2017HackerOne PrivateCRLF Injection
2017Bugcrowd PrivateXSS
2017Yandex***
2017Yandex***
2017Yandex***
2017Yandex***
2017HackerOne PrivateImproper Authentication
2017HackerOne PrivateInformation Leakage
2017HackerOne PrivateXSS
2017HackerOne PrivateXSS
2017Bugcrowd PrivateXSS
2017HackerOne PrivateInsecure CORS
2017Bugcrowd PrivateXSS
2017Twitter[dev.twitter.com] XSS, Open Redirect [2]
2017Ubiquiti Networks[dev-nightly.ubnt.com] Local File Reading
2017SpotifyInformation Leakage
2017Bugcrowd PrivateXSS
2017HackerOne PrivateXSS
2017Bugcrowd PrivateCRLF Injection
2017HackerOne PrivateXSS
2017Tesla***
2017HackerOne PrivateInformation Leakage
2017HackerOne PrivateXSS
2017HackerOne PrivateXSS
2017HackerOne PrivateXSS
2017HackerOne PrivateXSS
2017HackerOne PrivateOpen Redirect
2017HackerOne PrivateXSS
2017HackerOne PrivateXSS
2017HackerOne PrivateOpen Redirect
2017HackerOne PrivateOpen Redirect
2017Yandex[forms.yandex.ru] Open Redirect
2017Ubiquiti Networks[dev-unifi-go.ubnt.com] Insecure CORS
2017StatusPage***
2017Twitter***
2017Google***
2017Detectify CS***
2017Detectify CS***
2017Detectify CS***
2017Algolia[github.algolia.com] DOM Based XSS
2017Ubiquiti Networks[nutty.ubnt.com] DOM Based XSS
2017Postmates***
2017LocalTapiola***
2017HackerOne PrivateXSS
2017HackerOne PrivateOpen Redirect
2017HackerOne PrivateCRLF Injection
2016Bugcrowd PrivateXSS
2016HackerOne PrivateCRLF Injection
2016Bugcrowd PrivateInformation Leakage
2016Bugcrowd PrivateXSS
2016Bugcrowd PrivateXSS
2016Bugcrowd PrivateCookie Injection
2016LocalTapiola***
2016LocalTapiola[www.lahitapiola.fi] Cookie Injection
2016Yandex[awaps.yandex.ru] Information Leakage
2016Dropbox***
2016Qiwi[qiwi.com] Information Leakage
2016Quora[Android] XSS
2016Quora[*.quora.com] XSS
2016HackerOne PrivateXSS
2016HackerOne PrivateCRLF Injection
2016HackerOne PrivateSource Code Disclosure
2016Bugcrowd PrivateInformation Leakage
2016LocalTapiola[viestinta.lahitapiola.fi] XSS
2016LocalTapiola[viestinta.lahitapiola.fi] SQL Injection
2016LocalTapiola[viestinta.lahitapiola.fi] Email HTML Injection
2016LocalTapiola[viestinta.lahitapiola.fi] SQL Injection
2016LocalTapiola[verkkopalvelu.lahitapiola.fi] Open Redirect
2016Qiwi***
2016Brave Software***
2016Bugcrowd PrivateXSS
2016Automattic[*.wordpress.com] XSS
2016HackerOne PrivateOpen Redirect
2016HackerOne PrivateOpen Redirect
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Qiwi***
2016Yahoo[fb.member.yahoo.com] ***
2016Qiwi[qiwi.com] Information Disclosure
2016Qiwi[ibank.qiwi.ru] UI Redressing
2016Qiwi***
2016Shopify[apps.shopify.com] Open Redirect
2016FoxyCart[foxycart.com] ***
2016Android[Android] Elevation of privilege vulnerability in Android Launcher
2016HackerOne PrivateXSS
2016HackerOne PrivateCRLF Injection, XSS
2016HackerOne PrivateXSS
2016HackerOne PrivateOpen Redirect
2016Yandex[*.yandex.ru] XSS
2016HackerOne PrivateInformation Leakage
2016HackerOne PrivateXSS
2016HackerOne PrivateXSS
2016HackerOne PrivateXSS
2016HackerOne PrivateXSS
2016Yahoo[analytics.help.yahoo.com] ***
2016Ubiquiti Networks[account-global.ubnt.com] CRLF Injection
2016HackerOne PrivateOpen Redirect
2016Sucuri[support.sucuri.net] CRLF Injection
2016Google[*.vendortest.ext.google.com] CRLF Injection
2016Mozilla[mozilla.com] CRLF Injection
2016Mail.Ru[upload-*.my.mail.ru] Insecure Direct Object References
2016Mail.Ru[my.mail.ru] HTML Injection
2016Yandex[yandex.ru] Open Redirect
2016Yandex[yandex.ru] XSS
2016Yandex[yandex.ru] Open Redirect
2016Yandex[developer.store.yandex.ru] XSS
2016HackerOne PrivateXSS
2016Uber[riders.uber.com] ***
2016Uber[m.uber.com] Open Redirect
2016Yandex[fx.yandex.ru] Open Redirect
2016Yandex[pogoda.yandex.ru] Open Redirect
2016Yahoo[*.yql.yahoo.com] ***
2016HackerOne PrivateCRLF Injection, XSS
2016Romit[app.romit.io] ***
2016Yandex[api.lbs.yandex.ru] CRLF Injection, XSS
2016Yandex[events.yandex.ru] XSS
2015Yandex[developer.store.yandex.ru] CSRF
2015Zopim[status.zopim.com] Open Redirect
2015Mozilla[mozilla.com] ***
2015Yandex[delivery.yandex.ru] Open Redirect
2015Yandex[api.browser.yandex.ru] XSS, CRLF Injection, Open Redirect
2015Yandex[api.browser.yandex.ru] XSS
2015Yandex[api.browser.yandex.ru] Information Leakage
2015Yandex[mail.yandex.ru] Information Leakage
2015Yandex[yandex.ru] XSS
2015Keybase[keybase.io] Open Redirect
2015Yandex[api.direct.yandex.com] XSS
2015Yandex[m.afisha.yandex.ru] CRLF Injection
2015Yandex[mbo.market.yandex.ru] Insufficient Authorization
2015Mail.Ru[my.mail.ru] CRLF Injection
2015Gratipay[gratipay.com] CRLF Injection
2015Yandex[bnbym.yandex.com.tr] Open Redirect
2015Yahoo[login.yahoo.com] ***
2015Shopify[www.*.myshopify.com] CRLF Injection
2015Mail.Ru[s.mail.ru] CRLF Injection
2015Yandex[partner.yandex.ru] CSRF
2015Yandex[rabota.yandex.ru] Information Leakage
2015Yandex[rabota.yandex.ru] CSRF
2015Yandex[money.yandex.ru] XSS
2015Yandex[adtune.yandex.ru] Open Redirect
2015Yandex[maps.wiki.yandex.ru] UI Redressing
2015Yandex[*.yandex.ru] Information Leakage
2015Yandex[pdd.yandex.ru] XSS
2015Yandex[pdd.yandex.ru] XSS
2015Yandex[awaps.yandex.ru] Information Leakage
2015Yandex[mail.yandex.ru] XSS
2015Yandex[mtquality.maps.yandex.ru] Information Leakage, CSRF, SSRF
2015Yandex[partner.*.yandex.ru] Information Leakage
2015Yandex[mail.yandex.ru] XSS
2015Yandex[mail.yandex.ru] XSS
2015Yandex[browser.export.yandex.com] Information Leakage
2015Yandex[xml.yandex.ru] XSS
2015Yandex[tech.yandex.ru] XSS
2015Trello[blog.trello.com] CRLF Injection
2015Trello[trello.com] Open Redirect
2015Yandex[mail.yandex.ru] Information Leakage
2014Yandex[*.yandex.ru] Information Leakage
2014Yandex[balance.yandex.ru] XSS, Information Leakage
2014Yandex[address.yandex.ru] Open Redirect
2014Yandex[abo.uslugi.yandex.ru] Information Leakage
2014Yandex[tech.yandex.ru] Open Redirect
2014Yandex[abo.market.yandex.ru] XSS
2014Yandex[abo.market.yandex.ru] Information Leakage
2014Yandex[bo.uslugi.yandex.ru] Open Redirect
2014Yandex[mbo.market.yandex.ru] SQL Injection
2014Yandex[www.*.ya.ru] CRLF Injection
2014Indeed[*.indeed.com] ***
2014Square[account.squareup.com] ***
2014Heroku[*.heroku.com] ***
2014Vimeo[vimeopro.com] CRLF Injection
2014Sunrise Calendar[*.sunrise.am] Open Redirect
2014Yandex[company.yandex.com] UI Redress Attack
2014Yandex[pda.yaca.yandex.ru] Cookie Injection
2014Mail.Ru[connect.mail.ru] Memory Disclosure / IE XSS
2014Facebook[facebook.com] XSS
2014Qiwi[qiwi.com] ***
2014Qiwi[sms.qiwi.ru] ***
2014Qiwi[sms.qiwi.ru] ***
2014Qiwi[qiwi.com] Open Redirect
2014Yandex[company.yandex.com] Open Redirect
2014Yandex[company.yandex.com] XSS
2014Yandex[push.yandex.ru] Cross-Site WebSocket Hijacking
2014Yandex[mail.yandex.ru] Open Redirect
2014Yandex[mail.yandex.ru] XSS
2014Yandex[mail.yandex.ru] XSS
2014Yandex[mail.yandex.ru] Stored XSS
2014Yandex[mail.yandex.ru] XSS
2014Yandex[mail.yandex.ru] Content Spoofing
2014Yandex[mail.yandex.ru] XSS
2014Yandex[music.yandex.ru] Stored XSS
2014Django[Django] Cookie Injection [2]
2014Yandex[mail.yandex.ru] XSS
2014Yahoo[answers.yahoo.com] ***
2014Yandex[subs.yandex.ru] XSS
2014Yandex[news.yandex.ru] DOM-Based XSS
2014Qiwi[ishop.qiwi.com] CRLF Injection
2014Yandex[Yandex Direct] XSS
2014Yandex[fotki.yandex.ru] CSRF
2014Yandex[www.yandex.ru] XSS
2014Yandex[market.yandex.ru] Source Code Disclosure
2014Yandex[android-us.apps.yandex.ru] Cookie Injection
2014Yandex[*.yandex.ru] CRLF Injection
2014Google[Google Analytics] Cookie Injection [2]
2014Yandex[widgets.yandex.ru] XSS
2014Yandex[mail.yandex.ru] CSRF
2014Yandex[www.yandex.ru] Stored XSS
2014Yandex[mail.yandex.ru] CSRF
2014Yandex[api-lenta.yandex.ru] XSS
2014Yandex[market.yandex.ru] Cookie Injection
2014Yandex[market.yandex.ru] XSS
2014Yandex[m.afisha.yandex.ru] SSRF
2014Yandex[streaming.video.yandex.ru] CRLF Injection
2014Yandex[partner.news.yandex.ru] XSS
2014Yandex[advq.yandex.ru] Server-Side JavaScript Injection (RCE?)
2014Yandex[balance-slb.yandex.ru] Open Redirect
2014Yandex[wdgt.yandex.ru] Information Leakage
2014Yandex[www.yandex.com.tr] Information Leakage
2014Yandex[my.ya.ru] Open Redirect
2014Yandex[passport.yandex.ru] XSS
2014Yandex[passport.yandex.ru] Open Redirect
2014Yandex[wdgt.yandex.ru] Information Leakage
2014Yandex[www.yandex.com.tr] Information Leakage
2014Yandex[m.tv.yandex.ru] Cookie Injection
2014Yandex[m.tv.yandex.ru] CSRF
2014Yandex[tv.yandex.ru] CSRF
2014Yandex[m.pogoda.yandex.ru] DOM-Based XSS
2014Yahoo[answers.yahoo.com] ***
2014Yandex[*.yandex.ru] Cookie Injection
2014Yandex[api-yaru.yandex.ru] XSS
2013Yandex[*.yandex.ru] Open Redirect
2013Yandex[zakladki.yandex.ru] CRLF Injection
2013Yandex[oauth.yandex.ru] CRLF Injection
2013Yandex[welcome.advertising.yandex.ru] XSS
2013Yandex[m.market.yandex.ru] LFI
2013Yandex[my.ya.ru] DOM-Based XSS
2013Yandex[my.ya.ru] DOM-Based XSS
2013Yandex[company.yandex.ru] DOM Based XSS
2013Google[Google Analytics] Cookie Injection [2]
2013Yahoo[screen.yahoo.com] ***
2013Yandex[site.yandex.ru] XSS
2013Yandex[webmaster.yandex.ru] Open Redirect
2013Yandex[api.yandex.ru] Information Leakage
2013Yandex[bookmarks.yandex.ru] Information Leakage
2013Yandex[bookmarks.yandex.ru] CSRF
2013Yandex[cards.yandex.ru] Information Leakage
2013Yandex[*.yandex.ru] Open Redirect
2013Yandex[balance.yandex.ru] XSS
2013Yandex[balance.yandex.ru] XSS
2013Yandex[bayan.yandex.ru] Information Leakage
2013Yandex[ba.yandex.ru] XSS
2013Yandex[api.yandex.ru] XSS
2013Yandex[api.yandex.ru] XSS
2013Yandex[mail.yandex.ru] Open Redirect
2013Yandex[yaca.yandex.ru] XSS
2013Yandex[cards.yandex.ru] Information Leakage
2013Yandex[cards.yandex.ru] Open Redirect
2013Yandex[cards.yandex.ru] CSRF
2013Yahoo[ru.yahoo.com] ***
2013Yandex[Yandex Direct] XSS
2013Yandex[images.yandex.ru] Information Leakage
2013Yandex[market.yandex.ru] Open Redirect
2013Yandex[flv.video.yandex.ru] SWF XSS
2013Yandex[flv.video.yandex.ru] SWF XSS
2013Yandex[www.yandex.ru] Stored XSS
2013Yandex[www.yandex.ru] XSS
2013Yandex[moikrug.ru] XSS
2013Bugcrowd PrivateXSS
2013Yandex[site.yandex.ru] DOM Based XSS
2013Yandex[rabota.yandex.ru] DOM Based XSS
2013Yandex[*.yandex.ru] Open Redirect
2013Yandex[flv.video.yandex.ru] SWF XSS
2013Yandex[flv.video.yandex.ru] SWF XSS
2013Yandex[bar-widgets.yandex.ru] SWF XSS
2013Yandex[bs.yandex.ru] SWF XSS
2013Yandex[img.yandex.ru] SWF XSS
2013Yandex[fotki.yandex.ru] SWF XSS
2013Yandex[maps.yandex.ru] SWF XSS
2013Yandex[mail.yandex.ru] Open Redirect
2013Yandex[*.yandex.ru] Information Leakage
2013Yandex[xml.yandex.ru] Source Code Disclosure
2013Yandex[disk.yandex.ru] Open Redirect
2013Yandex[taxi.yandex.ru] Open Redirect
2013Yandex[company.yandex.ru] Information Leakage
2013Yandex[feedback.yandex.ru] Information Leakage
2013Yandex[www.yandex.ru] Open Redirect
2013Yandex[api.mobile.maps.yandex.net] CRLF Injection
2013Yandex[yaca.yandex.ru] XSS
2013Yandex[music.yandex.ru] Open Redirect
2013Yandex[mail.yandex.ru] XSS
2013Bugcrowd PrivateSQL Injection
2013Etsy[etsy.com] XSS
2012Yandex[money.yandex] UI redressing
2012Yandex[www.yandex.ru] XSS
2012Yandex[pass.yandex.ru] Memory disclosure
2012Yandex[api.yandex.ru] Information Leakage
2012Yandex[api.yandex.ru] Information Leakage
2012Yandex[mail.yandex.ru] XSS
2012Yandex[mail.yandex.ru] CRLF Injection. Open Redirect
2012Yandex[cards.yandex.ru] Information Leakage
2012Yandex[calendar.yandex.ru] SSRF
2012Yandex[zakladki.yandex.ru] Open Redirect
2012Yandex[pass.yandex.ru] Open Redirect
2012Yandex[*.yandex.ru] DOM Based XSS
2012Yandex[calendar.yandex.ru] Open Redirect
2012Yandex[feedback.yandex] Open Redirect
2012Yandex[www.yandex.ru] XSS
2012Yandex[mail.yandex.ru] HTTP Parameter Pollution
2012Yandex[mail.yandex.ru] Open Redirect
2012Yandex[mail.yandex.ru] CSRF
2012Yandex[pass.moikrug.ru] CRLF Injection
2012Yandex[pass.moikrug.ru] Memory disclosure
2012Yandex[pass.yandex.ru] Open Redirect
2011Facebook[facebook.com] Open Redirect
2011Google[m.youtube.com] XSS
2011Google[m.youtube.com] XSS