Paragon Initiative Enterprises Program Statistics
73 total issues disclosed
$700 total paid publicly
Most disclosed (16 disclosures) — Violation of Secure Design Principles
Disclosed Reports
Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
---|---|---|---|---|
Recaptcha Secret key Leaked | Information Disclosure | kashifinfo90 | High | 2021-12-04 |
Airship: Persistent XSS via Comment | Cross-site Scripting (XSS) - Stored | foobar7 | Medium | 2018-04-24 |
Incomplete fix for #181225 (target=_blank vulnerability) | None supplied | cablej | No rating | 2018-04-20 |
Full Path Disclosure In EasyDB | Information Disclosure | supernatural | No rating | 2017-10-16 |
Your Application Have Cacheable SSL Pages | Violation of Secure Design Principles | kiraak-boy | No rating | 2017-10-16 |
Full Path Disclosure in password lock | Information Disclosure | supernatural | No rating | 2017-10-16 |
SMTP server allows anonymous relay from internal addresses to internal addresses | Improper Authentication - Generic | phenix | No rating | 2017-10-16 |
Full Path Disclosure in airship.paragonie.com '/cabins/' | None supplied | eidelweiss | No rating | 2017-10-16 |
Non-secure requests are not automatically upgraded to HTTPS | Violation of Secure Design Principles | amalunni75310 | Low | 2017-10-16 |
CSRF token does not valided during blog comment | Cross-Site Request Forgery (CSRF) | ranjit_p | No rating | 2017-10-16 |
Improper access control lead To delete anyone comment | Improper Access Control - Generic | ranjit_p | Medium | 2017-10-16 |
Invited user to a Author profile can remove the owner of that Author | Violation of Secure Design Principles | ranjit_p | No rating | 2017-10-16 |
Paragonie Airship Admin CSRF on Extensions Pages | Cross-Site Request Forgery (CSRF) | 4cad | Medium | 2017-10-16 |
[Critical] billion dollars issue | Man-in-the-Middle | abdel-fattah-elsisi | Critical | 2017-06-30 |
Directory Disclose,Email Disclose Zendmail vulnerability | Information Exposure Through Directory Listing | pahan1234 | No rating | 2017-06-21 |
Full directory path listing | Information Exposure Through Directory Listing | pahan1234 | No rating | 2017-05-20 |
There is an vulnerability in https://bridge.cspr.ng where an attacker can users directory | None supplied | jalka | Medium | 2017-05-07 |
no session logout after changing the password in https://bridge.cspr.ng/ | None supplied | jalka | Low | 2017-05-07 |
Full Path Disclousure on https://airship.paragonie.com | Information Disclosure | ruisilva | Low | 2017-05-07 |
Broken Authentication & Session Management - Failure to Invalidate Session on all other browsers at Password change | Improper Authentication - Generic | k_jagdish | Critical | 2017-05-07 |
Improper validation of Email | None supplied | pahan1234 | No rating | 2017-05-07 |
Cross-site-Scripting | Cross-site Scripting (XSS) - Stored | pahan1234 | Low | 2017-05-05 |
I am because bug | None supplied | b69b1b97b19c1c71b0eed85 | Critical | 2017-05-05 |
Subdomain Takeover | Information Disclosure | kholy | Critical | 2017-05-05 |
directory information disclose | Information Disclosure | pahan1234 | No rating | 2017-05-05 |
Incorrect detection of onion URLs | None supplied | e3amn2l | No rating | 2016-11-13 |
Missing rel=noopener noreferrer in target=_blank links (Phishing attack) | None supplied | e3amn2l | No rating | 2016-11-13 |
Not using Binary::safe* functions for substr/strlen function | None supplied | e3amn2l | No rating | 2016-11-13 |
Using plain git protocol (vulnerable to MITM) | None supplied | e3amn2l | No rating | 2016-11-10 |
Missing GIT tag/commit verification in Docker | None supplied | e3amn2l | No rating | 2016-11-10 |
BAD Code ! | Command Injection - Generic | kholy | None | 2016-11-04 |
DMARC Not found for paragonie.com URGENT | XML External Entities (XXE) | hackerone_hero | Critical | 2016-11-03 |
Not clearing hex-decoded variable after usage in Authentication | Violation of Secure Design Principles | sstok | None | 2016-11-03 |
[Airship CMS] Local File Inclusion - RST Parser | Information Disclosure | hextitan | High | 2016-10-31 |
Email Spoofing With Your Website's Email | Improper Authentication - Generic | muhaddix | No rating | 2016-08-24 |
Content-type sniffing leads to stored XSS in CMS Airship on Internet Explorer | Cross-site Scripting (XSS) - Generic | lukasreschke | No rating | 2016-07-14 |
Full Path Disclosure by removing CSRF token | Information Disclosure | velby | No rating | 2016-07-08 |
Site support SNI But Browser can't | Command Injection - Generic | meena_hack | No rating | 2016-07-06 |
ssl info shown | Cryptographic Issues - Generic | vishaljadhav | No rating | 2016-07-05 |
Issue with password reset functionality [Minor] | Violation of Secure Design Principles | ahsan | No rating | 2016-07-03 |
[URGENT] Password reset emails are sent in clear-text (without encryption) | Cryptographic Issues - Generic | ahsan | No rating | 2016-07-03 |
User enumeration via Password reset page [Minor] | Violation of Secure Design Principles | ahsan | No rating | 2016-07-02 |
Airship doesn't reject weak passwords | Improper Authentication - Generic | kelunik | No rating | 2016-07-02 |
Full path disclosure when CSRF validation failed | Information Disclosure | abdullah | No rating | 2016-07-02 |
Stored XSS using SVG | Cross-site Scripting (XSS) - Generic | abdullah | No rating | 2016-07-02 |
Nginx Version Disclosure On Forbidden Page | Information Disclosure | mefkan | No rating | 2016-07-02 |
Email spoofing in [email protected] | Memory Corruption - Generic | ahsan | No rating | 2016-07-02 |
Stored XSS in comments | Cross-site Scripting (XSS) - Generic | kelunik | No rating | 2016-07-02 |
Session Management Issue CMS Airship | Memory Corruption - Generic | ahsan | No rating | 2016-07-02 |
Stored Cross-Site-Scripting in CMS Airship's authors profiles | Cross-site Scripting (XSS) - Generic | lukasreschke | No rating | 2016-07-01 |
Email Authentication bypass Vulnerability | Violation of Secure Design Principles | waqar_vicky | No rating | 2016-06-17 |
Full path disclosure vulnerability on paragonie.com | None supplied | 1337_inj3c70r | No rating | 2016-06-17 |
Session Management | Violation of Secure Design Principles | lucky1015k | No rating | 2016-06-17 |
Blind SQL INJ | SQL Injection | pentesters | No rating | 2016-06-17 |
Missing SPF | Violation of Secure Design Principles | kiraak-boy | No rating | 2016-06-17 |
Missing SPF for paragonie.com | Violation of Secure Design Principles | 007divyachawla | No rating | 2016-06-17 |
Spf | Improper Authentication - Generic | syedrafi | No rating | 2016-06-17 |
file full path discloser. | Information Disclosure | acc_122 | No rating | 2016-06-17 |
Email Spoof | Improper Authentication - Generic | shivathegame | No rating | 2016-06-17 |
Missing SPF records for paragonie.com | Violation of Secure Design Principles | zh54 | No rating | 2016-06-17 |
Email spoofing | Violation of Secure Design Principles | null000null | No rating | 2016-06-17 |
Cross-domain AJAX request | Violation of Secure Design Principles | hassham | No rating | 2016-06-17 |
Email Authentication Bypass | Memory Corruption - Generic | ahmedkhouja | No rating | 2016-05-16 |
SSL certificate public key less than 2048 bit | Cryptographic Issues - Generic | linkks | No rating | 2016-05-05 |
CSRF AT SUBSCRIBE TO LIST | Cross-Site Request Forgery (CSRF) | kiraak-boy | No rating | 2016-05-05 |
Information Disclosure in Error Page | Information Disclosure | vagg-a-bond | No rating | 2016-04-29 |
Missing SPF for paragonie.com | Violation of Secure Design Principles | sumitcfe | No rating | 2016-04-27 |
The Anti-CSRF Library fails to restrict token to a particular IP address when being behind a reverse-proxy/WAF | Cross-Site Request Forgery (CSRF) | sc0 | No rating | 2016-04-27 |
DNSsec not configured | Violation of Secure Design Principles | waqar_vicky | No rating | 2016-04-27 |
Vunerability : spf | None supplied | blasterneerajrex | No rating | 2016-04-27 |
Full Path Disclosure | Information Disclosure | supernatural | No rating | 2016-03-09 |
Missing SPF for https://paragonie.com/ | Violation of Secure Design Principles | karthic | No rating | 2016-02-08 |
Open-redirect on paragonie.com | Open Redirect | hat_mast3r | No rating | 2016-02-07 |