Shopify - Embed POST Inject Vulnerability

Vulnerability Lab found a Persistent Embed POST inject Vulnerability in the official shopify.com web application. The vulnerability allows attackers to create a "Buy Button" including malicious code. By embeding this button on an external page or if the button is displayed within the shopify market the code gets executed.

POC Video: Shopify Bug Bounty - (Buy Button) Persistent Embed POST Inject Vulnerability

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

The Vulnerability Laboratory Core Research Team discovered an application-side input validation web vulnerability in the official Ubiquiti Networks Community online service web-application.

Ubiquiti Networks is an American technology company started in 2005. Based in San Jose, California they are a manufacturer of wireless products whose primary focus is on under-served and emerging markets. (Copy of the Homepage: http://en.wikipedia.org/wiki/Ubiquiti_Networks )