Turun yliopisto

Responsible vulnerability disclosure acknowledgements

University of Turku is grateful to the following researchers who have responsibly disclosed vulnerabilities on systems and services used at the university.

2024:

  • Nitya Nand Jha (Shunux) (LinkedIn) – Information exposure
  • Rajkumar Shanmugam (LinkedIn) – Cross-site scripting, Information exposure
  • Gaurang Maheta (LinkedIn) – Security misconfiguration, Information exposure
  • Harsh Maheta (LinkedIn) – Remote code execution
  • Shivam Dhingra (LinkedIn) – CORS Misconfiguration
  • Divya Chaudhari (LinkedIn) – Information disclosure
  • Jagdish Dube (LinkedIn) – Information disclosure
  • Sakil Hasan Saikat (LinkedIn) – Information disclosure

2023:

  • Mohamed Akees (LinkedIn) – Broken link hijacking
  • Abdelrahman Ibrahim Farg (LinkedIn) – Cross-origin resource sharing
  • Adrian Tirado Garcia (LinkedIn) – Remote Code Execution, information exposure
  • Belal Rashed Othman (LinkedIn) – Open redirect, insecure direct object reference
  • Defenzilite Security Team (LinkedIn) – Security misconfiguration
  • Devang Karelia (X) – Abuse Of Functionality
  • Nikhil Rane (LinkedIn) – Security misconfiguration
  • Durvesh Kolhe (LinkedIn) – Abuse of Functionality
  • Sunil Rathod (X) – Information exposure, Security misconfiguration
  • Priyanshu Dhiman (LinkedIn) – Information disclosure
  • Kartik Garg (LinkedIn) – Denial Of Service
  • Bharat (mrnoob) (LinkedIn) – Information disclosure
  • Mohamed Shibil (LinkedIn) – Use of Default Credentials
  • Nilabh Rajpoot (LinkedIn) – Information exposure
  • Everton Silva (LinkedIn) – Information disclosure
  • Agrim Dua (LinkedIn) – Improper privilege management
  • Youwei Xu (Website) – Improper access control
  • Biswajeet Ray (LinkedIn) – Abuse of Functionality
  • Felipe Gabriel Renzi (LinkedIn) – Security misconfiguration
  • Soham Lad (LinkedIn) – Information exposure, Security misconfiguration
  • Anjali Mehra (LinkedIn) – Information disclosure
  • Sharique Raza (LinkedIn) - Reflected cross-site scripting
  • Parag Bagul (LinkedIn) – Remote code execution, Information exposure, Security misconfiguration
  • Rohit Sharma (LinkedIn) – Information disclosure
  • Krishna Agarwal (LinkedIn) – Security misconfiguration, Information exposure

2022:

  • Shivam Pravin Khambe (X) – Abuse of Functionality
  • Keyur Maheta – Open redirect, Default credentials, Information disclosure
  • Sami Rantanen – Information exposure
  • Praveen Yadav (X) – Cross-site scripting
  • Sami Rantanen – Information exposure
  • Shuvam Adhikari (X, Facebook) – Information exposure, security misconfiguration, open redirect
  • Manisha Dilshan (X) – Reflected HTML injection
  • Foysal Ahmed (X) – Information exposure

2021:

  • Kasper Karlsson (Website) – Reflected HTML injection
  • Gaurav Kumar (Twitter, Facebook) – Cross-site scripting
  • Aditya Soni (LinkedIn) – Reflected cross-site scripting

2020:

  • Sahid Ahmed (X (Twitter)) – Security misconfiguration