Vulnerabilities and CVE

A non exaustive list of public vulnerabilities and CVEs that I have found. Bug bounties and vulnerabilities released through vulnerability affiliation programs are also listed here.

---

• Aethra – Multiple Vulnerabilities
• AngularJS – (Angular-CLI) Authentication Bypass
• Avactis – Multiple Vulnerabilities
• Cloud at Cost Filex File Uploader – Multiple Vulnerabilities (undisclosed)
• Cloudrino – Multiple Vulnerabilities (undisclosed)
  
• DJI Phantom 3 – Multiple Vulnerabilities
• eBay – HTTP Response Splitting & CSRF & Host Header Injection
• Facebook Spider – Link Preview Generation (undisclosed)
• Fastweb (Aethra Modem/Router) – Multiple Vulnerabilities
• Flickr – Host Header Injection
• Ghost CMS (CVE-2015-1407) – Multiple Vulnerabilities
• Google – Open Redirect (undisclosed – won’t fix)
• HP HPE OpenCall Media Platform (OCMP) (CVE-2017-5799 – CVE-2017-5798) – RCE & XSS
• LinkedIn – CSV Excel Formula Injection
• McAfee ePolicy Orchestrator (ePO) Agent Remote Log – (awaiting disclosure)
• McDonald – Multiple Vulnerabilities
• Minds.com – Multiple Vulnerabilities
• Mura CMS – Multiple Vulnerabilities
• Oracle JD Edwards EnterpriseOne – (awaiting disclosure)
• Oscommerce – (awaiting disclosure)
• PayPal – Android Mobile APP & API (undisclosed)
• Phorum CMS – Multiple Vulnerabilities
• VirIT Explorer – Local Privilege Escalation
• Western Union – Host Header Injection
• Yahoo Messenger – Multiple Vulnerabilities
• ZyXel – (awaiting disclosure)