Reported and resolved vulnerabilities
May 2024
Reflected cross site scripting discovered by Mayank Mukhi (X)
January 2024
Information directory listing discovered by Hasibul Hasan Rifat (X)
Credential leak via darkweb cyber threat intelligence discovered by Htet Naing Lin (0xhnl)
Two clickjacking vulnerabilities discovered by Abhishrey Gupta (crimson-inferno) - (LinkedIn)
October 2023
rXSS vulnerability discovered by testt0 / Ola (X)
September 2023
Software with known vulnerabilties discovered by warringaa (LinkedIn)
July 2023
Local File Inclusion vulnerabilites discovered by Moein Abas / mosec (Zerocopter, X)
June 2023
Possible sensitive data exposure via API keys discovered by Arjith N R (LinkedIn)
Vulnerability with cleartext passwords discovered by Ruben Meeuwissen (LinkedIn)
May 2023
Possible Azure subdomain take-over discovered by Bob van der Staak (LinkedIn)
Possible Azure subdomain take-over discovered by Sumit Grover (X)
Captcha bypass vulnerability discovered by Tom Dantuma (LinkedIn)
March 2023
Information disclosure on a DNWG website discovered by Bob van der Staak (LinkedIn)
February 2023
No rate limit set on a login form on a Stedin website discovered by kapil
November 2022
No brute force protection on a two Stedin websites discovered by 0xashfaq
September 2022
Information leakage on a website of DWNG discovered by gugu1337.
August 2022
Expired certificate on a website of DNWG discovered by Bob van der Staak (LinkedIn)
Information leakage on websites of DWNG discovered by Bob van der Staak (LinkedIn)
June 2022
Sensitive information exposed on a website of DNWG discovered by fouad.
May 2022
Open directory listing on a Stedin website discovered by cyber-ghost102 (LinkedIn)
Sensitive information disclosure on a Stedin website discovered by cyber-ghost102 (LinkedIn)
April 2022
Cross site scripting vulnerability on a website of DNWG discovered by Mahmoud Elgendy (LinkedIn)
February 2022
Information leakage without authentication on a DNWG website discovered by mahmoud-elgendy (Twitter)
January 2022
No rate limit on login panel on a Stedin website discovered by Mehedii Hasan Remon (Twitter)
Server leaks information on a DNWG website discovered by krishnasec (LinkedIn)
No rate limit on login panel on a DNWG website discovered by Mehedii Hasan Remon (Twitter)
October 2021
Reflected XSS vulnerability on a DNWG website discovered by Tanuj Jane (Twitter)
Vulnerability on databases of DNWG discovered by aydinnyunus (LinkedIn)
August 2021
SAP-Open redirect on a website of DNWG discovered by Zax Asif (Twitter)
Open redirection on a website of DNWG discovered by Ifrah Iman
Microsoft exchange server reflected XSS at DNWG discovered by Zax Asif (Twitter)
July 2021
Clickjacking on a website of DNWG discovered by Aravind (LinkedIn / Twitter)
Clickjacking on a website of DNWG discovered by Muhammad Usman Nasir (LinkedIn)
User enumeration on websites of DNWG discovered by Ahmed Salah Abdalhfaz (Twitter)
June 2021
HTTP Strict Transport Security policy not enabled on a Stedin website discovered by shubhamch
May 2021
Phpunit leaking database credentials on a website of DNWG discovered by Harinder Singh (S1N6H) (LinkedIn)
Unsafe file upload on a website of DNWG discovered by Mayur Pamar (th3cyb3rc0p) (LinkedIn)
XSS in a portal of DNWG discovered by Omar (Powerjacob)
Unauthenticated REST API endpoint on a portal of DNWG discovered by aungpyaekoko
Critical file found on a website of DNWG discovered by Brokenstarr (Twitter)
April 2021
Tabnabbing on a website of DNWG discovered by Nishant Narendra Lugare
Security misconfiguration leads banner grabbing to CVE exploit discovered by Hasibul Hasan Rifta (Twitter)
February 2021
HTML injection through sendemail funtionallity on a website of DNWG discovered by D4rk0 (Twitter)
January 2021
Unsafe file upload on a website of DNWG discovered by herrfabs
validationKey and decryptionKey leak in web.config file discovered by herrfabs
CVE-2017-12635: Admin user created + access to application on a website of DNWG discovered by D4rk0 (Twitter)
December 2020
Clickjacking on a Stedin website discovered by Souvik-Mondal (LinkedIn)
Options method enabled on a website of Stedin discovered by iampritam
November 2020
Subdomain takeover on a Stedin website discovered by floerer
September 2020
API key leakage discovered by Muhammad Usman Nasir
Content spoofing on a Stedin website discovered by Muhammad Usman Nasir
July 2020
Vulnerability in Cisco ASA used by Stedin discovered by D-d-W
April 2020
Disclosure of server technology and version discovered by MZ-ZeroCPT
December 2019
Subdomain takeover possible due to a misconfigured CNAME record discovered by dominiquevd
Subdomain takeover possible due to a misconfigured CNAME record discovered by jubobs
October 2019
Error page contains SQL error information discovered by D4rk0
September 2019
Usernames are findable through an unrelated search form discovered by D4rk0
August 2019
Unsecure configuration on a website discovered by an anonymous security researcher
Data enumeration possible based on limited information discovered by an anonymous security researcher
February 2019
Server information leakage discovered by sreeappsec
September 2018
Domain spoofing vulnerability on multiple websites discovered by SecguruOTX
Misconfigured SPF record discovered by SecguruOTX
January 2018
Captcha is not implemented on a form discovered by an anonymous security researcher
November 2017
XSS vulnerability discovered by rootaccess
Publicly accessible website which should be restricted to internal users only discovered by rootaccess
October 2017
DNS misconfiguration discovered by an anonymous security researcher
August 2017
Exposure of sensitive information on joulz.nl discovered by an anonymous security researcher
July 2017
Unsafe SSL configuration discovered by warringaa
March 2017
Missing headers which may lead to XSS discovered by an anonymous security researcher