A few of the more interesting security advisories I've published over the years:
A highly wormable XSS vulnerability in Facebook's FBML application platform allows the injection of arbitrary Javascript upon visit to a malicious profile through improper filtering of the fb:swf tag and its onmouseover attribute.
[blog]The CHECK command in the Cosign single sign-on system, used by the University of Michigan and other major institutions, allows remote attackers to bypass authentication requirements via CR (\r) sequences in the Cosign cookie parameter.
[blog] [advisory] [CVE-2007-2232]Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 allows remote attackers to trick users into accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next auto-update check.
[blog] [advisory] [CVE-2006-4567]Honeyd before 1.5 assembles and replies to certain invalid IP packet fragments that other IP stack implementations correctly drop, which allows remote attackers to identify IP addresses that are participating in a honeyd deployment.
[blog] [advisory] [paper] [CVE-2006-0752]A weakness in the magnetic ID cards used by University of Michigan students, staff, and faculty allow for trivial forgery given only the target victim's UMID/uniqname.
[blog]A vulnerability in the Wolverine Access web service of the University of Michigan exposed the personal information, including social security numbers, of all current University students.
[blog] [advisory]I've recently started posting some of my exploits publicly.