My documents

Stuff I published, worked at or helped at. Many of these documents have been published in various message boards, blogs, twitter posts, mailing lists, Joomla security alert sites and communities. Anyway, I try to point out some important links.

Security

The (in)security of Omegle – What Omegle users should know, also published on packetstormsecurity.org, Exploit DB and on Docstoc.
Lokalisten: identity problems – “Hyjacking” other profiles (is) was so much fun!, something similar happened by the way also to Facebook.
The anatomy of an online banking fraud, or: Harvesting bank account data.
leaftec cms multiple vulnerabilities, also published on inj3ct0r, Exploit DB, hack0wn, expbase, secunia, swxz88, bbs.honkwin, 7747, bug-blog.de, cnet.com, sans.org, cwo1f hi.baidu.com, secuobs, osvdb.org, sebug.net, securityhome.eu, Juniper(2) and packetstormsecurity.org.
Devana SQL Injection vulnerability, also published on inj3kt0r, hack0wn, Exploit DB, expbase, bbs.honkwin, ariko-security, sebug.net, osvdb.org, Juniper and packetstormsecurity.org.
onepound shop / cms XSS and SQL Injection vulnerabilities, also published on Exploit DB, inj3kt0r, bbs.honkwin, hack0wn, Juniper and packetstormsecurity.org.
Facebook – Having fun with the search box (XSS), also published on inj3kt0r, bbs.honkwin and hack0wn.
Joomla component jp_jobs SQL Injection vulnerability, also published on hack0wn, Exploit DB, bbs.syue, siomalabs, expbase, hi.baidu.com, packetstormsecurity.org, cnet.com, Security Database, secunia, cwo1f, SecurityReason, 0daynet.com, launchpad.net, cve.mitre.org, hxcode.com, xforce.iss.net, SecurityFocus, National Vulnerability Database, osvdb.org, Juniper and inj3kt0r. I worked together with Kim from joomlanetprojects.com in order to fix the vulnerability, he mentions this here, here and in the changelog of the component.
ShopSystem SQL Injection vulnerability, also published on inj3kt0r, Exploit DB, expbase, packetstormsecurity.org, cnet.com, secunia, bug-blog.de, osvdb.org, securelist.com (Kaspersky), SecurityFocus, Juniper and hack0wn.
OnePC mySite Management Software SQL Injection Vulnerability, also published on inj3ct0r, Exploit DB, ExpBase, cwo1f, packetstormsecurity.org and hack0wn.
Joomla Component Multi-Venue Restaurant Menu Manager SQL Injection Vulnerability, also published on Exploit DB, hack0wn, cwo1f, SecurityReason, secunia, ExpBase, Security Database, Sioma Labs, osvdb.org, SecurityFocus, sebug.net, bug-blog.de, governmentsecurity.org, yesmybi.cn, securelist.com (Kaspersky), packetstormsecurity.org, Juniper and inj3ct0r.
Joomla Component QPersonel SQL Injection Vulnerability, also published on hack0wn, SecurityReason, Exploit DB, cwo1f, ExpBase, packetstormsecurity.org, sebug.net, osvdb.org, yesmybi.cn, secunia, SecurityFocus, Security Database, xforce.iss.net, Juniper and inj3kt0r.
Joomla Component com_pandafminigames SQL Injection Vulnerabilities, also published on siomalabs, inj3kt0r, Exploit DB, ExpBase, cw01f, packetstormsecurity.org, Juniper and hack0wn.
Joomla Component com_joltcard SQL Injection Vulnerability, also published on hack0wn, ExpBase, inj3kt0r, Exploit DB, osvdb.org, sebug.net, SecurityReason, secunia, Juniper and packetstormsecurity.org.
dl_stats Multiple Vulnerabilities, also published on cwo1f.com, inj3kt0r, secunia, bug-blog.de, hack0wn, packetstormsecurity.org, osvdb.org, National Vulnerability Database, Vupen, cnet.com, SecurityReason, sans.org, SecurityFocus, xforce.iss.net, Juniper and Exploit DB.
phpGreetCards XSS Vulnerabilities, not published really since I discovered afterwards that someone else has reported this vulnerability before. Anyway, some sites published it: cwo1f, Exploit DB, sebug.net, inj3kt0r, 0daynet.com, hack0wn, ExpBase, SecurityReason, SecurityFocus and packetstormsecurity.org.
FlashCard XSS Vulnerbility, also published on SecurityReason, inj3kt0r, bug-blog.de, hack0wn, SecurityFocus, osvdb.org, secunia, Juniper and packetstormsecurity.org.
Guestbook PHP XSS Vulnerability, also published on Exploit DB, bug-blog.de, inj3kt0r, 0daynet.com, secunia, ExpBase, cwo1f, SecurityFocus, osvdb.org, packetstormsecurity.org, sans.org, Juniper and siomalabs.
Auto-Img-Gallery XSS Vulnerability, also published on hack0wn, cnet.com, SecurityFocus, packetstormsecurity.org, xforce.iss.net, osvdb.org, Security Database, SecurityReason, Juniper and secunia.
Sethi Family Guestbook XSS Vulnerabilities, also published on inj3kt0r, Exploit DB, osvdb.org, ExpBase, packetstormsecurity.org, secunia, SecurityFocus, cnet.com, Juniper and SecurityReason.
chCounter indirect SQL Injection and XSS Vulnerabilities, also published on Exploit DB, packetstormsecurity.org, ExpBase, cwo1f, hack0wn, SecurityReason, xforce.iss.net, entwickler.de, secunia, SecurityFocus, Juniper and inj3kt0r.
Rad User Manager XSS Vulnerabilities, also published on inj3kt0r, packetstormsecurity.org and hack0wn.
Joomla Component Card View JX XSS Vulnerabilities, also published on Exploit DB, cwo1f, ExpBase, hack0wn, packetstormsecurity.org, secunia, VUPEN and inj3kt0r.
Joomla Component Table JX XSS Vulnerabilities, also published on cwo1f, inj3kt0r, 0daynet.com, packetstormsecurity.org, osvdb.org, bug-blog.de, Vupen, SecurityFocus cve.mitre.org, National Vulnerability Database, xforce.iss.net, secunia and Exploit DB.
damianov.net Shoutbox XSS Vulnerability, also published on hack0wn, ExpBase, SecurityReason, packetstormsecurity.org and Exploit DB.
Joomla Component JE Ajax Event Calendar Local File Inclusion Vulnerability, also published on inj3kt0r, packetstormsecurity.org, hack0wn, secunia, Juniper, SecurityFocus, National Vulnerability Database, xforce.iss.net, cve.mitre.org, Security Database and Exploit DB.
Joomla Component JE Job Local File Inclusion Vulnerability, also published on inj3kt0r, packetstormsecurity.org, hack0wn, secunia, Juniper, SecurityFocus, securelist.com (Kaspersky), forum.joomla.it, bugsearch.net and Exploit DB.
Joomla Component ActiveHelper LiveHelp XSS Vulnerabilities, also published on packetstormsecurity.org, cnet.com, sebug.net, SecurityReason, hack0wn, inj3kt0r, osvdb.org, National Vulnerability Database, Security Database, SecurityFocus, cve.mitre.org, Juniper and secunia.
Joomla Component My Car Multiple Vulnerabilities, also published on Exploit DB, packetstormsecurity.org, hack0wn, ExpBase, secunia, SecurityFocus, SecurityReason, osvdb.org, Vupen, National Vulnerability Database, xforce.iss.net(2), Juniper and inj3kt0r.
Joomla Component Reservations XSS Vulnerability, also published on Exploit DB, packetstormsecurity.org, hack0wn, SecurityFocus, SecurityReason, Juniper and inj3kt0r.
Joomla Component BF Quiz SQL Injection Vulnerability, also published on Exploit DB, ExpBase, secunia, SecurityFocus, SecurityReason, packetstormsecurity.org, 0daynet.com, osvdb.org, VUPEN, Juniper and inj3kt0r.
Dijitals CMS XSS Vulnerabilities, also published on hack0wn, bug-blog.de, bugsearch.net, osvdb.org(2), SecurityFocus, packetstormsecurity.org, SecurityReason, net-security.org, securelist.com (Kaspersky), VUPEN, Juniper and Secunia.
Lyrics Script SQL Injection and Cross-Site Scripting Vulnerabilities, also posted on inj3kt0r, hack0wn, packetstormsecurity.org, secunia; VUPEN and Exploit DB.
E-Book Store SQL Injection Vulnerability, also published on Inj3kt0r, hack0wn, 0daynet.com, packetstormsecurity.org, secunia, securelist.com (Kaspersky), bug-blog.de, sans.org, ExpBase, Juniper, osvdb.org, SecurityReason, theglider.org, VUPEN, net-security.org, Hacking Expose, SecurityFocus and Exploit DB.
Joke Website Script SQL Injection and Cross-Site Scripting Vulnerabilities, also published on Inj3kt0r, hack0wn, packetstormsecurity.org, secunia, osvdb.org(2), bug-blog.de, SecurityReason, VUPEN, SecurityFocus, Juniper, lists.virus.org, bugsearch.net, 0daynet.com and Exploit DB.
Daily Inspirational Quotes Script SQL Injection Vulnerability, also published on Inj3kt0r, hack0wn, secunia, packetstormsecurity.org, SecurityFocus, osvdb.org, Juniper, ExpBase, SecurityReason, bugsearch.net, xforce.iss.net, VUPEN and Exploit DB.
Membership Site Script SQL Injection Vulnerability, also published on Inj3kt0r, hack0wn, secunia, packetstormsecurity.org, SecurityReason, ExpBase, bugsearch.net, xforce.iss.net, VUPEN, SecurityFocus, osvdb.org, securelist.com (Kaspersky), Juniper and Exploit DB.
Joomla Component com_golfcourseguide SQL Injection Vulnerability, also published on Exploit DB, packetstormsecurity.org, SecurityReason, ExpBase, netcopsecurity.com, worksnet.net, xforce.iss.net, SecurityFocus, cve.mitre.org, National Vulnerability Database, securityhome.eu, osvdb.org and inj3kt0r.
GaleriaSHQIP SQL Injection Vulnerability, also published on Exploit-DB, ExpBase, bugsearch.net, worksnet.net, SecurityReason, secunia, packetstormsecurity.org, osvdb.org, National Vulnerability Database, xforce.iss.net, SecurityFocus, Security Database and inj3kt0r.

Misc

Xen Overview Slides by Xen.org: Stephen Spector, Xen Community Manager and ofc working at Citrix, created a Xen presentation which got translated by the Xen community. You can view the original file here and the German version (translated by me in Jan 2010) here. My German translation was published in this Xen.org blog entry.
Xen.org Overview Brochure by Xen.org: Stephen Spector created this document. You can view the original file here and the German version (translated by me in Jan 2010) here. My German translation was published in this Xen.org blog entry.
Xen.org Official Mascot: Not really a document and not made by me, but still I want to mention it here.

Ascii for Breakfast

My documents

Ascii for Breakfast

Recent Posts

Active projects

Blogroll

Archives

Tag cloud

Packet Storm Security Last 20

Exploit-DB updates

blog.xen.org