Mail.ru


609 total issues disclosed

$611,397 total paid publicly


Most disclosed (71 disclosures) — Cross-site Scripting (XSS) - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
[allods.mail.ru] - WebCache Poisoning Host Header lead to Potential Stored XSS Cross-site Scripting (XSS) - Stored 0xd0ff9 Medium 2021-12-08
Stored XSS on https://community.my.games/ (Add Post) Cross-site Scripting (XSS) - Stored c1kada Medium 2021-12-01
Cross-site Scripting (XSS) - Stored Cross-site Scripting (XSS) - Stored ghost_shell High 2021-11-25
REST API Endpoint leads to Unauthorized user disclosed private [ issue ] details Privilege Escalation updatelap High 2021-11-06
bit.games - sql-inj SQL Injection alexeysergeevich Medium 2021-11-06
[titans.3clans.ru] phpBB 3.0.8 - Захват аккаунта администратора + удалённое выполнение кода. OS Command Injection alexeysergeevich None 2021-11-06
tmgame.mail.ru - Blind sql injection SQL Injection alexeysergeevich Medium 2021-11-06
kds.ucs.ru - раскрытие информации. Business Logic Errors alexeysergeevich High 2021-11-06
[samokat.ru] PHP modules path disclosure due to lack of error handling Information Exposure Through Debug Information andridev_ None 2021-11-03
[play.skillbox.ru] CRLF Injection CRLF Injection s_kustm Medium 2021-10-30
Незащищённый экземпляр Zeppelin None supplied k3ypt0 Critical 2021-10-20
CVE-2020-11110: Grafana Unauthenticated Stored XSS -████.bizml.ru Cross-site Scripting (XSS) - Stored melbadry9 None 2021-10-11
[ii.worki.ru ] emarsys subdomain takeover Privilege Escalation uddeshaya001 Medium 2021-09-28
Stored XSS on top.mail.ru Cross-site Scripting (XSS) - Stored savproga Medium 2021-09-10
SQL injection on jd.mail.ru SQL Injection pisarenko High 2021-09-08
[185.30.178.57:8080] - Vulnerable to Jetleak Memory Corruption - Generic xaleraf4ra Critical 2021-09-08
subdomain takeover disney.samokat.ru Privilege Escalation nanwn Medium 2021-09-07
informations disclosure(Email,Numbers,Agreements, admin Sessions and more ...) through a PostgreSQL database belongs to (legium-back.corp.mail.ru) Information Disclosure yukusawa18 Medium 2021-09-05
[Biz] [Mailer] Кроп любых* изображений расположенных на сервере Resource Injection kriakiku Medium 2021-08-30
Blind XSS Stored and CORS misconfiguration в отчете "События" сервиса top.mail.ru Cross-site Scripting (XSS) - Stored savproga High 2021-08-17
Subdomain takeover on "info-edcrunch.skillfactory.ru" Privilege Escalation abosala7 Medium 2021-08-15
mailer.i.bizml.ru viber service preprod information disclosure Information Disclosure cutoffurmind Medium 2021-08-13
uchi.ru check_lessons Blind SQL Injection SQL Injection cutoffurmind High 2021-08-13
[http://kiwi.youdrive.today/] Information disclosure via Kiwi TCMS vulnerability Improper Access Control - Generic act1on3 Medium 2021-08-13
[app-01.youdrive.club] RCE in CI/CD via dependency confusion Command Injection - Generic act1on3 High 2021-07-27
[geekbrains.ru] Node modules path disclosure due to lack of error handling Information Disclosure nakabonne Low 2021-07-27
[tanks.mail.ru] SSRF + Кража cookie Cross-Site Request Forgery (CSRF) alexeysergeevich Medium 2021-07-22
Unauthorized Access To Admin panel Improper Access Control - Generic 01alsanosi None 2021-07-22
Bypassing SOP with XSS on account.my.games leading to steal CSRF token and user information Cross-Site Request Forgery (CSRF) sec_zone64 Medium 2021-07-22
CSRF + XSS leads to ATO Cross-Site Request Forgery (CSRF) bombon Medium 2021-06-22
[com.icq.mobile.client] Любое стороннее приложение может угнать сессию, а также другие файлы приложения Information Disclosure igorpyan Medium 2021-06-22
internal path disclosure via error message Information Exposure Through an Error Message ali-h-hasan None 2021-06-22
[mcs.mail.ru] Пользователь с ролью наблюдателя может создавать ключи доступа для очереди сообщений (sqs.mcs.mail.ru) Improper Access Control - Generic mrd0x1 Medium 2021-06-22
XSS (reflected, and then, cookie persisted) on api documentation site theme selector (old version of dokuwiki) Cross-site Scripting (XSS) - Stored mvm Medium 2021-06-06
Stored XSS на странице "Измененить водителя" [city-mobil.ru/taxiserv] Cross-site Scripting (XSS) - Stored kwel Low 2021-05-28
Stored XSS на странице "Изменить клиента", вкладка "История" [city-mobil.ru/taxiserv] Cross-site Scripting (XSS) - Stored kwel Low 2021-05-28
Disk-o Cloud application (Windows) does not validate server certificate on a TLS connection Improper Certificate Validation aapo High 2021-05-26
Account takeover on [support2.ucs.ru] Brute Force tounsi_007 Low 2021-05-26
Blind SQL in id_locality GET param on [city-mobil.ru/taxiserv] SQL Injection organdonor High 2021-05-25
Blind SQL injection on [city-mobil.ru/taxiserv/] in filter{"id_locality"} SQL Injection organdonor High 2021-05-25
Debug Mode Leak Critical Information [ AWS Keys , SMTP , Database , Django Secret Key ( RCE ) , Dodoc , Telegram , Twilio .. ] Information Disclosure yukusawa18 Critical 2021-05-24
SSRF at jira.plazius.ru - CVE-2019-8451 Server-Side Request Forgery (SSRF) cutedoggo High 2021-05-12
Path traversal lead to LFR via [CVE-2019-3394] Path Traversal tounsi_007 Critical 2021-05-12
[web.icq.com] Stored XSS in Account Name Cross-site Scripting (XSS) - Stored 0x7 Medium 2021-04-30
[Plazius] SSRF через некорректно сконфигурированный Fiddler 46.148.201.206:10121 Server-Side Request Forgery (SSRF) p1006 High 2021-04-24
relap.io/admin/api - административный API доступен без аутентификации Improper Authentication - Generic stanhates High 2021-04-23
Stored XSS on store.my.games Cross-site Scripting (XSS) - Stored 3xternull Medium 2021-04-17
Blind SSRF on [relap.io] Server-Side Request Forgery (SSRF) kiriknik Medium 2021-04-12
read new emails from any inbox IOS APP in notification center Insecure Direct Object Reference (IDOR) dennisleo6 Critical 2021-04-10
DOM XSS on https://biz.mail.ru/domains/goto/mail/ via parameter pollution Cross-site Scripting (XSS) - DOM p4fg Medium 2021-04-06
Открытый Confluence и доступы к чату операторов в Skype Information Disclosure r0hack Medium 2021-03-25
XSS via POST request to https://account.mail.ru/signup/ Cross-site Scripting (XSS) - Reflected login-denied Medium 2021-03-20
file read on MCS servers via supplying a QCOW2 image with external backing file Information Disclosure neex High 2021-03-19
[city-mobil.ru/taxiserv/] SQLi at /taxiserv/tariffs/dictionary at filter{"id_locality"} param SQL Injection act1on3 Critical 2021-03-19
SQL injection delivery-club.ru (ClickHouse) SQL Injection k3ypt0 Medium 2021-03-18
MCS Graphite SSRF: internal network access Server-Side Request Forgery (SSRF) cutoffurmind Medium 2021-03-13
XXE на webdav.mail.ru - PROPFIND/PROPPATCH XML External Entities (XXE) 0ang3el High 2021-03-01
Blind SSRF на calendar.mail.ru при импорте календаря Server-Side Request Forgery (SSRF) 0ang3el Medium 2021-03-01
Access User Tickets via IDOR in [widget.support.my.games] None supplied sicksec High 2020-11-25
Source code and internal credentials disclosure Information Disclosure paul_axe High 2020-11-25
Redmin API Key Exposed In GIthub Information Disclosure elmahdi Medium 2020-11-25
the same as #948259 - XSS at jsgames.mail.ru Cross-site Scripting (XSS) - Reflected sodium_ Low 2020-11-25
Blind SSRF on http://info.ucs.ru/settings/check/ Server-Side Request Forgery (SSRF) elmahdi Medium 2020-11-25
lenta_proxy information disclosure Information Exposure Through an Error Message naategh Medium 2020-11-25
Information Disclosure Information Disclosure steal_wart None 2020-11-25
Disclosure of personal support email addresses on 'support-fleet.city-mobil.ru' Information Disclosure olidayw Low 2020-11-11
cross site scripting bypass session Cross-site Scripting (XSS) - Reflected dennisleo6 High 2020-11-04
Path traversal on bank.mail.ru ( CVE-2013-3827 ) Path Traversal st00rm Medium 2020-11-04
mrgs.my.games account takeover Improper Access Control - Generic maxarr High 2020-11-03
Account Takeover possibility via https://awards.donationalerts.com using login with twitch.tv Improper Authentication - Generic jayesh25 High 2020-11-03
SQL LIKE clauses wildcard injection SQL Injection bazzy No rating 2020-10-31
SQL LIKE clauses wildcard injection SQL Injection bazzy No rating 2020-10-31
[my.games, lootdog.io] XSS via MCS Bucket Cross-site Scripting (XSS) - Stored bobrov Medium 2020-10-31
[api.my.games/social/chat/multi/add] Privilege escalation on adding new members to group chat Privilege Escalation mainteemoforfun None 2020-10-30
SQL Injection [unauthenticated] with direct output at https://news.mail.ru/ SQL Injection derision High 2020-10-30
SQL Injection [unauthenticated] with direct output at https://news.mail.ru/ SQL Injection derision High 2020-10-30
Multiple SQL Injections and constrained LFI in esk-static.3igames.mail.ru SQL Injection haxonaut High 2020-10-29
Логи на http://login.aa.mail.ru/logs/ Information Disclosure devirok Low 2020-10-28
Reflected XSS on https://e.mail.ru/compose/ via Body parameter Cross-site Scripting (XSS) - Reflected panya Medium 2020-10-27
[combo.mail.ru] SMS code bruteforce Brute Force esetal High 2020-10-27
OTP bypass on user account deletion Modification of Assumed-Immutable Data (MAID) risinghunter Low 2020-10-27
Stored XSS through fileupload Cross-site Scripting (XSS) - Stored ther3d0ne Medium 2020-10-27
Cross-site Scripting (XSS) - DOM on https://account.mail.ru/user/garage?back_url=https://mail.ru Cross-site Scripting (XSS) - DOM magzhan High 2020-10-27
Insufficient limitation of web page title leads to DoS against ICQ for Android Denial of Service artebels Medium 2020-10-24
web.icq.com XSS in chat message via contact info Cross-site Scripting (XSS) - Stored superboyxxx High 2020-10-15
NPM_API_KEY Leak Information Disclosure rzx007x Low 2020-10-14
SMS Brute Force Possibility via https://youdrive.today/login/web/code can lead to Account Takeover Brute Force jayesh25 High 2020-10-13
Возможность создать канал в группе, в которой пользователь не является админом [my.games] Business Logic Errors kwel None 2020-10-13
This Github Repository Seems Leaking "nino.samokat.ru" Source Code Information Disclosure gevakun Medium 2020-10-13
Stored XSS in history on [corporate.city-mobil.ru] Cross-site Scripting (XSS) - Stored organdonor Low 2020-10-12
Stored XSS in address on [corporate.city-mobil.ru] Cross-site Scripting (XSS) - Stored organdonor Low 2020-10-12
Пользователь может изменить способ оплаты указав чужой corporation ID Business Logic Errors moonwalker Medium 2020-10-12
Stored Xss Cross-site Scripting (XSS) - Stored ja3far Medium 2020-10-07
Forgot Password Page SMS Brute Force could lead to Account Takeover using Android/IOS app "About the house" via api.prodom.smart.space Brute Force jayesh25 High 2020-10-06
Возможность просмотра коментариев к чужим обращениям [corporate.city-mobil.ru] Insecure Direct Object Reference (IDOR) kwel Medium 2020-10-05
Improper Restriction of Excessive Authentication Attempts at https://api.warrobots.com/auth (Pixonic Games) Brute Force jayesh25 Low 2020-10-05
HTTP request smuggling (?) canpol.deti.mail.ru None supplied maxarr High 2020-10-05
HTTP request smuggling (?) canpol.deti.mail.ru None supplied maxarr High 2020-10-05
[geekbrains.ru] CVE-2019-5418 Ruby on Rails File Content Disclosure Path Traversal bobrov Medium 2020-10-05
ICQ Android APP remote DoS Denial of Service zoczus Low 2020-10-05
IDOR of contracts on dictor.mail.ru Insecure Direct Object Reference (IDOR) tr3harder None 2020-10-05
Ability to edit the address of any company by its id on [corporate.city-mobil.ru] Insecure Direct Object Reference (IDOR) organdonor None 2020-10-05
Открытая админка Tarantool Information Disclosure 0x01alka Medium 2020-10-05
SECRET_KEY Of Django Leaked In maps.me Information Disclosure sniper302 Medium 2020-10-05
В самокате можно просматривать и изменять данные любого заказа без авторизации Insecure Direct Object Reference (IDOR) kwel Medium 2020-10-05
В самокат имеется возможность просмотра суммы заказа и номера заказа по ID [smart.space] Insecure Direct Object Reference (IDOR) kwel Low 2020-10-05
[https://youdrive.today/] Nginx directory traversal Path Traversal act1on3 Medium 2020-10-05
XSS via "gp" cookie reflected in source code Cross-site Scripting (XSS) - Generic setuid Medium 2020-10-05
Improper Restriction of Excessive Authentication Attempts at o2-ac.my.com/token Brute Force jayesh25 Low 2020-10-05
Access to git & and configuration files on backtoschool.geekbrains.ru via gitfile Violation of Secure Design Principles damian89 Medium 2020-10-05
Clickjacking Vulnerability via https://webagent.mail.ru leading to protection bypass for https://web.icq.com/ end point UI Redressing (Clickjacking) jayesh25 Low 2020-10-05
[city-mobil.ru] SSRF & limited LFR on /taxiserv/photoeditor/save endpoint via base64 POST parameter Server-Side Request Forgery (SSRF) byq High 2020-10-01
Blind SSRF in horizon-heat Server-Side Request Forgery (SSRF) paul_axe No rating 2020-10-01
Blind SSRF in magnum upgrade_params Server-Side Request Forgery (SSRF) paul_axe No rating 2020-10-01
[panel.city-mobil.ru/admin/] Blind XSS via partner name (similar to #746505) Cross-site Scripting (XSS) - Stored act1on3 High 2020-10-01
Broken twitter link hijacking at https://games.mail.ru/pc/search/ None supplied nagli None 2020-09-18
Log files Leaked In mcsblog.ru Information Disclosure sniper302 Medium 2020-09-18
Broken twitter link hijacking at https://games.mail.ru/pc/search/ None supplied nagli None 2020-09-18
[icq.im] Reflected XSS via chat invite link Cross-site Scripting (XSS) - Reflected romesful Low 2020-09-15
IDOR in tracking driver logs at city-mobil.ru Insecure Direct Object Reference (IDOR) r0hack Low 2020-09-15
Database read through provider misconfiguration Insecure Storage of Sensitive Information kanytu Medium 2020-09-15
Private files exposed to other apps Insecure Storage of Sensitive Information kanytu High 2020-09-15
SQL injection at fleet.city-mobil.ru SQL Injection r0hack High 2020-09-03
REFLECTED XSS On http://jsgames.mail.ru/bad_browser.php via back_url paramter Cross-site Scripting (XSS) - Reflected yukusawa18 Medium 2020-09-03
SQL injection at fleet.city-mobil.ru SQL Injection r0hack High 2020-09-03
looch.tv CORS crossite user information and stream_key access Cross-Site Request Forgery (CSRF) iframe Medium 2020-09-02
[api.33slona.ru] Доступ к API из за неправильной конфигурации сервера 302 редирет. None supplied iframe None 2020-09-02
Subdomain Takeover at analyticstest.geekbrains.ru Privilege Escalation steal_wart Medium 2020-09-02
Public access to Sidekiq dashboard at shopper.sbermarket.ru None supplied avolume Medium 2020-09-02
warofdragons.my.games: configuration files with database account are accessible Information Disclosure iframe Medium 2020-09-01
warofdragons.my.games: configuration files with database account are accessible Information Disclosure iframe Medium 2020-09-01
IDOR позволяет изменить информацию о пользователе. Insecure Direct Object Reference (IDOR) iframe Medium 2020-09-01
[garnier-olia.lady.mail.ru] Reflected XSS /exp/ bypass "/" Cross-site Scripting (XSS) - Reflected iframe Low 2020-09-01
Access to information about any video and its owner via GraphQL endpoint [dictor.mail.ru] Insecure Direct Object Reference (IDOR) organdonor Medium 2020-09-01
An implementation flaw in Mail.ru can be exploited for DKIM signature spoofing and email spoofing Improper Authentication - Generic jianjun Medium 2020-08-31
[self?] XSS в адресе пользователя [sbermarket.ru] Cross-site Scripting (XSS) - Stored pisarenko None 2020-08-31
[performancemarketing.geekbrains.ru] Tilda Subdomain Takeover Improper Access Control - Generic xaleraf4ra Low 2020-08-12
[c-api.city-mobil.ru] IDOR chat messages between driver and customer Improper Authentication - Generic anyday No rating 2020-08-12
tracker.my.com information disclosure via csrf bypass Cross-Site Request Forgery (CSRF) shuraros Low 2020-08-12
information disclosure via IDOR on "https://target.my.com/api/v2/coverage/segment.json?id={id}" endpoint Insecure Direct Object Reference (IDOR) shuraros None 2020-08-12
Vertical Privilege Escalation on {target.my.com} Privilege Escalation dedsec69 Medium 2020-08-12
Subdomain takeover at msproject.geekbrains.ru Privilege Escalation steal_wart Medium 2020-08-12
Bypass OTP on contact back request at https://driver.city-mobil.ru/ None supplied nitin1205 None 2020-08-12
xss while uploading a file None supplied aslanemre None 2020-08-03
Account takeover through password reset in cups.mail.ru Insecure Direct Object Reference (IDOR) weev3kyaw High 2020-08-03
xss on [storehouse5.ucs.ru] Cross-site Scripting (XSS) - Reflected pisarenko Low 2020-08-03
Open Redirect at "city-mobil.ru" Open Redirect kursadalsan None 2020-08-03
relap.io IDOR Insecure Direct Object Reference (IDOR) shuraros Low 2020-08-03
Reflected XSS in "keywords" parameter at "https://sbermarket.ru/metro/search" Cross-site Scripting (XSS) - Reflected mehulpanchal007 Medium 2020-08-03
Account takeover through password reset in cups.mail.ru Insecure Direct Object Reference (IDOR) weev3kyaw High 2020-08-03
Stored self XSS at auto.mail.ru using add_review functionality Cross-site Scripting (XSS) - Stored avolume None 2020-07-31
Sidekiq Dashboard Publicly accessible at http://shopper.staging.instamart.ru/sidekiq/ None supplied sudi Medium 2020-07-31
SMTP Header Injection at http://abonement.ucs.ru CRLF Injection killinem_sec None 2020-07-30
HTML/iframe/XSS injection on https://www.ucs.ru/online/shelter/settings/check/ None supplied h2x0 Medium 2020-07-28
"😂" + Unauthenticated Stored XSS in API at https://api.my.games/comments/v1/comments/update/ Cross-site Scripting (XSS) - Stored samet High 2020-07-28
Blindy Replace User's Session with Attacker's Session Cross-Site Request Forgery (CSRF) sayaanalam Low 2020-07-28
Stored XSS In mlbootcamp.ru Cross-site Scripting (XSS) - Stored sniper302 High 2020-07-28
Content injection on shared event (calendar.mail.ru) Phishing urban_tramp Low 2020-07-28
capsula.mail.ru - Admin blind stored XSS Cross-site Scripting (XSS) - Stored alexeysergeevich Medium 2020-07-20
[geekbrains.ru] Reflected XSS via Angular Template Injection Cross-site Scripting (XSS) - Reflected esetal Low 2020-07-20
User session access due to Oauth whitelist host bypass and postMessage Cross-Site Request Forgery (CSRF) mariuszpoplawski High 2020-07-20
Stored XSS that allow an attacker to read victim mailboxes contacts in mail.ru and my.com application None supplied weev3kyaw High 2020-07-13
Reflected XSS on http://info.ucs.ru/settings/check/ Cross-site Scripting (XSS) - Reflected h2x0 Low 2020-07-13
Stored XSS that allow an attacker to read victim mailboxes contacts in mail.ru and my.com application None supplied weev3kyaw High 2020-07-13
Cross-organization data access in city-mobil.ru Improper Access Control - Generic r0hack High 2020-07-13
[icq.com/people/*uin*/edit] Отсутствует фильтр и проверка на дубли в поле "Никнейм" None supplied ch0c0 None 2020-07-13
Cross-organization data access in city-mobil.ru Improper Access Control - Generic r0hack High 2020-07-13
Sensitive information exposure via git commit Insecure Storage of Sensitive Information woj_ciech Medium 2020-07-13
Subdomain Takeover at blog.instamart.ru Externally Controlled Reference to a Resource in Another Sphere m7mdharoun Low 2020-07-13
Reflected XSS in city-mobil.ru/ Cross-site Scripting (XSS) - Generic mariuszpoplawski Medium 2020-07-13
Subdomain takeover on tilda.geekbrains.ru and fl-change.geekbrains.ru Externally Controlled Reference to a Resource in Another Sphere akash-labade Low 2020-07-07
[account.mail.ru] XSS-уязвимость в форме авторизации Cross-site Scripting (XSS) - DOM rainbow_json High 2020-06-29
SSRF in filtering on relap.io Server-Side Request Forgery (SSRF) rumiljonov High 2020-06-29
MySQL username and password leaked on [2017.russianaicup.ru] Password in Configuration File organdonor Medium 2020-06-29
Reflected XSS Cross-site Scripting (XSS) - Reflected whitespots Medium 2020-06-29
Stored XSS on go.mail.ru Cross-site Scripting (XSS) - Stored myasnikovalexey Medium 2020-06-18
Time-Based SQL injection at city-mobil.ru SQL Injection r0hack Critical 2020-06-17
Time-Based SQL injection at city-mobil.ru SQL Injection r0hack Critical 2020-06-17
Time-Based SQL injection at city-mobil.ru SQL Injection r0hack Critical 2020-06-17
[pulse.mail.ru] Доступ к статистике чужих площадок Improper Access Control - Generic rainbow_json Medium 2020-06-04
[my.games] Stored XSS via untrusted bucket Cross-site Scripting (XSS) - Stored byq Medium 2020-06-04
Reflected XSS at city-mobil.ru Cross-site Scripting (XSS) - Reflected tr3harder Medium 2020-05-28
Account Takeover worki.ru Brute Force tr3harder Critical 2020-05-28
XSS in [community.my.games] Cross-site Scripting (XSS) - Stored anishacks Medium 2020-05-28
IDOR of users Insecure Direct Object Reference (IDOR) tr3harder Medium 2020-05-28
Account Takeover worki.ru Brute Force tr3harder Critical 2020-05-28
Mirror of https://city-mobil.ru admin interface Misconfiguration merron None 2020-05-14
Unsafe downloaded file execution User Interface (UI) Misrepresentation of Critical Information iframe Low 2020-05-13
Unrestricted file upload on [ambassador.mail.ru] Code Injection organdonor Critical 2020-05-08
XSS at go.mail.ru Cross-site Scripting (XSS) - DOM adiosmf Medium 2020-05-08
Unrestricted file upload on [ambassador.mail.ru] Code Injection organdonor Critical 2020-05-08
Stored xss on https://go.mail.ru/ Cross-site Scripting (XSS) - Reflected 01alsanosi Medium 2020-05-08
[city-mobil.ru/taxiserv/] Disclosure information about drivers Insecure Direct Object Reference (IDOR) act1on3 Medium 2020-05-07
[https://city-mobil.ru/taxiserv] IDOR leads to information disclosure Information Disclosure act1on3 Low 2020-05-07
[city-mobil.ru/taxiserv/] IDOR leads to driver account takeover Insecure Direct Object Reference (IDOR) act1on3 Medium 2020-05-07
[c-api.city-mobil.ru] Client authentication bypass leads to information disclosure Missing Authentication for Critical Function act1on3 Critical 2020-04-22
HTML injection at face.city-mobil.ru Improper Input Validation r0hack Low 2020-04-16
[fleet.city-mobil.ru] Driver balance increasing Business Logic Errors act1on3 Low 2020-04-15
[panel.city-mobil.ru/admin/] Blind XSS into username Cross-site Scripting (XSS) - Stored act1on3 High 2020-04-14
SSRF & LFR via on city-mobil.ru Remote File Inclusion byq High 2020-04-14
SSRF on fleet.city-mobil.ru leads to local file read Server-Side Request Forgery (SSRF) byq Medium 2020-04-14
SSRF & LFR on city-mobil.ru Server-Side Request Forgery (SSRF) byq High 2020-04-14
Leak Sensetive Data at face.city-mobil.ru Information Disclosure r0hack Medium 2020-04-14
[https://city-mobil.ru/taxiserv] Blind XSS into username Cross-site Scripting (XSS) - Stored act1on3 Medium 2020-04-14
SSRF & LFR via on city-mobil.ru Remote File Inclusion byq High 2020-04-14
PHP code injection at tz.mail.ru Code Injection cutoffurmind High 2020-04-06
3igames.mail.ru SQL Injection SQL Injection cutoffurmind High 2020-04-06
SSRF/XSPA [parapa.mail.ru] 2 None supplied haxta4ok00 No rating 2020-04-06
idor leads to leak order information Insecure Direct Object Reference (IDOR) risinghunter Low 2020-04-06
Reflected XSS on am.ru and subdomains Cross-site Scripting (XSS) - Reflected ms-13 No rating 2020-04-06
CSRF on https://market.my.games Cross-Site Request Forgery (CSRF) naategh Low 2020-04-06
Self XSS via help.mail.ru interface Cross-site Scripting (XSS) - Reflected chiraggupta8769- None 2020-04-01
[cfire.mail.ru] Time Based SQL Injection 2 SQL Injection haxta4ok00 No rating 2020-04-01
[parapa.mail.ru] SQL Injection reapet SQL Injection haxta4ok00 No rating 2020-04-01
SSRF/XSPA [parapa.mail.ru] None supplied haxta4ok00 No rating 2020-04-01
ssrf xspa [https://prt.mail.ru/] Server-Side Request Forgery (SSRF) haxta4ok00 No rating 2020-04-01
donationalerts.com limitations bypass Cross-Site Request Forgery (CSRF) iframe Medium 2020-03-31
Blind XSS in operator's interface for 33slona.ru Cross-site Scripting (XSS) - Stored iframe Medium 2020-03-31
Blind SQL injection [https://honor.hi-tech.mail.ru] SQL Injection haxta4ok00 No rating 2020-03-31
ssrf xspa [https://prt.mail.ru/] 2 Server-Side Request Forgery (SSRF) haxta4ok00 No rating 2020-03-31
[https://seosan.io] Account owner disclosure None supplied circuit Medium 2020-03-16
Account TakeOver through password recovery at am.ru Brute Force r0hack Critical 2020-03-10
Account takeover at geekbrains.ru Violation of Secure Design Principles godofdarkness_msf Medium 2020-03-10
[windows10.hi-tech.mail.ru] Blind SQL Injection SQL Injection api_0 High 2020-03-10
turboslim.lady.mail.ru - Blind sql-injection. SQL Injection alexeysergeevich High 2020-03-10
[windows10.hi-tech.mail.ru] Blind SQL Injection SQL Injection api_0 High 2020-03-10
Account TakeOver through password recovery at am.ru Brute Force r0hack Critical 2020-03-10
turboslim.lady.mail.ru - Blind sql-injection. SQL Injection alexeysergeevich High 2020-03-10
Blind SQL Injection on news.mail.ru SQL Injection asdqwedev High 2020-03-10
allods.mail.ru sql injection SQL Injection linkks Critical 2020-03-10
[pandao.ru] possibility to attach arbitrary phone number to account registered via social network Improper Input Validation n4sty Medium 2020-03-06
[api.pandao.ru] IDOR for order delivery address Insecure Direct Object Reference (IDOR) n4sty Medium 2020-03-06
Access to Tarantool Improper Access Control - Generic danila Medium 2020-03-05
JMX RMI command injection on 195.211.131.82(Mail.ru Gaming) Command Injection - Generic johndoe1492 Critical 2020-02-18
IP address can be leaked on Image preview in ICQ for Android chat Privacy Violation rainbow_json Low 2020-02-14
[API] ICQ user's avatar can be manipulated remotely Improper Input Validation rainbow_json High 2020-02-14
[Web ICQ Client] XSS уязвимость в имени пользователя Cross-site Scripting (XSS) - DOM rainbow_json Medium 2020-02-14
Account TakeOver at my.33slona.ru Brute Force r0hack High 2020-02-04
Blind XSS Stored On Admin Panel Through Name Parameter In [ https://technoatom.mail.ru/] Cross-site Scripting (XSS) - Stored elmahdi High 2020-02-04
Stored XSS in Review Section https://games.mail.ru/ Cross-site Scripting (XSS) - Stored sicksec High 2020-02-04
Account TakeOver at my.33slona.ru Brute Force r0hack High 2020-02-04
SSRF in clients.city-mobil.ru Server-Side Request Forgery (SSRF) johndoe1492 High 2020-01-29
Blind SQL Injection in city-mobil.ru domain SQL Injection kiriknik Medium 2020-01-29
Boolean-based SQL Injection on relap.io SQL Injection agametov Critical 2020-01-22
Information disclosure with sensitive data Information Disclosure mickey01 No rating 2020-01-14
API method at api.my.games allows to enumerate user emails Information Disclosure mobius07 Medium 2020-01-14
IDOR в списке пользователей по домену в relap.io Insecure Direct Object Reference (IDOR) agametov Medium 2019-12-17
Account Takeover at worki.ru Violation of Secure Design Principles r0hack Critical 2019-12-17
Account Takeover at worki.ru Violation of Secure Design Principles r0hack Critical 2019-12-17
RCE on shared.mail.ru due to "widget" plugin Code Injection ruvlol Critical 2019-12-02
Account Takeover at vseapteki.ru Brute Force r0hack High 2019-12-02
Account Takeover at vseapteki.ru Brute Force r0hack High 2019-12-02
XSS via message subject - mobile application Cross-site Scripting (XSS) - DOM almaco High 2019-11-25
worki.ru: SMS code bruteforce Business Logic Errors r0hack High 2019-11-15
touch.mail.ru / e.mail.ru memory content disclosure None supplied maxarr Critical 2019-10-30
touch.mail.ru / e.mail.ru memory content disclosure None supplied maxarr Critical 2019-10-30
[XSS] postMessage в jsapi/button Cross-site Scripting (XSS) - DOM secator Medium 2019-10-28
Reflected XSS in https://light.mail.ru/login via page Cross-site Scripting (XSS) - Reflected harisec Medium 2019-10-25
[ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File Improper Access Control - Generic elmahdi High 2019-10-23
XSS via Cookie in Mail.ru Cross-site Scripting (XSS) - Stored mase289 Medium 2019-10-11
[agent.33slona.ru] Recovery code bruteforce Brute Force iframe High 2019-10-11
Avatar upload allows arbitrary file overwriting Path Traversal taraszelyk Medium 2019-09-28
[special.mail.ru] Information Disclosure Information Disclosure bobrov Medium 2019-09-25
Stored XSS Cross-site Scripting (XSS) - Stored pikky High 2019-09-01
web.icq.com XSS in chat message via contact info Cross-site Scripting (XSS) - Stored superboyxxx High 2019-08-24
Дюп предметов lootdog и возможность их продавать. Business Logic Errors ilyailya High 2019-08-02
[https://pandao.ru] - PUT method available None supplied godex Medium 2019-08-02
[XSS] data-url в письмах Cross-site Scripting (XSS) - Stored secator High 2019-08-02
Open Selenoid instance at 188.93.63.186 leads to LFR/SSRF. Improper Access Control - Generic chaosbolt Medium 2019-07-18
LRF on shared.mail.ru due to "markdown" plugin Path Traversal chaosbolt High 2019-07-18
Path traversal, SSTI and RCE on a MailRu acquisition Code Injection 0xc0ffee Critical 2019-07-08
Stored XSS in email None supplied pikky No rating 2019-07-07
Stealing Arbitrary Private Files of MyMail App Information Disclosure heeeeen Medium 2019-06-12
molotok.m.mail.ru delegated to external entity Externally Controlled Reference to a Resource in Another Sphere aieti Medium 2019-06-06
SSRF None supplied linkks None 2019-06-03
Source code disclosure Information Disclosure linkks Medium 2019-06-03
XXE on pulse.mail.ru XML External Entities (XXE) chaosbolt Low 2019-04-02
Cross application scripting via account.mail.ru Cross-site Scripting (XSS) - Stored tr3harder High 2019-03-11
Возможность зайти на любой аккаунт https://pandao.ru/ None supplied circuit Critical 2019-02-06
Shell upload in partner service Code Injection danila_xawdxawdx Medium 2018-11-13
Stored Blind XSS Cross-site Scripting (XSS) - Stored danila_xawdxawdx High 2018-11-12
XSS in e.mail.ru Cross-site Scripting (XSS) - Stored akop07 High 2018-11-12
[moba.my.com] phpinfo, logs Information Disclosure bobrov None 2018-11-12
[rm.mail.ru] Request-Path XSS Cross-site Scripting (XSS) - Reflected bobrov Medium 2018-11-12
Reflected XSS in delivery-club.ru Cross-site Scripting (XSS) - Reflected ph0b0s High 2018-11-12
Раскрытие серии/номера паспорта и снилс пользователя lootdog.io Information Disclosure lincoln9932 Low 2018-11-12
IDOR on mcs.mail.ru Information Exposure Through Sent Data danila_xawdxawdx None 2018-11-12
Reflected XSS on https://www.delivery-club.ru/ Cross-site Scripting (XSS) - Reflected danila_xawdxawdx Medium 2018-11-12
XSS on https://www.delivery-club.ru Cross-site Scripting (XSS) - Reflected danila_xawdxawdx Medium 2018-11-12
CSRF on lootdog.io Cross-Site Request Forgery (CSRF) danila_xawdxawdx Medium 2018-11-12
CSRF на покупку товара https://lootdog.io/ Cross-Site Request Forgery (CSRF) danila_xawdxawdx High 2018-11-12
XSS on https://www.delivery-club.ru/sd/test_330933/info/ Cross-site Scripting (XSS) - Stored danila_xawdxawdx High 2018-11-12
[target.my.com] CRLF Injection -> XSS Cross-site Scripting (XSS) - Reflected bobrov Medium 2018-11-06
[sj.my.com] Source Code Disclosure /.svn/wc.db Information Disclosure bobrov Medium 2018-11-06
[info.tmgame.mail.ru] Apache Server Status Information Disclosure bobrov Low 2018-11-06
[evo2.my.com] Internet Explorer XSS Cross-site Scripting (XSS) - Reflected bobrov Low 2018-11-06
[lk-cdn.3igames.mail.ru] apc.php Information Disclosure bobrov Low 2018-11-06
[new.wf.mail.ru] XSS Request-URI Cross-site Scripting (XSS) - Reflected bobrov Medium 2018-11-06
[beta.tracker.my.com] XSS Request-URI Cross-site Scripting (XSS) - Reflected bobrov Medium 2018-11-06
[gamesventures.mail.ru] Publicly accessible GIT directory Information Disclosure bobrov Low 2018-11-06
[sputnik.mail.ru] Publicly accessible GIT directory Information Disclosure bobrov Medium 2018-11-06
[hs.mail.ru] CRLF Injection / XSS Cross-site Scripting (XSS) - Generic bobrov Low 2018-11-06
[hs.mail.ru] XSS play_now.php Cross-site Scripting (XSS) - Reflected bobrov Low 2018-11-06
Чтение файлов на сервере и раскрытие директорий mediator.media Server-Side Request Forgery (SSRF) truwa Medium 2018-10-19
Blind XSS pets.mail.ru/admin/ Cross-site Scripting (XSS) - Stored w2w High 2018-10-19
Full account takeover am.ru Business Logic Errors w2w Medium 2018-10-19
Disclosure of user email address and Deanonymization [mail.ru] + Blind | Stored XSS pets.mail.ru Cross-site Scripting (XSS) - Stored w2w Low 2018-10-19
Блокированный ящик ( Обход ) Business Logic Errors hack2tools Low 2018-10-19
Double authentication bypass None supplied w2w None 2018-10-11
3rd party shop admin panel blind XSS Information Disclosure w2w Medium 2018-10-11
ДОБАВЛЕНИЕ СВОИХ ДАТ В КАЛЕНДАРЬ ПОЛЬЗОВАТЕЛЮ ! Cross-Site Request Forgery (CSRF) pisarenko Low 2018-10-03
XSS in touch.mail.ru Cross-site Scripting (XSS) - DOM saiyajin High 2018-10-02
XSS in e.mail.ru Cross-site Scripting (XSS) - Stored sql Medium 2018-09-24
Хранимая XSS в пожертованиях на dobro.mail.ru Cross-site Scripting (XSS) - Stored pisarenko High 2018-09-24
XSS https://health.mail.ru/my/ через внешнее имя аккаунта None supplied lincoln9932 No rating 2018-09-04
Раскрытие IP, почты и другой полезной информации lootdog.io Information Disclosure lincoln9932 Low 2018-09-04
XSS in delivery club Cross-site Scripting (XSS) - Reflected truwa Medium 2018-08-21
DNS Misconfiguration None supplied rootbakar Medium 2018-08-16
XSS в теле письма, в новой версии почты. Cross-site Scripting (XSS) - Stored maxarr High 2018-08-15
XSS ( Работа с письмами ) Cross-site Scripting (XSS) - Stored hack2tools Low 2018-08-15
XSS via Cookie in e.mail.ru Cross-site Scripting (XSS) - DOM obmi Medium 2018-08-15
Stored self-xss and its escalation to a victim account in e.mail.ru Cross-site Scripting (XSS) - Reflected obmi High 2018-08-15
XSS touch.mail.ru compose Body Cross-site Scripting (XSS) - DOM shafigullin No rating 2018-08-15
XSS account.mail.ru in state JSON script Cross-site Scripting (XSS) - Reflected shafigullin No rating 2018-08-15
XSS e.mail.ru fixSpecialSymbols Cross-site Scripting (XSS) - DOM shafigullin No rating 2018-08-15
[account.mail.ru] XSS на странице удаления аккаунта через backUrl Cross-site Scripting (XSS) - DOM s_p_q_r No rating 2018-07-31
[account.mail.ru] XSS на странице восстановления пароля Cross-site Scripting (XSS) - Reflected s_p_q_r No rating 2018-07-31
Race condition на market.games.mail.ru Write-what-where Condition diabllo High 2018-07-18
Attacker can send requests from mail.ru server Server-Side Request Forgery (SSRF) aieti Medium 2018-07-16
CSRF на biz.mail.ru Cross-Site Request Forgery (CSRF) c37hun None 2018-07-16
Вывод значений переменных Nginx в теле страницы Information Disclosure webr0ck Low 2018-07-16
слепая XSS в админ панели torg.mail.ru через отзыв Cross-site Scripting (XSS) - DOM pisarenko High 2018-07-02
CRLF injection mcs.mail.ru (leads to XSS) CRLF Injection w2w Medium 2018-06-19
XSS в отправителе, БЕТА-версия почты Cross-site Scripting (XSS) - Stored maxarr High 2018-06-10
XSS в теле письма. Cross-site Scripting (XSS) - Stored maxarr High 2018-06-10
Modifying application settings via clickjacking on o2.mail.ru UI Redressing (Clickjacking) zishanadthandar Low 2018-06-08
Local paths disclosure through error message Information Exposure Through an Error Message inet_freedom None 2018-06-04
lootdog.io XSS Cross-site Scripting (XSS) - Reflected lincoln9932 Medium 2018-06-04
Blind Stored XSS Cross-site Scripting (XSS) - Stored danila_xawdxawdx High 2018-06-04
Partner Account Takeover on https://www.delivery-club.ru через пользовательский аккаунт. Improper Authentication - Generic danila_xawdxawdx High 2018-06-04
Возможность залить шелл на https://widget.operator.mail.ru Code Injection danila_xawdxawdx Critical 2018-06-04
CSRF на добавление товара на продажу Cross-Site Request Forgery (CSRF) danila_xawdxawdx High 2018-06-04
Account Takeover on https://www.delivery-club.ru через партнерский аккаунт. Improper Authentication - Generic danila_xawdxawdx Critical 2018-06-04
Clickjacking Vulnerability on https://support.my.com/games/ticket/xxxx/ UI Redressing (Clickjacking) nullsaint None 2018-06-01
Открытая информация phpinfo() на сайте https://agent.mail.ru Information Disclosure mobius07 Low 2018-05-29
LFI in beta.mail.ru None supplied catferq Critical 2018-05-28
Хранимая XSS ( API ) Cross-site Scripting (XSS) - Stored hack2tools High 2018-05-23
XSS уязвимость Cross-site Scripting (XSS) - Reflected hack2tools High 2018-05-23
[dl.beepcar.ru] CRLF Injection None supplied vik0nd Low 2018-05-22
invalid handling of redirect_uri at o2.mail.ru/jsapi/button Improper Access Control - Generic ruvlol No rating 2018-05-22
[mobs.mail.ru] nginx path traversal via misconfigured alias Information Disclosure bobrov High 2018-05-22
[e.mail.ru] XSS на странице отправки денежного перевода Cross-site Scripting (XSS) - Reflected s_p_q_r No rating 2018-05-16
CSRF на calendar.mail.ru Cross-Site Request Forgery (CSRF) danila_xawdxawdx Medium 2018-05-11
XSS on e.mail.ru via postMessage Cross-site Scripting (XSS) - DOM obmi High 2018-05-11
Shell upload in http://widget.support.my.com/ OS Command Injection danila_xawdxawdx Critical 2018-05-11
[maps.me] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[aw.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[games.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[sf.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[lucky-fields.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[account.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[wos.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[support.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[mg.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[evo.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[evo2.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[furry.aw.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[id.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[allods.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[legal.my.com] Reflected XSS Cross-site Scripting (XSS) - Reflected bigbear_ No rating 2018-04-26
[babel.mail.ru] Admin Page Found Improper Access Control - Generic bigbear_ No rating 2018-04-26
[tanks.mail.ru] Content Spoofing Phishing bigbear_ No rating 2018-04-26
[s2.jugger.ru] Content Spoofing Phishing bigbear_ No rating 2018-04-26
[warofdragons.com] Content Spoofing Phishing bigbear_ No rating 2018-04-26
IDOR widget.support.my.com Insecure Direct Object Reference (IDOR) w2w Medium 2018-04-26
[tanks.mail.ru] Open Redirect Violation of Secure Design Principles 101usb None 2018-04-12
blind XXE in autodiscover parser XML External Entities (XXE) obmi Medium 2018-04-03
Same origin policy bypass on e.mail.ru via Cross-Site Flashing None supplied opnsec No rating 2018-04-02
Stored XSS when you read eamils. <style> Cross-site Scripting (XSS) - Stored ras-it High 2018-03-13
Открытое перенапровление на OpenID Open Redirect pisarenko Low 2018-03-13
filin.mail.ru user's e-mail address disclosure None supplied isaeva No rating 2018-02-21
[afisha.mail.ru] HTML-инъекция через XSS на портале виджета None supplied s_p_q_r No rating 2018-02-12
blind XXE when uploading avatar in mymail phone app XML External Entities (XXE) ruvlol High 2018-02-12
Blind XXE on my.mail.ru XML External Entities (XXE) ruvlol High 2018-02-06
XSS bypass Script execute,Read any file,execute any javascript code--UXSS Cross-site Scripting (XSS) - Stored tea High 2018-01-27
XSS в письме, в поле отправителя. Cross-site Scripting (XSS) - Stored maxarr High 2018-01-27
Отраженная XSS на cloud.mail.ru в URL в функционале создания и редактировании презентации. Cross-site Scripting (XSS) - Reflected ro_ High 2018-01-27
reflected xss on cycloferon.health.mail.ru Cross-site Scripting (XSS) - Reflected whitesector Medium 2018-01-26
XSS в письме, в теле письма. Cross-site Scripting (XSS) - Stored maxarr High 2018-01-26
XSS в теле письма, в блочных стилях. Cross-site Scripting (XSS) - Stored maxarr High 2018-01-26
Self-xss via drag&drop in email form Cross-site Scripting (XSS) - Reflected obmi Low 2018-01-26
XSS on account.mail.ru/login Man-in-the-Middle obmi Medium 2018-01-26
Uninitilized server memory disclosure via ImageMagick Information Disclosure hudmi High 2018-01-26
Android MailRu Email: Thirdparty can access private data files with small user interaction Privilege Escalation dzmitry Medium 2018-01-02
CSRF. Удаление адресной книги, добавление контактов Cross-Site Request Forgery (CSRF) napalube Medium 2017-12-29
При передаче в ID сообщения нулевого байта, происходит вывод какого-то буфера. Buffer Over-read bytehope High 2017-12-29
Reflected XSS in https://e.mail.ru/ Cross-site Scripting (XSS) - Reflected ras-it High 2017-12-28
[et.mail.ru] ssrf 2 Server-Side Request Forgery (SSRF) haxta4ok00 High 2017-12-28
XSS when replying / forwarding to a malicious email on iOS Cross-site Scripting (XSS) - Stored pwnsdx Medium 2017-12-28
Download attachments with traversal path into any sdcard directory (incomplete fix 106097) Path Traversal dzmitry Low 2017-12-28
touch.mail.ru/messages - Stored XSS Cross-site Scripting (XSS) - Stored luigigubello High 2017-12-27
Unupdated ImageMagic leads to uninitialized server memory disclosure Information Disclosure ruvlol Medium 2017-12-27
Stored XSS and html injection in biz.mail.ru Cross-site Scripting (XSS) - DOM ruvlol None 2017-12-27
A manager of a determinate group of users still might have access to any user account from any group that he doesn't administrate anymore. Client-Side Enforcement of Server-Side Security ruvlol Low 2017-12-27
XSS on https://account.mail.ru/login via postMessage Cross-site Scripting (XSS) - DOM buglloc High 2017-12-27
Possibility to view subdepartments for arbitrary domain Insecure Direct Object Reference (IDOR) ruvlol Medium 2017-12-20
Monitor Information Disclosure linkks No rating 2017-12-04
Stored XSS using SVG on subdomain infra.mail.ru Cross-site Scripting (XSS) - Stored whitesector Low 2017-12-01
XSS через подгрузку ссылки. Cross-site Scripting (XSS) - Stored lincoln9932 Medium 2017-11-21
reflected XSS on healt.mail.ru Cross-site Scripting (XSS) - Reflected whitesector Medium 2017-11-20
CRLF инъекция на https://tz.mail.ru HTTP Response Splitting lalka Low 2017-11-07
SSRF на https://target.my.com/ Server-Side Request Forgery (SSRF) lalka Medium 2017-11-07
Stored self-XSS pubg.mail.ru в нескольких местах Cross-site Scripting (XSS) - Stored lincoln9932 None 2017-10-31
Clickjacking Full account takeover and editing the personal information at [account.my.com] UI Redressing (Clickjacking) t-pwn No rating 2017-10-19
XSS in biz.mail.ru/error Cross-site Scripting (XSS) - DOM ruvlol Medium 2017-10-09
uninitilized server memory disclosure via ImageMagick in my.mail.ru and cloud.mail.ru Information Disclosure neex No rating 2017-09-11
BruteForce Any [My.com] Account Credentials. Brute Force 0xradi No rating 2017-09-04
Излишние права при авторизации через интерфейс mail.ru Improper Authentication - Generic f4lrik No rating 2017-08-22
Logical Vulnerability : REDIRECTING on pw.mail.ru by Parameter Spoofing Open Redirect othmanetamagart No rating 2017-08-21
Open Redirect on [My.com] Open Redirect 0xradi Low 2017-08-14
Обход basic авторизации [qpt.mail.ru] None supplied haxta4ok00 No rating 2017-07-17
XSS в портальной навигации Cross-site Scripting (XSS) - Stored lincoln9932 Medium 2017-07-11
By pass admin panel [conference.mail.ru] Improper Authentication - Generic haxta4ok00 No rating 2017-07-11
By pass admin panel [seminars.mail.ru] Improper Authentication - Generic haxta4ok00 No rating 2017-07-11
Admin panel access restrictions bypass [poll.mail.ru/admin/] Improper Authentication - Generic haxta4ok00 No rating 2017-07-11
Reflected XSS на https://aw.mail.ru/news/ Cross-site Scripting (XSS) - Generic lalka No rating 2017-07-03
Reflected XSS. Cross-site Scripting (XSS) - Generic lalka No rating 2017-07-03
Reflected XSS. Cross-site Scripting (XSS) - Generic lalka No rating 2017-07-03
Reflected XSS on hi-tech.mail.ru Cross-site Scripting (XSS) - Generic lalka No rating 2017-07-03
XSS с помощью специально сформированного файла. Cross-site Scripting (XSS) - Generic lalka No rating 2017-07-03
Xss в https://e.mail.ru/ Cross-site Scripting (XSS) - Stored danila_xawdxawdx Medium 2017-06-02
Xss в https://e.mail.ru/ Cross-site Scripting (XSS) - Stored danila_xawdxawdx Medium 2017-05-25
IDOR in tender.mail.ru leading to Information Disclosure None supplied khalidamin No rating 2017-05-25
xss на нескольких форумах игр от mail.ru (Cross-Site Scripting) Cross-site Scripting (XSS) - Generic danila_xawdxawdx No rating 2017-05-25
Reflected XSS on frag.mail.ru Cross-site Scripting (XSS) - Reflected twicedi No rating 2017-05-10
Open Redirect Open Redirect t-pwn No rating 2017-05-04
Open Redirection at https://it.mail.ru/ Open Redirect t-pwn No rating 2017-05-04
Stored XSS in e.mail.ru (payload affect multiple users) Cross-site Scripting (XSS) - Stored afine-team Medium 2017-04-17
Stored XSS Cross-site Scripting (XSS) - Generic t-pwn Low 2017-03-30
[allods.mail.ru] Reflected XSS Cross-site Scripting (XSS) - Generic bigbear_ No rating 2017-03-27
[w1.dwar.ru] Core Dump Memory Corruption - Generic bigbear_ No rating 2017-03-27
[otus.p.mail.ru] Full Path Disclosure Information Disclosure bigbear_ No rating 2017-03-27
Potential SSRF in sales.mail.ru Server-Side Request Forgery (SSRF) paresh_parmar Medium 2017-03-27
[gitmm.corp.mail.ru] Auth Bypass, Information Disclosure Improper Authentication - Generic bigbear_ No rating 2017-03-27
Open Redirect Open Redirect sup3r-b0y No rating 2017-03-17
[allods.mail.ru] Cross-Site Request Forgery (Add-Item) Cross-Site Request Forgery (CSRF) ahsan Low 2017-03-17
CSRF Send a message at street-combats.mail.ru Cross-Site Request Forgery (CSRF) xhzeem Medium 2017-03-17
[otus.p.mail.ru] CRLF Injection Information Disclosure bigbear_ No rating 2017-03-03
[it.mail.ru] Open Redirect Open Redirect bigbear_ No rating 2017-03-03
[allods.my.com] Full SQL Disclosure Information Disclosure bigbear_ No rating 2017-03-03
[allods.my.com] Full Path Disclosure Information Disclosure bigbear_ No rating 2017-03-03
[opensource.mail.ru] Debug Mode Information Disclosure bigbear_ No rating 2017-03-03
[api.login.icq.net] Reflected XSS Cross-site Scripting (XSS) - Generic bigbear_ No rating 2017-03-03
[3k.mail.ru] Content Spoofing Violation of Secure Design Principles bigbear_ No rating 2017-03-03
[api.login.icq.net] Open Redirect Open Redirect bigbear_ No rating 2017-03-03
[pokerist.mail.ru] XSS Request-URI Cross-site Scripting (XSS) - Generic bobrov Low 2017-03-02
[qpt.mail.ru] CRLF Injection / Open Redirect HTTP Response Splitting bobrov Low 2017-03-02
[element.mail.ru] /.svn/entries Information Disclosure bobrov Low 2017-03-02
[cooking.lady.mail.ru] Open Redirect Open Redirect bobrov Low 2017-03-02
[ml.money.mail.ru] Open Redirect Open Redirect bobrov Low 2017-03-02
Disclosure of information on static.dl.mail.ru Information Disclosure rbcafe No rating 2017-02-12
Activities are not Protected and able to crash app using other app (Can Malware or third parry app). Information Disclosure bugwrangler No rating 2017-02-12
Stored XSS на street-combats.mail.ru Cross-site Scripting (XSS) - Generic cyberpunkych No rating 2016-12-26
[torg.mail.ru] CRLF Injection None supplied s_p_q_r No rating 2016-12-12
Time-based sql-injection на https://puzzle.mail.ru SQL Injection lalka No rating 2016-11-15
Mail.ru for Android Content Provider Vulnerability Information Disclosure murthy68 No rating 2016-11-02
Reflected XSS @ games.mail.ru Cross-site Scripting (XSS) - Generic ahsan No rating 2016-10-18
[realty.mail.ru] XSS, SSI Injection Command Injection - Generic bobrov No rating 2016-10-06
[touch.lady.mail.ru] CRLF Injection None supplied bobrov No rating 2016-10-06
[support.my.com] Internet Explorer XSS Cross-site Scripting (XSS) - Generic bobrov No rating 2016-10-06
[tanks.mail.ru] Internet Explorer XSS via Request-URI Cross-site Scripting (XSS) - Generic bobrov No rating 2016-10-06
[mrgs.mail.ru] Internet Explorer XSS via Request-URI Cross-site Scripting (XSS) - Generic bobrov No rating 2016-10-06
[corp.mail.ru] CRLF Injection / Insecure nginx configuration None supplied bobrov No rating 2016-10-06
[rabota.mail.ru] Open Redirect Open Redirect bobrov No rating 2016-10-03
[my.mail.ru] CRLF Injection None supplied bobrov No rating 2016-10-03
[s.mail.ru] CRLF Injection None supplied bobrov No rating 2016-10-03
[upload-X.my.mail.ru] /uploadphoto Insecure Direct Object References Improper Authentication - Generic bobrov No rating 2016-10-03
[my.mail.ru] HTML injection в письмах от [email protected] Cross-site Scripting (XSS) - Generic bobrov No rating 2016-10-03
Full Path Disclosure Information Disclosure c37hun No rating 2016-09-29
[odnoklassniki.ru] XSS via Host Cross-site Scripting (XSS) - Generic bobrov No rating 2016-09-26
[tidaltrek.mail.ru] SQL Injection SQL Injection konqi No rating 2016-09-16
[cfire.mail.ru] CSRF Bypassed - Changing anyone's 'User Info' Cross-Site Request Forgery (CSRF) ahsan No rating 2016-09-09
XSS at af.attachmail.ru Cross-site Scripting (XSS) - Generic paresh_parmar No rating 2016-08-12
[opensource.mail.ru] system accounts enumeration Information Disclosure konqi No rating 2016-08-08
HTML Injection на e.mail.ru Cross-site Scripting (XSS) - Generic c37hun No rating 2016-07-20
Cross Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) malcolmx No rating 2016-07-20
Possibility to attach any mobile number to any email Improper Authentication - Generic hunter No rating 2016-07-18
[connect.mail.ru] Memory Disclosure / IE XSS None supplied bobrov No rating 2016-07-11
[townwars.mail.ru] Time-Based SQL Injection SQL Injection konqi No rating 2016-07-06
Back Refresh Attack after registration and successful logout Violation of Secure Design Principles sudoshekhar No rating 2016-07-01
BRUTE FORCE ATTACK None supplied md-firdous No rating 2016-06-27
Code source discloure & ability to get database information "SQL injection" in [townwars.mail.ru] SQL Injection xsam No rating 2016-06-22
Утечка информации через JSONP (XXSI) Information Disclosure cyberpunkych No rating 2016-06-20
bgplay.mail.ru Code Injection isox No rating 2016-06-20
AXFR на plexus.m.smailru.net работает Information Disclosure isox No rating 2016-06-15
[sales.mail.ru] CRLF Injection None supplied s_p_q_r No rating 2016-06-15
[tidaltrek.mail.ru] SQL Injection SQL Injection konqi No rating 2016-05-26
SQL Injection SQL Injection konqi No rating 2016-05-26
[tz.mail.ru] XSS в функционале авторизации Cross-site Scripting (XSS) - Generic s_p_q_r No rating 2016-05-25
Insecure cookies without httpOnly flag set None supplied thalaivarsubu No rating 2016-05-25
Reflected XSS на games.mail.ru Cross-site Scripting (XSS) - Generic cyberpunkych No rating 2016-05-12
VERY DANGEROUS XSS STORED inside emails Cross-site Scripting (XSS) - Generic seifelsallamy No rating 2016-04-07
Раскрытие номера мобильного телефона при двухфакторной аутентификации None supplied gorodnya No rating 2016-03-25
[orsotenslimselfie.lady.mail.ru] SQL Injection SQL Injection konqi No rating 2016-03-15
Time-Based Blind SQL Injection Attacks SQL Injection lukazorge No rating 2016-03-10
Cross Site Scripting Cross-site Scripting (XSS) - Generic architaa No rating 2016-03-10
SSRF на element.mail.ru Information Disclosure cyberpunkych No rating 2016-02-24
[3k.mail.ru] SQL Injection SQL Injection konqi No rating 2016-02-24
reflected in xss Cross-site Scripting (XSS) - Generic ilsen No rating 2016-02-17
[allods.my.com] SSRF / XSPA None supplied konqi No rating 2016-02-11
XSS at forum : Cross-site Scripting (XSS) - Generic paresh_parmar No rating 2016-02-01
[afisha.mail.ru] SQL Injection SQL Injection konqi No rating 2016-02-01
Multiple vulnerabilities in mail.ru subdomains Cross-site Scripting (XSS) - Generic harry_mg No rating 2016-01-27
[parapa.mail.ru] SQL Injection SQL Injection konqi No rating 2016-01-18
[cfire.mail.ru] Time Based SQL Injection SQL Injection konqi No rating 2016-01-15
Flash XSS на old.corp.mail.ru Cross-site Scripting (XSS) - Generic c37hun No rating 2015-12-11
Авторизуюсь от имени любого пользователя parapa.mail.ru Privilege Escalation c37hun No rating 2015-12-11
Выполнение кода PHP через FastCGI None supplied c37hun No rating 2015-12-11
Cross site scripting Cross-site Scripting (XSS) - Generic smit No rating 2015-12-11
Reflective Xss on news.mail.ru and admin.news.mail.ru Cross-site Scripting (XSS) - Generic mak No rating 2015-12-11
[api.allodsteam.com] Authentication Data Command Injection - Generic bigbear_ No rating 2015-12-01
XSS: https://light.mail.ru/compose, https://m.mail.ru/compose/[id]/reply при ответе на специальным образом сформированное письмо Cross-site Scripting (XSS) - Generic aesteral No rating 2015-11-16
[ling.go.mail.ru] Server-Status opened for all users Information Disclosure bigbear_ No rating 2015-11-13
Ошибка фильтрации UI Redressing (Clickjacking) cyberunit No rating 2015-11-02
Flash XSS on img.mail.ru Cross-site Scripting (XSS) - Generic tunnelshade No rating 2015-10-30
Vulnerability :- "XSS vulnerability" Cross-site Scripting (XSS) - Generic bhavi No rating 2015-10-24
[riot.mail.ru] Reflected XSS in debug-mode Cross-site Scripting (XSS) - Generic bigbear_ No rating 2015-10-21
[start.icq.com] Reflected XSS via Cookies Cross-site Scripting (XSS) - Generic bigbear_ No rating 2015-10-21
e.mail.ru: SMS spam with custom content None supplied isox No rating 2015-09-13
target.mail.ru: XSS Cross-site Scripting (XSS) - Generic isox No rating 2015-09-13
files.mail.ru: XSS Cross-site Scripting (XSS) - Generic isox No rating 2015-09-13
e.mail.ru: File upload "Chapito" circus Memory Corruption - Generic isox No rating 2015-09-13
target.mail.ru: XSS через Referer Cross-site Scripting (XSS) - Generic isox No rating 2015-09-13
connect.mail.ru: SSRF None supplied isox No rating 2015-09-13
my.mail.ru: HTTP Header Injection None supplied isox No rating 2015-09-13
touch.afisha.mail.ru: XSS Cross-site Scripting (XSS) - Generic isox No rating 2015-09-13
auth.mail.ru: XSS in login form Cross-site Scripting (XSS) - Generic isox No rating 2015-09-13
api.video.mail.ru: XSS Cross-site Scripting (XSS) - Generic isox No rating 2015-09-13
https://217.69.135.63/rb/: money.mail.ru sources disclosure Information Disclosure isox No rating 2015-09-13
http://fitter1.i.mail.ru/browser/ торчит Graphite в мир Code Injection isox No rating 2015-09-13
Possible xWork classLoader RCE: shared.mail.ru Code Injection isox No rating 2015-09-13
help2.m.smailru.net: XSS Cross-site Scripting (XSS) - Generic isox No rating 2015-09-13
http://tp-dev1.tp.smailru.net/ Improper Authentication - Generic isox No rating 2015-09-13
tt-mac.i.mail.ru: Quagga 0.99.23.1 (Router) : Default password and default enable password Code Injection isox No rating 2015-09-13
store-agent.mail.ru: stacked blind injection SQL Injection isox No rating 2015-09-13
https://voip.agent.mail.ru/phpinfo.php Information Disclosure isox No rating 2015-09-13
Hadoop Node available to public Information Disclosure isox No rating 2015-09-13
HDFS NameNode Public disclosure: http://185.5.139.33:50070/dfshealth.jsp None supplied isox No rating 2015-09-13
scfbp.tng.mail.ru: Heartbleed Information Disclosure isox No rating 2015-09-13
RCE через JDWP Command Injection - Generic isox No rating 2015-09-13
Heartbleed: my.com (185.30.178.33) port 1433 None supplied isox No rating 2015-09-13
cloud.mail.ru: File upload XSS using Content-Type header Cross-site Scripting (XSS) - Generic isox No rating 2015-09-13
GET /surveys/2auth: XSS Cross-site Scripting (XSS) - Generic isox No rating 2015-09-13
http://217.69.136.200/?p=2&c=Fetcher%20cluster&h=fetcher1.mail.ru None supplied isox No rating 2015-09-13
/surveys/2auth: DOM-based XSS Cross-site Scripting (XSS) - Generic isox No rating 2015-09-13
3k.mail.ru: XSS Cross-site Scripting (XSS) - Generic isox No rating 2015-09-13
files.mail.ru: HTTP Header Injection None supplied isox No rating 2015-09-13
m.agent.mail.ru: Подделываем j2me app-descriptor None supplied isox No rating 2015-09-13
money.mail.ru: Странное поведение SMS Memory Corruption - Generic isox No rating 2015-09-13
tp-demo1.corp.mail.ru: SVN наружу торчит None supplied isox No rating 2015-09-13
Не уверен, что этому место на периметре: 94.100.180.95, 94.100.180.96, 94.100.180.97, 94.100.180.98 None supplied isox No rating 2015-09-13
Перечисление каталогов за счёт уязвимости в IIS Information Disclosure bigbear No rating 2015-06-28
No bruteforce protection leads to enumeration of emails in http://e.mail.ru/ Violation of Secure Design Principles niyaax No rating 2015-06-28
e.mail.ru stored XSS in agent via sticker (smile) Cross-site Scripting (XSS) - Generic reactors08 No rating 2015-06-28
XSS in touch.sports.mail.ru Cross-site Scripting (XSS) - Generic ddworken No rating 2015-05-21
XSS in ad.mail.ru Cross-site Scripting (XSS) - Generic ddworken No rating 2015-05-02
XSS in realty.mail.ru Cross-site Scripting (XSS) - Generic ddworken No rating 2015-05-02
Same Origin Policy bypass Cross-Site Request Forgery (CSRF) zoczus No rating 2015-03-27
XSS Vulnerability in cfire.mail.ru/screen/1/ Cross-site Scripting (XSS) - Generic ddworken No rating 2015-03-22
Stored XSS on http://top.mail.ru Cross-site Scripting (XSS) - Generic 4lemon No rating 2015-01-10
localStorage не чистится после выхода Information Disclosure kamil_hism No rating 2014-12-10
XSS via .eml file Cross-site Scripting (XSS) - Generic reactors08 No rating 2014-12-10
Нежелательная информация Information Disclosure bigbear No rating 2014-12-10
Time based sql injection SQL Injection psych0tr1a No rating 2014-12-10
touch.mail.ru XSS via message id Cross-site Scripting (XSS) - Generic reactors08 No rating 2014-12-10
OpenSSL HeartBleed (CVE-2014-0160) None supplied c37hun No rating 2014-12-10
Reflected XSS connect.mail.ru (IE6-IE8) Cross-site Scripting (XSS) - Generic 4lemon No rating 2014-12-10
Content Spoofing vulnerability in Mail.ru mobile Violation of Secure Design Principles mohank No rating 2014-12-10
XXE and SSRF on webmaster.mail.ru Command Injection - Generic 4lemon No rating 2014-12-10
Stored XSS on http://cards.mail.ru Cross-site Scripting (XSS) - Generic 4lemon No rating 2014-12-10
XSS in https://e.mail.ru/cgi-bin/lstatic (Limited use) Cross-site Scripting (XSS) - Generic 4lemon No rating 2014-12-10
SQL injection [дырка в движке форума] SQL Injection psych0tr1a No rating 2014-11-16
Раскрытие полного серверного пути Information Disclosure bigbear No rating 2014-10-16
Flash XSS in http://lingvo.mail.ru Cross-site Scripting (XSS) - Generic quistertow No rating 2014-10-02
Раскрытие путей сервера за счёт неопределённого индекса в сценарии /home/berserk-online.com/public_html/forum/Themes/berserker/Profile.template.php Information Disclosure bigbear No rating 2014-09-27
(m.mail.ru) Password type input with auto-complete enabled Information Disclosure vineet No rating 2014-09-19
SQL Injection on 11x11.mail.ru SQL Injection bigbear No rating 2014-09-16
Reflected XSS in User-Agent Cross-site Scripting (XSS) - Generic bigbear No rating 2014-09-16
SQL inj SQL Injection vah13 No rating 2014-09-12
Reflected XSS Cross-site Scripting (XSS) - Generic chandrakant No rating 2014-09-10
Version Disclosure (NginX) Information Disclosure stalker No rating 2014-09-10
SQL SQL Injection vah13 No rating 2014-08-16
rs.mail.ru - Flash Based XSS Cross-site Scripting (XSS) - Generic quistertow No rating 2014-08-07
Flash XSS in http://go.mail.ru Cross-site Scripting (XSS) - Generic quistertow No rating 2014-08-07
Reflected XSS Cross-site Scripting (XSS) - Generic bigbear No rating 2014-08-07
Clicjacking on Login panel UI Redressing (Clickjacking) chandrakant No rating 2014-07-14
XSS in a file or folder name Cross-site Scripting (XSS) - Generic reactors08 No rating 2014-07-09
Xss On http://my.mail.ru/ Cross-site Scripting (XSS) - Generic chandrakant No rating 2014-07-08
XSS in "About Video" Cross-site Scripting (XSS) - Generic reactors08 No rating 2014-07-06
Flash XSS - http://hi-tech.mail.ru/ Cross-site Scripting (XSS) - Generic quistertow No rating 2014-07-05
No CSRF token used in Phone Verification POST Cross-Site Request Forgery (CSRF) siddiki No rating 2014-06-11
Home page reflected XSS Cross-site Scripting (XSS) - Generic bitquark No rating 2014-06-06
Clickjacking UI Redressing (Clickjacking) ma120320 No rating 2014-06-06
Admin panel of http://tp-test1.corp.mail.ru/ is acccessible publicly Violation of Secure Design Principles s3curient No rating 2014-05-30
SQL inj SQL Injection vah13 No rating 2014-05-30
SQL injection update.mail.ru SQL Injection vah13 No rating 2014-05-30
Persistent XSS in afisha.mail.ru Cross-site Scripting (XSS) - Generic 4p00rv No rating 2014-05-28
Login without SSL-Protection Violation of Secure Design Principles redshark1802 No rating 2014-05-27
Unproper usage of Mobile Number that will lead to Information Disclosure Cryptographic Issues - Generic atom No rating 2014-05-22