GreyMagic Misc Security Research

GM#006-MC: Simple Yahoo! Mail Cross-Site Scripting.
Vulnerability: Yahoo mail services can be fooled to run scripts sent in emails.
Date: 03-Jun-2004.
Status: Patched by Yahoo! Mail.
GM#005-MC: Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo.
Vulnerability: Hotmail and Yahoo mail services can be fooled to run scripts sent in emails.
Date: 23-Mar-2004.
Status: Patched by Hotmail and eventually patched by Yahoo.
GM#004-MC: Adobe SVG Viewer Cross Domain and Zone Access.
Vulnerability: Adobe SVG Viewer may be manipulated to access any domain and zone.
Date: 07-Oct-2003.
Status: Patched by Adobe SVG Viewer 3.01.
GM#003-MC: Adobe SVG Viewer Local and Remote File Reading.
Vulnerability: Adobe SVG Viewer implements two methods that may disclose sensitive data.
Date: 07-Oct-2003.
Status: Patched by Adobe SVG Viewer 3.01.
GM#002-MC: Adobe SVG Viewer Active Scripting Bypass.
Vulnerability: Adobe SVG Viewer makes it possible to run script even when disabled.
Date: 07-Oct-2003.
Status: Patched by Adobe SVG Viewer 3.01.
GM#001-MC: Exploiting the Google toolbar.
Vulnerability: The Google toolbar has numerous severe vulnerabilities.
Date: 08-Aug-2002.
Status: Patched by Google toolbar 1.1.59/1.1.60.