HackerOne: Lack of length validation on user address attribute

Hi The input fields for adding mailing address for swag delivery in https://hackerone.com/settings/swags are not restricted in input lengths. I was able to add and read the contents via my own address page and the team pagewho awards the swag over 585728 characters in each of the input fields Nam...

AliExpress WebSite Vulnerability Exposes Millions of Users' Private Information

A critical, but easily exploitable personal information disclosure vulnerability has been discovered in the widely popular online marketplace AliExpress website that affects its millions of users worldwide. The reported vulnerability could allow anyone to steal personal information of hundreds of...

PHP-Update 2.7 - extract() Authentication Bypass Shell Injection

PHP-Update 2.7 - extract Authentication Bypass Shell Injection 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont+...