Credits
2015-12-17 pro.topsy.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-12-17 topsy.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-12-17 topsy.com
A server configuration issue was addressed. We would like to acknowledge Bill Cave for reporting this issue.
2015-12-17 topsy.com
A server configuration issue was addressed. We would like to acknowledge Sindhuja Sane (facebook.com/sindhuja.reddy.137) for reporting this issue.
2015-12-17 topsy.com
A server configuration issue was addressed. We would like to acknowledge Muhammad Shahmeer for reporting this issue.
2015-12-17 topsy.com
A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-12-17 pro.topsy.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-12-15 topsy.com
A cross-site request forgery issue was addressed. We would like to acknowledge Zeyad Khaled Mohamed (@zeyadk99) for reporting this issue.
2015-12-15 pro.topsy.com
A server configuration issue was addressed. We would like to acknowledge Hardik Tailor (@iamhardiktailor) (facebook.com/hardik.tailor.hkr) for reporting this issue.
2015-12-15 pro.topsy.com
A server configuration issue was addressed. We would like to acknowledge Hardik Tailor (@iamhardiktailor) (facebook.com/hardik.tailor.hkr) for reporting this issue.
2015-12-15 pro.topsy.com
A server configuration issue was addressed. We would like to acknowledge Hardik Tailor (@iamhardiktailor) (facebook.com/hardik.tailor.hkr) for reporting this issue.
2015-12-01 ets-web.filemaker.com
A server configuration issue was addressed. We would like to acknowledge Micheal Cottingham for reporting this issue.
2015-12-01 filemaker.com
A server configuration issue was addressed. We would like to acknowledge Ahmed Adel Abdelfattah (facebook.com/00SystemError00) for reporting this issue.
2015-12-01 consultants.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Hadji Samir of Evolution Security GmbH - Vulnerability Laboratory and Mohamed Khaled Fathy (facebook.com/Squnity) for reporting this issue.
2015-11-18 id.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Mazen Gamal Mesbah (@MazenGamal) for reporting this issue.
2015-11-17 selfsolve.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Roberto Zanga (facebook.com/Liau180912) for reporting this issue.
2015-11-13 apple.com/feedback
A server configuration issue was addressed. We would like to acknowledge Jose Carlos Exposito Bueno of 0xlabs for reporting this issue.
2015-11-04 aoschat.apple.com
A server configuration issue was addressed. We would like to acknowledge Sam Edward Gaikwad (facebook.com/imzephyr) and Lazy King (zubairhasan.pro) for reporting this issue.
2015-10-29 getsupport.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Thomas GUITTONNEAU for reporting this issue.
2015-10-26 support.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Mohammad Ben-Amoor of LMaster team for reporting this issue.
2015-10-26 support.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Tatsuki Maekawa of Gehirn Inc. for reporting this issue.
2015-10-21 beatsbydre.com
A server configuration issue was addressed. We would like to acknowledge Ahmed Abdalla Fathi (fb.com/mr.alexseve) for reporting this issue.
2015-10-21 ecommerce.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Takeshi Terada of Mitsui Bussan Secure Directions, Inc. for reporting this issue.
2015-10-21 consultants.apple.com
A server configuration issue was addressed. We would like to acknowledge Prem Kumar (@iAmPr3m) for reporting this issue.
2015-10-13 help.filemaker.com
A cross-site scripting issue was addressed. We would like to acknowledge Sumit Sahoo (facebook.com/54H00) for reporting this issue.
2015-10-09 icloud.com
A server configuration issue was addressed. We would like to acknowledge Abdulraheem Khaled bin el waled for reporting this issue.
2015-10-08 support.apple.com
A server configuration issue was addressed. We would like to acknowledge Jordy Zomer (jordyzomer.nl) for reporting this issue.
2015-10-08 support.apple.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-10-07 support.apple.com
A server configuration issue was addressed. We would like to acknowledge James Tucker of Google for reporting this issue.
2015-10-05 challengebasedlearning.org
A clickjacking issue was addressed. We would like to acknowledge Michal Koczwara (linkedin.com/in/michalkoczwara), Muhammad Osama (facebook.com/profile.php?id=100001183774319), and Jay Patel (facebook.com/jaypatel9717) for reporting this issue.
2015-10-01 beatsbydre.com
A cross-site scripting issue was addressed. We would like to acknowledge Noah Wilcox of CraterDesigns.com for reporting this issue.
2015-09-28 developer.filemaker.com
A cross-site scripting issue was addressed. We would like to acknowledge Kévin Valentin Vigerie for reporting this issue.
2015-09-25 topsy.com
A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher and an anonymous researcher for reporting this issue.
2015-09-25 devforums.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Siddhesh Gawde (facebook.com/pen3t3r) for reporting this issue.
2015-09-25 ecommerce.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Kacper Rybczyński of kacperrybczynski.com for reporting this issue.
2015-09-23 cctechchatwebapi.apple.com
A server configuration issue was addressed. We would like to acknowledge Kieran Claessens (kieranclaessens.be) for reporting this issue.
2015-09-22 contentdelivery.itunes.apple.com
A server configuration issue was addressed. We would like to acknowledge @TwitterSecurity for reporting this issue.
2015-09-21 idmsa.apple.com
A server configuration issue was addressed. We would like to acknowledge Aditya Balapure (in.linkedin.com/in/adityabalapure) and Hammad Qureshi (Dig8labs.com) for reporting this issue.
2015-09-16 erp.apple.com
A server configuration issue was addressed. We would like to acknowledge Rafael Fontes Souza (linkedin.com/in/rafaelfontessouza) of Cipher Intelligence Labs for reporting this issue.
2015-09-16 configuration.apple.com
A server configuration issue was addressed. We would like to acknowledge Ayoub Fathi for reporting this issue.
2015-09-16 jobs.apple.com
An information disclosure issue was addressed. We would like to acknowledge Jean-Pierre Mouilleseaux for reporting this issue.
2015-09-04 iforgot.apple.com
A server configuration issue was addressed. We would like to acknowledge Kiran Karnad (@ipentest), Basava Gowda (facebook.com/basava.sb), Ali Kabeel (kabeel.com), Raghavendra Yadav, and Yu-Cheng Lin (@AndroBugs) for reporting this issue.
2015-09-04 itunesconnect.apple.com
A cross-site request forgery issue was addressed. We would like to acknowledge @RonMasas for reporting this issue.
2015-09-04 itunesconnect.apple.com
An open redirect issue was addressed. We would like to acknowledge @RonMasas for reporting this issue.
2015-09-04 apple.com
A mail server configuration issue was addressed. We would like to acknowledge Abdul Haq Khokhar (@abdulhaqkhokhar) of Haqtify.com, Yash pandya (yashpandyasecuritytester.blogspot.com), Jatin Bhatodra of MITSOM (Pune), Ketan Patil (linkedin.com/pub/ketan-patil/14/863/805) of infobittechnologies.com, karthikeyan K (linkedin.com/in/karthikeyan1337), Christoph Nehring, and an anonymous researcher for reporting this issue.
2015-08-28 iadworkbench.apple.com
A clickjacking issue was addressed. We would like to acknowledge Jayvardhan Singh (@Silent_Screamr) for reporting this issue.
2015-08-27 appleid.apple.com
A server configuration issue was addressed. We would like to acknowledge Chris Saldanha (@ChristoDeluxe) of Shopify Inc. for reporting this issue.
2015-08-24 burstly.com
A server configuration issue was addressed. We would like to acknowledge Pulkit Pandey (@pulkitpandey92) for reporting this issue.
2015-08-24 topsy.com
A cross-site scripting issue was addressed. We would like to acknowledge Rodolfo Godalle, Jr. (facebook.com/junior.ns1de) for reporting this issue.
2015-08-27 itunesconnect.apple.com
An information disclosure issue was addressed. We would like to acknowledge Simon Nishi McCorkindale of FUNX for reporting this issue.
2015-08-27 itunesu.itunes.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Spencer Gietzen of San Diego State University and Ameen Saleminik of Cal High for reporting this issue.
2015-08-21 burstly.com
A server configuration issue was addressed. We would like to acknowledge an Kaustubh G. Padwad (@s3curityb3ast) for reporting this issue.
2015-08-20 asw.apple.com
A server configuration issue was addressed. We would like to acknowledge Muhammad Shahzad (pk.linkedin.com/in/mbinshahzad) for reporting this issue.
2015-08-11 apple.com
An input validation issue was addressed. We would like to acknowledge Benjamin Kunz Mejri of Evolution Security GmbH for reporting this issue.
2015-08-05 metaio.com
A clickjacking issue was addressed. We would like to acknowledge C Vishnu Vardhan Reddy (facebook.com/vishnu.dfx) for reporting this issue.
2015-07-28 www.itunespulse.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-07-28 topsy.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-07-28 itunespulse.com
A content spoofing issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-07-28 itunespulse.com
A clickjacking issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-07-27 beatsbydre.com
A cross-site scripting issue was addressed. We would like to acknowledge Saurabh Pundir (facebook.com/sauby007) of Torrid Networks Pvt Ltd. for reporting this issue.
2015-07-23 support.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Hadji Samir of Evolution Security GmbH for reporting this issue.
2015-07-08 beatsbydre.com
A cross-site scripting issue was addressed. We would like to acknowledge Osanda Malith Jayathissa - ඔසඳ මාලිත් ජයතිස්ස (@OsandaMalith), Shrey Sethi (PioNeer Haxs, facebook.com/shreysethi56), and Kevin Tram (facebook.com/Chris.yolor) for reporting this issue.
2015-07-08 albert.apple.com
A server configuration issue was addressed. We would like to acknowledge Alexander Traud of traud.de for reporting this issue.
2015-07-01 itunesu.itunes.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Hadji Samir of Evolution Security GmbH for reporting this issue.
2015-06-25 consultants.apple.com
A directory traversal issue was addressed. We would like to acknowledge Amit Kumar (linkedin.com/in/Hitman) of Tula's Institute, Dehradun for reporting this issue.
2015-06-24 devforums.apple.com
A cross-site request forgery issue was addressed. We would like to acknowledge Lukas Reschke of Nextcloud GmbH for reporting this issue.
2015-06-24 marketresearch.apple.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-06-23 pro.topsy.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-06-23 filemaker.com
A cross-site scripting issue was addressed. We would like to acknowledge Yogesh Tantak (facebook.com/ytantak1), Shrikant Bagdanen (facebook.com/ShrikantRaje), and Sunil Bhamare (facebook.com/sunil2809) for reporting this issue.
2015-06-19 aoschat.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt (xss.cx) for reporting this issue.
2015-06-18 challengebasedlearning.org
An information disclosure issue was addressed. We would like to acknowledge Max Prietzel for reporting this issue.
2015-06-10 solutions.filemaker.com
An SQL injection issue was addressed. We would like to acknowledge Blancke Enzo of Oostrozebeke, Belgium (facebook.com/enzo.blancke) for reporting this issue.
2015-06-09 airprint.apple.com
An SSL configuration issue was addressed. We would like to acknowledge Hardik Tailor (@iamhardiktailor - facebook.com/hardik.tailor.hkr) and Pulkit Pandey (@pulkitpandey92) for reporting this issue.
2015-06-09 airprint.apple.com
A credential handling issue was addressed. We would like to acknowledge Hardik Tailor (@iamhardiktailor - facebook.com/hardik.tailor.hkr) for reporting this issue.
2015-06-08 itunesu.itunes.apple.com
A stored cross-site scripting issue was addressed. We would like to acknowledge Tameem Safi (safi.me.uk) for reporting this issue.
2015-06-08 pro.topsy.com
An insecure session cookie was addressed. We would like to acknowledge Jose Rabal Sastre (joserabal.com) and Mo'men Basel (MomenBasel.com) for reporting this issue.
2015-06-04 topsy.com
A cross-site scripting issue was addressed. We would like to acknowledge Amit A Shora of Global Artificial Solution (facebook.com/amit.sohara) for reporting this issue.
2015-06-02 discussions.apple.com
A content spoofing issue was addressed. We would like to acknowledge Joel Melegrito of Invalid Web Security for reporting this issue.
2015-06-01 deploy.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Nabeel Ahmed of Dimension Data Belgium for reporting this issue.
2015-05-28 itunesu.itunes.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Michael Stolarz for reporting this issue.
2015-05-28 store.apple.com
A stored cross-site scripting issue was addressed. We would like to acknowledge Wang Jing (tetraph.com/wangjing/), Balaji P R (balag.in and linkedin.com/in/balagpy), Christopher Dreher (@schniggie), Osman Doğan (@osmand0gan and linkedin.com/profile/view?id=113218663), Mahmoud El Manzalawy (@is4curity), and Alexandre V Pessoa for reporting this issue.
2015-05-28 itunesu.itunes.apple.com
A stored cross-site scripting issue was addressed. We would like to acknowledge Yashar Ghaffarloo for reporting this issue.
2015-05-22 itunesconnect.apple.com
A session management issue was addressed. We would like to acknowledge Renato Ribeiro (renatoribeiro.me) for reporting this issue.
2015-05-20 deploy.apple.com
An open redirect issue was addressed. We would like to acknowledge Fady S. Ghatas of TiTrias.com for reporting this issue.
2015-05-13 static.ips.apple.com
A server configuration issue was addressed. We would like to acknowledge Ryan Dolan "dangerdwolf" for reporting this issue.
2015-05-04 discussion.apple.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-05-04 discussion.apple.com
A server configuration issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-05-01 hopstop.com
A server configuration issue was addressed. We would like to acknowledge Vishwaraj Bhattrai (vishwarajbhattrai.wordpress.com/author/vishwaraj67/) for reporting this issue.
2015-04-29 support.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Tsubasa Iinuma (@llamakko_cafe) for reporting this issue.
2015-04-14 sscontent.apple.com
A server configuration issue was addressed. We would like to acknowledge Jesse Mikael Järvi of jessejarvi.net for reporting this issue.
2015-04-06 topsy.com
A cross-site scripting issue was addressed. We would like to acknowledge Amit A Shora of Global Artificial Solution and Peter Ellehauge of Yahoo paranoids for reporting this issue.
2015-04-05 consultants.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Hat_Mast3r (facebook.com/HatMast3r) for reporting this issue.
2015-04-05 download.info.apple.com
A server configuration issue was addressed. We would like to acknowledge Omar Benbouazza (@omarbv) of Microsoft and MSVR for reporting this issue.
2015-04-03 ade.apple.com
A server configuration issue was addressed. We would like to acknowledge Ali Wamim Khan for reporting this issue.
2015-03-20 widgets.itunes.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge lokihardt@ASRT working with HP's Zero Day Initiative for reporting this issue.
2015-03-12 discussions.apple.com
A web configuration issue was addressed. We would like to acknowledge Kieran Claessens (facebook.com/dark.inside.one) for reporting this issue.
2015-02-11 downloads.topsy.com
A DNS issue was addressed. We would like to acknowledge Mohit Gupta (@amohitgupta1) for reporting this issue.
2015-02-10 feeds.itunes.apple.com
A server configuration issue was addressed. We would like to acknowledge Imran Ghory (@imranghory) for reporting this issue.
2015-02-05 support.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge an anonymous researcher for reporting this issue.
2015-02-02 airprint.apple.com
Cross-site request forgery issues were addressed. We would like to acknowledge Momen Basel (@MomenBassel) for reporting this issue.
2015-01-21 supportprofile.apple.com
A clickjacking issue was addressed. We would like to acknowledge Yashar Ghaffarloo (yashar.org) for reporting this issue.
2015-01-21 discussions.apple.com
A stored cross-site scripting issue was addressed. We would like to acknowledge Deepanker Chawla (deepanker.in) for reporting this issue.
2015-01-15 itunespulse.com
A cross-site request forgery vulnerability was addressed. We would like to acknowledge Paul Seekamp (linkedin.com/in/paulseekamp) for reporting this issue.
2015-01-15 itunespulse.com
Cross-site request forgery issues were addressed. We would like to acknowledge Paul Seekamp (linkedin.com/in/paulseekamp) for reporting this issue.
2015-01-15 discussions.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Kaustubh G. Padwad (@s3curityb3ast) for reporting this issue.
2015-01-14 itunesu.itunes.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Gökay Gündoğan of gokaygundogan.com.tr for reporting this issue.
2015-01-12 consultants.apple.com
An SQL injection issue was addressed. We would like to acknowledge Hat_Mast3r (facebook.com/HatMast3r) for reporting this issue.
2015-01-07 ac-netstorage.apple.com
A web configuration issue was addressed. We would like to acknowledge Kristian Erik Hermansen of Undisclosed Ventures for reporting this issue.
2015-01-05 hopstop.com
An SSL configuration issue was addressed. We would like to acknowledge Milan A Solanki (Facebook.com/Mas.Hackers) and an anonymous researcher for reporting this issue.
2015-01-05 hopstop.com
A configuration issue was addressed. We would like to acknowledge Milan A Solanki (facebook.com/Mas.Hackers) for reporting this issue.