Computer Security

• [Research] Sept. 6, 2005: Discovered XSS (Cross Site Scripting) in main.php of the project phpMyAdmin. Vulnerable versions <= 2.6.4 rc1. See advisory.
  
  
• [Research] Aug. 20, 2006: Published detailed info, PoC and exploit for the off-by-one in mod_rewrite of Apache. Reported to bugtraq. More info about this vulnerability here.
  Research referenced in "Multi-Variant Program Execution: Using Multi-Core Systems to Defuse Buffer-Overflow Vulnerabilities". B. Salamat et al. Proceedings of the International Conference on Complex, Intelligent and Software Intensive Systems (CISIS'08), Pages 843-848, March 2008
  
  
• [Article] Jan. 19, 2007: A detailed research about the study and development of the Apache's mod_rewrite exploit and off-by-one exploitation technique can be found in an article called: "Explotación en la pila: la técnica off-by-one" published by the author of this webpage (Jacobo Avariento) in the number of January 2007, spanish edition, of the magazine hakin9.
  
  [ Erratas ]
  
  
• [Research] Dec. 22, 2008: Published in Bugtraq the first Proof of Concept (POC) for the last Roundcube webmail PHP arbitrary code injection. More info.
  
  
• [Research] May 8, 2009: Published in Bugtraq "Vpopmail/QmailAdmin User's Quota Multiple Integer Overflows". Original advisory: http://www.sofistic.net/es/advisories/0901