Jonathan Bouman (@JonathanBouman)

Title	Vulnerabilities	Programs	Authors
Remote Code execution at ws1.aholdusa.com — Compromising logins of Ahold Delhaize USA employees for >3.5 years (or even 18 years?)	RCE Reflected XSS SSTI	Ahold Delhaize	Jonathan Bouman (@JonathanBouman)
Laravel debug mode left on at Zouikwatzeggen.nl leaks admin credentials & potentially submitted reports of improper behaviour at Amsterdam University Medical Centers	Debug Mode Enabled Android Email Spoofing Information Disclosure	AmsterdamUMC	Jonathan Bouman (@JonathanBouman)
Unprotected API endpoint at HAwebsso.nl leads to data leak of +15k medical doctor usernames & password hashes	SSO IDOR Missing Authentication	HAwebsso.nl	Jonathan Bouman (@JonathanBouman)
Blind SQL Injection at fasteditor.hema.com	SQL Injection	Hema	Jonathan Bouman (@JonathanBouman)
Reflected XSS at fotoservice.hema.nl	Reflected XSS Open Redirect	Hema	Jonathan Bouman (@JonathanBouman)
Email content spoofing at IKEA.com	Email Content Spoofing	Ikea	Jonathan Bouman (@JonathanBouman)
Leaked Salesforce API access token at IKEA.com	Information Disclosure Salesforce	Ikea	Jonathan Bouman (@JonathanBouman)
Persistent XSS (unvalidated Open Graph embed) at LinkedIn.com	Stored XSS	LinkedIn	Jonathan Bouman (@JonathanBouman)
Persistent XSS (Unvalidated oEmbed) at Medium.com	Stored XSS	Medium	Jonathan Bouman (@JonathanBouman)
Local file inclusion at IKEA.com	LFI	Ikea	Jonathan Bouman (@JonathanBouman)
Reflected XSS at Philips.com	Reflected XSS	Philips	Jonathan Bouman (@JonathanBouman)
XXE at Bol.com	XXE	Bol.com	Jonathan Bouman (@JonathanBouman)
Persistent XSS at AH.nl	Stored XSS	AH.nl	Jonathan Bouman (@JonathanBouman)
How I hacked Apple.com (Unrestricted File Upload)	Unrestricted File Upload	Apple	Jonathan Bouman (@JonathanBouman)
Reflected Client XSS at Amazon.com	Reflected XSS	Amazon	Jonathan Bouman (@JonathanBouman)
Unvalidated Open Redirect Bol.com	Open Redirect	Bol.com	Jonathan Bouman (@JonathanBouman)

Page 1 of 1