habitat-my.com Cross Site Scripting vulnerability OBB-2818273

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

panasonic-my.com Cross Site Scripting vulnerability OBB-1207325

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Mail.ru: Stored XSS that allow an attacker to read victim mailboxes contacts in mail.ru and my.com application

Mail.ru Mail IOS app was vulnerable to local files access on some iOS versions due to cross-application scripting if malcrafted SVG attachment is viewed by user Write-up is here...

Mail.ru: [myMail Android] Access to protected app components via RegistrationPhoneActivity

RegistrationPhoneActivity of My.com MyMail application for Android could be locally exploited by malicious application to access internal activities as was demonstrated by spoofing logon screen to send authentication request to arbitrary site...

Mail.ru: Blind SSRF on sentry.dev-my.com due to Sentry misconfiguration

Insufficient isolation of Sentry installation could potentially lead to blind SSRF...

Mail.ru: JSONP hijacking

In this report researcher bypassed client-side protection against JSONP hijacking. Vulnerability allowed to disclose emails of logged in my.com users which visited malicious site...

Mail.ru: Launch Any Activity in MyMail App

An exported activity in My.Com Mail application could be used to launch protected activities...

Mail.ru: BruteForce Any [My.com] Account Credentials.

CAPTCHA entered on account.my.com was not actually checked. account.my.com has no relation to My.Com's MyMail and is not currently covered by regular Mail.Ru bug bounty program...

Mail.ru: [evo2.my.com] Reflected XSS

Browser-specific reflected XSS via POST parameters in evo2.my.com. evo2.my.com is not covered by bug bounty scope...

Mail.ru: Heartbleed: my.com (185.30.178.33) port 1433

MacBook-Pro-Kirill:Pentest isox$ python heartbleed.py 185.30.178.33 -p 1443 defribulator v1.16 A tool to test and exploit the TLS heartbeat vulnerability aka heartbleed CVE-2014-0160 Connecting to: 185.30.178.33:1443, 1 times Sending Client Hello for TLSv1.0 Received Server Hello for TLSv1.0...

Mail.Ru выйдет на Запад под брендом my.com

Российская интернет-компания Mail.Ru Group будет использовать имя my.com для глобального развития, сообщается в пресс-релизе. Гендиректор компании Дмитрий Гришин пояснил, что на сегодняшний день сервисами Mail.Ru Group пользуется более 90 процентов российских интернет-пользователей. Компания такж...