This page centralizes my personal collection of obtained CVE’s. Proof-of-concepts may be found on my Github, exploit-db, or packetstorm pages.

You can find my personal disclosure policy on the bottom of this page.


2020 - CVE Discoveries

IdCVE IDCategory
11CVE-2020-12122DLL hijacking
10CVE-2020-12121Max Secure Max Spyware Detector DOS
9CVE-2020-10234Undisclosed [error]
8CVE-2020-9453Epson EMPNSA.sys IOCTL corruption(DOS)
7CVE-2020-9014Epson EMPMAU.sys IOCTL corruption (DOS)
6CVE-2020-5511PHPGurukul Small CRM v2.0 SQL Injection
5CVE-2020-5510PHPGurukul Hostel Management System v2.0 SQL Injection
4CVE-2020-5509PHPGurukul Car Rental Project v1.0 Remote Code Execution
3CVE-2020-5193PHPGurukul Hospital Management System Reflected XSS
2CVE-2020-5192PHPGurukul Hospital Management System Multiple SQL Injection’s
1CVE-2020-5183FTPGetter Professional 5.97.0.223 memory corruption

2019 - CVE Discoveries

IdCVE IDInfo
6CVE-2019-19978Reflected XSS
5CVE-2019-17181IntraSrv 1.0 Remote SEH Buffer Overflow
4CVE-2019-16724File Sharing Wizard 1.5.0 Remote SEH Buffer Overflow
3CVE-2019-13066Sahi Pro 8.0.0 Multiple Reflected XSS
2CVE-2019-13065Reflected XSS
1CVE-2019-13064Reflected XSS

Vendor Vulnerability Reporting and Disclosure Policy

This policy sets for the reporting and disclosure policy that FullPwn Operations follows when handling a disclosure case with a vendor. If a vulnerability is discovered within a vendor product, the vendor will be contacted via email with details and a security report about the details of the vulnerability and the proper mitigation strategy that the vendor may take to patch the application.

This vulnerability disclosure policy is similar to the CERT disclosure policy of 45 days.

The following steps will be taken if a vulnerability is disclosed to a vendor.

 Actions to be Taken by FullPwn Operations
Day 0- Intial vendor contact
Day 7- Second vendor contact if no original response
Day 14- If the vendor has not responded or has stopped responding, within 10 days full disclosure notice
Day 45- Full public disclosure if the vendor hasn’t responded

If a vendor is interested in extending or working with FullPwn Operations on a specific aspect of vulnerability disclosure, feel free to include that in any contact emails.