Paragon Initiative Enterprises Bug Bounty Program Statistics

Paragon Initiative Enterprises Program Statistics

73 total issues disclosed

$700 total paid publicly

Most disclosed (16 disclosures) — Violation of Secure Design Principles

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
Recaptcha Secret key Leaked	Information Disclosure	kashifinfo90	High	2021-12-04
Airship: Persistent XSS via Comment	Cross-site Scripting (XSS) - Stored	foobar7	Medium	2018-04-24
Incomplete fix for #181225 (target=_blank vulnerability)	None supplied	cablej	No rating	2018-04-20
Full Path Disclosure In EasyDB	Information Disclosure	supernatural	No rating	2017-10-16
Your Application Have Cacheable SSL Pages	Violation of Secure Design Principles	kiraak-boy	No rating	2017-10-16
Full Path Disclosure in password lock	Information Disclosure	supernatural	No rating	2017-10-16
SMTP server allows anonymous relay from internal addresses to internal addresses	Improper Authentication - Generic	phenix	No rating	2017-10-16
Full Path Disclosure in airship.paragonie.com '/cabins/'	None supplied	eidelweiss	No rating	2017-10-16
Non-secure requests are not automatically upgraded to HTTPS	Violation of Secure Design Principles	amalunni75310	Low	2017-10-16
CSRF token does not valided during blog comment	Cross-Site Request Forgery (CSRF)	ranjit_p	No rating	2017-10-16
Improper access control lead To delete anyone comment	Improper Access Control - Generic	ranjit_p	Medium	2017-10-16
Invited user to a Author profile can remove the owner of that Author	Violation of Secure Design Principles	ranjit_p	No rating	2017-10-16
Paragonie Airship Admin CSRF on Extensions Pages	Cross-Site Request Forgery (CSRF)	4cad	Medium	2017-10-16
[Critical] billion dollars issue	Man-in-the-Middle	abdel-fattah-elsisi	Critical	2017-06-30
Directory Disclose,Email Disclose Zendmail vulnerability	Information Exposure Through Directory Listing	pahan1234	No rating	2017-06-21
Full directory path listing	Information Exposure Through Directory Listing	pahan1234	No rating	2017-05-20
There is an vulnerability in https://bridge.cspr.ng where an attacker can users directory	None supplied	jalka	Medium	2017-05-07
no session logout after changing the password in https://bridge.cspr.ng/	None supplied	jalka	Low	2017-05-07
Full Path Disclousure on https://airship.paragonie.com	Information Disclosure	ruisilva	Low	2017-05-07
Broken Authentication & Session Management - Failure to Invalidate Session on all other browsers at Password change	Improper Authentication - Generic	k_jagdish	Critical	2017-05-07
Improper validation of Email	None supplied	pahan1234	No rating	2017-05-07
Cross-site-Scripting	Cross-site Scripting (XSS) - Stored	pahan1234	Low	2017-05-05
I am because bug	None supplied	b69b1b97b19c1c71b0eed85	Critical	2017-05-05
Subdomain Takeover	Information Disclosure	kholy	Critical	2017-05-05
directory information disclose	Information Disclosure	pahan1234	No rating	2017-05-05
Incorrect detection of onion URLs	None supplied	e3amn2l	No rating	2016-11-13
Missing rel=noopener noreferrer in target=_blank links (Phishing attack)	None supplied	e3amn2l	No rating	2016-11-13
Not using Binary::safe* functions for substr/strlen function	None supplied	e3amn2l	No rating	2016-11-13
Using plain git protocol (vulnerable to MITM)	None supplied	e3amn2l	No rating	2016-11-10
Missing GIT tag/commit verification in Docker	None supplied	e3amn2l	No rating	2016-11-10
BAD Code !	Command Injection - Generic	kholy	None	2016-11-04
DMARC Not found for paragonie.com URGENT	XML External Entities (XXE)	hackerone_hero	Critical	2016-11-03
Not clearing hex-decoded variable after usage in Authentication	Violation of Secure Design Principles	sstok	None	2016-11-03
[Airship CMS] Local File Inclusion - RST Parser	Information Disclosure	hextitan	High	2016-10-31
Email Spoofing With Your Website's Email	Improper Authentication - Generic	muhaddix	No rating	2016-08-24
Content-type sniffing leads to stored XSS in CMS Airship on Internet Explorer	Cross-site Scripting (XSS) - Generic	lukasreschke	No rating	2016-07-14
Full Path Disclosure by removing CSRF token	Information Disclosure	velby	No rating	2016-07-08
Site support SNI But Browser can't	Command Injection - Generic	meena_hack	No rating	2016-07-06
ssl info shown	Cryptographic Issues - Generic	vishaljadhav	No rating	2016-07-05
Issue with password reset functionality [Minor]	Violation of Secure Design Principles	ahsan	No rating	2016-07-03
[URGENT] Password reset emails are sent in clear-text (without encryption)	Cryptographic Issues - Generic	ahsan	No rating	2016-07-03
User enumeration via Password reset page [Minor]	Violation of Secure Design Principles	ahsan	No rating	2016-07-02
Airship doesn't reject weak passwords	Improper Authentication - Generic	kelunik	No rating	2016-07-02
Full path disclosure when CSRF validation failed	Information Disclosure	abdullah	No rating	2016-07-02
Stored XSS using SVG	Cross-site Scripting (XSS) - Generic	abdullah	No rating	2016-07-02
Nginx Version Disclosure On Forbidden Page	Information Disclosure	mefkan	No rating	2016-07-02
Email spoofing in [email protected]	Memory Corruption - Generic	ahsan	No rating	2016-07-02
Stored XSS in comments	Cross-site Scripting (XSS) - Generic	kelunik	No rating	2016-07-02
Session Management Issue CMS Airship	Memory Corruption - Generic	ahsan	No rating	2016-07-02
Stored Cross-Site-Scripting in CMS Airship's authors profiles	Cross-site Scripting (XSS) - Generic	lukasreschke	No rating	2016-07-01
Email Authentication bypass Vulnerability	Violation of Secure Design Principles	waqar_vicky	No rating	2016-06-17
Full path disclosure vulnerability on paragonie.com	None supplied	1337_inj3c70r	No rating	2016-06-17
Session Management	Violation of Secure Design Principles	lucky1015k	No rating	2016-06-17
Blind SQL INJ	SQL Injection	pentesters	No rating	2016-06-17
Missing SPF	Violation of Secure Design Principles	kiraak-boy	No rating	2016-06-17
Missing SPF for paragonie.com	Violation of Secure Design Principles	007divyachawla	No rating	2016-06-17
Spf	Improper Authentication - Generic	syedrafi	No rating	2016-06-17
file full path discloser.	Information Disclosure	acc_122	No rating	2016-06-17
Email Spoof	Improper Authentication - Generic	shivathegame	No rating	2016-06-17
Missing SPF records for paragonie.com	Violation of Secure Design Principles	zh54	No rating	2016-06-17
Email spoofing	Violation of Secure Design Principles	null000null	No rating	2016-06-17
Cross-domain AJAX request	Violation of Secure Design Principles	hassham	No rating	2016-06-17
Email Authentication Bypass	Memory Corruption - Generic	ahmedkhouja	No rating	2016-05-16
SSL certificate public key less than 2048 bit	Cryptographic Issues - Generic	linkks	No rating	2016-05-05
CSRF AT SUBSCRIBE TO LIST	Cross-Site Request Forgery (CSRF)	kiraak-boy	No rating	2016-05-05
Information Disclosure in Error Page	Information Disclosure	vagg-a-bond	No rating	2016-04-29
Missing SPF for paragonie.com	Violation of Secure Design Principles	sumitcfe	No rating	2016-04-27
The Anti-CSRF Library fails to restrict token to a particular IP address when being behind a reverse-proxy/WAF	Cross-Site Request Forgery (CSRF)	sc0	No rating	2016-04-27
DNSsec not configured	Violation of Secure Design Principles	waqar_vicky	No rating	2016-04-27
Vunerability : spf	None supplied	blasterneerajrex	No rating	2016-04-27
Full Path Disclosure	Information Disclosure	supernatural	No rating	2016-03-09
Missing SPF for https://paragonie.com/	Violation of Secure Design Principles	karthic	No rating	2016-02-08
Open-redirect on paragonie.com	Open Redirect	hat_mast3r	No rating	2016-02-07

BugBountyHunter

Paragon Initiative Enterprises Program Statistics

Disclosed Reports