philip.media

Responsible vulnerability disclosure acknowledgements

philip.media would like to thank the following security researchers, who have reported vulnerabilities to us as part of a Responsible Disclosure Procedure:

2022

Researcher Vulnerability CVE Risk level
Parshwa Bhavsar Unauthorized REST-API Access (WP) CVE-2017-5487
Gaurang Maheta Deprecated SSH Protocol (False positive) CVE-2001-1473
Dependabot Cross-domain cookie leakage in Guzzle (guzzlehttp/guzzle) CVE-2022-29248
Dependabot Fix failure to strip Authorization header on HTTP downgrade in Guzzle (guzzlehttp/guzzle) CVE-2022-31043
Dependabot Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle (guzzlehttp/guzzle) CVE-2022-31042
Dependabot Change in port should be considered a change in origin in Guzzle (guzzlehttp/guzzle) CVE-2022-31091
Dependabot CURLOPT_HTTPAUTH option not cleared on change of origin in Guzzle (guzzlehttp/guzzle) CVE-2022-31090

2021

Name of Researcher Vulnerability CVE Risk level
Intern (pb) Log4Shell CVE-2021-45105
Gaurang Maheta OpenSSH Username Enumeration  
Sivan Mujtaba XSS Vulnerability  
ykl XSS Vulnerability  
SECFAULT iFrame injection  

2020

Name of Researcher Vulnerability Risk level
No name given Database leakage