Public
LocalTapiola
bug reports.
4,419
Bug Reports -
$2,030,173
Paid Out
Last Updated:
12th September, 2017
Team
Bounty
Title
LocalTapiola
$100
XSS on 3rd party service Localtapiola is using
LocalTapiola
$264
HTML Injection in email from http://www.lahitapiola.fi/henkilo/sivut/tonttutesti
LocalTapiola
$200
Brute force unsubscription on /webApp/unsub_sb (viestinta.lahitapiola.fi)
LocalTapiola
$50
/icons/README is still available on viestinta.lahitapiola.fi
LocalTapiola
$50
show control page if you insert ' at http://viestinta.lahitapiola.fi/
LocalTapiola
$315
High server resource usage on captcha (viestinta.lahitapiola.fi)
LocalTapiola
$400
Single user DOS on selectedLanguage -cookie (yrityspalvelu.lahitapiola.fi)
LocalTapiola
$100
Enumeration in unsubscribe -function of /omatalousuk (viestinta.lahitapiola.fi)
LocalTapiola
$150
Reflected XSS on iltakoulu_varkaus (viestinta.lahitapiola.fi)
LocalTapiola
$1,350
SQL Injection /webApp/cancel_iltakoulu regId parameter (viestinta.lahitapiola.fi)
LocalTapiola
$50
CSRF bypass + XSS on verkkopalvelu.tapiola.fi
LocalTapiola
$1,350
SQL Injection on /webApp/lapsuudenturva (viestinta.lahitapiola.fi)
LocalTapiola
$350
Sql injection on /webApp/sijoituswebinaari (viestinta.lahitapiola.fi)
LocalTapiola
$350
SQL Injection on /webApp/viivanalle (viestinta.lahitapiola.fi)
LocalTapiola
$100
OpenSSL Padding Oracle Attack (CVE-2016-2107) on viestinta.lahitapiola.fi
LocalTapiola
$400
Reflected XSS and Open Redirect (verkkopalvelu.lahitapiola.fi)
LocalTapiola
$150
Creating arbitrary cookies values /cs/CookieServer (www.lahitapiola.fi)
LocalTapiola
$1,350
SQL Injection on /webApp/sijoitustalousuk email-parameter + potential lack of CSRF Token (viestinta.lahitapiola.fi)
LocalTapiola
$450
Reflected XSS and Open Redirect in several parameters (viestinta.lahitapiola.fi)
LocalTapiola
$1,350
SQL Injection in lapsuudenturva (viestinta.lahitapiola.fi)
LocalTapiola
$50
Reflected XSS on sankarikoulutus (viestinta.lahitapiola.fi)
LocalTapiola
$1,350
SQL Injection in sijoitustalous_peruutus (viestinta.lahitapiola.fi)
LocalTapiola
$400
Open Redirect bypass and cookie leakage on www.lahitapiola.com
LocalTapiola
-
/icons/README available on viestinta.lahitapiola.fi
LocalTapiola
$50
Disclosure of IBM Websphere page
LocalTapiola
$450
XSS and open redirect in verkkopalvelu.lahitapiola.fi
LocalTapiola
$100
SMTP configuration vulnerability viestinta.lahitapiola.fi
LocalTapiola
$60
Option method enabled (viestinta.lahitapiola.fi)
LocalTapiola
$150
Multiple Reflected XSS /webApp/lahti (viestinta.lahitapiola.fi)
LocalTapiola
$350
SQL Injection /webApp/sijoitustalous_peruutus locId parameter (viestinta.lahitapiola.fi)
LocalTapiola
$264
HTML Injection in email /webApp/lahti (viestinta.lahitapiola.fi)
LocalTapiola
$350
SQL Injection /webApp/oma_conf ctx parameter (viestinta.lahitapiola.fi)
LocalTapiola
$60
Poodle attack SSLv3 Support (viestinta.lahitapiola.fi)
LocalTapiola
$100
Error Page Content Spoofing or Text Injection (viestinta.lahitapiola.fi)
LocalTapiola
$100
Suspicious browser fingerprinting(?) scripts on http://www.lahitapiola.fi/ redirector
LocalTapiola
$1,560
SQL Injection on /webApp/omatalousuk (viestinta.lahitapiola.fi)
LocalTapiola
$400
Open Redirect (verkkopalvelu.lahitapiola.fi)
LocalTapiola
$588
Lahitapiola´s customer names send to 3rd party
LocalTapiola
$750
Email Server Compromised at secure.lahitapiola.fi
LocalTapiola
$50
Reflected XSS in LTContactFormReceiver (/cs/Satellite)
LocalTapiola
$18,000
Oracle Webcenter Sites administrative and hi-privilege access available directly from the internet (/cs/Satellite)
LocalTapiola
$400
Open redirection protection bypass (/cs/Satellite)
LocalTapiola
$400
SQL Injection on `/cs/Satellite` path
LocalTapiola
$100
Oracle WebCenter Sites Support Tools available and Information disclosure (/cs/Satellite)
LocalTapiola
$50
Reflected XSS in www.lahitapiola.fi (/cs/Satellite) using Oracle WebCenter -page
LocalTapiola
$3,000
Blind Stored XSS Against Lahitapiola Employees - Session and Information leakage
LocalTapiola
$150
Mixed Active Scripting Issue on https://www.lahitapiola.fi
LocalTapiola
$100
DOM XSS bypassing in Regional Office -selector
LocalTapiola
$100
Exploiting Secure Shell (SSH) on mobilelt.lahitapiola.fi
LocalTapiola
$300
Persistent XSS at verkkopalvelu.tapiola.fi using spoofed React element and React v.0.13.3
LocalTapiola
$100
Remote Code Execution in NovaStor NovaBACKUP DataCenter backup software (Hiback)
LocalTapiola
$300
Abusing and Hacking the SMTP Server secure.lahitapiola.fi
LocalTapiola
$100
Amazon Bucket Accessible (http://inpref.s3.amazonaws.com/)
LocalTapiola
$400
Possibly big authorization problem in Lähitapiola´s varainhoito
LocalTapiola
$100
HTTP status code manipluation & java stack trace
LocalTapiola
$5,000
Blind Stored XSS Against Lahitapiola Employees - Session and Information leakage
LocalTapiola
-
Source Code Disclosure on out of scope domain viestinta.lahitapiola.fi
LocalTapiola
$100
Content Spoofing or Text Injection (404 error page injection)
LocalTapiola
$300
The PdfServlet-functionality used by the "Tee vakuutustodistus" allows injection of custom PDF-content via CSRF-attack
LocalTapiola
$400
Cookie-based client-side denial-of-service to all of the Lähitapiola domains
LocalTapiola
$100
www.lahitapiola.fi DOM XSS by choosing regional company
LocalTapiola
$1,000
Posting modified information in 'Investment section' will cause unintended information change in verkkopalvelu.tapiola.fi
LocalTapiola
$500
CSRF allows attacker to delete item from customer's "Postilaatikko"
LocalTapiola
$400
CRLF injection in https://verkkopalvelu.lahitapiola.fi/