Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
December 7, 20204 yr How are you being told - are you testing against a site which checks for vulnerabilities or have you received an email? Edited December 7, 20204 yr by Nathan Explosion
December 7, 20204 yr Which site is "this site"? AFAIK we don't list any vulnerabilities here for any site.
December 7, 20204 yr 32 minutes ago, bfarber said: Which site is "this site"? "Open Bug Bounty" is what I have assumed is this -> https://www.openbugbounty.org/
December 7, 20204 yr 8 minutes ago, Nathan Explosion said: "Open Bug Bounty" is what I have assumed is this -> https://www.openbugbounty.org/ I got an email from them as well about one of my IPS installations. Something was reported by: https://www.openbugbounty.org/researchers/Cyber_India/ Security Researcher Cyber_India, a holder of 5 badges for responsible and coordinated disclosure, found a Improper Access Control security vulnerability
December 8, 20204 yr Who knows... Perhaps if you're lucky they'll also have a relative who is an exiled Nigerian Prince who direly needs to borrow just $10 to unlock his inheritance of millions and he'll pinky promise to give you a share.
August 2, 2024Aug 2 On 12/7/2020 at 5:05 PM, AlexWebsites said: I got an email from them as well about one of my IPS installations. Something was reported Did you evner get an answer from them about this? Got same email today - I’m on latest version…
August 2, 2024Aug 2 58 minutes ago, Kjell Iver Johansen said: Did you evner get an answer from them about this? Got same email today - I’m on latest version… You are responding to something over 4 years old there, but the same answer would apply. You would need to ask for specifics on what they are referring to
August 2, 2024Aug 2 It’s most likely a sales pitch. “Contact me right away to protect your users.” This rings right up there with “Contact us about your car’s extended warranty.” They want you to offer them a reward for scanning and pentesting your site.
August 9, 2024Aug 9 5 hours ago, AlexWebsites said: I did not but got an email as well, today. The answer would be the same as the 2 above. You would need more information from
September 11, 2024Sep 11 On 8/2/2024 at 9:53 AM, Marc said: You are responding to something over 4 years old there, but the same answer would apply. You would need to ask for specifics on what they are referring to Just got a Mail from them and on my site it was php info.php that was public. I have deleted it now. Not that dangerous but anyway… This information includes the PHP version, server details, loaded extensions, environment variables, and more. An attacker can use this data to identify weaknesses in the server configuration and potentially craft specific attacks against the server.
