ProtonMail.ch suffers from cross site request forgery, header injection, and out of date software vulnerabilities. Note that this finding houses site-specific data.
3d088ba11847cc70c4f57d4cfaf4266199b8c8da68a1d4fbf240d3513b40af99America Online (AOL) suffers from cross site scripting and remote file inclusion vulnerabilities.
8a613994798545bcea472db93af4ceb0b66319269963bcb88f660250d728a92bRing Jordan suffers from a remote SQL injection vulnerability in their administrative functionality. The author has tried to contact the vendor and has received no response. The SQL injection issue allows for authentication bypass.
b0303595796d9f5fd9fd11582864f2c0b8d4f8b08600a13e9711b7fbd093fa52The official Vatican web site suffers from a cross site scripting vulnerability.
d803f05012af0c7d4a8ad518230fd5aa68d9934addc4f1e0ac0b93fd249f5c2cNOAA.gov suffers from cross site request forgery, cross site scripting, and clickjacking vulnerabilities. The authored has tried to contact them but has received no response.
c1f55ea29ba7cf55838a8a216d2e5c0918b27490eb78e8f438416ea546ac11c2Kartoo Search Engine suffers from information disclosure, cross site scripting, and remote file inclusion vulnerabilities.
ac0a06fa419a184ad1babb025e7077989ed37dedb335c4eb2588feb10cb78804Optomise System Ltd suffers from cross site scripting and information disclosure vulnerabilities.
c1f0ce5a3fe26ddb99b0616d5d61b0460e2f1e5b210f0a665619a91d61d91148Adaudit Plus Online Demo suffers from multiple vulnerabilities including cross site request forgery, directory listing, and passwords being passed via a GET method.
65032b7037f6db49f90a134d34c24c4a670cbee2a380df40c787cac1f3f32132Admanager Plus Online Demo suffers from cross site request forgery, directory listing, clickjacking, and cross site scripting vulnerabilities.
ef8980f8307fd85e258505ff90f13dbeb382094a1fe35e49f7d82febddc5223ePagelime CMS suffers from cross site scripting, unencrypted __VIEWSTATE parameter, credentials being sent in the clear, and various other security issues.
a438a73e380380d700a8be6d0a80415637a312aaaf38398234e40b95d0a106f7Opolis.eu suffers from cross site request forgery, cross site scripting, denial of service, and remote blind SQL injection vulnerabilities. The vendor has not responded to the researchers reports of these issues.
86e6756e6360245c7ec7594467c4b1d5869733852ffe83875227e09f6118918aSecure Mail at s-mail.com actually suffers from dozens of vulnerabilities due to using out of date PHP and Apache versions.
bcf4a8a35493dc589f526c3acdfdd2b8596c418c332e7d75666242af1c71a388UniCredit Bank suffers from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities. They have not responded to the authors notifications.
4b24c6a6204b07ab95aaa3e329aadafb43c09c8b0febd049f499b640d5f76727Ebuddy Web Messenger suffers from index disclosure, cross site request forgery, htaccess file disclosure, and insecure credential transport vulnerabilities.
ccaf79bd154471179fb4406fdc64b21ea02903e1d8c4dc8ee30b274d01f17dffCetelem Online bank suffers from cross site scripting and clickjacking vulnerabilities. The vendor had not responded to the researcher after multiple attempts to reach them. The CSIRT team for the bank notified Packet Storm on 10/14/2013 that the issues have been remediated.
725a5580019aaa28e98f7d7843da1fbb140cb6edd882ae4285924205b58a8f7dGeonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear.
97a88857ba14577c519450180d5fb5211da072e083d09bb5b1895c33b26737a7Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities.
d5574eb95b9c81f907d0fcbec02ac11f615600255a8fae6dcf88f94ba7394837FICOBank suffers from exposed directory listing and cross site scripting vulnerabilities. They do not believe any of this is an issue and if you use them, you should change banks immediately.
a3b64ae17ac6373785bfcea917ed3efed819ce567e81d61f13690c93de1a211eMassachusetts Institute of Technology suffers form a parent directory information disclosure issue.
25c4c820de4680add586c4f667935a3834dbffdb67c3acffb1699c117aa0e5acZZN (Web Hosting and Free email accounts) suffers from cross site scripting, remote blind SQL injection, and credential disclosure vulnerabilities.
6366cc696316ce5d9a9ad1c083d31746295d4a474bb3f4aeb475ce0ef05f30a9Zoho suffers from information disclosure due to a lack of a content-type being specified and also appears to use mixed content.
d57f3ea5e158c04a53db6f3c8f8158fa024c8439b78c89b7ef0eedc2e2627082YOPMail suffers from cross site scripting, HTTP response splitting, CRLF injection, and session token handling vulnerabilities.
695a2946cc39df0b7ae62aedfd486a14f8ffc15c2fc2ef1b909e0eeccfa856aeHostinger Web Hosting suffers from multiple cross site scripting vulnerabilities.
d4df1d9a2179f68c53b64dfbdf8a2a1dd84c602165ca1cac6074386192683ec9Selfbank.es suffers from multiple cross site scripting vulnerabilities. The author has tried to contact them multiple times but they still have not addressed the issue.
c3f66357f373d38ba92b936055d9ff5c490bac66ad80f480d32ccb49d1deaeb7TESO Web version 2.0 suffers from a remote SQL injection vulnerability. The author has repeatedly notified the vendor and has received no response.
109b007b0505bc9569955d793736cad0ba49a4d1fffb9c3900dce2ffb49da8e1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed