User registration using public domain email like gmail in place of professional email. |
Reliance on Untrusted Inputs in a Security Decision |
cyc0rpion |
Medium |
2020-08-24 |
Sensitive Information Disclosure |
Information Disclosure |
exploit_db |
Critical |
2020-08-21 |
Django DEBUG mode enabled and leaked system information. |
Misconfiguration |
aungkyawphyo |
High |
2020-08-21 |
Information Disclosure through DEBUG at Subscription [https://app.dropcontact.io/app/subscription?connector=salesforce](CRITICAL) |
Information Exposure Through Debug Information |
try__for_impossible |
Critical |
2020-08-21 |
Registering with email [ +70 Chars ] Lead to Disclose some informations [Django Debug Mode ] |
Information Disclosure |
elmahdi |
Medium |
2020-08-21 |
Django debug enabled showing information about system, database, configuration files. |
Information Disclosure |
vbdev |
Low |
2020-08-21 |
Django should not have debug mode enabled |
Information Exposure Through Debug Information |
higbee |
Low |
2020-08-21 |
API key is not validated for C.R.M integration [Pipedrive] of LOGGED IN USER, A user can use another USER'S API key for this operation. |
Improper Authorization |
try__for_impossible |
Medium |
2020-08-20 |
Dropcontact's disclosed report is exposing Private/Confidential information |
Information Disclosure |
n1m0 |
High |
2020-08-20 |
Idor for firstpromoter service |
Insecure Direct Object Reference (IDOR) |
try__for_impossible |
High |
2020-08-18 |
Host Header Injection. |
Open Redirect |
try__for_impossible |
Low |
2020-08-11 |
Unauthorized Access and updation of EMAIL settings of other user at https://app.dropcontact.io/app/sponsorship/ by changing the " email " parameter. |
Improper Access Control - Generic |
try__for_impossible |
High |
2020-08-11 |
Unrestricted File Upload on https://app.dropcontact.io/app/upload/ |
Unrestricted Upload of File with Dangerous Type |
omarelfarsaoui |
No rating |
2020-08-11 |
User can Subscribe a plan that is hidden by manipulating the value of "subscription" parameter at [ https://app.dropcontact.io/app/checkout/] |
Business Logic Errors |
try__for_impossible |
Medium |
2020-08-07 |
Ngnix Server version disclosure. |
Information Disclosure |
try__for_impossible |
Low |
2020-07-31 |