关键字【japz】的搜索结果共31记录

公开时间 奖金 作者 标题 厂商 漏洞类型
2018-11-30 $500.0 japz Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session HackerOne Insufficient Session Expiration
2018-10-31 $10000.0 japz Hacker can bypass 2FA requirement and reporter blacklist through embedded submission form HackerOne Improper Authorization
2018-08-12 $2500.0 japz Private program policy page still accessible after user left the program HackerOne Information Disclosure
2018-06-07 $ japz Exposing hackerone users personally identifiable information by abusing sandbox with swag reward enabled HackerOne Information Disclosure
2018-05-30 $ japz Private program email forwarding response invitation not expire after first use. HackerOne Violation of Secure Design Principles
2018-05-08 $2500.0 japz Program metrics disclosed response_efficiency_percentage via /program_name json response despite the team decided not to show on their profile HackerOne Information Disclosure
2018-04-18 $2500.0 japz Harvesting all private invites using leave program fast-tracked invitation and [email protected] email forwarding feature HackerOne Business Logic Errors
2017-09-02 $ japzdivino IDOR on HackerOne Feedback Review HackerOne Insecure Direct Object Reference (IDOR)
2017-08-26 $40.0 japzdivino Password complexity not evenly enforced Legal Robot Violation of Secure Design Principles
2017-08-15 $ japzdivino Wordpress Vulnerable to Potential Unauthorized Password Reset Nextcloud none
2017-07-31 $60.0 japzdivino 2FA Error Handling on Google Authenticator Legal Robot none
2017-06-02 $ japzdivino Login CSRF : Login Authentication Flaw Weblate Cross-Site Request Forgery (CSRF)
2017-05-23 $500.0 japzdivino Report invitation links not restricted to any existing user HackerOne Information Disclosure
2017-05-17 $ japzdivino Logout CSRF Weblate Cross-Site Request Forgery (CSRF)
2017-05-17 $ japzdivino Activation tokens are not expiring Weblate Cross-Site Request Forgery (CSRF)