Boozt Fashion AB Program Statistics

View program

28 total issues disclosed

$1,830 total paid publicly

Most disclosed (6 disclosures) — Violation of Secure Design Principles

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
[] - Authentication bypass Improper Authentication - Generic ramsexy Medium 2018-05-25
Users Unable to login using Gmail/Facebook on Improper Authentication - Generic rey_7 Medium 2017-10-24
No Confirmation During Email Change None supplied craxermgr Medium 2017-10-23
No Session change on Password change Insufficient Session Expiration craxermgr Medium 2017-10-23
Bruteforce Unlimited number of password attempts Brute Force chrisnagora Critical 2017-10-04
Weak Password Violation of Secure Design Principles firestone Low 2017-10-04 URL should HTTPS None supplied nihad_rekany No rating 2017-09-18
Password reset token issue Improper Authentication - Generic dilip_prakash No rating 2017-09-04
Email link poisoning / Host header attack None supplied ramsexy High 2017-08-01
Reflected XSS on Cross-site Scripting (XSS) - Generic stefanofinding No rating 2017-08-01
Git available containing passwords. Privilege Escalation xpathmaster Critical 2017-07-27
Broken Authentication and Session Management(Session Fixation) Improper Authentication - Generic koshti25 No rating 2017-07-27
Android app does not use SSL for login Cryptographic Issues - Generic nightwatch-cybersecurity No rating 2017-07-27
Cookie Misconfiguration Improper Authentication - Generic abdulwahab Medium 2017-07-27
ADB Backup is enabled within AndroidManifest Information Disclosure sfsecurityfirst No rating 2017-07-27
Email spoofing at Violation of Secure Design Principles m7mdharoun Critical 2017-07-27
PHP info page disclosure on Information Disclosure lalka No rating 2017-07-24
Application code is not obfuscated -- OWASP M9 (2016) Violation of Secure Design Principles dineshdinz High 2017-02-24
Bypass email validity in newsletter field Violation of Secure Design Principles helloworld152 No rating 2017-02-24
xss in Theme Cross-site Scripting (XSS) - Generic m7mdharoun High 2017-01-16
Make victim buy in attacker's account without any idea - Improper Authentication - Generic inhibitor181 No rating 2016-10-31
Potential Subdomain Takeover Possible None supplied zephrfish No rating 2016-10-22
Http header injection Violation of Secure Design Principles gorkhali No rating 2016-09-19
Host header poisoning leads to account password reset links hijacking Information Disclosure yassineaboukir No rating 2016-09-17
XSS Cross-site Scripting (XSS) - Generic hacking79 No rating 2016-09-14
Instance of Apache Vulnerable to Several Issues Denial of Service zephrfish No rating 2016-09-14
No csrf protection on logout Violation of Secure Design Principles smii3 No rating 2016-09-10
User Enumeration. Information Disclosure leet-boy No rating 2016-09-10