Security Advisories

On this page you can find a list of security advisories that I have released. IT IS NOT A COMPLETE LIST. For several reasons, I can’t publish all of my research. You can find some of my other public research on the web. If you have any enquiries, please email me.

Zen Cart 1.3.9h Local File Inclusion Vulnerability
Uploaded on November 03, 2010
Zen Cart truly is the art of e-commerce; free, user-friendly, open source shopping cart software. The ecommerce web site design program is being developed by a group of like-minded shop owners, programmers, designers, and consultants that think ecommerce web design could be and should be done differently.
 
Squirrelcart PRO 3.0.0 Blind SQL Injection Vulnerability
Uploaded on October 21, 2010
Squirrelcart PRO is a commercial and used PHP/MySQL e-commerce system. I tested only the demo versions. Other versions could be vulnerable. I obtained the demo's version value from the staff.
 
Family Connections 2.2.3 Multiple Remote Vulnerabilities
Uploaded on October 05, 2010
Based on one of the world's leading structure and content management systems - WebSiteAdmin, WSCreator (WS standing for WebSite) is powerful application for handling multiple websites.
 
RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability
Uploaded on July 13, 2010
RedShop is a popular and commercial Joomla component. It is a Content Creation Kit style of webshop / webshop tool where you got the most access ever given to any user to completely style around and change thier webshop, without alot more knowledge then HTML and a bit of CSS.
 
iScripts SocialWare 2.2.x Multiple Remote Vulnerability
Uploaded on March 07, 2010
iScripts SocialWare is an award-winning, easy to use social networking software that enables you to create your own social network like MySpace, Orkut, Friendster, Linkedin, Facebook, Hi5, etc.
 
iScripts MultiCart 2.2 Multiple SQL Injection Vulnerability
Uploaded on March 07, 2010
iScripts MultiCart 2.2 is a unique online shopping cart solution that enables you to have one storefront and multiple vendors for physical or digital (downloadable) products.
 
iScripts SocialWare 2.2.x Arbitrary File Upload Vulnerability - PoC
Uploaded on February 07, 2010
iScripts SocialWare is an award-winning, easy to use social networking software that enables you to create your own social network like MySpace, Orkut, Friendster, Linkedin, Facebook, Hi5, etc.
 
iScripts CyberMatch 1.0 Blind SQL Injection Vulnerability
Uploaded on February 07, 2010
iScripts CyberMatch is a turnkey online dating software for you to start a full-fledged dating site like match.com or eHarmony in minutes. iScripts CyberMatch can be used to create your own Dating, Personals or match making Site, Adult or Matrimonial Site.
 
iScripts EasySnaps 2.0 Multiple SQL Injection Vulnerabilities
Uploaded on January 07, 2010
EasySnaps is a commercial powerful image hosting site that will help you in hosting your images besides providing a large number of utilities.
 
iScripts ReserveLogic 1.0 SQL Injection Vulnerability
Uploaded on January 07, 2010
iScripts ReserveLogic allows independent hotel/motels, B&B, time-shares, campgrounds, tour companies, etc., to take their business truly online with online reservation and customer management.