiple Cross Site Scripting – CVE 2012-0551 – Oracle GlassFish Server – Apr 2012
- Use After Free – CVE 2011-4152 – Opera – Oct 2011
- DOM Cross Site Scripting – CVE 2011-2133 – Adobe RoboHelp 9 – Aug 2011
- ParanoidFragmentSink allows javascript: URLs in chrome documents (section 2.8) – CVE 2010-1585 – Mozilla Firefox / Thunderbird – Mar 2011
- Session Fixation – CVE 2010-4437 – Oracle WebLogic Server – Mar 2011
- Multiple Cross Site Scripting Vulnerabilities – CVE 2010-2406 – Oracle eBusiness Application – Oct 2010
- HTTP Response Splitting – CVE 2010-3514 – Oracle Sun Java System Web Server – Oct 2010
- SOP Bypass – CVE 2010-3573 – Oracle JRE java.net.URLConnection – Oct 2010
- XML Entity and XML Injections – CVE 2009-3960 – Multiple Adobe Products – Feb 2010
- Chrome Privilege Code Execution – Update Scanner – Aug 2009
- Chrome Privilege Code Execution – Coolpreviews – Aug 2009
- Stored Cross Site Scripting – CVE2008-4725 – Opera – Oct 2008
- Stored Cross Site Scripting – Google Analytics – Oct 2008
- Local File Disclosure – 2008-2045 – SugarCRM – Apr 2008
- Reflected Cross Site Scripting – DotNetNuke – Aug 2006