[allods.mail.ru] - WebCache Poisoning Host Header lead to Potential Stored XSS |
Cross-site Scripting (XSS) - Stored |
0xd0ff9 |
Medium |
2021-12-08 |
Stored XSS on https://community.my.games/ (Add Post) |
Cross-site Scripting (XSS) - Stored |
c1kada |
Medium |
2021-12-01 |
Cross-site Scripting (XSS) - Stored |
Cross-site Scripting (XSS) - Stored |
ghost_shell |
High |
2021-11-25 |
REST API Endpoint leads to Unauthorized user disclosed private [ issue ] details |
Privilege Escalation |
updatelap |
High |
2021-11-06 |
bit.games - sql-inj |
SQL Injection |
alexeysergeevich |
Medium |
2021-11-06 |
[titans.3clans.ru] phpBB 3.0.8 - Захват аккаунта администратора + удалённое выполнение кода. |
OS Command Injection |
alexeysergeevich |
None |
2021-11-06 |
tmgame.mail.ru - Blind sql injection |
SQL Injection |
alexeysergeevich |
Medium |
2021-11-06 |
kds.ucs.ru - раскрытие информации. |
Business Logic Errors |
alexeysergeevich |
High |
2021-11-06 |
[samokat.ru] PHP modules path disclosure due to lack of error handling |
Information Exposure Through Debug Information |
andridev_ |
None |
2021-11-03 |
[play.skillbox.ru] CRLF Injection |
CRLF Injection |
s_kustm |
Medium |
2021-10-30 |
Незащищённый экземпляр Zeppelin |
None supplied |
k3ypt0 |
Critical |
2021-10-20 |
CVE-2020-11110: Grafana Unauthenticated Stored XSS -████.bizml.ru |
Cross-site Scripting (XSS) - Stored |
melbadry9 |
None |
2021-10-11 |
[ii.worki.ru ] emarsys subdomain takeover |
Privilege Escalation |
uddeshaya001 |
Medium |
2021-09-28 |
Stored XSS on top.mail.ru |
Cross-site Scripting (XSS) - Stored |
savproga |
Medium |
2021-09-10 |
SQL injection on jd.mail.ru |
SQL Injection |
pisarenko |
High |
2021-09-08 |
[185.30.178.57:8080] - Vulnerable to Jetleak |
Memory Corruption - Generic |
xaleraf4ra |
Critical |
2021-09-08 |
subdomain takeover disney.samokat.ru |
Privilege Escalation |
nanwn |
Medium |
2021-09-07 |
informations disclosure(Email,Numbers,Agreements, admin Sessions and more ...) through a PostgreSQL database belongs to (legium-back.corp.mail.ru) |
Information Disclosure |
yukusawa18 |
Medium |
2021-09-05 |
[Biz] [Mailer] Кроп любых* изображений расположенных на сервере |
Resource Injection |
kriakiku |
Medium |
2021-08-30 |
Blind XSS Stored and CORS misconfiguration в отчете "События" сервиса top.mail.ru |
Cross-site Scripting (XSS) - Stored |
savproga |
High |
2021-08-17 |
Subdomain takeover on "info-edcrunch.skillfactory.ru" |
Privilege Escalation |
abosala7 |
Medium |
2021-08-15 |
mailer.i.bizml.ru viber service preprod information disclosure |
Information Disclosure |
cutoffurmind |
Medium |
2021-08-13 |
uchi.ru check_lessons Blind SQL Injection |
SQL Injection |
cutoffurmind |
High |
2021-08-13 |
[http://kiwi.youdrive.today/] Information disclosure via Kiwi TCMS vulnerability |
Improper Access Control - Generic |
act1on3 |
Medium |
2021-08-13 |
[app-01.youdrive.club] RCE in CI/CD via dependency confusion |
Command Injection - Generic |
act1on3 |
High |
2021-07-27 |
[geekbrains.ru] Node modules path disclosure due to lack of error handling |
Information Disclosure |
nakabonne |
Low |
2021-07-27 |
[tanks.mail.ru] SSRF + Кража cookie |
Cross-Site Request Forgery (CSRF) |
alexeysergeevich |
Medium |
2021-07-22 |
Unauthorized Access To Admin panel |
Improper Access Control - Generic |
01alsanosi |
None |
2021-07-22 |
Bypassing SOP with XSS on account.my.games leading to steal CSRF token and user information |
Cross-Site Request Forgery (CSRF) |
sec_zone64 |
Medium |
2021-07-22 |
CSRF + XSS leads to ATO |
Cross-Site Request Forgery (CSRF) |
bombon |
Medium |
2021-06-22 |
[com.icq.mobile.client] Любое стороннее приложение может угнать сессию, а также другие файлы приложения |
Information Disclosure |
igorpyan |
Medium |
2021-06-22 |
internal path disclosure via error message |
Information Exposure Through an Error Message |
ali-h-hasan |
None |
2021-06-22 |
[mcs.mail.ru] Пользователь с ролью наблюдателя может создавать ключи доступа для очереди сообщений (sqs.mcs.mail.ru) |
Improper Access Control - Generic |
mrd0x1 |
Medium |
2021-06-22 |
XSS (reflected, and then, cookie persisted) on api documentation site theme selector (old version of dokuwiki) |
Cross-site Scripting (XSS) - Stored |
mvm |
Medium |
2021-06-06 |
Stored XSS на странице "Измененить водителя" [city-mobil.ru/taxiserv] |
Cross-site Scripting (XSS) - Stored |
kwel |
Low |
2021-05-28 |
Stored XSS на странице "Изменить клиента", вкладка "История" [city-mobil.ru/taxiserv] |
Cross-site Scripting (XSS) - Stored |
kwel |
Low |
2021-05-28 |
Disk-o Cloud application (Windows) does not validate server certificate on a TLS connection |
Improper Certificate Validation |
aapo |
High |
2021-05-26 |
Account takeover on [support2.ucs.ru] |
Brute Force |
tounsi_007 |
Low |
2021-05-26 |
Blind SQL in id_locality GET param on [city-mobil.ru/taxiserv] |
SQL Injection |
organdonor |
High |
2021-05-25 |
Blind SQL injection on [city-mobil.ru/taxiserv/] in filter{"id_locality"} |
SQL Injection |
organdonor |
High |
2021-05-25 |
Debug Mode Leak Critical Information [ AWS Keys , SMTP , Database , Django Secret Key ( RCE ) , Dodoc , Telegram , Twilio .. ] |
Information Disclosure |
yukusawa18 |
Critical |
2021-05-24 |
SSRF at jira.plazius.ru - CVE-2019-8451 |
Server-Side Request Forgery (SSRF) |
cutedoggo |
High |
2021-05-12 |
Path traversal lead to LFR via [CVE-2019-3394] |
Path Traversal |
tounsi_007 |
Critical |
2021-05-12 |
[web.icq.com] Stored XSS in Account Name |
Cross-site Scripting (XSS) - Stored |
0x7 |
Medium |
2021-04-30 |
[Plazius] SSRF через некорректно сконфигурированный Fiddler 46.148.201.206:10121 |
Server-Side Request Forgery (SSRF) |
p1006 |
High |
2021-04-24 |
relap.io/admin/api - административный API доступен без аутентификации |
Improper Authentication - Generic |
stanhates |
High |
2021-04-23 |
Stored XSS on store.my.games |
Cross-site Scripting (XSS) - Stored |
3xternull |
Medium |
2021-04-17 |
Blind SSRF on [relap.io] |
Server-Side Request Forgery (SSRF) |
kiriknik |
Medium |
2021-04-12 |
read new emails from any inbox IOS APP in notification center |
Insecure Direct Object Reference (IDOR) |
dennisleo6 |
Critical |
2021-04-10 |
DOM XSS on https://biz.mail.ru/domains/goto/mail/ via parameter pollution |
Cross-site Scripting (XSS) - DOM |
p4fg |
Medium |
2021-04-06 |
Открытый Confluence и доступы к чату операторов в Skype |
Information Disclosure |
r0hack |
Medium |
2021-03-25 |
XSS via POST request to https://account.mail.ru/signup/ |
Cross-site Scripting (XSS) - Reflected |
login-denied |
Medium |
2021-03-20 |
file read on MCS servers via supplying a QCOW2 image with external backing file |
Information Disclosure |
neex |
High |
2021-03-19 |
[city-mobil.ru/taxiserv/] SQLi at /taxiserv/tariffs/dictionary at filter{"id_locality"} param |
SQL Injection |
act1on3 |
Critical |
2021-03-19 |
SQL injection delivery-club.ru (ClickHouse) |
SQL Injection |
k3ypt0 |
Medium |
2021-03-18 |
MCS Graphite SSRF: internal network access |
Server-Side Request Forgery (SSRF) |
cutoffurmind |
Medium |
2021-03-13 |
XXE на webdav.mail.ru - PROPFIND/PROPPATCH |
XML External Entities (XXE) |
0ang3el |
High |
2021-03-01 |
Blind SSRF на calendar.mail.ru при импорте календаря |
Server-Side Request Forgery (SSRF) |
0ang3el |
Medium |
2021-03-01 |
Access User Tickets via IDOR in [widget.support.my.games] |
None supplied |
sicksec |
High |
2020-11-25 |
Source code and internal credentials disclosure |
Information Disclosure |
paul_axe |
High |
2020-11-25 |
Redmin API Key Exposed In GIthub |
Information Disclosure |
elmahdi |
Medium |
2020-11-25 |
the same as #948259 - XSS at jsgames.mail.ru |
Cross-site Scripting (XSS) - Reflected |
sodium_ |
Low |
2020-11-25 |
Blind SSRF on http://info.ucs.ru/settings/check/ |
Server-Side Request Forgery (SSRF) |
elmahdi |
Medium |
2020-11-25 |
lenta_proxy information disclosure |
Information Exposure Through an Error Message |
naategh |
Medium |
2020-11-25 |
Information Disclosure |
Information Disclosure |
steal_wart |
None |
2020-11-25 |
Disclosure of personal support email addresses on 'support-fleet.city-mobil.ru' |
Information Disclosure |
olidayw |
Low |
2020-11-11 |
cross site scripting bypass session |
Cross-site Scripting (XSS) - Reflected |
dennisleo6 |
High |
2020-11-04 |
Path traversal on bank.mail.ru ( CVE-2013-3827 ) |
Path Traversal |
st00rm |
Medium |
2020-11-04 |
mrgs.my.games account takeover |
Improper Access Control - Generic |
maxarr |
High |
2020-11-03 |
Account Takeover possibility via https://awards.donationalerts.com using login with twitch.tv |
Improper Authentication - Generic |
jayesh25 |
High |
2020-11-03 |
SQL LIKE clauses wildcard injection |
SQL Injection |
bazzy |
No rating |
2020-10-31 |
SQL LIKE clauses wildcard injection |
SQL Injection |
bazzy |
No rating |
2020-10-31 |
[my.games, lootdog.io] XSS via MCS Bucket |
Cross-site Scripting (XSS) - Stored |
bobrov |
Medium |
2020-10-31 |
[api.my.games/social/chat/multi/add] Privilege escalation on adding new members to group chat |
Privilege Escalation |
mainteemoforfun |
None |
2020-10-30 |
SQL Injection [unauthenticated] with direct output at https://news.mail.ru/ |
SQL Injection |
derision |
High |
2020-10-30 |
SQL Injection [unauthenticated] with direct output at https://news.mail.ru/ |
SQL Injection |
derision |
High |
2020-10-30 |
Multiple SQL Injections and constrained LFI in esk-static.3igames.mail.ru |
SQL Injection |
haxonaut |
High |
2020-10-29 |
Логи на http://login.aa.mail.ru/logs/ |
Information Disclosure |
devirok |
Low |
2020-10-28 |
Reflected XSS on https://e.mail.ru/compose/ via Body parameter |
Cross-site Scripting (XSS) - Reflected |
panya |
Medium |
2020-10-27 |
[combo.mail.ru] SMS code bruteforce |
Brute Force |
esetal |
High |
2020-10-27 |
OTP bypass on user account deletion |
Modification of Assumed-Immutable Data (MAID) |
risinghunter |
Low |
2020-10-27 |
Stored XSS through fileupload |
Cross-site Scripting (XSS) - Stored |
ther3d0ne |
Medium |
2020-10-27 |
Cross-site Scripting (XSS) - DOM on https://account.mail.ru/user/garage?back_url=https://mail.ru |
Cross-site Scripting (XSS) - DOM |
magzhan |
High |
2020-10-27 |
Insufficient limitation of web page title leads to DoS against ICQ for Android |
Denial of Service |
artebels |
Medium |
2020-10-24 |
web.icq.com XSS in chat message via contact info |
Cross-site Scripting (XSS) - Stored |
superboyxxx |
High |
2020-10-15 |
NPM_API_KEY Leak |
Information Disclosure |
rzx007x |
Low |
2020-10-14 |
SMS Brute Force Possibility via https://youdrive.today/login/web/code can lead to Account Takeover |
Brute Force |
jayesh25 |
High |
2020-10-13 |
Возможность создать канал в группе, в которой пользователь не является админом [my.games] |
Business Logic Errors |
kwel |
None |
2020-10-13 |
This Github Repository Seems Leaking "nino.samokat.ru" Source Code |
Information Disclosure |
gevakun |
Medium |
2020-10-13 |
Stored XSS in history on [corporate.city-mobil.ru] |
Cross-site Scripting (XSS) - Stored |
organdonor |
Low |
2020-10-12 |
Stored XSS in address on [corporate.city-mobil.ru] |
Cross-site Scripting (XSS) - Stored |
organdonor |
Low |
2020-10-12 |
Пользователь может изменить способ оплаты указав чужой corporation ID |
Business Logic Errors |
moonwalker |
Medium |
2020-10-12 |
Stored Xss |
Cross-site Scripting (XSS) - Stored |
ja3far |
Medium |
2020-10-07 |
Forgot Password Page SMS Brute Force could lead to Account Takeover using Android/IOS app "About the house" via api.prodom.smart.space |
Brute Force |
jayesh25 |
High |
2020-10-06 |
Возможность просмотра коментариев к чужим обращениям [corporate.city-mobil.ru] |
Insecure Direct Object Reference (IDOR) |
kwel |
Medium |
2020-10-05 |
Improper Restriction of Excessive Authentication Attempts at https://api.warrobots.com/auth (Pixonic Games) |
Brute Force |
jayesh25 |
Low |
2020-10-05 |
HTTP request smuggling (?) canpol.deti.mail.ru |
None supplied |
maxarr |
High |
2020-10-05 |
HTTP request smuggling (?) canpol.deti.mail.ru |
None supplied |
maxarr |
High |
2020-10-05 |
[geekbrains.ru] CVE-2019-5418 Ruby on Rails File Content Disclosure |
Path Traversal |
bobrov |
Medium |
2020-10-05 |
ICQ Android APP remote DoS |
Denial of Service |
zoczus |
Low |
2020-10-05 |
IDOR of contracts on dictor.mail.ru |
Insecure Direct Object Reference (IDOR) |
tr3harder |
None |
2020-10-05 |
Ability to edit the address of any company by its id on [corporate.city-mobil.ru] |
Insecure Direct Object Reference (IDOR) |
organdonor |
None |
2020-10-05 |
Открытая админка Tarantool |
Information Disclosure |
0x01alka |
Medium |
2020-10-05 |
SECRET_KEY Of Django Leaked In maps.me |
Information Disclosure |
sniper302 |
Medium |
2020-10-05 |
В самокате можно просматривать и изменять данные любого заказа без авторизации |
Insecure Direct Object Reference (IDOR) |
kwel |
Medium |
2020-10-05 |
В самокат имеется возможность просмотра суммы заказа и номера заказа по ID [smart.space] |
Insecure Direct Object Reference (IDOR) |
kwel |
Low |
2020-10-05 |
[https://youdrive.today/] Nginx directory traversal |
Path Traversal |
act1on3 |
Medium |
2020-10-05 |
XSS via "gp" cookie reflected in source code |
Cross-site Scripting (XSS) - Generic |
setuid |
Medium |
2020-10-05 |
Improper Restriction of Excessive Authentication Attempts at o2-ac.my.com/token |
Brute Force |
jayesh25 |
Low |
2020-10-05 |
Access to git & and configuration files on backtoschool.geekbrains.ru via gitfile |
Violation of Secure Design Principles |
damian89 |
Medium |
2020-10-05 |
Clickjacking Vulnerability via https://webagent.mail.ru leading to protection bypass for https://web.icq.com/ end point |
UI Redressing (Clickjacking) |
jayesh25 |
Low |
2020-10-05 |
[city-mobil.ru] SSRF & limited LFR on /taxiserv/photoeditor/save endpoint via base64 POST parameter |
Server-Side Request Forgery (SSRF) |
byq |
High |
2020-10-01 |
Blind SSRF in horizon-heat |
Server-Side Request Forgery (SSRF) |
paul_axe |
No rating |
2020-10-01 |
Blind SSRF in magnum upgrade_params |
Server-Side Request Forgery (SSRF) |
paul_axe |
No rating |
2020-10-01 |
[panel.city-mobil.ru/admin/] Blind XSS via partner name (similar to #746505) |
Cross-site Scripting (XSS) - Stored |
act1on3 |
High |
2020-10-01 |
Broken twitter link hijacking at https://games.mail.ru/pc/search/ |
None supplied |
nagli |
None |
2020-09-18 |
Log files Leaked In mcsblog.ru |
Information Disclosure |
sniper302 |
Medium |
2020-09-18 |
Broken twitter link hijacking at https://games.mail.ru/pc/search/ |
None supplied |
nagli |
None |
2020-09-18 |
[icq.im] Reflected XSS via chat invite link |
Cross-site Scripting (XSS) - Reflected |
romesful |
Low |
2020-09-15 |
IDOR in tracking driver logs at city-mobil.ru |
Insecure Direct Object Reference (IDOR) |
r0hack |
Low |
2020-09-15 |
Database read through provider misconfiguration |
Insecure Storage of Sensitive Information |
kanytu |
Medium |
2020-09-15 |
Private files exposed to other apps |
Insecure Storage of Sensitive Information |
kanytu |
High |
2020-09-15 |
SQL injection at fleet.city-mobil.ru |
SQL Injection |
r0hack |
High |
2020-09-03 |
REFLECTED XSS On http://jsgames.mail.ru/bad_browser.php via back_url paramter |
Cross-site Scripting (XSS) - Reflected |
yukusawa18 |
Medium |
2020-09-03 |
SQL injection at fleet.city-mobil.ru |
SQL Injection |
r0hack |
High |
2020-09-03 |
looch.tv CORS crossite user information and stream_key access |
Cross-Site Request Forgery (CSRF) |
iframe |
Medium |
2020-09-02 |
[api.33slona.ru] Доступ к API из за неправильной конфигурации сервера 302 редирет. |
None supplied |
iframe |
None |
2020-09-02 |
Subdomain Takeover at analyticstest.geekbrains.ru |
Privilege Escalation |
steal_wart |
Medium |
2020-09-02 |
Public access to Sidekiq dashboard at shopper.sbermarket.ru |
None supplied |
avolume |
Medium |
2020-09-02 |
warofdragons.my.games: configuration files with database account are accessible |
Information Disclosure |
iframe |
Medium |
2020-09-01 |
warofdragons.my.games: configuration files with database account are accessible |
Information Disclosure |
iframe |
Medium |
2020-09-01 |
IDOR позволяет изменить информацию о пользователе. |
Insecure Direct Object Reference (IDOR) |
iframe |
Medium |
2020-09-01 |
[garnier-olia.lady.mail.ru] Reflected XSS /exp/ bypass "/" |
Cross-site Scripting (XSS) - Reflected |
iframe |
Low |
2020-09-01 |
Access to information about any video and its owner via GraphQL endpoint [dictor.mail.ru] |
Insecure Direct Object Reference (IDOR) |
organdonor |
Medium |
2020-09-01 |
An implementation flaw in Mail.ru can be exploited for DKIM signature spoofing and email spoofing |
Improper Authentication - Generic |
jianjun |
Medium |
2020-08-31 |
[self?] XSS в адресе пользователя [sbermarket.ru] |
Cross-site Scripting (XSS) - Stored |
pisarenko |
None |
2020-08-31 |
[performancemarketing.geekbrains.ru] Tilda Subdomain Takeover |
Improper Access Control - Generic |
xaleraf4ra |
Low |
2020-08-12 |
[c-api.city-mobil.ru] IDOR chat messages between driver and customer |
Improper Authentication - Generic |
anyday |
No rating |
2020-08-12 |
tracker.my.com information disclosure via csrf bypass |
Cross-Site Request Forgery (CSRF) |
shuraros |
Low |
2020-08-12 |
information disclosure via IDOR on "https://target.my.com/api/v2/coverage/segment.json?id={id}" endpoint |
Insecure Direct Object Reference (IDOR) |
shuraros |
None |
2020-08-12 |
Vertical Privilege Escalation on {target.my.com} |
Privilege Escalation |
dedsec69 |
Medium |
2020-08-12 |
Subdomain takeover at msproject.geekbrains.ru |
Privilege Escalation |
steal_wart |
Medium |
2020-08-12 |
Bypass OTP on contact back request at https://driver.city-mobil.ru/ |
None supplied |
nitin1205 |
None |
2020-08-12 |
xss while uploading a file |
None supplied |
aslanemre |
None |
2020-08-03 |
Account takeover through password reset in cups.mail.ru |
Insecure Direct Object Reference (IDOR) |
weev3kyaw |
High |
2020-08-03 |
xss on [storehouse5.ucs.ru] |
Cross-site Scripting (XSS) - Reflected |
pisarenko |
Low |
2020-08-03 |
Open Redirect at "city-mobil.ru" |
Open Redirect |
kursadalsan |
None |
2020-08-03 |
relap.io IDOR |
Insecure Direct Object Reference (IDOR) |
shuraros |
Low |
2020-08-03 |
Reflected XSS in "keywords" parameter at "https://sbermarket.ru/metro/search" |
Cross-site Scripting (XSS) - Reflected |
mehulpanchal007 |
Medium |
2020-08-03 |
Account takeover through password reset in cups.mail.ru |
Insecure Direct Object Reference (IDOR) |
weev3kyaw |
High |
2020-08-03 |
Stored self XSS at auto.mail.ru using add_review functionality |
Cross-site Scripting (XSS) - Stored |
avolume |
None |
2020-07-31 |
Sidekiq Dashboard Publicly accessible at http://shopper.staging.instamart.ru/sidekiq/ |
None supplied |
sudi |
Medium |
2020-07-31 |
SMTP Header Injection at http://abonement.ucs.ru |
CRLF Injection |
killinem_sec |
None |
2020-07-30 |
HTML/iframe/XSS injection on https://www.ucs.ru/online/shelter/settings/check/ |
None supplied |
h2x0 |
Medium |
2020-07-28 |
"😂" + Unauthenticated Stored XSS in API at https://api.my.games/comments/v1/comments/update/ |
Cross-site Scripting (XSS) - Stored |
samet |
High |
2020-07-28 |
Blindy Replace User's Session with Attacker's Session |
Cross-Site Request Forgery (CSRF) |
sayaanalam |
Low |
2020-07-28 |
Stored XSS In mlbootcamp.ru |
Cross-site Scripting (XSS) - Stored |
sniper302 |
High |
2020-07-28 |
Content injection on shared event (calendar.mail.ru) |
Phishing |
urban_tramp |
Low |
2020-07-28 |
capsula.mail.ru - Admin blind stored XSS |
Cross-site Scripting (XSS) - Stored |
alexeysergeevich |
Medium |
2020-07-20 |
[geekbrains.ru] Reflected XSS via Angular Template Injection |
Cross-site Scripting (XSS) - Reflected |
esetal |
Low |
2020-07-20 |
User session access due to Oauth whitelist host bypass and postMessage |
Cross-Site Request Forgery (CSRF) |
mariuszpoplawski |
High |
2020-07-20 |
Stored XSS that allow an attacker to read victim mailboxes contacts in mail.ru and my.com application |
None supplied |
weev3kyaw |
High |
2020-07-13 |
Reflected XSS on http://info.ucs.ru/settings/check/ |
Cross-site Scripting (XSS) - Reflected |
h2x0 |
Low |
2020-07-13 |
Stored XSS that allow an attacker to read victim mailboxes contacts in mail.ru and my.com application |
None supplied |
weev3kyaw |
High |
2020-07-13 |
Cross-organization data access in city-mobil.ru |
Improper Access Control - Generic |
r0hack |
High |
2020-07-13 |
[icq.com/people/*uin*/edit] Отсутствует фильтр и проверка на дубли в поле "Никнейм" |
None supplied |
ch0c0 |
None |
2020-07-13 |
Cross-organization data access in city-mobil.ru |
Improper Access Control - Generic |
r0hack |
High |
2020-07-13 |
Sensitive information exposure via git commit |
Insecure Storage of Sensitive Information |
woj_ciech |
Medium |
2020-07-13 |
Subdomain Takeover at blog.instamart.ru |
Externally Controlled Reference to a Resource in Another Sphere |
m7mdharoun |
Low |
2020-07-13 |
Reflected XSS in city-mobil.ru/ |
Cross-site Scripting (XSS) - Generic |
mariuszpoplawski |
Medium |
2020-07-13 |
Subdomain takeover on tilda.geekbrains.ru and fl-change.geekbrains.ru |
Externally Controlled Reference to a Resource in Another Sphere |
akash-labade |
Low |
2020-07-07 |
[account.mail.ru] XSS-уязвимость в форме авторизации |
Cross-site Scripting (XSS) - DOM |
rainbow_json |
High |
2020-06-29 |
SSRF in filtering on relap.io |
Server-Side Request Forgery (SSRF) |
rumiljonov |
High |
2020-06-29 |
MySQL username and password leaked on [2017.russianaicup.ru] |
Password in Configuration File |
organdonor |
Medium |
2020-06-29 |
Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
whitespots |
Medium |
2020-06-29 |
Stored XSS on go.mail.ru |
Cross-site Scripting (XSS) - Stored |
myasnikovalexey |
Medium |
2020-06-18 |
Time-Based SQL injection at city-mobil.ru |
SQL Injection |
r0hack |
Critical |
2020-06-17 |
Time-Based SQL injection at city-mobil.ru |
SQL Injection |
r0hack |
Critical |
2020-06-17 |
Time-Based SQL injection at city-mobil.ru |
SQL Injection |
r0hack |
Critical |
2020-06-17 |
[pulse.mail.ru] Доступ к статистике чужих площадок |
Improper Access Control - Generic |
rainbow_json |
Medium |
2020-06-04 |
[my.games] Stored XSS via untrusted bucket |
Cross-site Scripting (XSS) - Stored |
byq |
Medium |
2020-06-04 |
Reflected XSS at city-mobil.ru |
Cross-site Scripting (XSS) - Reflected |
tr3harder |
Medium |
2020-05-28 |
Account Takeover worki.ru |
Brute Force |
tr3harder |
Critical |
2020-05-28 |
XSS in [community.my.games] |
Cross-site Scripting (XSS) - Stored |
anishacks |
Medium |
2020-05-28 |
IDOR of users |
Insecure Direct Object Reference (IDOR) |
tr3harder |
Medium |
2020-05-28 |
Account Takeover worki.ru |
Brute Force |
tr3harder |
Critical |
2020-05-28 |
Mirror of https://city-mobil.ru admin interface |
Misconfiguration |
merron |
None |
2020-05-14 |
Unsafe downloaded file execution |
User Interface (UI) Misrepresentation of Critical Information |
iframe |
Low |
2020-05-13 |
Unrestricted file upload on [ambassador.mail.ru] |
Code Injection |
organdonor |
Critical |
2020-05-08 |
XSS at go.mail.ru |
Cross-site Scripting (XSS) - DOM |
adiosmf |
Medium |
2020-05-08 |
Unrestricted file upload on [ambassador.mail.ru] |
Code Injection |
organdonor |
Critical |
2020-05-08 |
Stored xss on https://go.mail.ru/ |
Cross-site Scripting (XSS) - Reflected |
01alsanosi |
Medium |
2020-05-08 |
[city-mobil.ru/taxiserv/] Disclosure information about drivers |
Insecure Direct Object Reference (IDOR) |
act1on3 |
Medium |
2020-05-07 |
[https://city-mobil.ru/taxiserv] IDOR leads to information disclosure |
Information Disclosure |
act1on3 |
Low |
2020-05-07 |
[city-mobil.ru/taxiserv/] IDOR leads to driver account takeover |
Insecure Direct Object Reference (IDOR) |
act1on3 |
Medium |
2020-05-07 |
[c-api.city-mobil.ru] Client authentication bypass leads to information disclosure |
Missing Authentication for Critical Function |
act1on3 |
Critical |
2020-04-22 |
HTML injection at face.city-mobil.ru |
Improper Input Validation |
r0hack |
Low |
2020-04-16 |
[fleet.city-mobil.ru] Driver balance increasing |
Business Logic Errors |
act1on3 |
Low |
2020-04-15 |
[panel.city-mobil.ru/admin/] Blind XSS into username |
Cross-site Scripting (XSS) - Stored |
act1on3 |
High |
2020-04-14 |
SSRF & LFR via on city-mobil.ru |
Remote File Inclusion |
byq |
High |
2020-04-14 |
SSRF on fleet.city-mobil.ru leads to local file read |
Server-Side Request Forgery (SSRF) |
byq |
Medium |
2020-04-14 |
SSRF & LFR on city-mobil.ru |
Server-Side Request Forgery (SSRF) |
byq |
High |
2020-04-14 |
Leak Sensetive Data at face.city-mobil.ru |
Information Disclosure |
r0hack |
Medium |
2020-04-14 |
[https://city-mobil.ru/taxiserv] Blind XSS into username |
Cross-site Scripting (XSS) - Stored |
act1on3 |
Medium |
2020-04-14 |
SSRF & LFR via on city-mobil.ru |
Remote File Inclusion |
byq |
High |
2020-04-14 |
PHP code injection at tz.mail.ru |
Code Injection |
cutoffurmind |
High |
2020-04-06 |
3igames.mail.ru SQL Injection |
SQL Injection |
cutoffurmind |
High |
2020-04-06 |
SSRF/XSPA [parapa.mail.ru] 2 |
None supplied |
haxta4ok00 |
No rating |
2020-04-06 |
idor leads to leak order information |
Insecure Direct Object Reference (IDOR) |
risinghunter |
Low |
2020-04-06 |
Reflected XSS on am.ru and subdomains |
Cross-site Scripting (XSS) - Reflected |
ms-13 |
No rating |
2020-04-06 |
CSRF on https://market.my.games |
Cross-Site Request Forgery (CSRF) |
naategh |
Low |
2020-04-06 |
Self XSS via help.mail.ru interface |
Cross-site Scripting (XSS) - Reflected |
chiraggupta8769- |
None |
2020-04-01 |
[cfire.mail.ru] Time Based SQL Injection 2 |
SQL Injection |
haxta4ok00 |
No rating |
2020-04-01 |
[parapa.mail.ru] SQL Injection reapet |
SQL Injection |
haxta4ok00 |
No rating |
2020-04-01 |
SSRF/XSPA [parapa.mail.ru] |
None supplied |
haxta4ok00 |
No rating |
2020-04-01 |
ssrf xspa [https://prt.mail.ru/] |
Server-Side Request Forgery (SSRF) |
haxta4ok00 |
No rating |
2020-04-01 |
donationalerts.com limitations bypass |
Cross-Site Request Forgery (CSRF) |
iframe |
Medium |
2020-03-31 |
Blind XSS in operator's interface for 33slona.ru |
Cross-site Scripting (XSS) - Stored |
iframe |
Medium |
2020-03-31 |
Blind SQL injection [https://honor.hi-tech.mail.ru] |
SQL Injection |
haxta4ok00 |
No rating |
2020-03-31 |
ssrf xspa [https://prt.mail.ru/] 2 |
Server-Side Request Forgery (SSRF) |
haxta4ok00 |
No rating |
2020-03-31 |
[https://seosan.io] Account owner disclosure |
None supplied |
circuit |
Medium |
2020-03-16 |
Account TakeOver through password recovery at am.ru |
Brute Force |
r0hack |
Critical |
2020-03-10 |
Account takeover at geekbrains.ru |
Violation of Secure Design Principles |
godofdarkness_msf |
Medium |
2020-03-10 |
[windows10.hi-tech.mail.ru] Blind SQL Injection |
SQL Injection |
api_0 |
High |
2020-03-10 |
turboslim.lady.mail.ru - Blind sql-injection. |
SQL Injection |
alexeysergeevich |
High |
2020-03-10 |
[windows10.hi-tech.mail.ru] Blind SQL Injection |
SQL Injection |
api_0 |
High |
2020-03-10 |
Account TakeOver through password recovery at am.ru |
Brute Force |
r0hack |
Critical |
2020-03-10 |
turboslim.lady.mail.ru - Blind sql-injection. |
SQL Injection |
alexeysergeevich |
High |
2020-03-10 |
Blind SQL Injection on news.mail.ru |
SQL Injection |
asdqwedev |
High |
2020-03-10 |
allods.mail.ru sql injection |
SQL Injection |
linkks |
Critical |
2020-03-10 |
[pandao.ru] possibility to attach arbitrary phone number to account registered via social network |
Improper Input Validation |
n4sty |
Medium |
2020-03-06 |
[api.pandao.ru] IDOR for order delivery address |
Insecure Direct Object Reference (IDOR) |
n4sty |
Medium |
2020-03-06 |
Access to Tarantool |
Improper Access Control - Generic |
danila |
Medium |
2020-03-05 |
JMX RMI command injection on 195.211.131.82(Mail.ru Gaming) |
Command Injection - Generic |
johndoe1492 |
Critical |
2020-02-18 |
IP address can be leaked on Image preview in ICQ for Android chat |
Privacy Violation |
rainbow_json |
Low |
2020-02-14 |
[API] ICQ user's avatar can be manipulated remotely |
Improper Input Validation |
rainbow_json |
High |
2020-02-14 |
[Web ICQ Client] XSS уязвимость в имени пользователя |
Cross-site Scripting (XSS) - DOM |
rainbow_json |
Medium |
2020-02-14 |
Account TakeOver at my.33slona.ru |
Brute Force |
r0hack |
High |
2020-02-04 |
Blind XSS Stored On Admin Panel Through Name Parameter In [ https://technoatom.mail.ru/] |
Cross-site Scripting (XSS) - Stored |
elmahdi |
High |
2020-02-04 |
Stored XSS in Review Section https://games.mail.ru/ |
Cross-site Scripting (XSS) - Stored |
sicksec |
High |
2020-02-04 |
Account TakeOver at my.33slona.ru |
Brute Force |
r0hack |
High |
2020-02-04 |
SSRF in clients.city-mobil.ru |
Server-Side Request Forgery (SSRF) |
johndoe1492 |
High |
2020-01-29 |
Blind SQL Injection in city-mobil.ru domain |
SQL Injection |
kiriknik |
Medium |
2020-01-29 |
Boolean-based SQL Injection on relap.io |
SQL Injection |
agametov |
Critical |
2020-01-22 |
Information disclosure with sensitive data |
Information Disclosure |
mickey01 |
No rating |
2020-01-14 |
API method at api.my.games allows to enumerate user emails |
Information Disclosure |
mobius07 |
Medium |
2020-01-14 |
IDOR в списке пользователей по домену в relap.io |
Insecure Direct Object Reference (IDOR) |
agametov |
Medium |
2019-12-17 |
Account Takeover at worki.ru |
Violation of Secure Design Principles |
r0hack |
Critical |
2019-12-17 |
Account Takeover at worki.ru |
Violation of Secure Design Principles |
r0hack |
Critical |
2019-12-17 |
RCE on shared.mail.ru due to "widget" plugin |
Code Injection |
ruvlol |
Critical |
2019-12-02 |
Account Takeover at vseapteki.ru |
Brute Force |
r0hack |
High |
2019-12-02 |
Account Takeover at vseapteki.ru |
Brute Force |
r0hack |
High |
2019-12-02 |
XSS via message subject - mobile application |
Cross-site Scripting (XSS) - DOM |
almaco |
High |
2019-11-25 |
worki.ru: SMS code bruteforce |
Business Logic Errors |
r0hack |
High |
2019-11-15 |
touch.mail.ru / e.mail.ru memory content disclosure |
None supplied |
maxarr |
Critical |
2019-10-30 |
touch.mail.ru / e.mail.ru memory content disclosure |
None supplied |
maxarr |
Critical |
2019-10-30 |
[XSS] postMessage в jsapi/button |
Cross-site Scripting (XSS) - DOM |
secator |
Medium |
2019-10-28 |
Reflected XSS in https://light.mail.ru/login via page |
Cross-site Scripting (XSS) - Reflected |
harisec |
Medium |
2019-10-25 |
[ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File |
Improper Access Control - Generic |
elmahdi |
High |
2019-10-23 |
XSS via Cookie in Mail.ru |
Cross-site Scripting (XSS) - Stored |
mase289 |
Medium |
2019-10-11 |
[agent.33slona.ru] Recovery code bruteforce |
Brute Force |
iframe |
High |
2019-10-11 |
Avatar upload allows arbitrary file overwriting |
Path Traversal |
taraszelyk |
Medium |
2019-09-28 |
[special.mail.ru] Information Disclosure |
Information Disclosure |
bobrov |
Medium |
2019-09-25 |
Stored XSS |
Cross-site Scripting (XSS) - Stored |
pikky |
High |
2019-09-01 |
web.icq.com XSS in chat message via contact info |
Cross-site Scripting (XSS) - Stored |
superboyxxx |
High |
2019-08-24 |
Дюп предметов lootdog и возможность их продавать. |
Business Logic Errors |
ilyailya |
High |
2019-08-02 |
[https://pandao.ru] - PUT method available |
None supplied |
godex |
Medium |
2019-08-02 |
[XSS] data-url в письмах |
Cross-site Scripting (XSS) - Stored |
secator |
High |
2019-08-02 |
Open Selenoid instance at 188.93.63.186 leads to LFR/SSRF. |
Improper Access Control - Generic |
chaosbolt |
Medium |
2019-07-18 |
LRF on shared.mail.ru due to "markdown" plugin |
Path Traversal |
chaosbolt |
High |
2019-07-18 |
Path traversal, SSTI and RCE on a MailRu acquisition |
Code Injection |
0xc0ffee |
Critical |
2019-07-08 |
Stored XSS in email |
None supplied |
pikky |
No rating |
2019-07-07 |
Stealing Arbitrary Private Files of MyMail App |
Information Disclosure |
heeeeen |
Medium |
2019-06-12 |
molotok.m.mail.ru delegated to external entity |
Externally Controlled Reference to a Resource in Another Sphere |
aieti |
Medium |
2019-06-06 |
SSRF |
None supplied |
linkks |
None |
2019-06-03 |
Source code disclosure |
Information Disclosure |
linkks |
Medium |
2019-06-03 |
XXE on pulse.mail.ru |
XML External Entities (XXE) |
chaosbolt |
Low |
2019-04-02 |
Cross application scripting via account.mail.ru |
Cross-site Scripting (XSS) - Stored |
tr3harder |
High |
2019-03-11 |
Возможность зайти на любой аккаунт https://pandao.ru/ |
None supplied |
circuit |
Critical |
2019-02-06 |
Shell upload in partner service |
Code Injection |
danila_xawdxawdx |
Medium |
2018-11-13 |
Stored Blind XSS |
Cross-site Scripting (XSS) - Stored |
danila_xawdxawdx |
High |
2018-11-12 |
XSS in e.mail.ru |
Cross-site Scripting (XSS) - Stored |
akop07 |
High |
2018-11-12 |
[moba.my.com] phpinfo, logs |
Information Disclosure |
bobrov |
None |
2018-11-12 |
[rm.mail.ru] Request-Path XSS |
Cross-site Scripting (XSS) - Reflected |
bobrov |
Medium |
2018-11-12 |
Reflected XSS in delivery-club.ru |
Cross-site Scripting (XSS) - Reflected |
ph0b0s |
High |
2018-11-12 |
Раскрытие серии/номера паспорта и снилс пользователя lootdog.io |
Information Disclosure |
lincoln9932 |
Low |
2018-11-12 |
IDOR on mcs.mail.ru |
Information Exposure Through Sent Data |
danila_xawdxawdx |
None |
2018-11-12 |
Reflected XSS on https://www.delivery-club.ru/ |
Cross-site Scripting (XSS) - Reflected |
danila_xawdxawdx |
Medium |
2018-11-12 |
XSS on https://www.delivery-club.ru |
Cross-site Scripting (XSS) - Reflected |
danila_xawdxawdx |
Medium |
2018-11-12 |
CSRF on lootdog.io |
Cross-Site Request Forgery (CSRF) |
danila_xawdxawdx |
Medium |
2018-11-12 |
CSRF на покупку товара https://lootdog.io/ |
Cross-Site Request Forgery (CSRF) |
danila_xawdxawdx |
High |
2018-11-12 |
XSS on https://www.delivery-club.ru/sd/test_330933/info/ |
Cross-site Scripting (XSS) - Stored |
danila_xawdxawdx |
High |
2018-11-12 |
[target.my.com] CRLF Injection -> XSS |
Cross-site Scripting (XSS) - Reflected |
bobrov |
Medium |
2018-11-06 |
[sj.my.com] Source Code Disclosure /.svn/wc.db |
Information Disclosure |
bobrov |
Medium |
2018-11-06 |
[info.tmgame.mail.ru] Apache Server Status |
Information Disclosure |
bobrov |
Low |
2018-11-06 |
[evo2.my.com] Internet Explorer XSS |
Cross-site Scripting (XSS) - Reflected |
bobrov |
Low |
2018-11-06 |
[lk-cdn.3igames.mail.ru] apc.php |
Information Disclosure |
bobrov |
Low |
2018-11-06 |
[new.wf.mail.ru] XSS Request-URI |
Cross-site Scripting (XSS) - Reflected |
bobrov |
Medium |
2018-11-06 |
[beta.tracker.my.com] XSS Request-URI |
Cross-site Scripting (XSS) - Reflected |
bobrov |
Medium |
2018-11-06 |
[gamesventures.mail.ru] Publicly accessible GIT directory |
Information Disclosure |
bobrov |
Low |
2018-11-06 |
[sputnik.mail.ru] Publicly accessible GIT directory |
Information Disclosure |
bobrov |
Medium |
2018-11-06 |
[hs.mail.ru] CRLF Injection / XSS |
Cross-site Scripting (XSS) - Generic |
bobrov |
Low |
2018-11-06 |
[hs.mail.ru] XSS play_now.php |
Cross-site Scripting (XSS) - Reflected |
bobrov |
Low |
2018-11-06 |
Чтение файлов на сервере и раскрытие директорий mediator.media |
Server-Side Request Forgery (SSRF) |
truwa |
Medium |
2018-10-19 |
Blind XSS pets.mail.ru/admin/ |
Cross-site Scripting (XSS) - Stored |
w2w |
High |
2018-10-19 |
Full account takeover am.ru |
Business Logic Errors |
w2w |
Medium |
2018-10-19 |
Disclosure of user email address and Deanonymization [mail.ru] + Blind | Stored XSS pets.mail.ru |
Cross-site Scripting (XSS) - Stored |
w2w |
Low |
2018-10-19 |
Блокированный ящик ( Обход ) |
Business Logic Errors |
hack2tools |
Low |
2018-10-19 |
Double authentication bypass |
None supplied |
w2w |
None |
2018-10-11 |
3rd party shop admin panel blind XSS |
Information Disclosure |
w2w |
Medium |
2018-10-11 |
ДОБАВЛЕНИЕ СВОИХ ДАТ В КАЛЕНДАРЬ ПОЛЬЗОВАТЕЛЮ ! |
Cross-Site Request Forgery (CSRF) |
pisarenko |
Low |
2018-10-03 |
XSS in touch.mail.ru |
Cross-site Scripting (XSS) - DOM |
saiyajin |
High |
2018-10-02 |
XSS in e.mail.ru |
Cross-site Scripting (XSS) - Stored |
sql |
Medium |
2018-09-24 |
Хранимая XSS в пожертованиях на dobro.mail.ru |
Cross-site Scripting (XSS) - Stored |
pisarenko |
High |
2018-09-24 |
XSS https://health.mail.ru/my/ через внешнее имя аккаунта |
None supplied |
lincoln9932 |
No rating |
2018-09-04 |
Раскрытие IP, почты и другой полезной информации lootdog.io |
Information Disclosure |
lincoln9932 |
Low |
2018-09-04 |
XSS in delivery club |
Cross-site Scripting (XSS) - Reflected |
truwa |
Medium |
2018-08-21 |
DNS Misconfiguration |
None supplied |
rootbakar |
Medium |
2018-08-16 |
XSS в теле письма, в новой версии почты. |
Cross-site Scripting (XSS) - Stored |
maxarr |
High |
2018-08-15 |
XSS ( Работа с письмами ) |
Cross-site Scripting (XSS) - Stored |
hack2tools |
Low |
2018-08-15 |
XSS via Cookie in e.mail.ru |
Cross-site Scripting (XSS) - DOM |
obmi |
Medium |
2018-08-15 |
Stored self-xss and its escalation to a victim account in e.mail.ru |
Cross-site Scripting (XSS) - Reflected |
obmi |
High |
2018-08-15 |
XSS touch.mail.ru compose Body |
Cross-site Scripting (XSS) - DOM |
shafigullin |
No rating |
2018-08-15 |
XSS account.mail.ru in state JSON script |
Cross-site Scripting (XSS) - Reflected |
shafigullin |
No rating |
2018-08-15 |
XSS e.mail.ru fixSpecialSymbols |
Cross-site Scripting (XSS) - DOM |
shafigullin |
No rating |
2018-08-15 |
[account.mail.ru] XSS на странице удаления аккаунта через backUrl |
Cross-site Scripting (XSS) - DOM |
s_p_q_r |
No rating |
2018-07-31 |
[account.mail.ru] XSS на странице восстановления пароля |
Cross-site Scripting (XSS) - Reflected |
s_p_q_r |
No rating |
2018-07-31 |
Race condition на market.games.mail.ru |
Write-what-where Condition |
diabllo |
High |
2018-07-18 |
Attacker can send requests from mail.ru server |
Server-Side Request Forgery (SSRF) |
aieti |
Medium |
2018-07-16 |
CSRF на biz.mail.ru |
Cross-Site Request Forgery (CSRF) |
c37hun |
None |
2018-07-16 |
Вывод значений переменных Nginx в теле страницы |
Information Disclosure |
webr0ck |
Low |
2018-07-16 |
слепая XSS в админ панели torg.mail.ru через отзыв |
Cross-site Scripting (XSS) - DOM |
pisarenko |
High |
2018-07-02 |
CRLF injection mcs.mail.ru (leads to XSS) |
CRLF Injection |
w2w |
Medium |
2018-06-19 |
XSS в отправителе, БЕТА-версия почты |
Cross-site Scripting (XSS) - Stored |
maxarr |
High |
2018-06-10 |
XSS в теле письма. |
Cross-site Scripting (XSS) - Stored |
maxarr |
High |
2018-06-10 |
Modifying application settings via clickjacking on o2.mail.ru |
UI Redressing (Clickjacking) |
zishanadthandar |
Low |
2018-06-08 |
Local paths disclosure through error message |
Information Exposure Through an Error Message |
inet_freedom |
None |
2018-06-04 |
lootdog.io XSS |
Cross-site Scripting (XSS) - Reflected |
lincoln9932 |
Medium |
2018-06-04 |
Blind Stored XSS |
Cross-site Scripting (XSS) - Stored |
danila_xawdxawdx |
High |
2018-06-04 |
Partner Account Takeover on https://www.delivery-club.ru через пользовательский аккаунт. |
Improper Authentication - Generic |
danila_xawdxawdx |
High |
2018-06-04 |
Возможность залить шелл на https://widget.operator.mail.ru |
Code Injection |
danila_xawdxawdx |
Critical |
2018-06-04 |
CSRF на добавление товара на продажу |
Cross-Site Request Forgery (CSRF) |
danila_xawdxawdx |
High |
2018-06-04 |
Account Takeover on https://www.delivery-club.ru через партнерский аккаунт. |
Improper Authentication - Generic |
danila_xawdxawdx |
Critical |
2018-06-04 |
Clickjacking Vulnerability on https://support.my.com/games/ticket/xxxx/ |
UI Redressing (Clickjacking) |
nullsaint |
None |
2018-06-01 |
Открытая информация phpinfo() на сайте https://agent.mail.ru |
Information Disclosure |
mobius07 |
Low |
2018-05-29 |
LFI in beta.mail.ru |
None supplied |
catferq |
Critical |
2018-05-28 |
Хранимая XSS ( API ) |
Cross-site Scripting (XSS) - Stored |
hack2tools |
High |
2018-05-23 |
XSS уязвимость |
Cross-site Scripting (XSS) - Reflected |
hack2tools |
High |
2018-05-23 |
[dl.beepcar.ru] CRLF Injection |
None supplied |
vik0nd |
Low |
2018-05-22 |
invalid handling of redirect_uri at o2.mail.ru/jsapi/button |
Improper Access Control - Generic |
ruvlol |
No rating |
2018-05-22 |
[mobs.mail.ru] nginx path traversal via misconfigured alias |
Information Disclosure |
bobrov |
High |
2018-05-22 |
[e.mail.ru] XSS на странице отправки денежного перевода |
Cross-site Scripting (XSS) - Reflected |
s_p_q_r |
No rating |
2018-05-16 |
CSRF на calendar.mail.ru |
Cross-Site Request Forgery (CSRF) |
danila_xawdxawdx |
Medium |
2018-05-11 |
XSS on e.mail.ru via postMessage |
Cross-site Scripting (XSS) - DOM |
obmi |
High |
2018-05-11 |
Shell upload in http://widget.support.my.com/ |
OS Command Injection |
danila_xawdxawdx |
Critical |
2018-05-11 |
[maps.me] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[aw.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[games.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[sf.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[lucky-fields.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[account.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[wos.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[support.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[mg.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[evo.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[evo2.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[furry.aw.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[id.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[allods.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[legal.my.com] Reflected XSS |
Cross-site Scripting (XSS) - Reflected |
bigbear_ |
No rating |
2018-04-26 |
[babel.mail.ru] Admin Page Found |
Improper Access Control - Generic |
bigbear_ |
No rating |
2018-04-26 |
[tanks.mail.ru] Content Spoofing |
Phishing |
bigbear_ |
No rating |
2018-04-26 |
[s2.jugger.ru] Content Spoofing |
Phishing |
bigbear_ |
No rating |
2018-04-26 |
[warofdragons.com] Content Spoofing |
Phishing |
bigbear_ |
No rating |
2018-04-26 |
IDOR widget.support.my.com |
Insecure Direct Object Reference (IDOR) |
w2w |
Medium |
2018-04-26 |
[tanks.mail.ru] Open Redirect |
Violation of Secure Design Principles |
101usb |
None |
2018-04-12 |
blind XXE in autodiscover parser |
XML External Entities (XXE) |
obmi |
Medium |
2018-04-03 |
Same origin policy bypass on e.mail.ru via Cross-Site Flashing |
None supplied |
opnsec |
No rating |
2018-04-02 |
Stored XSS when you read eamils. <style> |
Cross-site Scripting (XSS) - Stored |
ras-it |
High |
2018-03-13 |
Открытое перенапровление на OpenID |
Open Redirect |
pisarenko |
Low |
2018-03-13 |
filin.mail.ru user's e-mail address disclosure |
None supplied |
isaeva |
No rating |
2018-02-21 |
[afisha.mail.ru] HTML-инъекция через XSS на портале виджета |
None supplied |
s_p_q_r |
No rating |
2018-02-12 |
blind XXE when uploading avatar in mymail phone app |
XML External Entities (XXE) |
ruvlol |
High |
2018-02-12 |
Blind XXE on my.mail.ru |
XML External Entities (XXE) |
ruvlol |
High |
2018-02-06 |
XSS bypass Script execute,Read any file,execute any javascript code--UXSS |
Cross-site Scripting (XSS) - Stored |
tea |
High |
2018-01-27 |
XSS в письме, в поле отправителя. |
Cross-site Scripting (XSS) - Stored |
maxarr |
High |
2018-01-27 |
Отраженная XSS на cloud.mail.ru в URL в функционале создания и редактировании презентации. |
Cross-site Scripting (XSS) - Reflected |
ro_ |
High |
2018-01-27 |
reflected xss on cycloferon.health.mail.ru |
Cross-site Scripting (XSS) - Reflected |
whitesector |
Medium |
2018-01-26 |
XSS в письме, в теле письма. |
Cross-site Scripting (XSS) - Stored |
maxarr |
High |
2018-01-26 |
XSS в теле письма, в блочных стилях. |
Cross-site Scripting (XSS) - Stored |
maxarr |
High |
2018-01-26 |
Self-xss via drag&drop in email form |
Cross-site Scripting (XSS) - Reflected |
obmi |
Low |
2018-01-26 |
XSS on account.mail.ru/login |
Man-in-the-Middle |
obmi |
Medium |
2018-01-26 |
Uninitilized server memory disclosure via ImageMagick |
Information Disclosure |
hudmi |
High |
2018-01-26 |
Android MailRu Email: Thirdparty can access private data files with small user interaction |
Privilege Escalation |
dzmitry |
Medium |
2018-01-02 |
CSRF. Удаление адресной книги, добавление контактов |
Cross-Site Request Forgery (CSRF) |
napalube |
Medium |
2017-12-29 |
При передаче в ID сообщения нулевого байта, происходит вывод какого-то буфера. |
Buffer Over-read |
bytehope |
High |
2017-12-29 |
Reflected XSS in https://e.mail.ru/ |
Cross-site Scripting (XSS) - Reflected |
ras-it |
High |
2017-12-28 |
[et.mail.ru] ssrf 2 |
Server-Side Request Forgery (SSRF) |
haxta4ok00 |
High |
2017-12-28 |
XSS when replying / forwarding to a malicious email on iOS |
Cross-site Scripting (XSS) - Stored |
pwnsdx |
Medium |
2017-12-28 |
Download attachments with traversal path into any sdcard directory (incomplete fix 106097) |
Path Traversal |
dzmitry |
Low |
2017-12-28 |
touch.mail.ru/messages - Stored XSS |
Cross-site Scripting (XSS) - Stored |
luigigubello |
High |
2017-12-27 |
Unupdated ImageMagic leads to uninitialized server memory disclosure |
Information Disclosure |
ruvlol |
Medium |
2017-12-27 |
Stored XSS and html injection in biz.mail.ru |
Cross-site Scripting (XSS) - DOM |
ruvlol |
None |
2017-12-27 |
A manager of a determinate group of users still might have access to any user account from any group that he doesn't administrate anymore. |
Client-Side Enforcement of Server-Side Security |
ruvlol |
Low |
2017-12-27 |
XSS on https://account.mail.ru/login via postMessage |
Cross-site Scripting (XSS) - DOM |
buglloc |
High |
2017-12-27 |
Possibility to view subdepartments for arbitrary domain |
Insecure Direct Object Reference (IDOR) |
ruvlol |
Medium |
2017-12-20 |
Monitor |
Information Disclosure |
linkks |
No rating |
2017-12-04 |
Stored XSS using SVG on subdomain infra.mail.ru |
Cross-site Scripting (XSS) - Stored |
whitesector |
Low |
2017-12-01 |
XSS через подгрузку ссылки. |
Cross-site Scripting (XSS) - Stored |
lincoln9932 |
Medium |
2017-11-21 |
reflected XSS on healt.mail.ru |
Cross-site Scripting (XSS) - Reflected |
whitesector |
Medium |
2017-11-20 |
CRLF инъекция на https://tz.mail.ru |
HTTP Response Splitting |
lalka |
Low |
2017-11-07 |
SSRF на https://target.my.com/ |
Server-Side Request Forgery (SSRF) |
lalka |
Medium |
2017-11-07 |
Stored self-XSS pubg.mail.ru в нескольких местах |
Cross-site Scripting (XSS) - Stored |
lincoln9932 |
None |
2017-10-31 |
Clickjacking Full account takeover and editing the personal information at [account.my.com] |
UI Redressing (Clickjacking) |
t-pwn |
No rating |
2017-10-19 |
XSS in biz.mail.ru/error |
Cross-site Scripting (XSS) - DOM |
ruvlol |
Medium |
2017-10-09 |
uninitilized server memory disclosure via ImageMagick in my.mail.ru and cloud.mail.ru |
Information Disclosure |
neex |
No rating |
2017-09-11 |
BruteForce Any [My.com] Account Credentials. |
Brute Force |
0xradi |
No rating |
2017-09-04 |
Излишние права при авторизации через интерфейс mail.ru |
Improper Authentication - Generic |
f4lrik |
No rating |
2017-08-22 |
Logical Vulnerability : REDIRECTING on pw.mail.ru by Parameter Spoofing |
Open Redirect |
othmanetamagart |
No rating |
2017-08-21 |
Open Redirect on [My.com] |
Open Redirect |
0xradi |
Low |
2017-08-14 |
Обход basic авторизации [qpt.mail.ru] |
None supplied |
haxta4ok00 |
No rating |
2017-07-17 |
XSS в портальной навигации |
Cross-site Scripting (XSS) - Stored |
lincoln9932 |
Medium |
2017-07-11 |
By pass admin panel [conference.mail.ru] |
Improper Authentication - Generic |
haxta4ok00 |
No rating |
2017-07-11 |
By pass admin panel [seminars.mail.ru] |
Improper Authentication - Generic |
haxta4ok00 |
No rating |
2017-07-11 |
Admin panel access restrictions bypass [poll.mail.ru/admin/] |
Improper Authentication - Generic |
haxta4ok00 |
No rating |
2017-07-11 |
Reflected XSS на https://aw.mail.ru/news/ |
Cross-site Scripting (XSS) - Generic |
lalka |
No rating |
2017-07-03 |
Reflected XSS. |
Cross-site Scripting (XSS) - Generic |
lalka |
No rating |
2017-07-03 |
Reflected XSS. |
Cross-site Scripting (XSS) - Generic |
lalka |
No rating |
2017-07-03 |
Reflected XSS on hi-tech.mail.ru |
Cross-site Scripting (XSS) - Generic |
lalka |
No rating |
2017-07-03 |
XSS с помощью специально сформированного файла. |
Cross-site Scripting (XSS) - Generic |
lalka |
No rating |
2017-07-03 |
Xss в https://e.mail.ru/ |
Cross-site Scripting (XSS) - Stored |
danila_xawdxawdx |
Medium |
2017-06-02 |
Xss в https://e.mail.ru/ |
Cross-site Scripting (XSS) - Stored |
danila_xawdxawdx |
Medium |
2017-05-25 |
IDOR in tender.mail.ru leading to Information Disclosure |
None supplied |
khalidamin |
No rating |
2017-05-25 |
xss на нескольких форумах игр от mail.ru (Cross-Site Scripting) |
Cross-site Scripting (XSS) - Generic |
danila_xawdxawdx |
No rating |
2017-05-25 |
Reflected XSS on frag.mail.ru |
Cross-site Scripting (XSS) - Reflected |
twicedi |
No rating |
2017-05-10 |
Open Redirect |
Open Redirect |
t-pwn |
No rating |
2017-05-04 |
Open Redirection at https://it.mail.ru/ |
Open Redirect |
t-pwn |
No rating |
2017-05-04 |
Stored XSS in e.mail.ru (payload affect multiple users) |
Cross-site Scripting (XSS) - Stored |
afine-team |
Medium |
2017-04-17 |
Stored XSS |
Cross-site Scripting (XSS) - Generic |
t-pwn |
Low |
2017-03-30 |
[allods.mail.ru] Reflected XSS |
Cross-site Scripting (XSS) - Generic |
bigbear_ |
No rating |
2017-03-27 |
[w1.dwar.ru] Core Dump |
Memory Corruption - Generic |
bigbear_ |
No rating |
2017-03-27 |
[otus.p.mail.ru] Full Path Disclosure |
Information Disclosure |
bigbear_ |
No rating |
2017-03-27 |
Potential SSRF in sales.mail.ru |
Server-Side Request Forgery (SSRF) |
paresh_parmar |
Medium |
2017-03-27 |
[gitmm.corp.mail.ru] Auth Bypass, Information Disclosure |
Improper Authentication - Generic |
bigbear_ |
No rating |
2017-03-27 |
Open Redirect |
Open Redirect |
sup3r-b0y |
No rating |
2017-03-17 |
[allods.mail.ru] Cross-Site Request Forgery (Add-Item) |
Cross-Site Request Forgery (CSRF) |
ahsan |
Low |
2017-03-17 |
CSRF Send a message at street-combats.mail.ru |
Cross-Site Request Forgery (CSRF) |
xhzeem |
Medium |
2017-03-17 |
[otus.p.mail.ru] CRLF Injection |
Information Disclosure |
bigbear_ |
No rating |
2017-03-03 |
[it.mail.ru] Open Redirect |
Open Redirect |
bigbear_ |
No rating |
2017-03-03 |
[allods.my.com] Full SQL Disclosure |
Information Disclosure |
bigbear_ |
No rating |
2017-03-03 |
[allods.my.com] Full Path Disclosure |
Information Disclosure |
bigbear_ |
No rating |
2017-03-03 |
[opensource.mail.ru] Debug Mode |
Information Disclosure |
bigbear_ |
No rating |
2017-03-03 |
[api.login.icq.net] Reflected XSS |
Cross-site Scripting (XSS) - Generic |
bigbear_ |
No rating |
2017-03-03 |
[3k.mail.ru] Content Spoofing |
Violation of Secure Design Principles |
bigbear_ |
No rating |
2017-03-03 |
[api.login.icq.net] Open Redirect |
Open Redirect |
bigbear_ |
No rating |
2017-03-03 |
[pokerist.mail.ru] XSS Request-URI |
Cross-site Scripting (XSS) - Generic |
bobrov |
Low |
2017-03-02 |
[qpt.mail.ru] CRLF Injection / Open Redirect |
HTTP Response Splitting |
bobrov |
Low |
2017-03-02 |
[element.mail.ru] /.svn/entries |
Information Disclosure |
bobrov |
Low |
2017-03-02 |
[cooking.lady.mail.ru] Open Redirect |
Open Redirect |
bobrov |
Low |
2017-03-02 |
[ml.money.mail.ru] Open Redirect |
Open Redirect |
bobrov |
Low |
2017-03-02 |
Disclosure of information on static.dl.mail.ru |
Information Disclosure |
rbcafe |
No rating |
2017-02-12 |
Activities are not Protected and able to crash app using other app (Can Malware or third parry app). |
Information Disclosure |
bugwrangler |
No rating |
2017-02-12 |
Stored XSS на street-combats.mail.ru |
Cross-site Scripting (XSS) - Generic |
cyberpunkych |
No rating |
2016-12-26 |
[torg.mail.ru] CRLF Injection |
None supplied |
s_p_q_r |
No rating |
2016-12-12 |
Time-based sql-injection на https://puzzle.mail.ru |
SQL Injection |
lalka |
No rating |
2016-11-15 |
Mail.ru for Android Content Provider Vulnerability |
Information Disclosure |
murthy68 |
No rating |
2016-11-02 |
Reflected XSS @ games.mail.ru |
Cross-site Scripting (XSS) - Generic |
ahsan |
No rating |
2016-10-18 |
[realty.mail.ru] XSS, SSI Injection |
Command Injection - Generic |
bobrov |
No rating |
2016-10-06 |
[touch.lady.mail.ru] CRLF Injection |
None supplied |
bobrov |
No rating |
2016-10-06 |
[support.my.com] Internet Explorer XSS |
Cross-site Scripting (XSS) - Generic |
bobrov |
No rating |
2016-10-06 |
[tanks.mail.ru] Internet Explorer XSS via Request-URI |
Cross-site Scripting (XSS) - Generic |
bobrov |
No rating |
2016-10-06 |
[mrgs.mail.ru] Internet Explorer XSS via Request-URI |
Cross-site Scripting (XSS) - Generic |
bobrov |
No rating |
2016-10-06 |
[corp.mail.ru] CRLF Injection / Insecure nginx configuration |
None supplied |
bobrov |
No rating |
2016-10-06 |
[rabota.mail.ru] Open Redirect |
Open Redirect |
bobrov |
No rating |
2016-10-03 |
[my.mail.ru] CRLF Injection |
None supplied |
bobrov |
No rating |
2016-10-03 |
[s.mail.ru] CRLF Injection |
None supplied |
bobrov |
No rating |
2016-10-03 |
[upload-X.my.mail.ru] /uploadphoto Insecure Direct Object References |
Improper Authentication - Generic |
bobrov |
No rating |
2016-10-03 |
[my.mail.ru] HTML injection в письмах от [email protected] |
Cross-site Scripting (XSS) - Generic |
bobrov |
No rating |
2016-10-03 |
Full Path Disclosure |
Information Disclosure |
c37hun |
No rating |
2016-09-29 |
[odnoklassniki.ru] XSS via Host |
Cross-site Scripting (XSS) - Generic |
bobrov |
No rating |
2016-09-26 |
[tidaltrek.mail.ru] SQL Injection |
SQL Injection |
konqi |
No rating |
2016-09-16 |
[cfire.mail.ru] CSRF Bypassed - Changing anyone's 'User Info' |
Cross-Site Request Forgery (CSRF) |
ahsan |
No rating |
2016-09-09 |
XSS at af.attachmail.ru |
Cross-site Scripting (XSS) - Generic |
paresh_parmar |
No rating |
2016-08-12 |
[opensource.mail.ru] system accounts enumeration |
Information Disclosure |
konqi |
No rating |
2016-08-08 |
HTML Injection на e.mail.ru |
Cross-site Scripting (XSS) - Generic |
c37hun |
No rating |
2016-07-20 |
Cross Site Request Forgery (CSRF) |
Cross-Site Request Forgery (CSRF) |
malcolmx |
No rating |
2016-07-20 |
Possibility to attach any mobile number to any email |
Improper Authentication - Generic |
hunter |
No rating |
2016-07-18 |
[connect.mail.ru] Memory Disclosure / IE XSS |
None supplied |
bobrov |
No rating |
2016-07-11 |
[townwars.mail.ru] Time-Based SQL Injection |
SQL Injection |
konqi |
No rating |
2016-07-06 |
Back Refresh Attack after registration and successful logout |
Violation of Secure Design Principles |
sudoshekhar |
No rating |
2016-07-01 |
BRUTE FORCE ATTACK |
None supplied |
md-firdous |
No rating |
2016-06-27 |
Code source discloure & ability to get database information "SQL injection" in [townwars.mail.ru] |
SQL Injection |
xsam |
No rating |
2016-06-22 |
Утечка информации через JSONP (XXSI) |
Information Disclosure |
cyberpunkych |
No rating |
2016-06-20 |
bgplay.mail.ru |
Code Injection |
isox |
No rating |
2016-06-20 |
AXFR на plexus.m.smailru.net работает |
Information Disclosure |
isox |
No rating |
2016-06-15 |
[sales.mail.ru] CRLF Injection |
None supplied |
s_p_q_r |
No rating |
2016-06-15 |
[tidaltrek.mail.ru] SQL Injection |
SQL Injection |
konqi |
No rating |
2016-05-26 |
SQL Injection |
SQL Injection |
konqi |
No rating |
2016-05-26 |
[tz.mail.ru] XSS в функционале авторизации |
Cross-site Scripting (XSS) - Generic |
s_p_q_r |
No rating |
2016-05-25 |
Insecure cookies without httpOnly flag set |
None supplied |
thalaivarsubu |
No rating |
2016-05-25 |
Reflected XSS на games.mail.ru |
Cross-site Scripting (XSS) - Generic |
cyberpunkych |
No rating |
2016-05-12 |
VERY DANGEROUS XSS STORED inside emails |
Cross-site Scripting (XSS) - Generic |
seifelsallamy |
No rating |
2016-04-07 |
Раскрытие номера мобильного телефона при двухфакторной аутентификации |
None supplied |
gorodnya |
No rating |
2016-03-25 |
[orsotenslimselfie.lady.mail.ru] SQL Injection |
SQL Injection |
konqi |
No rating |
2016-03-15 |
Time-Based Blind SQL Injection Attacks |
SQL Injection |
lukazorge |
No rating |
2016-03-10 |
Cross Site Scripting |
Cross-site Scripting (XSS) - Generic |
architaa |
No rating |
2016-03-10 |
SSRF на element.mail.ru |
Information Disclosure |
cyberpunkych |
No rating |
2016-02-24 |
[3k.mail.ru] SQL Injection |
SQL Injection |
konqi |
No rating |
2016-02-24 |
reflected in xss |
Cross-site Scripting (XSS) - Generic |
ilsen |
No rating |
2016-02-17 |
[allods.my.com] SSRF / XSPA |
None supplied |
konqi |
No rating |
2016-02-11 |
XSS at forum : |
Cross-site Scripting (XSS) - Generic |
paresh_parmar |
No rating |
2016-02-01 |
[afisha.mail.ru] SQL Injection |
SQL Injection |
konqi |
No rating |
2016-02-01 |
Multiple vulnerabilities in mail.ru subdomains |
Cross-site Scripting (XSS) - Generic |
harry_mg |
No rating |
2016-01-27 |
[parapa.mail.ru] SQL Injection |
SQL Injection |
konqi |
No rating |
2016-01-18 |
[cfire.mail.ru] Time Based SQL Injection |
SQL Injection |
konqi |
No rating |
2016-01-15 |
Flash XSS на old.corp.mail.ru |
Cross-site Scripting (XSS) - Generic |
c37hun |
No rating |
2015-12-11 |
Авторизуюсь от имени любого пользователя parapa.mail.ru |
Privilege Escalation |
c37hun |
No rating |
2015-12-11 |
Выполнение кода PHP через FastCGI |
None supplied |
c37hun |
No rating |
2015-12-11 |
Cross site scripting |
Cross-site Scripting (XSS) - Generic |
smit |
No rating |
2015-12-11 |
Reflective Xss on news.mail.ru and admin.news.mail.ru |
Cross-site Scripting (XSS) - Generic |
mak |
No rating |
2015-12-11 |
[api.allodsteam.com] Authentication Data |
Command Injection - Generic |
bigbear_ |
No rating |
2015-12-01 |
XSS: https://light.mail.ru/compose, https://m.mail.ru/compose/[id]/reply при ответе на специальным образом сформированное письмо |
Cross-site Scripting (XSS) - Generic |
aesteral |
No rating |
2015-11-16 |
[ling.go.mail.ru] Server-Status opened for all users |
Information Disclosure |
bigbear_ |
No rating |
2015-11-13 |
Ошибка фильтрации |
UI Redressing (Clickjacking) |
cyberunit |
No rating |
2015-11-02 |
Flash XSS on img.mail.ru |
Cross-site Scripting (XSS) - Generic |
tunnelshade |
No rating |
2015-10-30 |
Vulnerability :- "XSS vulnerability" |
Cross-site Scripting (XSS) - Generic |
bhavi |
No rating |
2015-10-24 |
[riot.mail.ru] Reflected XSS in debug-mode |
Cross-site Scripting (XSS) - Generic |
bigbear_ |
No rating |
2015-10-21 |
[start.icq.com] Reflected XSS via Cookies |
Cross-site Scripting (XSS) - Generic |
bigbear_ |
No rating |
2015-10-21 |
e.mail.ru: SMS spam with custom content |
None supplied |
isox |
No rating |
2015-09-13 |
target.mail.ru: XSS |
Cross-site Scripting (XSS) - Generic |
isox |
No rating |
2015-09-13 |
files.mail.ru: XSS |
Cross-site Scripting (XSS) - Generic |
isox |
No rating |
2015-09-13 |
e.mail.ru: File upload "Chapito" circus |
Memory Corruption - Generic |
isox |
No rating |
2015-09-13 |
target.mail.ru: XSS через Referer |
Cross-site Scripting (XSS) - Generic |
isox |
No rating |
2015-09-13 |
connect.mail.ru: SSRF |
None supplied |
isox |
No rating |
2015-09-13 |
my.mail.ru: HTTP Header Injection |
None supplied |
isox |
No rating |
2015-09-13 |
touch.afisha.mail.ru: XSS |
Cross-site Scripting (XSS) - Generic |
isox |
No rating |
2015-09-13 |
auth.mail.ru: XSS in login form |
Cross-site Scripting (XSS) - Generic |
isox |
No rating |
2015-09-13 |
api.video.mail.ru: XSS |
Cross-site Scripting (XSS) - Generic |
isox |
No rating |
2015-09-13 |
https://217.69.135.63/rb/: money.mail.ru sources disclosure |
Information Disclosure |
isox |
No rating |
2015-09-13 |
http://fitter1.i.mail.ru/browser/ торчит Graphite в мир |
Code Injection |
isox |
No rating |
2015-09-13 |
Possible xWork classLoader RCE: shared.mail.ru |
Code Injection |
isox |
No rating |
2015-09-13 |
help2.m.smailru.net: XSS |
Cross-site Scripting (XSS) - Generic |
isox |
No rating |
2015-09-13 |
http://tp-dev1.tp.smailru.net/ |
Improper Authentication - Generic |
isox |
No rating |
2015-09-13 |
tt-mac.i.mail.ru: Quagga 0.99.23.1 (Router) : Default password and default enable password |
Code Injection |
isox |
No rating |
2015-09-13 |
store-agent.mail.ru: stacked blind injection |
SQL Injection |
isox |
No rating |
2015-09-13 |
https://voip.agent.mail.ru/phpinfo.php |
Information Disclosure |
isox |
No rating |
2015-09-13 |
Hadoop Node available to public |
Information Disclosure |
isox |
No rating |
2015-09-13 |
HDFS NameNode Public disclosure: http://185.5.139.33:50070/dfshealth.jsp |
None supplied |
isox |
No rating |
2015-09-13 |
scfbp.tng.mail.ru: Heartbleed |
Information Disclosure |
isox |
No rating |
2015-09-13 |
RCE через JDWP |
Command Injection - Generic |
isox |
No rating |
2015-09-13 |
Heartbleed: my.com (185.30.178.33) port 1433 |
None supplied |
isox |
No rating |
2015-09-13 |
cloud.mail.ru: File upload XSS using Content-Type header |
Cross-site Scripting (XSS) - Generic |
isox |
No rating |
2015-09-13 |
GET /surveys/2auth: XSS |
Cross-site Scripting (XSS) - Generic |
isox |
No rating |
2015-09-13 |
http://217.69.136.200/?p=2&c=Fetcher%20cluster&h=fetcher1.mail.ru |
None supplied |
isox |
No rating |
2015-09-13 |
/surveys/2auth: DOM-based XSS |
Cross-site Scripting (XSS) - Generic |
isox |
No rating |
2015-09-13 |
3k.mail.ru: XSS |
Cross-site Scripting (XSS) - Generic |
isox |
No rating |
2015-09-13 |
files.mail.ru: HTTP Header Injection |
None supplied |
isox |
No rating |
2015-09-13 |
m.agent.mail.ru: Подделываем j2me app-descriptor |
None supplied |
isox |
No rating |
2015-09-13 |
money.mail.ru: Странное поведение SMS |
Memory Corruption - Generic |
isox |
No rating |
2015-09-13 |
tp-demo1.corp.mail.ru: SVN наружу торчит |
None supplied |
isox |
No rating |
2015-09-13 |
Не уверен, что этому место на периметре: 94.100.180.95, 94.100.180.96, 94.100.180.97, 94.100.180.98 |
None supplied |
isox |
No rating |
2015-09-13 |
Перечисление каталогов за счёт уязвимости в IIS |
Information Disclosure |
bigbear |
No rating |
2015-06-28 |
No bruteforce protection leads to enumeration of emails in http://e.mail.ru/ |
Violation of Secure Design Principles |
niyaax |
No rating |
2015-06-28 |
e.mail.ru stored XSS in agent via sticker (smile) |
Cross-site Scripting (XSS) - Generic |
reactors08 |
No rating |
2015-06-28 |
XSS in touch.sports.mail.ru |
Cross-site Scripting (XSS) - Generic |
ddworken |
No rating |
2015-05-21 |
XSS in ad.mail.ru |
Cross-site Scripting (XSS) - Generic |
ddworken |
No rating |
2015-05-02 |
XSS in realty.mail.ru |
Cross-site Scripting (XSS) - Generic |
ddworken |
No rating |
2015-05-02 |
Same Origin Policy bypass |
Cross-Site Request Forgery (CSRF) |
zoczus |
No rating |
2015-03-27 |
XSS Vulnerability in cfire.mail.ru/screen/1/ |
Cross-site Scripting (XSS) - Generic |
ddworken |
No rating |
2015-03-22 |
Stored XSS on http://top.mail.ru |
Cross-site Scripting (XSS) - Generic |
4lemon |
No rating |
2015-01-10 |
localStorage не чистится после выхода |
Information Disclosure |
kamil_hism |
No rating |
2014-12-10 |
XSS via .eml file |
Cross-site Scripting (XSS) - Generic |
reactors08 |
No rating |
2014-12-10 |
Нежелательная информация |
Information Disclosure |
bigbear |
No rating |
2014-12-10 |
Time based sql injection |
SQL Injection |
psych0tr1a |
No rating |
2014-12-10 |
touch.mail.ru XSS via message id |
Cross-site Scripting (XSS) - Generic |
reactors08 |
No rating |
2014-12-10 |
OpenSSL HeartBleed (CVE-2014-0160) |
None supplied |
c37hun |
No rating |
2014-12-10 |
Reflected XSS connect.mail.ru (IE6-IE8) |
Cross-site Scripting (XSS) - Generic |
4lemon |
No rating |
2014-12-10 |
Content Spoofing vulnerability in Mail.ru mobile |
Violation of Secure Design Principles |
mohank |
No rating |
2014-12-10 |
XXE and SSRF on webmaster.mail.ru |
Command Injection - Generic |
4lemon |
No rating |
2014-12-10 |
Stored XSS on http://cards.mail.ru |
Cross-site Scripting (XSS) - Generic |
4lemon |
No rating |
2014-12-10 |
XSS in https://e.mail.ru/cgi-bin/lstatic (Limited use) |
Cross-site Scripting (XSS) - Generic |
4lemon |
No rating |
2014-12-10 |
SQL injection [дырка в движке форума] |
SQL Injection |
psych0tr1a |
No rating |
2014-11-16 |
Раскрытие полного серверного пути |
Information Disclosure |
bigbear |
No rating |
2014-10-16 |
Flash XSS in http://lingvo.mail.ru |
Cross-site Scripting (XSS) - Generic |
quistertow |
No rating |
2014-10-02 |
Раскрытие путей сервера за счёт неопределённого индекса в сценарии /home/berserk-online.com/public_html/forum/Themes/berserker/Profile.template.php |
Information Disclosure |
bigbear |
No rating |
2014-09-27 |
(m.mail.ru) Password type input with auto-complete enabled |
Information Disclosure |
vineet |
No rating |
2014-09-19 |
SQL Injection on 11x11.mail.ru |
SQL Injection |
bigbear |
No rating |
2014-09-16 |
Reflected XSS in User-Agent |
Cross-site Scripting (XSS) - Generic |
bigbear |
No rating |
2014-09-16 |
SQL inj |
SQL Injection |
vah13 |
No rating |
2014-09-12 |
Reflected XSS |
Cross-site Scripting (XSS) - Generic |
chandrakant |
No rating |
2014-09-10 |
Version Disclosure (NginX) |
Information Disclosure |
stalker |
No rating |
2014-09-10 |
SQL |
SQL Injection |
vah13 |
No rating |
2014-08-16 |
rs.mail.ru - Flash Based XSS |
Cross-site Scripting (XSS) - Generic |
quistertow |
No rating |
2014-08-07 |
Flash XSS in http://go.mail.ru |
Cross-site Scripting (XSS) - Generic |
quistertow |
No rating |
2014-08-07 |
Reflected XSS |
Cross-site Scripting (XSS) - Generic |
bigbear |
No rating |
2014-08-07 |
Clicjacking on Login panel |
UI Redressing (Clickjacking) |
chandrakant |
No rating |
2014-07-14 |
XSS in a file or folder name |
Cross-site Scripting (XSS) - Generic |
reactors08 |
No rating |
2014-07-09 |
Xss On http://my.mail.ru/ |
Cross-site Scripting (XSS) - Generic |
chandrakant |
No rating |
2014-07-08 |
XSS in "About Video" |
Cross-site Scripting (XSS) - Generic |
reactors08 |
No rating |
2014-07-06 |
Flash XSS - http://hi-tech.mail.ru/ |
Cross-site Scripting (XSS) - Generic |
quistertow |
No rating |
2014-07-05 |
No CSRF token used in Phone Verification POST |
Cross-Site Request Forgery (CSRF) |
siddiki |
No rating |
2014-06-11 |
Home page reflected XSS |
Cross-site Scripting (XSS) - Generic |
bitquark |
No rating |
2014-06-06 |
Clickjacking |
UI Redressing (Clickjacking) |
ma120320 |
No rating |
2014-06-06 |
Admin panel of http://tp-test1.corp.mail.ru/ is acccessible publicly |
Violation of Secure Design Principles |
s3curient |
No rating |
2014-05-30 |
SQL inj |
SQL Injection |
vah13 |
No rating |
2014-05-30 |
SQL injection update.mail.ru |
SQL Injection |
vah13 |
No rating |
2014-05-30 |
Persistent XSS in afisha.mail.ru |
Cross-site Scripting (XSS) - Generic |
4p00rv |
No rating |
2014-05-28 |
Login without SSL-Protection |
Violation of Secure Design Principles |
redshark1802 |
No rating |
2014-05-27 |
Unproper usage of Mobile Number that will lead to Information Disclosure |
Cryptographic Issues - Generic |
atom |
No rating |
2014-05-22 |