co3k.org

The following is a list of vulnerabilities that are reported by me. (海老原の報告した脆弱性のリストです)

• CSRF vulnerability in Filn (Apr)

• CSRF vulnerability in YOURLS (Jul)
• XSS vulnerability in YOURLS default sample page (Jul)
• XSS vulnerability in OpenPNE3 (Aug)
• XSS vulnerability in OpenPNE2 (Aug)

• CSRF vulnerability in Openpear (IPA#38838163) (Feb)
• SQL Injection vulnerability in a SOHO site (IPA#99045153) (Jun)
• XSS vulnerability in ATND (Jul)
• Mixed content on SSL page in the website of Recruit, inc. (Jul)
• Two open-redirector vulnerabilities in a website of So-net Entertainment, inc. (Jul)
• Seven XSS vulnerabilities in a website of So-net Entertainment, inc. (Jul)
• Two CSRF vulnerabilities in a website of So-net Entertainment, inc. (Jul)
• Authentication bypass vulnerability in まちつく (by miss configuration) (Aug)
• XSS vulnerability in ECナビ (Sep)
• XSS vulnerability in ギフトランド (Sep)
• Bypass request header restriction of XMLHttpRequest (camouflage sensitive information) in PC site viewer browser in au by KDDI F001 (Nov) [blog] [webappsec.org]

• XSS vulnerability in WordPress cforms II Plugin (Feb) [Blog] [JVN#35256978] [Secunia] [BUGTRAQ]
• CSRF vulnerability in OpenPNE3 opCommunityTopicPlugin (Feb) [OPSA-2012-001]
• XSS vulnerability in Redmine (Mar) [JVN#93406632] [Secunia]
• XSS vulnerability in OSQA (Apr) [JVN#15503729]
• XSS vulnerability in ********** (not disclosed yet)
• XSS vulnerability in ********** (not disclosed yet)