CVE-2017-15715 - Apache HTTP Server - <FilesMatch> bypass with a trailing newline at the end of the file name.

2 SQL injection vulnerabilities in dotCMS. Related CVE list: CVE-2016-10007, CVE-2016-10008. Blacklist defence bypass.

SQL injection in Joomla extension DT Register allows remote unauthenticated attacker to execute malicous SQL commands. Step-by-Step Proof-of-Concept and interesting communication with vendor.

One of those sites which should be secure, is cert.org. There was Reflected HTML injection vulnerability from presenting Request URI back to HTML (works only with IE).

Multiple SQL injection vulnerabilities in dotCMS. Related CVE list: CVE-2016-8902, CVE-2016-8903, CVE-2016-8904, CVE-2016-8905, CVE-2016-8906, CVE-2016-8907, CVE-2016-8908, CVE-2016-4040.

CVE-2016-8600 dotCMS before version 3.6.0 allows attacker to programmatically reuse valid captcha code.

At the end of 2013 I found one interesting XSS vulnerability in LinkedIn. Problem was easy to find, but hard to use for attacker.

CVE-2016-4803 Email Header Injection vulnerability in dotCMS framework allows attacker to send malicious emails using "valid" and "trusted" email server.