ShinyHunters Leaks Data of Udemy, Zara, 7-Eleven in Salesforce Linked Breach

ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems...

MAL-2025-37492 Malicious code in udemytestframework (npm)

The package udemytestframework was found to contain malicious code...

udemy.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1156698 Security Researcher Mike777 Helped patch 68 vulnerabilities Received 3 Coordinated Disclosure badges Received 4 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting udemy.com website and its...

XSS Vulnerability in ED01-CMS

ED01-CMS is a content management system and the CMS project of Edwin Diaz's Udemy course "PHP for Beginners - Become a PHP Master". An XSS vulnerability exists in the ED01-CMS content management system, which can be exploited by attackers to obtain sensitive information such as cookies...

Udemy: [affiliates.udemy.com] Wordpress user admin information discloure

Summary This website using Wordpress CMS, so developer forget to disable the link that can view information of admin user. By access to this link, attacker can get all username and other information of user admin: http://affiliates.udemy.com/wp-json/wp/v2/users F312155 Admin user list: hamza...

Udemy: S3 bucket unnecessarily discloses permissions

The 'udemy-images' bucket allows the 'AllUsers' group to list ACLs that are applied to the bucket. By navigating to: https://udemy-images.udemy.com or by using the aws-cli tool an attacker can see which users have READ, WRITE, READACP, and WRITEACP rights. Doing this now we can see one user who h...

udemy.com XSS vulnerability

Open Bug Bounty ID: OBB-578407 Description| Value ---|--- Affected Website:| udemy.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

EduStar Udemy Clone Script 1.0 SQL Injection

Exploit Title: EduStar Udemy Clone Script v1.0 - SQL Injection Date: 2017-09-11 Exploit Author: 8bitsec Vendor Homepage: https://www.abservetech.com/ Software Link: https://www.abservetech.com/edustar-udemy-clone/ Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...

EduStar Udemy Clone Script 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: EduStar Udemy Clone Script v1.0 - SQL Injection Exploit Author: 8bitsec Vendor Homepage: https://www.abservetech.com/ Software Link: https://www.abservetech.com/edustar-udemy-clone/ Version: 1.0 Tested on: Kali Linux 2.0 | Mac O...

EduStar Udemy Clone Script 1.0 - SQL Injection

Exploit Title: EduStar Udemy Clone Script v1.0 - SQL Injection Date: 2017-09-11 Exploit Author: 8bitsec Vendor Homepage: https://www.abservetech.com/ Software Link: https://www.abservetech.com/edustar-udemy-clone/ Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...

EduStar Udemy Clone Script 1.0 - SQL Injection

EduStar Udemy Clone Script 1.0 - SQL Injection Exploit Title: EduStar Udemy Clone Script v1.0 - SQL Injection Date: 2017-09-11 Exploit Author: 8bitsec Vendor Homepage: https://www.abservetech.com/ Software Link: https://www.abservetech.com/edustar-udemy-clone/ Version: 1.0 Tested on: Kali Linux 2...

Udemy: No password length restriction

The reporter thought that we did not limit password length, but we do, we just don't feed back an error for it...

Udemy: CSRF Token

Reporter misunderstood how CSRF validation operates and believed his steps broke it...

Udemy: Violation of secure design principle

A business process issue was reported as a security issue...

Udemy: Weak Password

Reporter thinks that our password rules should be different...

Udemy: CSRF Token Design Flaw

Our django site uses their standard CSRF implementation. The reporter has their own ideas about how CSRF protection should be implemented...

Udemy: Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at https://jenkins101.udemy.com

Howdy, @udemy! Summary: ======= I am writing to inform you of a critical information disclosure bug via an exposed Jenkins dashboard located at https://jenkins101.udemy.com. Upon navigating to this address, I was asked to authenticate with my Github account. After authenticating, I was surprised ...

Udemy: Content Spoofing in udemy

Scenerio An attacker can include any arbitrary text using specially crafted udemy url. Reporting this but not sure if this is in scope text injection not marked in exclusion list Kindly mark it as informative in case if it is out of scope Issue seems to be because of sourcepage=clp param. If this...

Udemy: Udemy s3 storage can be used by an attacker personal website because of missing CSRF Token

The report was about a staging S3 bucket where we allow any file to be uploaded and then further process it from there. It was closed as informative because there is no security risk associated with it...

Udemy: Critical : Malware and XSS file can be uploaded and executed on udemy

The investigator found that he can upload any file type to our upload bucket. That is intended behavior - file content is enforced before moving it out of our upload bucket...