TESO Web 2.0 SQL Injection
TESO Web version 2.0 suffers from a remote SQL injection vulnerability. The author has repeatedly notified the vendor and has received no response.
View ArticleSelf-Bank Cross Site Scripting
Selfbank.es suffers from multiple cross site scripting vulnerabilities. The author has tried to contact them multiple times but they still have not addressed the issue.
View ArticleHostinger Web Hosting Cross Site Scripting
Hostinger Web Hosting suffers from multiple cross site scripting vulnerabilities.
View ArticleYOPMail XSS / Injection / HTTP Response Splitting
YOPMail suffers from cross site scripting, HTTP response splitting, CRLF injection, and session token handling vulnerabilities.
View ArticleZoho Information Disclosure / Mixed Content
Zoho suffers from information disclosure due to a lack of a content-type being specified and also appears to use mixed content.
View ArticleZZN SQL Injection / XSS / Credential Disclosure
ZZN (Web Hosting and Free email accounts) suffers from cross site scripting, remote blind SQL injection, and credential disclosure vulnerabilities.
View ArticleMIT Directory Information Disclosure
Massachusetts Institute of Technology suffers form a parent directory information disclosure issue.
View ArticleFICOBank Information Disclosure / Cross Site Scripting
FICOBank suffers from exposed directory listing and cross site scripting vulnerabilities. They do not believe any of this is an issue and if you use them, you should change banks immediately.
View ArticleObehotel CMS Denial Of Service / SQL Injection
Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities.
View ArticleGeonick Social Network Clickjacking / Credential Disclosure
Geonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear.
View ArticleCetelem Online Bank Cross Site Scripting / Clickjacking
Cetelem Online bank suffers from cross site scripting and clickjacking vulnerabilities. The vendor had not responded to the researcher after multiple attempts to reach them. The CSIRT team for the bank...
View ArticleEbuddy Web Messenger Disclosure / CSRF
Ebuddy Web Messenger suffers from index disclosure, cross site request forgery, htaccess file disclosure, and insecure credential transport vulnerabilities.
View ArticleUniCredit Bank Cross Site Request Forgery / Cross Site Scripting / Shell Upload
UniCredit Bank suffers from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities. They have not responded to the authors notifications.
View ArticleS-Mail.com PHP / Apache Issues
Secure Mail at s-mail.com actually suffers from dozens of vulnerabilities due to using out of date PHP and Apache versions.
View ArticleOpolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS
Opolis.eu suffers from cross site request forgery, cross site scripting, denial of service, and remote blind SQL injection vulnerabilities. The vendor has not responded to the researchers reports of...
View ArticlePagelime CMS XSS / Credential Disclosure
Pagelime CMS suffers from cross site scripting, unencrypted __VIEWSTATE parameter, credentials being sent in the clear, and various other security issues.
View ArticleAdmanager Plus Online Demo XSS / CSRF / Clickjacking
Admanager Plus Online Demo suffers from cross site request forgery, directory listing, clickjacking, and cross site scripting vulnerabilities.
View ArticleAdaudit Plus Online Demo CSRF / Poor Password Passing
Adaudit Plus Online Demo suffers from multiple vulnerabilities including cross site request forgery, directory listing, and passwords being passed via a GET method.
View ArticleOptomise System Ltd XSS / Information Disclosure
Optomise System Ltd suffers from cross site scripting and information disclosure vulnerabilities.
View ArticleKartoo Search Engine XSS / Remote File Inclusion
Kartoo Search Engine suffers from information disclosure, cross site scripting, and remote file inclusion vulnerabilities.
View Article
