Advisories

Here are listed our public security advisories in PT [portuguese] or EN [english].

2015

• Open Redirect and Reflected XSS on 123ContactForm [EN]
• DOM XSS on Nexmo Blog NXWP [EN]
• DOM XSS on Nexmo Blog [EN]
• Full Path Disclosure on Nexmo [EN]
• eBay Reflected Filename Download [EN] - DISABLED UNTIL FURTHER NOTICE
• How I hacked a HP printer [EN]
• Reflected Filename Download on Google [EN]
• GitHub Username and Email Enumeration and RFD [EN]
• Instagram Reflected Filename Download [EN]
• Kaspersky Social Sharing WordPress Plugin RFD [EN]
• Trello Username Enumeration Vulnerability [EN]
• Facebook RFD: The final chapter [EN]
• Facebook RFD and Open File Upload [EN]
• Google as a Platform for other attacks [EN]
• Trello Reflected Filename Download [EN]
• Open Redirect in Yahoo Store [EN]

As seen on:

Note: Some WebSegura.net security advisories will remain private even if they were patched. So you might see companies in the “Thanks” section without seeing the public advisory.

WebSegura.net does this for the pleasure of challenging web security and it’s not a business or a company. It’s a group of private portuguese security researchers. If you want to give us a donation feel free to drop us a message at [email protected]. Your name will be praised in this page.

Thanks:

• Kaspersky [gift pack]
• 2x Adobe [hall of fame]
• HackerOne [hall of fame]
• Google [honorable mention]
• FoxyCart [reward bounty]
• BettingExpert [reward bounty]
• 2x KYUP [reward bounty]
• Yahoo [reward bounty]
• Etsy [reward bounty and t-shirt]
• 5x Nexmo [reward bounty]
• DoSomething [reward bounty]
• Nokia [hall of fame]
• Segment [t-shirt]
• eBay [hall of fame]
• 2x Indeed [reward bounty]
• Microsoft [hall of fame]
• 5x Weebly [reward bounty]
• Circle [reward bounty]
• 123ContactForm [hall of fame]

Achaste interessante? Partilha!

•