Hacking & Computer Science stuff

Bug Hunting

DateFindingSeverityProfile
2025/07/16Improper Access Control - Generic (CWE-284)N/A
2025/07/15Improper Access Control - Generic (CWE-284)N/A
2025/07/10Business Logic Errors (CWE-840)N/A
2025/06/28Improper Access Control - Generic (CWE-284)N/A
2025/06/28Business Logic Errors (CWE-840)N/A
2025/06/28Improper Access Control - Generic (CWE-284)N/A
2025/06/28Business Logic Errors (CWE-840)N/A
2025/06/28Violation of Secure Design Principles (CWE-657)N/A
2025/06/28Improper Authentication - Generic (CWE-287)N/A
2025/06/28Improper Authentication - Generic (CWE-287)N/A
2025/05/13Business Logic Errors (CWE-840)N/A
2025/03/22Denial of Service (CWE-400)N/A
2025/02/21Cross-site Scripting (XSS) - Stored (CWE-79)N/A
2025/02/12Cross-site Scripting (XSS) - Stored (CWE-79)N/A
2024/11/27Violation of Secure Design Principles (CWE-657)N/A
2024/11/16Insecure Direct Object Reference (IDOR) (CWE-639)N/A
2024/11/14Improper Access Control - Generic (CWE-284)N/A
2024/11/12Business Logic Errors (CWE-840)N/A
2024/11/12Improper Access Control - Generic (CWE-284)N/A
2024/11/12Improper Access Control - Generic (CWE-284)N/A
2024/11/12Improper Access Control - Generic (CWE-284)N/A
2024/11/12Insecure Direct Object Reference (IDOR) (CWE-639)N/A
2024/11/08Business Logic Errors (CWE-840)N/A
2024/10/24Resource Injection (CWE-99)N/A
2024/10/24Insecure Direct Object Reference (IDOR)critical
2024/10/18Improper Access Control - Generic (CWE-284)N/A
2024/10/01Insecure Direct Object Reference (IDOR) (CWE-639)N/A
2024/09/30Resource Injection (CWE-99)N/A
2024/09/30Insecure Direct Object Reference (IDOR) (CWE-639)N/A
2024/09/28Improper Access Control - Generic (CWE-284)N/A
2024/09/28Improper Access Control - Generic (CWE-284)N/A
2024/09/28Improper Access Control - Generic (CWE-284)N/A
2024/09/28Improper Access Control - Generic (CWE-284)N/A
2024/09/28Improper Access Control - Generic (CWE-284)N/A
2024/09/28Insecure Direct Object Reference (IDOR) (CWE-639)N/A
2024/09/28Improper Access Control - Generic (CWE-284)N/A
2024/09/28Improper Access Control - Generic (CWE-284)N/A
2024/09/28Insecure Direct Object Reference (IDOR) (CWE-639)N/A
2024/09/20Violation of Secure Design Principles (CWE-657)N/A
2024/09/16Violation of Secure Design Principles (CWE-657)N/A
2024/09/12Cross-site Scripting (XSS) - Generic (CWE-79)N/A
2024/09/12Improper Access Control - Generic (CWE-284)N/A
2024/09/04Improper Access Control - Generic (CWE-284)N/A
2024/08/28Command Injection - Generic (CWE-77)N/A
2024/08/23Command Injection - Generic (CWE-77)N/A
2024/08/23Command Injection - Generic (CWE-77)N/A
2024/08/16Cross-site Scripting (XSS) - Generic (CWE-79)N/A
2024/08/16Improper Access Control - Generic (CWE-284)N/A
2024/08/07Improper Access Control - Generic (CWE-284)N/A
2024/07/22Cleartext Storage of Sensitive Information (CWE-312)N/A
2024/07/22Improper Access Control - Generic (CWE-284)N/A
2024/06/07Improper Access Control - Genericlow
2024/06/07Improper Access Control - Genericmedium
2024/06/07Improper Access Control - Genericmedium
2024/06/07Improper Access Control - Genericmedium
2024/05/03Business Logic Errorsmedium
2024/05/03Cross-Site Request Forgery (CSRF)high
2024/05/01Server-Side Request Forgery (SSRF)critical
2024/03/21Business Logic Errorshigh
2024/03/20Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)low
2023/12/11Cross-site Scripting (XSS) - Storedhigh
2023/12/11Incorrect Permission Assignment for Critical Resourcemedium
2023/06/19N/AP2
2023/06/06Code Injectioncritical
2023/05/30N/AP3
2023/05/28N/AP2
2023/05/01Improper Access Control - Generichigh
2023/04/08N/AP3
2023/03/11N/AP1
2023/03/05Resource Injectionnone
2023/02/27Information Disclosuremedium
2023/02/27Improper Authentication - Generichigh
2023/02/24Information Disclosurelow
2023/02/21N/AP3
2023/01/12N/AP1
2022/09/10N/AP4
2021/09/11N/AN/A
2021/05/02N/AP4
2021/04/30N/AN/A
2021/03/30N/AP4
2021/03/16N/AP1
2021/02/13N/AP5
2020/10/04N/AP5
2020/09/05N/AP5
2020/06/19N/AP5
2020/06/19N/AN/A
2020/06/02N/AP5
2020/06/02N/AN/A
2020/06/02N/AP4
2020/06/01N/AP4
2020/05/29N/AP4
2020/05/26N/AP5
2020/05/26N/AN/A
2020/05/10Information Exposure Through an Error Messagemedium
2020/05/01Insecure Storage of Sensitive Informationcritical
2020/04/06Information Disclosuremedium
2020/03/26Information Exposure Through Directory Listingmedium

Misc.

IDProductSources
N/A - 2023/04/17 (Unsecured password storage)Agora ProjectHuntr.dev
N/A - 2023/04/17 (Reflected XSS)Agora ProjectHuntr.dev
N/A - 2023/04/17 (Authenticated RCE)Agora ProjectHuntr.dev
N/A - 2023/04/17 (Unrestricted file download)Agora ProjectHuntr.dev
N/A - 2023/04/17 (Missing Access Control)Agora ProjectHuntr.dev
N/A - 2023/04/17 (SQL injection)Agora ProjectHuntr.dev
CVE-2022-28800SonarqubeMitre
CVE-2021-27375TraefikMitre Sonarqube
SNYK-JS-NGXMARKDOWNEDITOR-1245072ngx-markdown-editorSnyk

© Sébastien Copin (cosades) 2024