Yaniv Miron
Security Researcher.
lament [AT] ilhack [DOT] org
LinkedIn
@lament1337

Advisories


Only the public ones, usually the ones that were not sold.


2014

Samsung Galaxy S4 (and probably other Android devices) are being BIG BROTHER using the device camera
Samsung Galaxy S4 (and probably other Android devices) are being BIG BROTHER using the device camera


2013

Hidden


2012

Site In A Box (SIAB) v.3.1
FCSA #1206 (Local Copy)
http://www.fortconsult.net/sites/default/files/FCSA1206_SIAB31.pdf

Microsoft Outlook WebApp Open Redirection
FCSA #1205 (Local Copy)
http://www.fortconsult.net/sites/default/files/FCSA1205_MSOutlook.pdf

Secana Card Protector CSRF Vulnerabilities
FCSA #1202 (Local Copy)
http://www.fortconsult.net/sites/default/files/FCSA1202_Secana.pdf

GoAnywhere Director & GoAnywhere Services CSRF Vulnerabilities
FCSA #1201 (Local Copy)
http://www.fortconsult.net/sites/default/files/FCSA1201_GoAnywhere.pdf


2011

MS11-006 shimgvw.dll CreateSizedDIBSECTION Buffer Overflow Vulnerability
Was held as a 0-day for a long time before publication
http://www.microsoft.com/technet/security/bulletin/ms11-006.mspx
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=890
YML Advisory #0012


2010

agXchange ESM 'ucquerydetails.jsp' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38896
YML Advisory #0011

IBM Lotus Notes 'names.nsf' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38880
YML Advisory #0010

agXchange ESM 'ucschcancelproc.jsp' Open Redirection Vulnerability
http://www.securityfocus.com/bid/38879
YML Advisory #0009

IBM Lotus Notes 'names.nsf' Open Redirection Vulnerability
http://www.securityfocus.com/bid/38852
YML Advisory #0008

Friendly Technologies TR-069 ACS Login SQL Injection Vulnerability
http://www.securityfocus.com/bid/38634
http://www.exploit-db.com/exploits/11677
YML Advisory #0007

IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38612
YML Advisory #0006

Sparta Systems TrackWise EQMS Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/38483
YML Advisory #0005

MarketGate Package for Eshbel Priority ERP 'Referer' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38480
YML Advisory #0004

Oracle Siebel 'loyalty_enu/start.swe' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38456
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
YML Advisory #0003

ARISg 'wflogin.jsp' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38441
YML Advisory #0002


2009

Hidden


2008

Apache HTTP Server 403 Error Cross-Site Scripting Vulnerability /
Microsoft Internet Explorer UTF-7 HTTP Response Handling Weakness
http://www.securityfocus.com/bid/29112
YML Advisory #0001



Copyright © 2010 All Rights Reserved.