issues
search
edubadges
/
audit
Code audit repo for Edubadges
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
The Add Url Option of the Assign Badge functionality Allows All Urls
#40
sveeke
closed
5 years ago
1
Development and deprecated modules unconditionally enabled
#39
sveeke
closed
5 years ago
1
Enumeration of registered email addresses via user profile API
#38
sveeke
opened
6 years ago
2
XSS code injection via Composition Collection share_url
#37
sveeke
closed
5 years ago
2
Pathway*list can be created by anyone with a registered email
#36
sveeke
closed
5 years ago
1
Arbitrary file upload with arbitrary file-extensions in images of badges.
#35
sveeke
closed
5 years ago
1
Badge Check can be fooled by forged badges using unicode domain names
#34
sveeke
closed
5 years ago
1
untrusted XML parsed with xml.dom.minidom.parseString
#33
sveeke
closed
5 years ago
1
Unhandled Division by Zero
#32
sveeke
closed
5 years ago
1
JWT signed badges signatures can be forged
#31
sveeke
closed
5 years ago
7
Admin can delete protected items on the admin UI
#30
sveeke
closed
5 years ago
1
Timing-side channel in API helps testing if an email address is registered
#29
sveeke
opened
6 years ago
0
Enumeration of user ids in API endpoint BadgeUserEmailDetail
#28
sveeke
closed
5 years ago
2
Upload files with arbitrary extensions to publicly accessible URL
#27
sveeke
opened
6 years ago
1
ResizeUploadedImage possible server and client-side Resource Exhaustion Vulnerability
#26
sveeke
closed
5 years ago
1
Hardcoded Unsubscribe token in settings.py
#25
sveeke
opened
6 years ago
3
Use any e-mail-address as the issuers address.
#24
sveeke
opened
6 years ago
4
Frameable response (potential Clickjacking)
#23
sveeke
opened
6 years ago
1
SSL Medium and RC4 Ciphers supported
#22
sveeke
opened
6 years ago
1
Missing Terms of Service and Privacy Policy
#21
sveeke
closed
5 years ago
2
Files are uploaded on the same webserver
#20
sveeke
closed
5 years ago
2
Authentication Token In URL
#19
sveeke
opened
6 years ago
2
SSH Server Publicly Accessible
#18
sveeke
opened
6 years ago
2
No rate limiting on resend verification mail.
#17
sveeke
opened
6 years ago
1
Improve Input Validation and output Sanitization.
#16
sveeke
opened
6 years ago
0
Cipher Order Determined by Client
#15
sveeke
opened
6 years ago
2
Insecure API Session Management
#14
sveeke
opened
6 years ago
2
Json Parser Errors shown on screen.
#13
sveeke
opened
6 years ago
1
Web Browser XSS Protection Not Enabled
#12
sveeke
opened
6 years ago
1
Insecure Password Policy
#11
sveeke
opened
6 years ago
1
The provider parameter does not use the proper error control
#10
sveeke
opened
6 years ago
1
Host header poisoning
#9
sveeke
opened
6 years ago
1
User Enumeration using the issuer manage staff functionality
#8
sveeke
opened
6 years ago
1
Django Debug mode reveals information about the code and infrastructure.
#7
sveeke
closed
5 years ago
2
Python Plugin Version leaked and outdated
#6
sveeke
closed
5 years ago
2
The "name" parameter of the award a badge functionality lacks any input validation
#5
sveeke
opened
6 years ago
3
Outdated Nginx webservers installed
#4
sveeke
opened
6 years ago
1
No Bruteforce Protection on Account Login
#3
sveeke
opened
6 years ago
4
Missing HTTP Strict-Transport-Security Headers
#2
sveeke
opened
6 years ago
2
SSH Server on surf-dev2.edubadges.nl has CBC Mode Ciphers Enabled
#1
sveeke
opened
6 years ago
1