Found an exposed public Google Maps API link in VIS.
Reported an exposed Ruby server running in debug mode that caused an information leakage.
Reported a XSS vulnerability in a POST parameter on Reporting Project's People of Interest investigation.
Reported an exposed .git/config in the OCCRP website.
Reported an problem in our external newsletter service provider.
Reported a misconfiguration of clickjacking protection in VIS, along with several minor issues in other OCCRP projects.
Reported an information disclosure issue OCCRP website.
Reported, as part of the BountyFactory program for OCCRP, an e-mail related security issue with Investigative Dashboard.
Reported, as part of the BountyFactory program for OCCRP, an e-mail related security issue with Investigative Dashboard.
Reported, as part of the BountyFactory program for OCCRP, an XSS vulnerability in VIS.
Reported an SPF misconfiguration issue.
Reported a misconfiguration allowing to perform a clickjacking attack.
Reported, as part of the BountyFactory program for OCCRP, an authentication related security issue with Investigative Dashboard.
Reported, as part of the BountyFactory program for OCCRP, a TLS-related issue with Investigative Dashboard.
Reported, as part of the BountyFactory program for OCCRP, an authentication related security issue with Investigative Dashboard.
Reported, as part of the BountyFactory program for OCCRP, a tabnapping issue with Investigative Dashboard.
Reported a number of misconfiguration issues in OCCRP's Secure Sign-in that could in certain very specific circumstances lead to limited unauthorized information disclosure.
affiliation: IT researcher from YesWeHack's BountyFactory.io
Reported, as part of the BountyFactory program for OCCRP, a number of misconfiguration issues in Investigative Dashboard, including sensitive information leak.
affiliation: IT researcher from YesWeHack's BountyFactory.io
Reported, as part of the BountyFactory program for OCCRP, a number of misconfiguration issues in Investigative Dashboard, including sensitive information leak.
affiliation: IT researcher from YesWeHack's BountyFactory.io
Reported, as part of the BountyFactory program for OCCRP, a number of misconfiguration issues in Investigative Dashboard.
affiliation: YesWeHack
Reported, as part of the BountyFactory program for OCCRP, a number of security issues in VIS, including XSS, CSRF, and RCE vulnerabilities.
affiliation: YesWeHack
Reported, as part of the BountyFactory program for OCCRP, a number of security issues in VIS, including an XSS vulnerability.