Report a Security Vulnerability

We confirm that all information provided by the reporter (e.g. identity and

personal information) is treated confidentially

Reporter data

Name*

Phone number*

Email*

Report Title*

A clear and concise title includes the type of vulnerability and the impacted asset.

Vulnerability URL/IP*

Full URL, IP address or Mobile Application Link

Weakness*

Select the type of the potential issue you have discovered. Cant pick just one? Select the best match or submit a separate report for each distinct weakness.

Allocation of Resources Without Limits or Throttling

Array Index Underflow

Authentication Bypass Using an Alternate Path or Channel

Brute Force

Buffer Over-read

Buffer Underflow

Buffer Under-read

Business Logic Errors

Classic Buffer Overflow

Cleartext Storage of Sensitive Information

Cleartext Transmission of Sensitive Information

Client-Side Enforcement of Server-Side Security

Code Injection

Command Injection - Generic

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CRLF Injection

Cross-Site Request Forgery (CSRF)

Cross-site Scripting (XSS) - DOM

Cross-site Scripting (XSS) - Generic

Cross-site Scripting (XSS) - Reflected

Cross-site Scripting (XSS) - Stored

Cryptographic Issues - Generic

Denial of Service

Deserialization of Untrusted Data

Double Free

Download of Code Without Integrity Check

Embedded Malicious Code

Execution with Unnecessary Privileges

Exposed Dangerous Method or Function

External Control of Critical State Data

Externally Controlled Reference to a Resource in Another Sphere

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

File and Directory Information Exposure

Forced Browsing

Heap Overflow

HTTP Request Smuggling

HTTP Response Splitting

Improper Access Control - Generic

Improper Authentication - Generic

Improper Authorization

Improper Certificate Validation

Improper Check or Handling of Exceptional Conditions

Improper Control of Interaction Frequency

Improper Export of Android Application Components

Improper Following of a Certificate's Chain of Trust

Improper Handling of Highly Compressed Data (Data Amplification)

Improper Handling of Insufficient Permissions or Privileges

Improper Handling of URL Encoding (Hex Encoding)

Improper Input Validation

Improper Neutralization of Escape, Meta, or Control Sequences

Improper Neutralization of HTTP Headers for Scripting Syntax

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Improper Neutralization of Special Elements

Improper Null Termination

Improper Privilege Management

Inadequate Encryption Strength

Inclusion of Functionality from Untrusted Control Sphere

Incomplete Blacklist

Incorrect Authorization

Incorrect Calculation of Buffer Size

Incorrect Comparison

Incorrectly Specified Destination in a Communication Channel

Incorrect Permission Assignment for Critical Resource

Information Disclosure

Information Exposure Through an Error Message

Information Exposure Through Debug Information

Information Exposure Through Directory Listing

Information Exposure Through Discrepancy

Information Exposure Through Sent Data

Information Exposure Through Timing Discrepancy

Insecure Direct Object Reference (IDOR)

Insecure Storage of Sensitive Information

Insecure Temporary File

Insufficiently Protected Credentials

Insufficient Session Expiration

Insufficient Verification of Data Authenticity

Integer Overflow

Integer Underflow

Key Exchange without Entity Authentication

Lack of Binary Hardening

LDAP Injection

Leftover Debug Code (Backdoor)

Malware

Man-in-the-Middle

Memory Corruption - Generic

Misconfiguration

Missing Authentication for Critical Function

Missing Authorization

Missing Critical Step in Authentication

Missing Encryption of Sensitive Data

Missing Required Cryptographic Step

Modification of Assumed-Immutable Data (MAID)

NULL Pointer Dereference

Off-by-one Error

Omission of Security-relevant Information

Open Redirect

OS Command Injection

Out-of-bounds Read

Password in Configuration File

Path Traversal

Path Traversal: '.../...//'

Phishing

Plaintext Storage of a Password

Privacy Violation

Privilege Escalation

Relative Path Traversal

Reliance on Cookies without Validation and Integrity Checking in a Security Decision

Reliance on Reverse DNS Resolution for a Security-Critical Action

Reliance on Untrusted Inputs in a Security Decision

Remote File Inclusion

Replicating Malicious Code (Virus or Worm)

Resource Injection

Reusing a Nonce, Key Pair in Encryption

Reversible One-Way Hash

Security Through Obscurity

Server-Side Request Forgery (SSRF)

Session Fixation

SQL Injection

Stack Overflow

Storing Passwords in a Recoverable Format

Time-of-check Time-of-use (TOCTOU) Race Condition

Trust of System Event Data

Type Confusion

UI Redressing (Clickjacking)

Unchecked Error Condition

Uncontrolled Recursion

Unprotected Transport of Credentials

Unrestricted Upload of File with Dangerous Type

Untrusted Search Path

Unverified Password Change

Use After Free

Use of a Broken or Risky Cryptographic Algorithm

Use of a Key Past its Expiration Date

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Use of Externally-Controlled Format String

Use of Hard-coded Credentials

Use of Hard-coded Cryptographic Key

Use of Hard-coded Password

Use of Incorrectly-Resolved Name or Reference

Use of Inherently Dangerous Function

Use of Insufficiently Random Values

User Interface (UI) Misrepresentation of Critical Information

Using Components with Known Vulnerabilities

Violation of Secure Design Principles

Weak Cryptography for Passwords

Weak Password Recovery Mechanism for Forgotten Password

Wrap-around Error

Write-what-where Condition

XML Entity Expansion

XML External Entities (XXE)

XML Injection

XSS Using MIME Type Mismatch

Proof Of Concept

The proof of concept is the most important part of your report submission. Clear, reproducible steps will help us validate this issue as quickly as possible.

Impact*

What security impact could an attacker achieve?

Summary*

What is the vulnerability? In clear steps, how do you reproduce it? Please replace all the [square] sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report!

Loading ...

Recommendation*

What is your recommendations to address the findings

Loading ...

Attachment

Upload your attachments here

Choose or Drag & Drop Files

I hereby confirm that I have read the Terms and Conditions and Privacy and Policy

I hereby agree not to disclose or use any confidential information belonging to the other party for any reason which is not stated in terms and conditions.