Publicly Disclosed Advisories:

Advisory #MSA110615-3: Concrete5 <= SQL Injection

Advisory #MSA110615-2: Concrete5 <= Multiple Reflected Cross Site Scripting

Advisory #MSA110615-1: Concrete5 <= Sendmail Remote Code Execution

Advisory: Chrome cross window & cross domain object access (more information on Bounty Winner)

Advisory: SAP vulnerability id 1548548 (for SAP customers only)

Advisory: Java Applet Same IP Host Access

Advisory: DNS Rebinding on Java Applets

Advisory: Http Request Splitting and Header Abuse with Java AddRequestProperty

Advisory: Java-JNLP-Applet User Assisted Arbitrary Code Execution

Advisory: Get Internal Network Information with Java Applets

Advisory #MSA260209: New Atlanta Servlet Exec Multiple Security Issues.

Advisory #MSA100410: CA Oneview Monitor "DoSave.jsp" path manipulation.

Advisory #MSA130510: JForum <= 2.08 is vulnerable to Stored Cross Site Scripting in BBCode.

Advisory #MSA261009: Liferay Calendar "exportFileName" path manipulation

Advisory #MSA251009: Liferay Json Service Multiple Information Leakage

Advisory #MSA030409: JMX Console Authentication Bypass via Verb Tampering

Advisory #MSA210509: Yahoo! Classic Mail Client side HPP Vulnerability

Advisory #MSA01111108: Opera Xss leads to command execution.

Advisory #MSA080801: Apache Tomcat access and execution of arbitrary file.

Advisory #MSA02240108: Microsoft Internet Explorer allows overwriting of several headers leading to Http request Splitting and smuggling.

Advisory #MSA01240108: Microsoft Internet Explorer "Transfer-Encoding: chunked" allows Request Splitting/Smuggling.

Advisory #MSA01150108: Apache mod_negotiation Xss and Http Response Splitting.

Advisory: MSXML Header Request Vulnerability (CVE-2008-4033).

Advisory: Plain Old Webserver Directory Traversal Vulnerability.

Advisory #MSA01110707: Flash Player/Plugin Video file parsing Remote Code Execution

IE and Firefox Digest Authentication Request Splitting (04/2007)

Advisory: Php import_req_var globals overwrite Advisory (03/2007)

Acrobat Reader Plugin Multiple Vulnerabilities (01/2007)

MySQL Server COM_TABLE_DUMP Information Leakage and Arbitrary command execution.(04/2006)

MySQL Server Anonymous Login Handshake Information Leakage. (04/2006)

MySQL Server CREATE FUNCTION libc arbitrary code execution (03/2005)

MySQL Server CREATE FUNCTION mysql.func table arbitrary library injection (03/2005)

MySQL Server insecure temporary File Creation (03/2005)

Php RFC1867 Arbitrary File Upload (10/2004)

Php shmop safemode bypass and write to arbitrary locations (10/2004)