[Bypass fixed #664038 and #519059] Application settings change settings that have been set by the user |
Business Logic Errors |
jaka_tingkir |
Medium |
2021-07-13 |
Blind XSS on Twitter's internal Big Data panel at █████████████ |
Cross-site Scripting (XSS) - Stored |
iambouali |
Critical |
2021-07-09 |
Ability to add arbitrary images/descriptions/titles to ohter people's issues via IDOR on getrevue.co |
Insecure Direct Object Reference (IDOR) |
mirhat |
Critical |
2021-05-26 |
Bypass t.co link shortener in Twitter direct messages |
Business Logic Errors |
iambouali |
Low |
2021-05-18 |
Open Redirect on https://www.twitterflightschool.com/widgets/experience?destination_url=https://evil.com |
Open Redirect |
nagli |
Low |
2021-05-04 |
Github Account hijack through broken link in developer.twitter.com |
Phishing |
voatz |
High |
2021-02-04 |
Read-only application can publish/delete fleets |
Privilege Escalation |
ryotak |
Medium |
2021-01-04 |
Delete direct message history without access the proper conversation_id |
Business Logic Errors |
soareswallace |
Low |
2020-11-20 |
http request smuggling in twitter.com |
HTTP Request Smuggling |
protostar0 |
High |
2020-11-18 |
Twitter Media Studio Source Information Disclosure With Analyst Role |
Information Disclosure |
gokay |
Medium |
2020-10-26 |
XSS via referrer parameter |
Cross-site Scripting (XSS) - Reflected |
keer0k |
Medium |
2020-10-26 |
Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506 |
Cross-site Scripting (XSS) - Generic |
alesandroortiz |
High |
2020-09-24 |
http request smuggling in pscp.tv and periscope.tv |
HTTP Request Smuggling |
protostar0 |
High |
2020-09-11 |
Safe Redirect Bypass |
Security Through Obscurity |
cyanpiny |
Low |
2020-09-10 |
Denial of Service | twitter.com & mobile.twitter.com |
Denial of Service |
cyanpiny |
Medium |
2020-09-02 |
Insufficient validation on Digits bridge |
Improper Authentication - Generic |
filedescriptor |
No rating |
2020-08-20 |
Private list members disclosure via GraphQL |
Improper Access Control - Generic |
ryotak |
Low |
2020-08-04 |
Private list members disclosure via GraphQL |
Improper Access Control - Generic |
ryotak |
Low |
2020-08-04 |
Private list members disclosure via GraphQL |
Improper Access Control - Generic |
ryotak |
Low |
2020-08-04 |
Private list members disclosure via GraphQL |
Improper Access Control - Generic |
ryotak |
Low |
2020-08-04 |
Private list members disclosure via GraphQL |
Improper Access Control - Generic |
ryotak |
Low |
2020-08-04 |
Private list members disclosure via GraphQL |
Improper Access Control - Generic |
ryotak |
Low |
2020-08-04 |
Denial of Service [Chrome] |
Denial of Service |
cyanpiny |
Medium |
2020-07-24 |
Ability to bruteforce mopub account’s password due to lack of rate limitation protection using {ip rotation techniques} |
Brute Force |
updatelap |
Low |
2020-07-10 |
暴力破解用户密码没有速率控制 |
Unverified Password Change |
1735096419 |
Medium |
2020-07-01 |
Bypassing Digits origin validation which leads to account takeover |
Improper Authentication - Generic |
filedescriptor |
No rating |
2020-06-24 |
character limitation bypass can lead to DoS on Twitter App and 500 Internal Server Error |
Denial of Service |
exit_n0de |
Medium |
2020-05-06 |
Periscope iOS app CSRF in follow action due to deeplink |
Cross-Site Request Forgery (CSRF) |
mgf15 |
Low |
2020-04-01 |
User input validation can lead to DOS |
Denial of Service |
meepmerp |
Medium |
2020-03-27 |
Reset password without knowing current password |
Weak Password Recovery Mechanism for Forgotten Password |
naategh |
Low |
2020-03-25 |
Accepting error message on twitter sends you to attacker site |
Open Redirect |
safehacker_27 |
Medium |
2020-03-13 |
lack of input validation that can lead Denial of Service (DOS) |
Denial of Service |
meepmerp |
Medium |
2020-03-12 |
NO username used in authenthication to www.mopub.com leading to direct password submission which has unlimited submission rate. |
None supplied |
adarsh_p |
Medium |
2020-02-28 |
Reflected XSS in twitterflightschool.com |
Cross-site Scripting (XSS) - Reflected |
jubabaghdad |
None |
2020-02-21 |
Twitter Source Label allow 'mongolian vowel separator' U+180E (app name) |
Phishing |
lorenznickel |
Low |
2020-02-21 |
Periscope android app deeplink leads to CSRF in follow action |
Cross-Site Request Forgery (CSRF) |
kunal94 |
Low |
2020-02-21 |
Bypass Password Authentication for updating email and phone number - Security Vulnerability |
Improper Authentication - Generic |
jayesh25 |
High |
2020-02-08 |
Creating malformed URLs via new line character in-between two URLs leads to misrepresented hyperlinks in Tweets/DMs |
CRLF Injection |
zlz |
Low |
2020-01-24 |
protected Tweet settings overwritten by other settings |
None supplied |
jaka_tingkir |
Medium |
2020-01-01 |
CRLF injection |
None supplied |
s3c |
Medium |
2019-12-25 |
CRLF injection |
None supplied |
s3c |
Medium |
2019-12-25 |
XSS on https://app.mopub.com/reports/custom/add/ [new-d1] |
None supplied |
c00lbugs |
No rating |
2019-12-07 |
Viral Direct Message Clickjacking via link truncation leading to capture of both Google credentials & installation of malicious 3rd party Twitter App |
UI Redressing (Clickjacking) |
slickrockweb |
High |
2019-10-31 |
Ability to perform actions (Tweet, Retweet, DM) and other actions, unauthenticated, on any account with SMS enabled. |
Business Logic Errors |
antisocial_eng |
Critical |
2019-09-27 |
XSS and Open Redirect on MoPub Login |
Open Redirect |
jackb898 |
No rating |
2019-09-25 |
Github Token Leaked publicly for https://github.com/mopub |
Cleartext Storage of Sensitive Information |
moro139 |
Medium |
2019-08-16 |
Potential pre-auth RCE on Twitter VPN |
OS Command Injection |
orange |
Critical |
2019-08-10 |
Potential pre-auth RCE on Twitter VPN |
OS Command Injection |
orange |
Critical |
2019-08-10 |
Potential pre-auth RCE on Twitter VPN |
OS Command Injection |
orange |
Critical |
2019-08-10 |
Twitter Periscope Clickjacking Vulnerability |
UI Redressing (Clickjacking) |
eo420 |
Medium |
2019-07-10 |
Verify any unused email address |
Improper Access Control - Generic |
seifelsallamy |
No rating |
2019-06-24 |
IDOR and statistics leakage in Orders |
Insecure Direct Object Reference (IDOR) |
updatelap |
Medium |
2019-06-14 |
Twitter ID exposure via error-based side-channel attack |
Privacy Violation |
terjanq |
Medium |
2019-05-17 |
XSS via Direct Message deeplinks |
Cross-site Scripting (XSS) - DOM |
0xsobky |
No rating |
2019-05-09 |
XSS and cache poisoning via upload.twitter.com on ton.twitter.com |
Cross-site Scripting (XSS) - Generic |
filedescriptor |
No rating |
2019-05-02 |
[Urgent] Invalidating OAuth2 Bearer token makes TweetDeck unavailable |
Denial of Service |
filedescriptor |
No rating |
2019-04-25 |
Insufficient OAuth callback validation which leads to Periscope account takeover |
Improper Authentication - Generic |
filedescriptor |
No rating |
2019-04-10 |
Stored XSS on reports. |
Cross-site Scripting (XSS) - Stored |
giddsec |
High |
2019-04-01 |
url that twitter mobile site can not load |
Denial of Service |
seifelsallamy |
Low |
2019-03-19 |
Takeover of Twitter-owned domain at mobileapplinking.com |
Business Logic Errors |
healdb |
None |
2019-02-28 |
Changing email address on Twitter for Android unsets "Protect your Tweets" |
Privacy Violation |
nyuszika7h |
Low |
2019-01-18 |
[staging-engineering.gnip.com] Publicly accessible GIT directory |
Information Disclosure |
bobrov |
Medium |
2018-11-01 |
Account Takeover in Periscope TV |
Cross-site Scripting (XSS) - Generic |
ngalog |
High |
2018-09-06 |
Account Takeover in Periscope TV |
Cross-site Scripting (XSS) - Generic |
ngalog |
High |
2018-09-06 |
Incorrect param parsing in Digits web authentication |
Improper Authentication - Generic |
filedescriptor |
No rating |
2018-08-18 |
Improper session handling on web browsers |
Insufficient Session Expiration |
arjuniet |
Medium |
2018-06-27 |
No Rate Limit in email leads to huge Mass mailings |
Business Logic Errors |
trabajoduro_2 |
Low |
2018-06-02 |
Highly wormable clickjacking in player card |
UI Redressing (Clickjacking) |
filedescriptor |
No rating |
2018-05-18 |
Highly wormable clickjacking in player card |
UI Redressing (Clickjacking) |
filedescriptor |
No rating |
2018-05-18 |
ms5 debug page exposing internal info (internal IPs, headers) |
Information Exposure Through Debug Information |
lukeberner |
Medium |
2018-05-11 |
[sms-be-vip.twitter.com] vulnerable to Jetleak |
Information Disclosure |
molejarka |
No rating |
2018-04-02 |
Urgent : Unauthorised Access to Media content of all Direct messages and protected tweets(Indirect object reference) |
Improper Authentication - Generic |
vijay_kumar1110 |
High |
2018-03-22 |
CVE-2017-15277 on Profile page |
Information Disclosure |
emitrani |
Low |
2018-03-08 |
Persistent DOM-based XSS in https://help.twitter.com via localStorage |
Cross-site Scripting (XSS) - Stored |
harisec |
Medium |
2018-02-24 |
POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204) |
Cryptographic Issues - Generic |
omespino |
No rating |
2018-02-22 |
Blind XSS in Mobpub Marketplace Admin Production | Sentry via demand.mopub.com (User-Agent) |
Cross-site Scripting (XSS) - Stored |
harisec |
High |
2018-02-17 |
Improper Host Detection During Team Up on tweetdeck.twitter.com |
None supplied |
avinash_ |
No rating |
2018-01-04 |
Open Redirect Protection Bypass |
Open Redirect |
avinash_ |
No rating |
2017-12-23 |
Listing of Amazon S3 Bucket accessible to any amazon authenticated user (metrics.pscp.tv) |
Information Disclosure |
segumarc |
No rating |
2017-11-19 |
Opportunity to obtain private tweets through search widget preview caches |
Business Logic Errors |
csanuragjain |
No rating |
2017-11-11 |
CSRF in twitterflightschool.com ( CAN POST ON TIMELINE WITHOUT USER PERMISSION) |
Cross-Site Request Forgery (CSRF) |
cymtrick |
No rating |
2017-11-06 |
[CRITICAL] Full account takeover using CSRF |
Cross-Site Request Forgery (CSRF) |
yipman |
High |
2017-11-03 |
Unauthorized Access to Protected Tweets via niche.co API |
Privacy Violation |
eidelweiss |
High |
2017-11-03 |
OS Command Execution on User's PC via CSV Injection |
OS Command Injection |
cornerpirate |
Medium |
2017-11-03 |
[dev.twitter.com] XSS and Open Redirect |
None supplied |
bobrov |
Medium |
2017-09-30 |
Sensitive Information Disclosure https://cards-dev.twitter.com |
Information Disclosure |
hassham |
Medium |
2017-09-30 |
Open Redirect |
Open Redirect |
malcolmx |
No rating |
2017-08-19 |
XXE on sms-be-vip.twitter.com in SXMP Processor |
XML External Entities (XXE) |
joshbrodienz |
Medium |
2017-07-27 |
CSRF on Periscope Web OAuth authorization endpoint |
Cross-Site Request Forgery (CSRF) |
filedescriptor |
No rating |
2017-07-27 |
Vine all registered user Private/sensitive information disclosure .[ Ip address/phone no/email and many other informations ] |
Information Disclosure |
prial261 |
Critical |
2017-07-11 |
CRLF and XSS stored on ton.twitter.com |
Cross-site Scripting (XSS) - Generic |
seifelsallamy |
No rating |
2017-07-06 |
csp bypass + xss |
Cross-site Scripting (XSS) - Generic |
kenan |
No rating |
2017-07-06 |
[Studio.twitter.com] See someone else pics |
Improper Authentication - Generic |
appsecure_in |
No rating |
2017-06-22 |
Vine - overwrite account associated with email via android application |
Improper Authentication - Generic |
mishre |
Medium |
2017-06-15 |
[██████████.gnip.com] .htpasswd disclosure |
None supplied |
rbcafe |
Critical |
2017-05-27 |
[URGENT] Opportunity to publish tweets on any twitters account |
None supplied |
kedrisch |
High |
2017-05-23 |
[IDOR][translate.twitter.com] Opportunity to change any comment at the forum |
Privilege Escalation |
kedrisch |
Low |
2017-05-12 |
[Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME |
Cross-site Scripting (XSS) - Reflected |
ysx |
Medium |
2017-05-08 |
HTTP 401 response injection on "amp.twimg.com/amplify-web-player/prod/source.html" through "image_src" parameter |
Information Disclosure |
zlz |
Low |
2017-05-08 |
Bypassing Digits bridge origin validation |
Improper Authentication - Generic |
filedescriptor |
No rating |
2017-04-30 |
Multiple DOMXSS on Amplify Web Player |
Cross-site Scripting (XSS) - Generic |
filedescriptor |
No rating |
2017-04-15 |
CSRF on cards API |
Cross-Site Request Forgery (CSRF) |
filedescriptor |
No rating |
2017-04-11 |
DOM based cookie bomb |
Denial of Service |
filedescriptor |
No rating |
2017-04-11 |
SSRF in https://cards-dev.twitter.com/validator |
Server-Side Request Forgery (SSRF) |
mindaugas |
Medium |
2017-04-06 |
DOMXSS in Tweetdeck |
Cross-site Scripting (XSS) - Generic |
filedescriptor |
No rating |
2017-04-02 |
niche s3 buckets are readable/writeable/deleteable by authorized AWS users |
Improper Authentication - Generic |
yaworsk |
No rating |
2017-04-02 |
Attacker can get vine repost user all informations even Ip address and location . |
Improper Authentication - Generic |
prial261 |
No rating |
2017-03-25 |
Remote Unrestricted file Creation/Deletion and Possible RCE. |
Code Injection |
zigoo0 |
Low |
2017-02-26 |
Sub Domain Takeover at mk.prd.vine.co |
None supplied |
punkrock |
No rating |
2017-02-13 |
GNIP subdomain take over |
None supplied |
hussein98d |
High |
2017-02-06 |
Clickjacking Periscope.tv on Chrome |
UI Redressing (Clickjacking) |
mishre |
Medium |
2017-02-06 |
Stealing User emails by clickjacking cards.twitter.com/xxx/xxx |
UI Redressing (Clickjacking) |
akhil-reni |
Medium |
2017-02-03 |
leaking Digits OAuth authorization to third party websites |
Information Disclosure |
akhil-reni |
No rating |
2017-01-24 |
Twitter for android is exposing user's location to any installed android app |
Information Disclosure |
mishre |
Low |
2017-01-13 |
Twitter iOS fails to validate server certificate and sends oauth token |
Cryptographic Issues - Generic |
floyd |
High |
2016-12-23 |
Information Disclosure through .DS_Store in ██████████ |
Information Disclosure |
lewerkun |
No rating |
2016-12-12 |
Cross-site scripting (reflected) |
Cross-site Scripting (XSS) - Generic |
linkks |
Medium |
2016-12-09 |
XSS using javascript:alert(8007) |
Cross-site Scripting (XSS) - Generic |
bains |
Low |
2016-11-28 |
View liked twits of private account via publish.twitter.com |
Information Disclosure |
kedrisch |
Medium |
2016-11-14 |
Full Path Disclosure at 27.prd.vine.co |
None supplied |
punkrock |
Low |
2016-10-22 |
List of a ton of internal twitter servers available on GitHub |
Information Disclosure |
a0005 |
No rating |
2016-10-17 |
reverb.twitter.com redirects to vulnerable reverb.guru |
None supplied |
theraz0r |
No rating |
2016-10-01 |
Html Injection and Possible XSS in sms-be-vip.twitter.com |
Cross-site Scripting (XSS) - Generic |
secgeek |
No rating |
2016-08-29 |
File Upload XSS in image uploading of App in mopub |
Cross-site Scripting (XSS) - Generic |
vijay_kumar1110 |
No rating |
2016-08-26 |
Add tweet to collection CSRF |
Cross-Site Request Forgery (CSRF) |
vijay_kumar1110 |
No rating |
2016-08-22 |
Urgent : Disclosure of all the apps with hash ID in mopub through API request (Authentication bypass) |
Improper Authentication - Generic |
vijay_kumar1110 |
No rating |
2016-08-22 |
Bypassing callback_url validation on Digits |
Open Redirect |
filedescriptor |
No rating |
2016-08-12 |
Bypassing Digits web authentication's host validation with HPP |
Improper Authentication - Generic |
filedescriptor |
No rating |
2016-08-12 |
XSS in the "Poll" Feature on Twitter.com |
Cross-site Scripting (XSS) - Generic |
mazen160 |
No rating |
2016-08-12 |
XSS via Fabrico Account Name |
Cross-site Scripting (XSS) - Generic |
adeelimtiaz90 |
No rating |
2016-07-11 |
[Critical] - Steal OAuth Tokens |
Improper Authentication - Generic |
paulos_ |
No rating |
2016-07-11 |
xss in link items (mopub.com) |
Cross-site Scripting (XSS) - Generic |
cymtrick |
No rating |
2016-07-05 |
Tweetdeck (twitter owned app) not revoked |
Improper Authentication - Generic |
maxy |
No rating |
2016-04-29 |
xss in DM group name in twitter |
Cross-site Scripting (XSS) - Generic |
ashish_r_padelkar |
No rating |
2016-04-22 |
Profile Pic padding (Length-hiding) fails due to use of GZIP |
Information Disclosure |
ericlaw |
No rating |
2016-03-18 |
Sub-Domain Takeover |
None supplied |
bugdisclose |
No rating |
2016-03-18 |
Tweet Deck XSS- Persistent- Group DM name |
Cross-site Scripting (XSS) - Generic |
akhil-reni |
No rating |
2016-03-04 |
Can see private tweets via keyword searches on tweetdeck |
Privilege Escalation |
maxy |
No rating |
2016-02-16 |
IDOR- Activate Mopub on different organizations- steal api token- Fabric.io |
Improper Authentication - Generic |
akhil-reni |
No rating |
2016-01-25 |
Subdomain Expired |
Improper Authentication - Generic |
hak |
No rating |
2016-01-15 |
URGENT : NICHE.co Account Take Over Vulnerability |
Cross-Site Request Forgery (CSRF) |
hussein98d |
No rating |
2015-12-21 |
Following a User Actually Follows Another User |
Open Redirect |
ericr |
No rating |
2015-12-02 |
Following a User After Favoriting Actually Follows Another User (related to #95243) |
UI Redressing (Clickjacking) |
ericr |
No rating |
2015-12-02 |
XSS on OAuth authorize/authenticate endpoint |
Cross-site Scripting (XSS) - Generic |
filedescriptor |
No rating |
2015-11-20 |
Problem with OAuth |
Improper Authentication - Generic |
anonymous100928 |
No rating |
2015-11-14 |
Fabric.io: Ex-admin of an organization can delete team members |
Privilege Escalation |
satishb3 |
No rating |
2015-11-01 |
Insecure direct object reference - have access to deleted DM's |
Improper Authentication - Generic |
akhil-reni |
No rating |
2015-10-12 |
Insecure Direct Object Reference - access to other user/group DM's |
Privilege Escalation |
akhil-reni |
No rating |
2015-10-03 |
POODLE Bug: 199.16.156.44, 199.16.156.108, mx4.twitter.com |
Cryptographic Issues - Generic |
isox |
No rating |
2015-09-20 |
Improper Verification of email address while saving Account Settings |
Violation of Secure Design Principles |
anshuman_bh |
No rating |
2015-08-13 |
Bad extended ascii handling in HTTP 301 redirects of t.co |
Open Redirect |
cqoicebordel |
No rating |
2015-08-09 |
Insecure Data Storage in Vine Android App |
Cryptographic Issues - Generic |
avicoder_ |
No rating |
2015-06-24 |
Reporting user's profile by using another people's ID |
Open Redirect |
hussein98d |
No rating |
2015-06-11 |
Cross site Port Scanning bug in twitter developers console |
Cryptographic Issues - Generic |
d1pakda5 |
No rating |
2015-05-23 |
Privecy Issue : view "Protected users" followers and following |
Improper Authentication - Generic |
kaito |
No rating |
2015-05-15 |
Privacy Issue on protected tweets |
Improper Authentication - Generic |
dia2diab |
No rating |
2015-05-14 |
Unauthorized Tweeting on behalf of Account Owners |
Violation of Secure Design Principles |
anshuman_bh |
No rating |
2015-05-07 |
HTTP Response Splitting (CRLF injection) due to headers overflow |
None supplied |
filedescriptor |
No rating |
2015-05-05 |
Twitter Card - Parent Window Redirection |
Cross-site Scripting (XSS) - Generic |
batuhan |
No rating |
2015-05-05 |
[mobile.twitter.com / twitter.com] CSRF protection bypass |
Cross-Site Request Forgery (CSRF) |
bobrov |
No rating |
2015-05-04 |
iOS App can establish Facetime calls without user's permission |
Cross-Site Request Forgery (CSRF) |
gepeto42 |
No rating |
2015-04-27 |
Twitter Ads Campaign information disclosure through admin without any authentication. |
Improper Authentication - Generic |
avicoder_ |
No rating |
2015-04-25 |
HTTP Response Splitting (CRLF injection) in report_story |
None supplied |
filedescriptor |
No rating |
2015-04-21 |
twitter android app Fragment Injection |
Command Injection - Generic |
miantaiduo |
No rating |
2015-04-12 |
XSS in twitter.com/safety/unsafe_link_warning |
Cross-site Scripting (XSS) - Generic |
masatokinugawa |
No rating |
2015-04-04 |
Open Redirect leak of authenticity_token lead to full account take over. |
Open Redirect |
seifelsallamy |
No rating |
2015-04-03 |
[Stored XSS] vine.co - profile page |
Cross-site Scripting (XSS) - Generic |
xorb |
No rating |
2015-03-26 |
Singup Page HTML Injection Vulnerability |
Command Injection - Generic |
ashwarya_me |
No rating |
2015-03-22 |
open redirect sends authenticity_token to any website or (ip address) |
Open Redirect |
seifelsallamy |
No rating |
2015-03-14 |
getting emails of users/removing them from victims account [using typical attack] |
Improper Authentication - Generic |
akhil-reni |
No rating |
2015-03-13 |
XSS in original referrer after follow |
Cross-site Scripting (XSS) - Generic |
akhil-reni |
No rating |
2015-03-09 |
Fabric.io - an app admin can delete team members from other user apps |
Privilege Escalation |
satishb3 |
No rating |
2015-03-09 |
fabric.io - app member can make himself an admin |
Privilege Escalation |
satishb3 |
No rating |
2015-03-09 |
User's DM won't deleted after logout from Twitter for iOS (com.atebits.xxx.application-state) |
None supplied |
config |
No rating |
2015-02-26 |
Redirect URL in /intent/ functionality is not properly escaped |
Cross-site Scripting (XSS) - Generic |
homakov |
No rating |
2015-02-24 |
URGENT - SUBDOMAIN TAKEOVER ON TWITTER ACQ. |
Code Injection |
simon90 |
No rating |
2015-02-21 |
Path disclosure in platform0.twitter.com |
Information Disclosure |
avicoder_ |
No rating |
2015-02-20 |
Flaw in login with twitter to steal Oauth tokens |
Improper Authentication - Generic |
akhil-reni |
No rating |
2015-02-18 |
HTML/XSS rendered in Android App of Crashlytics through fabric.io |
Cross-site Scripting (XSS) - Generic |
akhil-reni |
No rating |
2015-02-18 |
Account Deleted without any confirmation |
Improper Authentication - Generic |
sappi |
No rating |
2015-02-05 |
No rate limiting on creating lists |
Violation of Secure Design Principles |
sappi |
No rating |
2015-01-06 |
Notifications can mark as read by CSRF |
Cross-Site Request Forgery (CSRF) |
batuhan |
No rating |
2015-01-03 |
Homograph attack. |
Violation of Secure Design Principles |
shivathegame |
No rating |
2015-01-01 |
URGENT - Subdomain Takeover on users.tweetdeck.com , the same issue of report #32825 |
Code Injection |
missoum1307 |
No rating |
2015-01-01 |
Abuse of "Remember Me" functionality. |
Improper Authentication - Generic |
gadhiyasavan |
No rating |
2014-12-29 |
Options Method Enabled |
None supplied |
ruisilva |
No rating |
2014-12-26 |
Option Method Enabled on web server |
None supplied |
ruisilva |
No rating |
2014-12-25 |
XSS in fabric.io |
Cross-site Scripting (XSS) - Generic |
atom |
No rating |
2014-12-23 |
Open redirection in fabric.io |
Open Redirect |
avicoder_ |
No rating |
2014-12-18 |
BROKEN AUTHENTICATION IN MOBILE VERIFICATION |
Violation of Secure Design Principles |
geekboy |
No rating |
2014-12-15 |
DOM Cross-Site Scripting ( XSS ) |
Cross-site Scripting (XSS) - Generic |
avram |
No rating |
2014-12-04 |
Flaw in valid password policy. |
Improper Authentication - Generic |
siddiki |
No rating |
2014-12-01 |
Broken authentication and invalidated email address leads to account takeover |
Cryptographic Issues - Generic |
born2hack |
No rating |
2014-11-29 |
Creating Unauthorized Audience Lists |
Violation of Secure Design Principles |
anshuman_bh |
No rating |
2014-11-28 |
ads.twitter.com xss |
Cross-site Scripting (XSS) - Generic |
arbitrarycode |
No rating |
2014-11-17 |
Full path disclosure at ads.twitter.com |
Information Disclosure |
internetwache |
No rating |
2014-11-17 |
Token remains alive ever after logging out! |
Improper Authentication - Generic |
shahriyar |
No rating |
2014-11-17 |
XSS platform.twitter.com | video-js metadata |
Cross-site Scripting (XSS) - Generic |
batram |
No rating |
2014-11-17 |
XSS platform.twitter.com |
Cross-site Scripting (XSS) - Generic |
batram |
No rating |
2014-11-17 |
Headers Missing |
Violation of Secure Design Principles |
hammad |
No rating |
2014-11-15 |
Missing Rate Limiting on https://twitter.com/account/complete |
Information Disclosure |
surgent10cross |
No rating |
2014-11-10 |
URGENT - Subdomain Takeover on media.vine.co due to unclaimed domain pointing to AWS |
Cross-site Scripting (XSS) - Generic |
fransrosen |
No rating |
2014-11-04 |
Cross site scripting on ads.twitter.com |
Cross-site Scripting (XSS) - Generic |
appsecure_in |
No rating |
2014-10-16 |
Twitter Flight SSL 2.0 deprecated protocol vulnerability. |
Cryptographic Issues - Generic |
simon90 |
No rating |
2014-10-07 |
HTML form without CSRF protection at http://try.crashlytics.com/enterprise/ |
Cross-Site Request Forgery (CSRF) |
karthik-reddy |
No rating |
2014-10-02 |
Delete Credit Cards from any Twitter Account in ads.twitter.com [New Vulnerability] |
Improper Authentication - Generic |
secgeek |
No rating |
2014-09-30 |
Stored xss |
Cross-site Scripting (XSS) - Generic |
detroitsmash |
No rating |
2014-09-27 |
Captcha bypass with extension at http://www.mopub.com/about/contact/ |
Cryptographic Issues - Generic |
vineet |
No rating |
2014-09-22 |
CSRF in crashlytics.com |
Cross-Site Request Forgery (CSRF) |
defmax |
No rating |
2014-09-08 |
Password reset link not validated. |
Denial of Service |
born2hack |
No rating |
2014-08-31 |
uclfinal.twitter.com and euro2012.twitter.com are vulnerable to CRIME attack |
Cryptographic Issues - Generic |
mohaab007 |
No rating |
2014-08-17 |
XSS ON MOPUB.COM |
Cross-site Scripting (XSS) - Generic |
jpsecurityresearch |
No rating |
2014-08-15 |
password sent over HTTP |
Cryptographic Issues - Generic |
mohaab007 |
No rating |
2014-08-05 |
Cookie not marked as secure. |
None supplied |
simon90 |
No rating |
2014-08-04 |
XSS vulnerability in video player page |
Cross-site Scripting (XSS) - Generic |
guido |
No rating |
2014-08-02 |