Unikrn Program Statistics

View program

18 total issues disclosed

$1,940 total paid publicly

Most disclosed (5 disclosures) — Cross-Site Request Forgery (CSRF)

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Open URL Redirection Open Redirect stark303 Medium 2021-06-28
Lack of Input sanitization leads to database Character encoding configuration Disclosure Information Exposure Through an Error Message l_user Low 2020-08-07
Open Redirection leads to redirect Users to malicious website Open Redirect bb00x None 2020-05-06
[crm.unikrn.com] Open Redirect Open Redirect root0x0 Medium 2020-04-05
Staging Rabbitmq instance is exposed to the internet with default credentials Improper Authentication - Generic albatraoz Low 2019-12-09
Rate-limit protection get executed in the last stage of the registration process, allowing enumeration of existing account. Violation of Secure Design Principles tolo7010 Low 2018-05-03
CSRF logs the victim into attacker's account Cross-Site Request Forgery (CSRF) albatraoz Medium 2018-04-19
CSRF log victim into the attacker account Cross-Site Request Forgery (CSRF) tolo7010 High 2018-04-10
session_id is not being validated at email invitation endpoint Cross-Site Request Forgery (CSRF) tolo7010 No rating 2018-04-10
CSRF in Raffles Ticket Purchasing Cross-Site Request Forgery (CSRF) tolo7010 High 2018-04-10
Non-Cloudflare IPs allowed to access origin servers Information Disclosure moritz30 Medium 2018-02-07
Persistent XSS found on bin.pinion.gg due to outdated FlowPlayer SWF file with Remote File Inclusion vulnerability. Cross-site Scripting (XSS) - Generic sp1d3rs Low 2017-10-05
Weak Session ID Implementation - No Session change on Password change Insufficient Session Expiration wdem Medium 2017-10-05
Improper validation at Phone verification (possible cost increase + SMS SPAM attack) Violation of Secure Design Principles nitesculucian Low 2017-09-24
Flash CSRF: Update Ad Frequency %: [cp-ng.pinion.gg] Cross-Site Request Forgery (CSRF) geekboy Medium 2017-09-06
Escaping images directory in S3 bucket when saving new avatar, using Path Traversal in filename Path Traversal sp1d3rs Medium 2017-08-23
HTML injection in email in unikrn.com Command Injection - Generic coreyd97 High 2017-08-23
Urgent: Server side template injection via Smarty template allows for RCE Code Injection yaworsk No rating 2017-08-17