##Issue

The reporter was able to misuse a couple of flaws in the system. By using a reflected XSS (due to missing validation) combined with a CSRF the reporter could create open redirects (via...

@vijay_kumar1110 reported an Insecure Direct Object Reference vulnerability on our Exchange app. This issue could have allowed an attacker to iterate over the shops' screenshot IDs in order to...

The researchers noticed an issue with our ETH receiving code when receiving from a contract. This allowed sending of ETH to Coinbase to be credited even if the underlying contract execution failed....

Hello,

I found an XSS issue due to the incorrect handling of the \ character in a <noscript> context, the following link works as a PoC that alerts the location of the...

## Denoscription
Some topics have limited access to certain groups and users, and while there exists a validation for access on this topic, it can be bypassed by abusing a vulnerability in the...

**Summary:**
The Project Site Audit function is vulnerable to XXE when parsing sitemap.xml files.

**Denoscription:**
The Site Audit function spiders a given website and performs analysis on the...

Tactics, Techniques, and Procedures. Contribute to sneakerhax/TTPs development by creating an account on GitHub.

We found a session hijacking vulnerability in the GitLab platform. In this post we describe the vulnerability, the patching process and protection methods.

Nothing Got Waste Of Time

site :- https://www.nxp.com/

Using broken authorisation with couple of Cross Site Request Forgeries (CSRFs) to completely take over users’ accounts.

This write up is about part of my latest XSS report to Uber@hackerone. Sorry for my poor English first of all, I will try my best to explain this XSS problem throughly. JSONP RequestSeveral months ago

Shopify infrastructure is isolated into subsets of infrastructure. @0xacb reported it was possible to gain root access to any container in one particular subset by exploiting a server side request...