• My CVEs, not much, however it was nice to learn.

• More information can be found here: https://packetstormsecurity.com/files/author/14480/

CVE

• LumisXP - Unauth XSS - CVE-2024-33329
• LumisXP - Unauth XSS - CVE-2024-33328
• LumisXP - Unauth XSS - CVE-2024-33327
• LumisXP - Information Disclosure - CVE-2024-33326
• SeSuite - Code Execution - CVE-2023-26877
• Piwigo SQL Injection - CVE-2023-26876
• Wordpress WPvivid Backup Path Travesal - CVE-2022-2863
• phpIPAM - CSRF + XSS - CVE-2021-46426
• LiquidFiles 3.4.15 stored XSS - CVE-2021-30140
• Stored cross-site scripting (XSS) Envira Gallery Lite 1.8.3.3 - CVE-2020-35581
• Typesetter CMS Code execution - CVE-2020-25790
• Gila CMS 1.11.6 reflected XSS - CVE-2019-20803
• Gila CMS 1.11.6 CSRF - CVE-2019-20804
• Piwigo - Version 2.9.5 - CSRF - CVE-2019-13363
• Piwigo - Version 2.9.5 - XSS - CVE-2019-13364

Exploits published

• https://www.exploit-db.com/?author=10769
• Metasploit Module - Piwigo CVE-2023-26876 Gather Credentials via SQL Injection

Misc - Rodolfo Tavares

• Mentions at Bug Bounty Playbook
• Hall of (sh|f)ame
  • https://www.informatica.com/se/trust-center/security-researcher-hall-of-fame.html
  • https://www.philips.com/a-w/security/coordinated-vulnerability-disclosure/hall-of-honors.html
  • Tool at black arch linux - shosubgo
  • The Bug Hunter’s Methodology v4.0 mention