OWOX, Inc.


13 total issues disclosed

$0 total paid publicly


Most disclosed (4 disclosures) — Improper Authentication - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Unrestricted File Upload in Chat Window Violation of Secure Design Principles ant_pyne Medium 2020-08-16
Server-side cache poisoning leads to the http://my.dev.owox.com inaccessibility None supplied sp1d3rs High 2017-11-23
ClickJacking UI Redressing (Clickjacking) blablaa No rating 2017-05-22
Direct IP Access Information Disclosure ph_spade Low 2017-05-22
invalid URL parsing with and '@' HTTP Response Splitting yynl Low 2017-05-22
Subdomain Takeover on http://blog.owox.com/ Improper Authentication - Generic yynl Critical 2017-05-22
Subdomain Takeover on OWOX.RU Improper Authentication - Generic yynl Critical 2017-05-22
Broken Authentication & Session Management (Login Bypass) at support.owox.com Improper Authentication - Generic k_jagdish Critical 2017-05-22
Subdomain takeover in many subdomains Privilege Escalation haxormad Critical 2017-03-24
Stored XSS at https://finance.owox.com/customer/accountList Cross-site Scripting (XSS) - Generic sp1d3rs Low 2017-02-12
Access to Grafana Dashboard Information Disclosure hackerish Medium 2017-01-06
HTTP Response Splitting(CRLF injection) in bi.owox.com Command Injection - Generic quistertow No rating 2016-12-20
Subdomain Takeover on http://kiosk.owox.com/ Improper Authentication - Generic gaurang Critical 2016-11-17