pàgina inicial | índex del bloc


adrià romero.

alguns descobriments recents;
· {...}.com (2016-11-16) - 01 x Insecure Direct Object References.
· {...}.com (2016-11-16) - 04 x non-authenticated Cross-Site Scripting.
· {...}.com (2016-11-15) - 05 x non-authenticated open Redirect / unvalidated input destination.
· ebay.com (2016-11-12) - 01 x user/passwd/dbname postgresDB login disclosure.
· ebay.com (2016-10-11) - 01 x authentication Bypass.
· ebay.com (2016-10-11) - 02 x non-authenticated Cross-Site Scripting.
· adobe.com (2016-09-11) - 01 x non-authenticated Cross-Site Scripting.
· {...}.com (2016-09-09) - 06 x Insecure Direct Object References.
· {...}.com (2016-08-14) - 02 x authentication Bypass.
· {...}.com (2016-08-14) - 14 x non-authenticated Cross-Site Scripting.
· {...}.com (2016-08-06) - 01 x non-authenticated Cross-Site Scripting.
· fiat.com (2016-08-0) - 03 x non-authenticated Cross-Site Scripting.
· nextCloud / ownCloud (2016-07-05) - 01 x Server Side Code Execution via Local File Inclusion (default configuration).
· nextCloud / ownCloud (2016-07-05) - 01 x non-authenticated Cross-Site Scripting (default configuration).
· nextCloud / ownCloud (2016-07-05) - 01 x non-authenticated open Redirect / unvalidated input destination (default configuration).
· nextCloud / ownCloud (2016-07-05) - 01 x non-authenticated information leak (default configuration).
· nextCloud / ownCloud (2016-07-05) - 01 x non-authenticated stealing private user data through a design flaw (default configuration).
· ingdirect.com (2016-07-08) - 02 x non-authenticated Cross-Site Scripting.
· gm.com General Motors (2016-07-08) - 02 x non-authenticated Cross-Site Scripting.
· europa.eu (2016-06-10) - 08 x non-authenticated SQL injection.
· europa.eu (2016-06-10) - 58 x non-authenticated Cross-Site Scripting.
· europa.eu (2016-06-10) - 02 x non-authenticated PATH traversal with bypass Security Mechanism.
· europa.eu (2016-06-10) - 03 x non-authenticated open Redirect / unvalidated input destination.
· europa.eu (2016-06-10) - 06 x authenticated open Redirect / unvalidated input destination.
· europa.eu (2016-06-10) - 04 x non-authenticated full path disclosure due to a fatal error.
· europa.eu (2016-06-10) - 07 x non-authenticated version disclosure.
· europa.eu (2016-06-10) - 31 x non-authenticated clickjacking.
· {...}.com (2016-06-05) - 08 x non-authenticated Cross-Site Scripting.
· mozilla.com (2016-03-24) - 02 x non-authenticated self-Cross-Site Scripting.
· {...}.com (2016-03-20) - 03 x non-authenticated SQL injection.
· {...}.com (2016-03-19) - 01 x non-authenticated Blind SQL injection.
· {...}.com (2016-03-19) - 02 x non-authenticated Cross-Site Request Forgery (CSRF).
· vodafone.com (2016-02-19) - non-authenticated Open Redirect due Cross-Site Scripting.
· {...}.com (2016-02-16) - 09 x Insecure Direct Object References.
· unifi controller v4.8.12 (2016-02-14) - non-authenticated Cross-Site Scripting.
· unifi controller v4.8.12 (2016-02-14) - non-authenticated open Redirect / unvalidated input destination.
· GNU bash 4.3 unicode/lib, static char *stub_charset() - stack buffer overflow.



Adrià Romero (adriaroms - kaiwa)