Security advisories I've published in the latest years.
VMTurbo Operations Remote Command Execution
VMTurbo Operations Manager appliance can be exploited by an unauthenticated attacker to execute unauthenticated arbitrary remote commands.
Moodle XSS and File Deletion exploiting a PHP object injection
Moodle CMS passes the unsanitized user-supplied input to the PHP unserialize() function and can be exploited to delete arbitrary files and to conduct reflected XSS attacks.
Joomla Core Reflected XSS Vulnerability
Joomla core suffers from reflected XSS vulnerability that can be exploited to steal cookies, session tokens, and other sensitive information in the context of the affected website.
Alice Gate CSRF Reconfiguration Security Bypass
The ADSL routers Telecom ADSL Alice Gate VoIP 2 Plus Wi-Fi and ADSL2+ Wi-Fi N suffer from a CSRF attack that can be exploited to manipulate internal configuration and e.g. replace DNS addresses, open the telnet service to the WAN side, change the traffic routing, reconfigure the VoIP, etc. leading to a complete takeover of the system and the LAN. This can also be exploited to enable hidden administrative features.
KusabaX Reflected XSS and CSRF Vulnerabilites
KusabaX suffers from reflected XSS vulnerability that can be exploited to steal cookies, session tokens, and other sensitive information in the context of the website embedding the vulnerable editor. This also suffers from CSRF vulnerability that can be exploited to execute arbitray SQL statements.
27-04-2011 | Advisory | Status: Fixed in 0.9.2
Fastweb XSS and Myfastpage Authentication Security Bypass
Fastweb website suffers from an XSS vulnerability that can be exploited to steal the authentication token. This can be exploited to access to the Fastweb account control panels bypassing the proper authentication and IP checks.
03-06-2010 | Advisory (ITA) | Status: Fixed