[公告]不安全上线【我的收藏】功能
2019-09-26 17:32:30  •  阅读 ♾  
[公告]不安全更换新域名为: buaq.net 短域名:https://f5.pm
2019-09-26 17:32:30  •  阅读 ♾  
H1-CTF 100k Solution - Congratz on the 100k Rep todayisnew
2021-06-18 09:14:28  •  阅读 52 •  点我收藏   
[100K-ctf] Multiple vulnerabilities leading to compromise of Pinger instance.
2021-06-18 09:14:28  •  阅读 42 •  点我收藏   
TikTok Session Donation CSRF via QR code login
2021-06-18 07:32:59  •  阅读 31 •  点我收藏   
HackerOne making payments in USDC (Coinbase stable coin)
2021-06-18 02:24:54  •  阅读 33 •  点我收藏   
Malicious apps can crash Nextcloud Android client by sending malformed intents
2021-06-17 21:01:22  •  阅读 25 •  点我收藏   
Web cache poisoning at www.acronis.com
2021-06-17 19:02:02  •  阅读 28 •  点我收藏   
Brave Browser Tor Window leaks user's real IP to the external DNS server
2021-06-17 15:31:55  •  阅读 29 •  点我收藏   
XSS on https://partners.acronis.com/
2021-06-17 12:01:51  •  阅读 29 •  点我收藏   
Account Takeover on unverified emails in File Sync & Share
2021-06-17 05:01:29  •  阅读 32 •  点我收藏   
Low Privileged user can add or remove cash to/from sales register
2021-06-17 03:19:09  •  阅读 39 •  点我收藏   
Broken Link on Ping Identity's Vulnerability Submission Form on Hackerone
2021-06-17 01:35:57  •  阅读 35 •  点我收藏   
XSS via JavaScript evaluation of an attacker controlled resource at www.pornhub.com
2021-06-16 22:08:18  •  阅读 29 •  点我收藏   
Android app does not clear end to end encryption keys
2021-06-16 20:24:21  •  阅读 32 •  点我收藏   
Trusted server shared secret stored unencrypted in the database
2021-06-16 20:24:21  •  阅读 31 •  点我收藏   
Federated shares are not password protected
2021-06-16 20:24:21  •  阅读 33 •  点我收藏   
Ransomware protection is missing extentions
2021-06-16 20:24:21  •  阅读 31 •  点我收藏   
No admin audit log for auth tokens
2021-06-16 20:24:21  •  阅读 31 •  点我收藏   
No admin audit entry for enabling/disabling 2FA
2021-06-16 20:24:21  •  阅读 33 •  点我收藏   
Session fixation on public talk links
2021-06-16 20:24:21  •  阅读 32 •  点我收藏   
Serverinfo endpoints are not bruteforce protected nor are tokens properly generated
2021-06-16 20:24:21  •  阅读 30 •  点我收藏   
Error Page Content Spoofing or Text Injection
2021-06-16 13:25:06  •  阅读 30 •  点我收藏   
Clickjacking on profile page leading to unauthorized changes
2021-06-16 13:25:06  •  阅读 29 •  点我收藏   
Denial of service via cache poisoning on https://www.data.gov/
2021-06-16 13:25:06  •  阅读 30 •  点我收藏   
Reflected XSS through ClickJacking
2021-06-16 13:25:06  •  阅读 31 •  点我收藏   
XML Injection / External Service Interaction (HTTP/DNS) On https://█████████.mil
2021-06-16 13:25:06  •  阅读 29 •  点我收藏   
Default Admin Username and Password on █████ Server at █████████mil
2021-06-16 13:25:06  •  阅读 32 •  点我收藏   
Elmah.axd is publicly accessible leaking Error Log
2021-06-16 13:25:06  •  阅读 29 •  点我收藏   
Default Nextcloud Server and Android Client leak sharee searches to Nextcloud
2021-06-16 13:25:06  •  阅读 29 •  点我收藏   
XSS by MathML at Active Storage
2021-06-16 13:25:06  •  阅读 27 •  点我收藏   
HTTP Host injection in redirect_to function
2021-06-16 13:25:06  •  阅读 29 •  点我收藏