Paragon Initiative Enterprises


73 total issues disclosed

$700 total paid publicly


Most disclosed (16 disclosures) — Violation of Secure Design Principles

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Recaptcha Secret key Leaked Information Disclosure kashifinfo90 High 2021-12-04
Airship: Persistent XSS via Comment Cross-site Scripting (XSS) - Stored foobar7 Medium 2018-04-24
Incomplete fix for #181225 (target=_blank vulnerability) None supplied cablej No rating 2018-04-20
Full Path Disclosure In EasyDB Information Disclosure supernatural No rating 2017-10-16
Your Application Have Cacheable SSL Pages Violation of Secure Design Principles kiraak-boy No rating 2017-10-16
Full Path Disclosure in password lock Information Disclosure supernatural No rating 2017-10-16
SMTP server allows anonymous relay from internal addresses to internal addresses Improper Authentication - Generic phenix No rating 2017-10-16
Full Path Disclosure in airship.paragonie.com '/cabins/' None supplied eidelweiss No rating 2017-10-16
Non-secure requests are not automatically upgraded to HTTPS Violation of Secure Design Principles amalunni75310 Low 2017-10-16
CSRF token does not valided during blog comment Cross-Site Request Forgery (CSRF) ranjit_p No rating 2017-10-16
Improper access control lead To delete anyone comment Improper Access Control - Generic ranjit_p Medium 2017-10-16
Invited user to a Author profile can remove the owner of that Author Violation of Secure Design Principles ranjit_p No rating 2017-10-16
Paragonie Airship Admin CSRF on Extensions Pages Cross-Site Request Forgery (CSRF) 4cad Medium 2017-10-16
[Critical] billion dollars issue Man-in-the-Middle abdel-fattah-elsisi Critical 2017-06-30
Directory Disclose,Email Disclose Zendmail vulnerability Information Exposure Through Directory Listing pahan1234 No rating 2017-06-21
Full directory path listing Information Exposure Through Directory Listing pahan1234 No rating 2017-05-20
There is an vulnerability in https://bridge.cspr.ng where an attacker can users directory None supplied jalka Medium 2017-05-07
no session logout after changing the password in https://bridge.cspr.ng/ None supplied jalka Low 2017-05-07
Full Path Disclousure on https://airship.paragonie.com Information Disclosure ruisilva Low 2017-05-07
Broken Authentication & Session Management - Failure to Invalidate Session on all other browsers at Password change Improper Authentication - Generic k_jagdish Critical 2017-05-07
Improper validation of Email None supplied pahan1234 No rating 2017-05-07
Cross-site-Scripting Cross-site Scripting (XSS) - Stored pahan1234 Low 2017-05-05
I am because bug None supplied b69b1b97b19c1c71b0eed85 Critical 2017-05-05
Subdomain Takeover Information Disclosure kholy Critical 2017-05-05
directory information disclose Information Disclosure pahan1234 No rating 2017-05-05
Incorrect detection of onion URLs None supplied e3amn2l No rating 2016-11-13
Missing rel=noopener noreferrer in target=_blank links (Phishing attack) None supplied e3amn2l No rating 2016-11-13
Not using Binary::safe* functions for substr/strlen function None supplied e3amn2l No rating 2016-11-13
Using plain git protocol (vulnerable to MITM) None supplied e3amn2l No rating 2016-11-10
Missing GIT tag/commit verification in Docker None supplied e3amn2l No rating 2016-11-10
BAD Code ! Command Injection - Generic kholy None 2016-11-04
DMARC Not found for paragonie.com URGENT XML External Entities (XXE) hackerone_hero Critical 2016-11-03
Not clearing hex-decoded variable after usage in Authentication Violation of Secure Design Principles sstok None 2016-11-03
[Airship CMS] Local File Inclusion - RST Parser Information Disclosure hextitan High 2016-10-31
Email Spoofing With Your Website's Email Improper Authentication - Generic muhaddix No rating 2016-08-24
Content-type sniffing leads to stored XSS in CMS Airship on Internet Explorer Cross-site Scripting (XSS) - Generic lukasreschke No rating 2016-07-14
Full Path Disclosure by removing CSRF token Information Disclosure velby No rating 2016-07-08
Site support SNI But Browser can't Command Injection - Generic meena_hack No rating 2016-07-06
ssl info shown Cryptographic Issues - Generic vishaljadhav No rating 2016-07-05
Issue with password reset functionality [Minor] Violation of Secure Design Principles ahsan No rating 2016-07-03
[URGENT] Password reset emails are sent in clear-text (without encryption) Cryptographic Issues - Generic ahsan No rating 2016-07-03
User enumeration via Password reset page [Minor] Violation of Secure Design Principles ahsan No rating 2016-07-02
Airship doesn't reject weak passwords Improper Authentication - Generic kelunik No rating 2016-07-02
Full path disclosure when CSRF validation failed Information Disclosure abdullah No rating 2016-07-02
Stored XSS using SVG Cross-site Scripting (XSS) - Generic abdullah No rating 2016-07-02
Nginx Version Disclosure On Forbidden Page Information Disclosure mefkan No rating 2016-07-02
Email spoofing in [email protected] Memory Corruption - Generic ahsan No rating 2016-07-02
Stored XSS in comments Cross-site Scripting (XSS) - Generic kelunik No rating 2016-07-02
Session Management Issue CMS Airship Memory Corruption - Generic ahsan No rating 2016-07-02
Stored Cross-Site-Scripting in CMS Airship's authors profiles Cross-site Scripting (XSS) - Generic lukasreschke No rating 2016-07-01
Email Authentication bypass Vulnerability Violation of Secure Design Principles waqar_vicky No rating 2016-06-17
Full path disclosure vulnerability on paragonie.com None supplied 1337_inj3c70r No rating 2016-06-17
Session Management Violation of Secure Design Principles lucky1015k No rating 2016-06-17
Blind SQL INJ SQL Injection pentesters No rating 2016-06-17
Missing SPF Violation of Secure Design Principles kiraak-boy No rating 2016-06-17
Missing SPF for paragonie.com Violation of Secure Design Principles 007divyachawla No rating 2016-06-17
Spf Improper Authentication - Generic syedrafi No rating 2016-06-17
file full path discloser. Information Disclosure acc_122 No rating 2016-06-17
Email Spoof Improper Authentication - Generic shivathegame No rating 2016-06-17
Missing SPF records for paragonie.com Violation of Secure Design Principles zh54 No rating 2016-06-17
Email spoofing Violation of Secure Design Principles null000null No rating 2016-06-17
Cross-domain AJAX request Violation of Secure Design Principles hassham No rating 2016-06-17
Email Authentication Bypass Memory Corruption - Generic ahmedkhouja No rating 2016-05-16
SSL certificate public key less than 2048 bit Cryptographic Issues - Generic linkks No rating 2016-05-05
CSRF AT SUBSCRIBE TO LIST Cross-Site Request Forgery (CSRF) kiraak-boy No rating 2016-05-05
Information Disclosure in Error Page Information Disclosure vagg-a-bond No rating 2016-04-29
Missing SPF for paragonie.com Violation of Secure Design Principles sumitcfe No rating 2016-04-27
The Anti-CSRF Library fails to restrict token to a particular IP address when being behind a reverse-proxy/WAF Cross-Site Request Forgery (CSRF) sc0 No rating 2016-04-27
DNSsec not configured Violation of Secure Design Principles waqar_vicky No rating 2016-04-27
Vunerability : spf None supplied blasterneerajrex No rating 2016-04-27
Full Path Disclosure Information Disclosure supernatural No rating 2016-03-09
Missing SPF for https://paragonie.com/ Violation of Secure Design Principles karthic No rating 2016-02-08
Open-redirect on paragonie.com Open Redirect hat_mast3r No rating 2016-02-07