| [mijn.werkenbijdefensie.nl] Denial of service occurs due to lack of email length confirmation |
Denial of Service |
what_web |
Medium |
2020-07-23 |
| [mijn.werkenbijdefensie.nl] Denial of service occurs due to lack of email length confirmation |
Denial of Service |
what_web |
Medium |
2020-07-23 |
| [www.werkenbijbakertilly.nl] Denial of service due to incorrect server return can result in total denial of service. |
Denial of Service |
what_web |
Medium |
2020-07-10 |
| [www.werkenbijderet.nl] There is no rate limit for vacature-alert endpoints |
Improper Authentication - Generic |
what_web |
Medium |
2020-07-10 |
| [www.werkenbijbakertilly.nl] Denial of service due to incorrect server return can result in total denial of service. |
Denial of Service |
what_web |
Medium |
2020-07-10 |
| [www.werkenbijbakertilly.nl] Information Disclosure |
Information Disclosure |
what_web |
Low |
2020-06-30 |
| I can subscribe and unsubscribe any user with the same token for as many times as i want |
Improper Access Control - Generic |
iam1here |
Medium |
2020-04-21 |
| x-request-id header reflected in server response without sanitization |
CRLF Injection |
zeop |
None |
2020-02-22 |
| Ability To Takeover any account by Emaill. |
Privilege Escalation |
0xradi |
High |
2019-07-10 |
| Weak password |
Weak Cryptography for Passwords |
firestone |
No rating |
2018-01-10 |
| [werkenbijmcdonalds.nl] Unsafe-inline in "script-src" results in "bootstrapping" or passing data to JavaScript from HTML pages. |
Violation of Secure Design Principles |
smit |
Medium |
2017-11-15 |
| xss flash on http://presentatie.werkenbijmcdonalds.nl/ |
Cross-site Scripting (XSS) - Stored |
whitesector |
Low |
2017-10-25 |
| [Cross Domain Referrer Leakage] Password Reset Token Leaking to Third party Sites. |
Information Disclosure |
ykw1337 |
Medium |
2017-09-07 |
| Open redirect on https://werkenbijdefensie.nl/ |
Open Redirect |
kuton |
Medium |
2017-07-27 |
| Open Redirect & Information Disclosure [mijn.werkenbijdefensie.nl] |
Open Redirect |
0xradi |
No rating |
2017-06-21 |
| Possible to view and takeover other user's education and courses @ mijn.werkenbijdefensie.nl |
Insecure Direct Object Reference (IDOR) |
jorik |
Medium |
2017-05-27 |
| Possible to unsubscribe from activities using CSRF @ mijn.werkenbijdefensie.nl |
Cross-Site Request Forgery (CSRF) |
jorik |
Medium |
2017-05-27 |
| Cross-site Scripting (XSS) on [maximum.nl] |
Cross-site Scripting (XSS) - Reflected |
0xradi |
No rating |
2017-05-24 |
| IDOR in editing courses |
Insecure Direct Object Reference (IDOR) |
kieran |
Medium |
2017-05-22 |
| XSS |
Cross-site Scripting (XSS) - Reflected |
linkks |
No rating |
2017-05-10 |
| RC4 cipher suites detected |
Cryptographic Issues - Generic |
linkks |
No rating |
2017-03-31 |
| SSL certificate invalid date |
Cryptographic Issues - Generic |
linkks |
No rating |
2017-03-31 |
| Application error message |
Information Disclosure |
linkks |
No rating |
2017-03-31 |
| RC4 cipher suites detected |
Cryptographic Issues - Generic |
linkks |
No rating |
2017-03-31 |
| RC4 cipher suites detected |
Cryptographic Issues - Generic |
linkks |
No rating |
2017-03-31 |
| The POODLE attack (SSLv3 supported) |
Cryptographic Issues - Generic |
linkks |
No rating |
2017-03-31 |
| Application error message |
Information Disclosure |
linkks |
No rating |
2017-03-31 |
| Microsoft IIS tilde directory enumeration |
Information Disclosure |
linkks |
No rating |
2017-03-31 |
| Facebook and twitter page claimed of maximum.com [important] |
Violation of Secure Design Principles |
nulllover |
No rating |
2017-01-21 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles