A collection of security vulnerabilities discovered and responsibly disclosed during 2004-2006. This archive documents my early security research work, including CVE assignments and vendor acknowledgments.
| Year | Vulnerability | Vendor | Status |
|---|---|---|---|
| 2004 | DoS in Conceptronic CADSLR1 Router | Conceptronic | CVE-2004-2045 |
| 2004 | HTML Injection in Mensajeitor | Mensajeitor | Fixed in v1.8.9 r2 |
| 2005 | Password Memory Disclosure in DameWare | DameWare | Published |
| 2005 | Buffer Overflow in mIRC DCC Dialog | mIRC | CVE-2005-4681 (Disputed) |
| 2006 | Buffer Overflow in mIRC Font Command | mIRC | CVE-2006-0489 (Disputed) |
| 2006 | XSS in Microsoft SMS 2003 | Microsoft | MSRC Case 6516 - Fixed in SP3 |
These vulnerabilities were discovered between 2004-2006, a period when:
- Coordinated vulnerability disclosure was still evolving
- Bug bounty programs were virtually non-existent
- Security researchers often received no compensation or recognition
- Vendors had varying levels of responsiveness to security reports
The research was conducted as part of collaborative work with Shell Security Group (shellsec.net) and Cyruxnet, two Spanish-language security communities active during that era.
Each vulnerability can be independently verified through public databases:
- CVE-2004-2045: CVEDetails | Bugtraq
- CVE-2005-4681: VulDB | Bugtraq
- CVE-2006-0489: NVD | VulDB
- DameWare Advisory: PacketStorm | SecurityTracker
- Mensajeitor Advisory: Exploit-DB | SecurityFocus BID 14071
- Microsoft SMS: MSRC Case 6516 - Acknowledgment letter included
- Stack-based buffer overflow exploitation (EIP overwrite, shellcode development)
- Cross-Site Scripting (XSS) identification and exploitation
- Memory forensics (process memory dumping for credential extraction)
- Protocol analysis and fuzzing
- Responsible disclosure practices
This archive is provided for historical and educational purposes. All vulnerabilities were responsibly disclosed to vendors before public release. The affected software versions are long obsolete.
Jordi Corrales Security Researcher (2004-2006) Contact: See GitHub profile
This historical documentation is provided as-is for educational and archival purposes.