ProtonMail.ch suffers from cross site request forgery, header injection, and out of date software vulnerabilities. Note that this finding houses site-specific data.
3d088ba11847cc70c4f57d4cfaf4266199b8c8da68a1d4fbf240d3513b40af99
America Online (AOL) suffers from cross site scripting and remote file inclusion vulnerabilities.
8a613994798545bcea472db93af4ceb0b66319269963bcb88f660250d728a92b
Ring Jordan suffers from a remote SQL injection vulnerability in their administrative functionality. The author has tried to contact the vendor and has received no response. The SQL injection issue allows for authentication bypass.
b0303595796d9f5fd9fd11582864f2c0b8d4f8b08600a13e9711b7fbd093fa52
The official Vatican web site suffers from a cross site scripting vulnerability.
d803f05012af0c7d4a8ad518230fd5aa68d9934addc4f1e0ac0b93fd249f5c2c
NOAA.gov suffers from cross site request forgery, cross site scripting, and clickjacking vulnerabilities. The authored has tried to contact them but has received no response.
c1f55ea29ba7cf55838a8a216d2e5c0918b27490eb78e8f438416ea546ac11c2
Kartoo Search Engine suffers from information disclosure, cross site scripting, and remote file inclusion vulnerabilities.
ac0a06fa419a184ad1babb025e7077989ed37dedb335c4eb2588feb10cb78804
Optomise System Ltd suffers from cross site scripting and information disclosure vulnerabilities.
c1f0ce5a3fe26ddb99b0616d5d61b0460e2f1e5b210f0a665619a91d61d91148
Adaudit Plus Online Demo suffers from multiple vulnerabilities including cross site request forgery, directory listing, and passwords being passed via a GET method.
65032b7037f6db49f90a134d34c24c4a670cbee2a380df40c787cac1f3f32132
Admanager Plus Online Demo suffers from cross site request forgery, directory listing, clickjacking, and cross site scripting vulnerabilities.
ef8980f8307fd85e258505ff90f13dbeb382094a1fe35e49f7d82febddc5223e
Pagelime CMS suffers from cross site scripting, unencrypted __VIEWSTATE parameter, credentials being sent in the clear, and various other security issues.
a438a73e380380d700a8be6d0a80415637a312aaaf38398234e40b95d0a106f7
Opolis.eu suffers from cross site request forgery, cross site scripting, denial of service, and remote blind SQL injection vulnerabilities. The vendor has not responded to the researchers reports of these issues.
86e6756e6360245c7ec7594467c4b1d5869733852ffe83875227e09f6118918a
Secure Mail at s-mail.com actually suffers from dozens of vulnerabilities due to using out of date PHP and Apache versions.
bcf4a8a35493dc589f526c3acdfdd2b8596c418c332e7d75666242af1c71a388
UniCredit Bank suffers from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities. They have not responded to the authors notifications.
4b24c6a6204b07ab95aaa3e329aadafb43c09c8b0febd049f499b640d5f76727
Ebuddy Web Messenger suffers from index disclosure, cross site request forgery, htaccess file disclosure, and insecure credential transport vulnerabilities.
ccaf79bd154471179fb4406fdc64b21ea02903e1d8c4dc8ee30b274d01f17dff
Cetelem Online bank suffers from cross site scripting and clickjacking vulnerabilities. The vendor had not responded to the researcher after multiple attempts to reach them. The CSIRT team for the bank notified Packet Storm on 10/14/2013 that the issues have been remediated.
725a5580019aaa28e98f7d7843da1fbb140cb6edd882ae4285924205b58a8f7d
Geonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear.
97a88857ba14577c519450180d5fb5211da072e083d09bb5b1895c33b26737a7
Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities.
d5574eb95b9c81f907d0fcbec02ac11f615600255a8fae6dcf88f94ba7394837
FICOBank suffers from exposed directory listing and cross site scripting vulnerabilities. They do not believe any of this is an issue and if you use them, you should change banks immediately.
a3b64ae17ac6373785bfcea917ed3efed819ce567e81d61f13690c93de1a211e
Massachusetts Institute of Technology suffers form a parent directory information disclosure issue.
25c4c820de4680add586c4f667935a3834dbffdb67c3acffb1699c117aa0e5ac
ZZN (Web Hosting and Free email accounts) suffers from cross site scripting, remote blind SQL injection, and credential disclosure vulnerabilities.
6366cc696316ce5d9a9ad1c083d31746295d4a474bb3f4aeb475ce0ef05f30a9
Zoho suffers from information disclosure due to a lack of a content-type being specified and also appears to use mixed content.
d57f3ea5e158c04a53db6f3c8f8158fa024c8439b78c89b7ef0eedc2e2627082
YOPMail suffers from cross site scripting, HTTP response splitting, CRLF injection, and session token handling vulnerabilities.
695a2946cc39df0b7ae62aedfd486a14f8ffc15c2fc2ef1b909e0eeccfa856ae
Hostinger Web Hosting suffers from multiple cross site scripting vulnerabilities.
d4df1d9a2179f68c53b64dfbdf8a2a1dd84c602165ca1cac6074386192683ec9
Selfbank.es suffers from multiple cross site scripting vulnerabilities. The author has tried to contact them multiple times but they still have not addressed the issue.
c3f66357f373d38ba92b936055d9ff5c490bac66ad80f480d32ccb49d1deaeb7
TESO Web version 2.0 suffers from a remote SQL injection vulnerability. The author has repeatedly notified the vendor and has received no response.
109b007b0505bc9569955d793736cad0ba49a4d1fffb9c3900dce2ffb49da8e1