project-drive.net Cross Site Scripting vulnerability OBB-3861813

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

mega-drive.net Cross Site Scripting vulnerability OBB-3833254

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

project-drive.net Cross Site Scripting vulnerability OBB-3790976

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

DRIVE.NET, Inc.: [www.drive2.ru] Insufficient Security Configurability - Notification message not sent when account is deleted

Email notifications are not sent when account is deleted. Email notifications are not sent when account is deleted. Best Practices As recommended practices, For security reasons, users should be able to be notified via email notification of changes to important operations such as account deletion...

DRIVE.NET, Inc.: [www.drive2.ru] Insufficient Security Configurability - The user can using the same password as your current ID.

The current username and password can be set the same, making it easy to guess the password. As a weak password policy issue, The current username and password can be set the same, making it easy to guess the password. |Technical severity|VRT category| Specific vulnerability name|Variant / Affect...

DRIVE.NET, Inc.: [www.drive2.ru] Insufficient Security Configurability - Notification email is not sent when email is changed.

A notification email is not sent when the email address is changed. Notification email is not sent when email is changed. Best Practices As recommended practices, Important tasks like changing emails should have notification emails. |Technical severity|VRT category| Specific vulnerability...

DRIVE.NET, Inc.: [www.drive2.ru] Insufficient Security Configurability - The user's can set an existing password as a new password.

An application is allowing user to set new password same as that of the old password. Passwords are entirely user's responsibility but As the old password may be exposed to other users, depending on the security password policy application, it should not be possible to set a new password value...

DRIVE.NET, Inc.: [www.drive2.ru] There is no rate limit for comments endpoints.

The "add comment" endpoint was improperly rate-limited so the potential attacker could post a large number of comments, overloading the server and the notification system. Summary The add comment endpoint was improperly rate-limited so the potential attacker could post a large number of comments,...

DRIVE.NET, Inc.: [www.drive2.ru] Insufficient Security Configurability - Email notification is not being sent while changing passwords

Email notification was not sent while changing passwords. This issue was fixed. Best Practices As recommended practices, Due to missing notification email when changing password, If the password has been maliciously changed, the user will not be able to notice it, so immediate security measures...

Unfixed XSS vulnerability at backup-drive.net

Security researcher Norehem, has submitted on 08/08/2007 a cross-site-scripting XSS vulnerability affecting backup-drive.net, which at the time of submission ranked 8266231 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/08/2007. It is...