Open URL Redirection |
Open Redirect |
stark303 |
Medium |
2021-06-28 |
Lack of Input sanitization leads to database Character encoding configuration Disclosure |
Information Exposure Through an Error Message |
l_user |
Low |
2020-08-07 |
Open Redirection leads to redirect Users to malicious website |
Open Redirect |
bb00x |
None |
2020-05-06 |
[crm.unikrn.com] Open Redirect |
Open Redirect |
root0x0 |
Medium |
2020-04-05 |
Staging Rabbitmq instance is exposed to the internet with default credentials |
Improper Authentication - Generic |
albatraoz |
Low |
2019-12-09 |
Rate-limit protection get executed in the last stage of the registration process, allowing enumeration of existing account. |
Violation of Secure Design Principles |
tolo7010 |
Low |
2018-05-03 |
CSRF logs the victim into attacker's account |
Cross-Site Request Forgery (CSRF) |
albatraoz |
Medium |
2018-04-19 |
CSRF log victim into the attacker account |
Cross-Site Request Forgery (CSRF) |
tolo7010 |
High |
2018-04-10 |
session_id is not being validated at email invitation endpoint |
Cross-Site Request Forgery (CSRF) |
tolo7010 |
No rating |
2018-04-10 |
CSRF in Raffles Ticket Purchasing |
Cross-Site Request Forgery (CSRF) |
tolo7010 |
High |
2018-04-10 |
Non-Cloudflare IPs allowed to access origin servers |
Information Disclosure |
moritz30 |
Medium |
2018-02-07 |
Persistent XSS found on bin.pinion.gg due to outdated FlowPlayer SWF file with Remote File Inclusion vulnerability. |
Cross-site Scripting (XSS) - Generic |
sp1d3rs |
Low |
2017-10-05 |
Weak Session ID Implementation - No Session change on Password change |
Insufficient Session Expiration |
wdem |
Medium |
2017-10-05 |
Improper validation at Phone verification (possible cost increase + SMS SPAM attack) |
Violation of Secure Design Principles |
nitesculucian |
Low |
2017-09-24 |
Flash CSRF: Update Ad Frequency %: [cp-ng.pinion.gg] |
Cross-Site Request Forgery (CSRF) |
geekboy |
Medium |
2017-09-06 |
Escaping images directory in S3 bucket when saving new avatar, using Path Traversal in filename |
Path Traversal |
sp1d3rs |
Medium |
2017-08-23 |
HTML injection in email in unikrn.com |
Command Injection - Generic |
coreyd97 |
High |
2017-08-23 |
Urgent: Server side template injection via Smarty template allows for RCE |
Code Injection |
yaworsk |
No rating |
2017-08-17 |