- Royal Bank of Scotland (RCE)
- ABN Amro Bank (SQLi)
- IKEA (Multiple SQLi & XSS)
- Erasmus University (SQLi)
- United Nations (SQLi)
- Erasmus University (SQLi)
- Intel (SQLi)
- Dell (Authentication Bypass)
- GoDaddy (Directory Traversal)
- University of Twente (Multiple Vulnz.)
- Ford (Multiple XSS)
- Drexel University (Multiple XSS)
- Xiaomi (Multiple XSS)
- SEEK (CRLF Injection)
- Pinsent Mansons (Open Redirect)
- TechGig (Path Traversal & Multiple XSS)
- PostNL (DOM-based XSS)
- Online Begraafplaatsen (XSS)
- Telefonica Germany (Multiple XSS)
- Australian Postal Corp. (XSS)
- Deutsche Telekom (Multiple XSS)