For those who don’t know Workable.com… Workable is affordable, usable hiring software. It replaces email and spreadsheets with an applicant tracking system that your team […]
DepositFiles ZeroClipboard.swf XSS
DepositFiles is a file storage website and one of the most popular ones. They’re online since 2005 and recently they start using dfiles.eu domain instead […]
Bytes that Rock voting manipulation
Rocky Bytes is a company well known for its informative reviews and news on all the latest games and programs. Each year they promote Bytes […]
Edmodo XSS and HTML Injection
For those who don’t know Edmodo… The safest and easiest way for educators to connect and collaborate with students, parents, and each other. They count […]
SendGrid Reflected File Download
For those who don’t know who SendGrid is… SendGrid provides unmatched deliverability, scalability, and reliability. We deliver email on behalf of happy customers such as: […]
Events Made Easy WordPress plugin CSRF + Persistent XSS
Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Events Made Easy is a full-featured event management solution for WordPress. Events Made […]
Komento Joomla! component Persistent XSS
CVE Reference: CVE-2015-7324 Komento is a Joomla! comment extension for articles and blogs in K2, EasyBlog, ZOO, Flexicontent, VirtueMart and redShop. @http://stackideas.com/komento I found out […]
Shopify open to a RFD attack
Before Shopify having a bounty program on HackerOne I already sent [on 19 march] a security report about a Reflected Filename Download I found on […]
Acunetix got RFDed!
After publishing a report on a security software – OWASP ZAP – I found another vulnerability on a security company – Acunetix. Reminds the proverbial […]
OWASP ZAP XXE vulnerability
I just noticed that this is my first full disclosure of a XXE vulnerability. I already found others but they were inside private bounty programs. […]