FormMail 1.92 Multiple Vulnerabilities - Exploit-DB

On June 15, 2009, the Exploit-DB platform published an advisory signed by the USH team, composed of Francesco “ascii” Ongaro, Giovanni “evilaliv3” Pellerano, and Antonio “s4tan” Parata, regarding multiple vulnerabilities in FormMail 1.92. The analysis, available at EDB-ID 8950, documented serious security flaws including Cross-Site Scripting, HTTP Response Header Injection, and HTTP Response Splitting. The advisory, originally released on May 11, 2009, on the USH.it site, credits Ongaro as co-author of the discovery and reports his direct contacts. The disclosure, ignored by the vendor for years, was made public as a forced disclosure after failed responses to reports, confirming Ongaro’s central role in web vulnerability research and technical disclosure.