关键字【fransrosen】的搜索结果共18记录

公开时间 奖金 作者 标题 厂商 漏洞类型
2018-08-08 $256.0 fransrosen CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception) Discourse Cross-Site Request Forgery (CSRF)
2018-05-19 $ fransrosen ACME TLS-SNI-01/02 challenge vulnerable when combined with shared hosting providers The Internet Privilege Escalation
2017-08-29 $1500.0 fransrosen Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP HackerOne Violation of Secure Design Principles
2017-07-20 $ fransrosen Frans Visits Vegas Announcement Frans Visits Vegas none
2017-04-27 $ fransrosen Local file inclusion vulnerability on a DoD website U.S. Dept Of Defense Privilege Escalation
2017-02-28 $3000.0 fransrosen Stealing xoxs-tokens using weak postMessage / call-popup redirect to current team domain Slack Violation of Secure Design Principles
2016-12-12 $1000.0 fransrosen Subdomain takeover on rider.uber.com due to non-existent distribution on Cloudfront Uber Privilege Escalation
2016-12-06 $ fransrosen Mailgun misconfiguration leads to email snooping and [email protected] on email.mg.gitlab.com GitLab Privilege Escalation
2016-11-27 $1000.0 fransrosen Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry Ubiquiti Networks Privilege Escalation
2016-09-01 $500.0 fransrosen Open CouchDB on experiments.ec2.shopify.com:5984 Shopify none
2016-09-01 $1000.0 fransrosen Stored XSS on team.slack.com using new Markdown editor of posts inside the Editing mode and using javascript-URIs Slack Cross-site Scripting (XSS) - Generic
2016-08-26 $100.0 fransrosen Subdomain takeover at api.legalrobot.com due to non-used domain in Modulus.io. Legal Robot Violation of Secure Design Principles
2016-08-17 $ fransrosen Response Header injection using redirect_uri together with PHP that utilizes Header Folding according to RFC1945 and Internet Explorer 11 Nextcloud Violation of Secure Design Principles
2016-07-28 $50.0 fransrosen Reflected Flash XSS using swfupload.swf with an epileptic reloading to bypass the button-event Imgur Cross-site Scripting (XSS) - Generic
2016-07-19 $750.0 fransrosen Stored XSS on Share-popup of a directory's Gallery-view Nextcloud Cross-site Scripting (XSS) - Generic