Account Takeover through registration to the same email address |
Improper Authentication - Generic |
avolume |
High |
2021-12-08 |
account takeover through password reset in url https://reklama.tochka.com/ |
Improper Authentication - Generic |
anonymouus |
High |
2021-12-02 |
HTTP Request Smuggling on api.flocktory.com Leads to XSS on Customer Sites |
HTTP Request Smuggling |
wdahlenb |
Critical |
2021-09-29 |
CVE-2020-3187 - unauthenticated arbitrary file deletion in Cisco |
Path Traversal |
lalit2020 |
Medium |
2021-09-24 |
[QIWI Wallet] Access to protected app components |
Privilege Escalation |
shell_c0de |
High |
2021-07-06 |
Unauthenticated SSRF in jira.tochka.com leading to RCE in confluence.bank24.int |
Code Injection |
alexeypetrenko |
Critical |
2021-06-29 |
account impersonate through broken link |
Phishing |
nowsafe |
Medium |
2021-06-04 |
SSRF на https://qiwi.com с помощью "Prerender HAR Capturer" |
Server-Side Request Forgery (SSRF) |
myway |
Critical |
2021-05-22 |
Account takeover just through csrf in https://booking.qiwi.kz/profile |
Improper Access Control - Generic |
sniper302 |
Medium |
2021-05-20 |
MobileIron Unauthenticated RCE on mdm.qiwi.com with WAF bypass |
Deserialization of Untrusted Data |
kalimer0x00 |
Critical |
2021-04-27 |
Remote Code Execution on contactws.contact-sys.com via SQL injection in TPrabhuObject.BeginOrder in parameter DOC_ID |
Code Injection |
honoki |
Critical |
2021-04-14 |
Remote Code Execution on contactws.contact-sys.com via SQL injection in TAktifBankObject.GetOrder in parameter DOC_ID |
Code Injection |
honoki |
Critical |
2021-04-14 |
Слив какого-то access токена |
None supplied |
circuit |
Medium |
2020-11-12 |
IDOR редактирование любого вишлиста |
Insecure Direct Object Reference (IDOR) |
circuit |
No rating |
2020-11-12 |
[qiwi.me] Stored XSS |
None supplied |
circuit |
High |
2020-11-12 |
[qiwi.me] Stored XSS |
None supplied |
circuit |
High |
2020-11-12 |
Keychain data persistence may lead to account takeover |
Insufficient Session Expiration |
0x3c3e |
Low |
2020-09-07 |
DOM XSS triggered in secure support desk |
Cross-site Scripting (XSS) - DOM |
honoki |
Critical |
2020-08-31 |
DOM XSS triggered in secure support desk |
Cross-site Scripting (XSS) - DOM |
honoki |
Critical |
2020-08-31 |
Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete" |
Code Injection |
honoki |
Critical |
2020-06-19 |
SQL injection on contactws.contact-sys.com in TRateObject.AddForOffice in USER_ID parameter leads to remote code execution |
Code Injection |
honoki |
Critical |
2020-06-19 |
SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution |
Code Injection |
honoki |
Critical |
2020-06-19 |
XSS https://agent.postamat.tech/ в профиле + дисклоз секретной информации |
None supplied |
circuit |
Medium |
2020-05-25 |
Обход комиссии при оплате картой |
None supplied |
circuit |
Critical |
2019-11-05 |
account takeover https://qiwi.me |
None supplied |
circuit |
Critical |
2019-10-11 |
account takeover https://idea.qiwi.com/ |
Session Fixation |
circuit |
Critical |
2019-08-28 |
account takeover https://teamplay.qiwi.com |
None supplied |
circuit |
Critical |
2019-08-28 |
Обход комиссии на переводы |
Business Logic Errors |
circuit |
Critical |
2019-07-08 |
Imformation Disclosure on id.rapida.ru |
Information Disclosure |
danila_xawdxawdx |
Low |
2018-06-11 |
[wallet.rapida.ru] Mass SMS flood |
Brute Force |
bigbear_ |
Medium |
2018-05-18 |
https://fundl.qiwi.com CSRF на подтверждении sms |
None supplied |
lincoln9932 |
Medium |
2018-03-11 |
apache access.log leakage via long request on https://rapida.ru/ |
Buffer Over-read |
tsug0d |
High |
2018-02-05 |
Information disclosure on https://paycard.rapida.ru |
Information Disclosure |
tikoo_sahil |
No rating |
2018-01-20 |
[qiwi.com] XSS on payment form |
Cross-site Scripting (XSS) - Reflected |
nstikhomirov |
High |
2017-10-17 |
Xss on billing |
Cross-site Scripting (XSS) - Generic |
nstikhomirov |
No rating |
2017-06-13 |
[XSS/pay.qiwi.com] Pay SubDomain Hard-Use XSS |
Cross-site Scripting (XSS) - Generic |
nstikhomirov |
Medium |
2017-06-13 |
Content Spoofing in mango.qiwi.com |
Improper Authentication - Generic |
cyberunit |
No rating |
2017-04-07 |
Open Redirect in meeting.qiwi.com |
Open Redirect |
cyberunit |
No rating |
2017-04-06 |
[qiwi.com] Information Disclosure |
Information Disclosure |
bobrov |
Medium |
2017-03-31 |
[qiwi.com] .bash_history |
Information Disclosure |
bobrov |
Low |
2017-03-27 |
Stored xss in agent.qiwi.com |
Cross-site Scripting (XSS) - Generic |
4lemon |
No rating |
2017-03-27 |
[ibank.qiwi.ru] UI Redressing via Request-URI |
Violation of Secure Design Principles |
bobrov |
Medium |
2017-03-27 |
Раскрытие баланса на //kopilka.qiwi.com |
Information Disclosure |
nstikhomirov |
Medium |
2017-03-10 |
[XSS/3dsecure.qiwi.com] 3DSecure XSS |
Cross-site Scripting (XSS) - Generic |
nstikhomirov |
Medium |
2017-03-10 |
[rubm.qiwi.com] Yui charts.swf XSS |
Cross-site Scripting (XSS) - Generic |
kxyry |
No rating |
2016-12-01 |
[qiwi.com] Oauth захват аккаунта |
Improper Authentication - Generic |
kxyry |
No rating |
2016-11-26 |
[qiwi.com] Open Redirect |
Open Redirect |
bobrov |
No rating |
2016-10-25 |
CRLF Injection [ishop.qiwi.com] |
None supplied |
bobrov |
No rating |
2016-10-25 |
XML External Entity (XXE) in qiwi.com + waf bypass |
None supplied |
artsploit |
No rating |
2016-07-26 |
SSL Certificate on qiwi.com will expire soon. |
Cryptographic Issues - Generic |
ngaurav |
No rating |
2016-06-06 |
XSS Reflected in test.qiwi.ru |
Cross-site Scripting (XSS) - Generic |
hassham |
No rating |
2015-12-11 |
Открытый доступ к корпоративным данным. |
Improper Authentication - Generic |
cyberunit |
No rating |
2015-11-02 |
Session Cookie without HttpOnly and secure flag set |
Violation of Secure Design Principles |
pradeepch99 |
No rating |
2015-09-27 |
[ishop.qiwi.com] XSS + Misconfiguration |
Cross-site Scripting (XSS) - Generic |
kxyry |
No rating |
2015-08-31 |
Metadata in hosted files is disclosing Usernames, Printers, paths, admin guides. emails |
Information Disclosure |
jmiroche |
No rating |
2015-01-18 |
[static.qiwi.com] XSS proxy.html |
Cross-site Scripting (XSS) - Generic |
smiegles |
No rating |
2014-12-27 |
Code for registration of qiwi account is not coming even after a long interval of time for Indian mobile number |
Violation of Secure Design Principles |
born2hack |
No rating |
2014-12-21 |
[qiwi.com] /oauth/confirm.action XSS |
Cross-site Scripting (XSS) - Generic |
akhil-reni |
No rating |
2014-12-20 |
[send.qiwi.ru] Soap-based XXE vulnerability /soapserver/ |
Denial of Service |
bitquark |
No rating |
2014-12-18 |
[send.qiwi.ru] XSS at auth?login= |
Cross-site Scripting (XSS) - Generic |
psych0tr1a |
No rating |
2014-12-17 |