Security Research

Advisories

Bug Title View CVE Vendor/Software Date Released
Reflected Cross Site Scripting html CVE-2013-6956 Juniper - Junos Pulse Secure Access Service - SA700, SA2000, SA2500, SA4000, FIPS SA4000, SA4500, FIPS SA4500, SA6000, FIPS SA6000, SA6500, FIPS SA6500, MAG2600, MAG4610, MAG6610, and MAG6611 Apr 2014
Multiple vulnerabilities html CVE-2014-0844, CVE-2014-0845 and CVE-2014-0846 IBM Rational Doors Next Generation, Composer and Requirements Feb 2014
WAF Bypass html n/a Barracuda Web Application Firewall Oct 2013
Multiple Reflected XSS html, html CVE-2013-5222 ESRI - ArcGIS for Server 10.1, 10.2 Sep 2013
Unrestricted File Upload html CVE-2013-5221 ESRI - ArcGIS for Server 10.1, 10.2 Sep 2013
Cross Context Scripting (XCS) - about:history - Remote Code Execution html TBA Maxthon Dec 2012
Cross Context Scripting (XCS) - RSS - Remote Code Execution html TBA Maxthon Dec 2012
Privileged API Available On i.maxthon.com html TBA Maxthon Dec 2012
Cross Context Scripting (XCS) - Bookmark Toolbar and Bookmark Sidebar html TBA Maxthon Dec 2012
Incorrect Executable File Handling and Same Origin Policy Implementation html TBA Maxthon Dec 2012
Same of Origin Policy Bypass - browser:home html TBA Avant Browser Dec 2012
Cross Context Scripting - browser:home - Most Visited And History Tabs html TBA Avant Browser Dec 2012
Avant Browser - Stored Cross Site Scripting - Feed Reader (browser://localhost/lst?*) html TBA Avant Browser Dec 2012
CSRF html 2012-0550 Oracle GlassFish Server Apr 2012
Multiple Cross Site Scripting html 2012-0551 Oracle GlassFish Server Apr 2012
Use After Free html 2011-4152 Opera Oct 2011
DOM Cross Site Scripting html . pdf 2011-2133 Adobe RoboHelp 9 Aug 2011
ParanoidFragmentSink allows javascript: URLs in chrome documents pdf (section 2.8) 2010-1585 Mozilla Firefox / Thunderbird Mar 2011
Session Fixation html . pdf 2010-4437 Oracle WebLogic Server Mar 2011
Multiple Cross Site Scripting Vulnerabilities html . pdf 2010-2406 Oracle eBusiness Application Oct 2010
HTTP Response Splitting html . pdf 2010-3514 Oracle Sun Java System Web Server Oct 2010
SOP Bypass html . pdf 2010-3573 Oracle JRE java.net.URLConnection Oct 2010
XML Entity and XML Injections html . pdf 2009-3960 Multiple Adobe Products Feb 2010
Chrome Privilege Code Execution html . pdf Update Scanner Aug 2009
Chrome Privilege Code Execution html . pdf Coolpreviews Aug 2009
Stored Cross Site Scripting html . pdf 2008-4725 Opera Oct 2008
Stored Cross Site Scripting html . pdf Google Analytics Oct 2008
Local File Disclosure html . pdf 2008-2045 SugarCRM Apr 2008
Reflected Cross Site Scripting html DotNetNuke Aug 2006

Presentations

Presentation Download Conferences Date
Augmented Reality in your web proxy slideshare HackPra Allstars - OWASP App Sec EU 2013 (Hamburg) August 2013
Cross Context Scripting attacks and exploitation slideshare HackPra (Ruhr-Universit├Ąt Bochum) November 2012
Window Shopping: Browser Bug Hunting in 2012 pdf . slideshare Hack In the Box 2012 (Amsterdam) May 2012
Bridging The Gap: Security and software testing pdf . slideshare ANZTB Test Conference 2011 (Auckland) Mar 2010
Defending Against Application Level DoS Attacks pdf . slideshare OWASP New Zealand Day 2010 (Auckland) Jul 2010
Exploiting Firefox Extensions pdf . slideshare . video OWASP AppSec Asia & SecurityByte 2009 (Gurgaon, IN)

DEFCON 17 (Las Vegas, US)

EUSecWest 2009 (London, UK)
Nov 2009
Reversing JavaScript zip . slideshare OWASP New Zealand Chapter Mar 2009
None More Black: The Dark Side of SEO pdf . slideshare Ruxcon 2008 (Sydney, AU)

Kiwicon II (Wellington, NZ)
Oct 2008
Browser Security ppt . slideshare OWASP New Zealand Chapter Sep 2008
Black Energy 1.8 - Russian botnet package analysis ppt . slideshare Hack In The Bush (Internal Training) May 2008
Web Spam Techniques ppt . slideshare OWASP New Zealand Chapter Apr 2008
XPath Injection ppt . slideshare OWASP New Zealand Chapter Feb 2008
Ajax Security ppt . slideshare OWASP New Zealand Chapter Dec 2007

White Papers

White Paper Title Download Date
Leveraging XSRF with Apache "Compatibility with older browser" feature and Java Applet pdf Oct 2010
Cross Context Scripting with Firefox pdf Apr 2010
Exploiting Cross Context Scripting Vulnerabilities pdf Apr 2010

Minor tools

Tool Download Date
BurpCSJ extension for Burp Pro web proxy github Aug 2013
sed v0.2 - Search Engine De-optimisation page zip Nov 2008
specialK - simple web folder scanner written in Perl zip Jul 2008