Reports and Acknowledgements

• Listed on Detectify

Vulnerabilities / Exploits

• MyMag WordPress theme Unrestricted File Upload
  • CXESECURITY 
• Multiple XSS Vulnerabilities in BoxBilling
  • Issue: BoxBilling#596
• Remote Code Execution in mversion (CVE-2020-7688)
  • Issue: mversion#56
• Regular Expression Denial of Service (ReDoS) in urlregex
  
  • Issue: urlregex#6
• Regular Expression Denial of Service (ReDoS) in url-regexp
  • Issue: url-regexp#8
• [metascraper-helpers] Denial of Service
  
  • Issue: metascraper#281
• Regular Expression Denial of Service (ReDoS) in RestQL
  • Issue: restql#105

Securing Open Source Code

• Fixed: Improper Access Control in Cezerin (CVE-2019-18608)
  • Original Pull Request 418sec#1
• Fixed: Remote Command Execution in strider-git
  • Original Pull Request strider-git#1
  • Merged Pull Request strider-git#39
• Fixed: Improper Access Control in Cezerin2
  • Original Pull Request Cezerin2#270
• Fixed: Remote Code Execution in mversion
  • Original Pull Request mversion#57
• Fixed: Remote Code Execution in Apache cordova-serve module
  • Original Pull Request cordova-serve#2