Iandunn-projects


reports in last 90 days

14

disclosed resolved issues

7

disclosed informative issues

12

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Medium XSSI: Quick Navigation Interface - leak of private page/post titles

Information Disclosure foobar7 Time to triage: 0 Days and 2 hours


Time to close: 0 Days and 20 hours
Resolved

None Security issue: Github repo's wiki publicly editable

Improper Access Control - Generic whitehat_hacker Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

High Timing Attack in Google Authenticator - Per User Prompt

Cryptographic Issues - Generic whitehatter Issue was not triaged


Time to close: 0 Days and 1 hours
Informative

Medium Formula injection via CSV exports in WordCamp Talks plugin

Command Injection - Generic whitehatter Issue was not triaged


Time to close: 4 Days and 19 hours
Resolved

Medium HTML injection-WordCamp Talks plugin

Cross-site Scripting (XSS) - Generic paresh_parmar Issue was not triaged


Time to close: 6 Days and 22 hours
Not-applicable

No rating constant cache_page_secret in regolith

None supplied e3amn2l Time to triage: 0 Days and 14 hours


Time to close: 1 Days and 12 hours
Resolved

Medium unchecked unserialize usages in audit-trail-extension/audit-trail-extension.php

None supplied e3amn2l Time to triage: 0 Days and 15 hours


Time to close: 1 Days and 14 hours
Resolved

No rating unchecked unserialize usage in WordPress-Functionality-Plugin-Skeleton/functionality-plugin-skeleton.php

None supplied e3amn2l Time to triage: 0 Days and 15 hours


Time to close: 0 Days and 22 hours
Resolved

None No CAPTCHA ia exist in pages

Violation of Secure Design Principles ravenbugbounty Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

No rating Google Authenticator - Cross Site Scripting

Cross-site Scripting (XSS) - Generic iamsha4yan Issue was not triaged


Time to close: 8 Days and 8 hours
Not-applicable

Low Bypass fix in https://hackerone.com/reports/151516 report.

Command Injection - Generic lalka Time to triage: 7 Days and 18 hours


Time to close: 46 Days and 2 hours
Resolved

Low CSV Injection in Camptix

Command Injection - Generic grande Time to triage: 5 Days and 11 hours


Time to close: 36 Days and 0 hours
Resolved

Low Bypassing CSV injection using new line charcter

Command Injection - Generic huops Time to triage: 18 Days and 2 hours


Time to close: 36 Days and 23 hours
Resolved

No rating All Plugins - Direct file access to plugin files Vulnerability

Improper Authentication - Generic iamsha4yan Issue was not triaged


Time to close: 0 Days and 2 hours
Duplicate

No rating Google Authenticator0.6 - PHP Version Dosclosure

Information Disclosure iamsha4yan Issue was not triaged


Time to close: 0 Days and 3 hours
Not-applicable

No rating Send emails to all users using Camptix

Cross-Site Request Forgery (CSRF) jshindl Issue was not triaged


Time to close: 7 Days and 14 hours
Not-applicable

No rating bypass to csv injection

Command Injection - Generic superngorksky Issue was not triaged


Time to close: 3 Days and 13 hours
Not-applicable

No rating Potentially vulnerable version of Apache software in and default files on https://iandunn.name/

Information Disclosure ethnicalhacker Issue was not triaged


Time to close: 0 Days and 1 hours
Informative

No rating stored SELF xss on Basic Google Maps Placemarks Settings plugin

Cross-site Scripting (XSS) - Generic kenan Issue was not triaged


Time to close: 0 Days and 0 hours
Not-applicable

No rating CSV Injection at Camptix Event Ticketing

Command Injection - Generic thezawad Time to triage: 0 Days and 2 hours


Time to close: 26 Days and 1 hours
Resolved

No rating Multiple XSS in Camptix Event Ticketing Plugin

Cross-site Scripting (XSS) - Generic thezawad Time to triage: 0 Days and 0 hours


Time to close: 20 Days and 0 hours
Resolved

No rating [Not just a server configuration issue] Full Path Disclosure

Information Disclosure ahsan Issue was not triaged


Time to close: 0 Days and 7 hours
Informative

No rating Brute force on wp-login

Violation of Secure Design Principles proxynwh Issue was not triaged


Time to close: 7 Days and 10 hours
Not-applicable

No rating SSL certificate public key less than 2048 bit

Cryptographic Issues - Generic proxynwh Issue was not triaged


Time to close: 0 Days and 8 hours
Not-applicable

No rating Path Disclosure Vulnerability

Information Disclosure jamalcom Issue was not triaged


Time to close: 0 Days and 6 hours
Not-applicable