Security advisories I've published in the latest years.
VMTurbo Operations Manager appliance can be exploited by an unauthenticated attacker to execute unauthenticated arbitrary remote commands.
25-07-2014 | CVE-2014-5073 | Original advisory | Advisory details | Metasploit Module | Status: Fixed in 4.6-28657
Moodle CMS passes the unsanitized user-supplied input to the PHP unserialize() function and can be exploited to delete arbitrary files and to conduct reflected XSS attacks.
16-09-2013 | CVE-2013-5674 | Advisory | Status: Fixed in 2.5.2
Joomla core suffers from reflected XSS vulnerability that can be exploited to steal cookies, session tokens, and other sensitive information in the context of the affected website.
04-09-2013 | CVE-2013-5583 | Advisory | Status: Fixed after version 3.1.5
The ADSL routers Telecom ADSL Alice Gate VoIP 2 Plus Wi-Fi and ADSL2+ Wi-Fi N suffer from a CSRF attack that can be exploited to manipulate internal configuration and e.g. replace DNS addresses, open the telnet service to the WAN side, change the traffic routing, reconfigure the VoIP, etc. leading to a complete takeover of the system and the LAN. This can also be exploited to enable hidden administrative features.
02-09-2012 | Main advisory (ITA) | Technical advisory (ITA) | Status: Mitigated in next versions.
KusabaX suffers from reflected XSS vulnerability that can be exploited to steal cookies, session tokens, and other sensitive information in the context of the website embedding the vulnerable editor. This also suffers from CSRF vulnerability that can be exploited to execute arbitray SQL statements.
27-04-2011 | Advisory | Status: Fixed in 0.9.2
Fastweb website suffers from an XSS vulnerability that can be exploited to steal the authentication token. This can be exploited to access to the Fastweb account control panels bypassing the proper authentication and IP checks.
03-06-2010 | Advisory (ITA) | Status: Fixed