I’ve discovered some XSS vulnerabilities in NetFlow Analyzer 7.
Link to Secunia SA.

I got Acknowledgment for Security Researcher fourth time this year … Great me!

Third time in a row …
http://technet.microsoft.com/en-us/security/cc308589.aspx

I’ve discovered new XSS vulnerabilities in PSCS VPOP3 Enterprise Email server, exactly on Web Mail interface. Vulnerability version is 2.6.0j. Vendor is informed but isn’t published fix for this vulnerabilities yet, so for solution use a proxy or IPS to filter malicious characters.
Secunia confirmed and published this vulnerability.

This years Pwn2Own uncover 4 new never seen before critical vulnerabilities affecting the IE8, Safari and FireFox.
More about this contest you can read at DVLabs Blog.

… and now I am very proud of myself because my name is the second time in a row appear on this page Security Researcher Acknowledgments for Microsoft Online Services. Hope to see you soon again!

I am very proud to inform you that I’m on Security Researcher Acknowledgments for Microsoft Online Services for January 2009.
I will continue my research in hope that i will be on this prestigious list again!

Me and Ivan Markovic found vulnerability in ESET’s NOD32 Remote Administrator Server. Vulnerability is reported in version 3.x  and potentially can be exploited to compromise a user’s system. For successful attack you need Administrator account at NOD32 RAS to create a malicious report. Administrators and Read-only users are both affected if open malicious report.
Secunia confirmed [...]

I found vulnerability in VPOP3 Email server which allows script insertion.
Vulnerability is discovered in the version 2.6.0h. Although the vendor release the patch (implemented some filters), vulnerability still exists in the new version 2.6.0i. Patch don’t completely fix the vulnerability.
Secunia confirmed vulnerability.

After MDaemon vulnerability, I decide to test Merak Mail Server … And the result is vulnerability alike MDaemon, but more difficulty.
Secunia reported this vulnerability and estimate as moderately critical. For me this vulnerability especially in WebMail Pro interface is highly critical.
Here is CVE ID: 2008-5734. Also at National Vulnerability Database (NVD).