Cookie injection leads to complete DoS over whole domain *.mackeeper.com. Injection point accountstage.mackeeper.com/
https://hackerone.com/reports/861521
null
mayurudiniya
$50
Отправка писем с произвольным текстом/кликабельными ссылками любому зарегистрированному пользователю с указанной почтой, зная только steamid
https://hackerone.com/reports/993711
9.7
libneko
$2,000
Rack parses encoded cookie names allowing an attacker to send malicious __Host-
and __Secure-
prefixed cookies
https://hackerone.com/reports/895727
null
fletchto99
null
Session cookie without secure flag on https://underwriter.partner.cuvva.com
https://hackerone.com/reports/236533
null
amaljacob7531
null
[REMOTE] Full Account Takeover At https://██████████████/CAS/
https://hackerone.com/reports/215859
null
karimrahal
null
Chat exposed using cookie
https://hackerone.com/reports/279070
null
sahore
null
Reset password cookie leads to account takeover
https://hackerone.com/reports/1004536
6.3
seqrity
null