关键字【】的搜索结果共6139记录

公开时间 奖金 作者 标题 厂商 漏洞类型
2019-02-08 $ karthik87mit Password Change not notified when changed from settings Starbucks Unverified Password Change
2019-02-08 $ apapedulimu Missing CSRF Token On Remove Coupun From Cart Starbucks Cross-Site Request Forgery (CSRF)
2019-02-08 $5000.0 appsecure_in Client secret, server tokens for developer applications returned by internal API Uber Information Disclosure
2019-02-07 $3500.0 alexbirsan XSSI on refer.xoom.com allows stealing email addresses and posting to Twitter on behalf of victim PayPal Cross-Site Request Forgery (CSRF)
2019-02-07 $10000.0 bagipro [Venmo Android] Remote theft of user session PayPal none
2019-02-07 $6800.0 bagipro [PayPal Android] Remote theft of user session using push_notification_webview deeplink PayPal Open Redirect
2019-02-07 $ skyn3t [serve] Access unlisted internal files/folders revealing sensitive information Node.js third-party modules Information Exposure Through Directory Listing
2019-02-07 $1120.0 bywalks [dev.twitter.com] XSS and Open Redirect Protection Bypass Twitter none
2019-02-06 $ archang31 Information Disclosure (can access all Army HRC RFOs) within AIM view RFO Portal U.S. Dept Of Defense Information Disclosure
2019-02-06 $2500.0 csiete UBNT Amplification DDOS Attack Ubiquiti Networks none
2019-02-06 $2600.0 lincoln9932 Возможность зайти на любой аккаунт https://pandao.ru/ Mail.ru none
2019-02-04 $ hossammesbah21 ssl cookie without secure flag set Mail.ru Violation of Secure Design Principles
2019-02-04 $ mik317 CRLF injection on https://buildbot.mariadb.org MariaDB CRLF Injection
2019-02-04 $ dienpv Prototype pollution attack (upmerge) Node.js third-party modules none
2019-02-03 $20000.0 yashrs Confidential data of users and limited metadata of programs and reports accessible via GraphQL HackerOne Information Disclosure