Coinbase: User Enumeration, Information Disclosure and Lack of Rate Limitation on API

NOTE: I am making this email as I think the response from Coinbase originally, via my emails to them was not correct. They had not acknowledged that this flaw allowed for user enumeration and hence I am posting the report again - in hope of a proper and well evaluated response. The key security...

PayPal.com STORED XSS - Execution on user login / send to any user

This method allows you to exploit any user on PayPal, and potentially steal money, cookies, or do lots of other things. This exploit is in the "request money" feature, so all you need to do to exploit someone is request money to them with the XSS method, and when the user logs into paypal.com, th...