I'm Miguel de Moura, a Portuguese Electrical and Computer Engineering student at Técnico Lisboa. At my university, I'm not only a Student Partner (MSP) for Microsoft, but also a Vice-President and IST Summer Internships Coordinator at NEECIST.
As part of the vulnerability disclosure series, I may choose not to publish some write-ups if the affected entity requests it, or if the content itself isn't noteworthy or add anything substantial to the series.
The following list contains resolved issues that won't be published:
- University of Lisbon - SQLi, Reflected XSS, XSRF & Session Fixation
- DGES GOV.pt - Password Plaintext Storage & Captcha Bypass
- CTT - Reflected XSS, XSRF
- Unono - 2 Account Privilege Escalation Flaws & XSRF
- Uniplaces - Scholarship Vote Manipulation
- Montepio Bank - Reflected XSS (Blocked by WAF)
- Other SMEs
Source and Licenses can be found in the GitHub repository.