[mijn.werkenbijdefensie.nl] Denial of service occurs due to lack of email length confirmation |
Denial of Service |
what_web |
Medium |
2020-07-23 |
[mijn.werkenbijdefensie.nl] Denial of service occurs due to lack of email length confirmation |
Denial of Service |
what_web |
Medium |
2020-07-23 |
[www.werkenbijbakertilly.nl] Denial of service due to incorrect server return can result in total denial of service. |
Denial of Service |
what_web |
Medium |
2020-07-10 |
[www.werkenbijderet.nl] There is no rate limit for vacature-alert endpoints |
Improper Authentication - Generic |
what_web |
Medium |
2020-07-10 |
[www.werkenbijbakertilly.nl] Denial of service due to incorrect server return can result in total denial of service. |
Denial of Service |
what_web |
Medium |
2020-07-10 |
[www.werkenbijbakertilly.nl] Information Disclosure |
Information Disclosure |
what_web |
Low |
2020-06-30 |
I can subscribe and unsubscribe any user with the same token for as many times as i want |
Improper Access Control - Generic |
iam1here |
Medium |
2020-04-21 |
x-request-id header reflected in server response without sanitization |
CRLF Injection |
zeop |
None |
2020-02-22 |
Ability To Takeover any account by Emaill. |
Privilege Escalation |
0xradi |
High |
2019-07-10 |
Weak password |
Weak Cryptography for Passwords |
firestone |
No rating |
2018-01-10 |
[werkenbijmcdonalds.nl] Unsafe-inline in "script-src" results in "bootstrapping" or passing data to JavaScript from HTML pages. |
Violation of Secure Design Principles |
smit |
Medium |
2017-11-15 |
xss flash on http://presentatie.werkenbijmcdonalds.nl/ |
Cross-site Scripting (XSS) - Stored |
whitesector |
Low |
2017-10-25 |
[Cross Domain Referrer Leakage] Password Reset Token Leaking to Third party Sites. |
Information Disclosure |
ykw1337 |
Medium |
2017-09-07 |
Open redirect on https://werkenbijdefensie.nl/ |
Open Redirect |
kuton |
Medium |
2017-07-27 |
Open Redirect & Information Disclosure [mijn.werkenbijdefensie.nl] |
Open Redirect |
0xradi |
No rating |
2017-06-21 |
Possible to view and takeover other user's education and courses @ mijn.werkenbijdefensie.nl |
Insecure Direct Object Reference (IDOR) |
jorik |
Medium |
2017-05-27 |
Possible to unsubscribe from activities using CSRF @ mijn.werkenbijdefensie.nl |
Cross-Site Request Forgery (CSRF) |
jorik |
Medium |
2017-05-27 |
Cross-site Scripting (XSS) on [maximum.nl] |
Cross-site Scripting (XSS) - Reflected |
0xradi |
No rating |
2017-05-24 |
IDOR in editing courses |
Insecure Direct Object Reference (IDOR) |
kieran |
Medium |
2017-05-22 |
XSS |
Cross-site Scripting (XSS) - Reflected |
linkks |
No rating |
2017-05-10 |
RC4 cipher suites detected |
Cryptographic Issues - Generic |
linkks |
No rating |
2017-03-31 |
SSL certificate invalid date |
Cryptographic Issues - Generic |
linkks |
No rating |
2017-03-31 |
Application error message |
Information Disclosure |
linkks |
No rating |
2017-03-31 |
RC4 cipher suites detected |
Cryptographic Issues - Generic |
linkks |
No rating |
2017-03-31 |
RC4 cipher suites detected |
Cryptographic Issues - Generic |
linkks |
No rating |
2017-03-31 |
The POODLE attack (SSLv3 supported) |
Cryptographic Issues - Generic |
linkks |
No rating |
2017-03-31 |
Application error message |
Information Disclosure |
linkks |
No rating |
2017-03-31 |
Microsoft IIS tilde directory enumeration |
Information Disclosure |
linkks |
No rating |
2017-03-31 |
Facebook and twitter page claimed of maximum.com [important] |
Violation of Secure Design Principles |
nulllover |
No rating |
2017-01-21 |