Lucene search
K

632 matches found

Hacker One
Hacker One
added 2016/10/14 1:47 a.m.31 views

Brave Software: Status Bar Obfuscation

Summary: In this issue, Brave's Status Bar will show the link where the user will be redirected but after he clicks the link, he redirected to other website. Products affected: Latest Version of Brave Steps To Reproduce: 1. Open the HTML file 2. You will see a hyperlink of google.com, So hover yo...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2016/10/13 6:0 a.m.22 views

Brave Software: URI Obfuscation

Summary: Typically, when obfuscating a URL, you must trick someone into viewing a website they did not want to view by tempting them with something they are familiar with. Products affected: Latest Version of Brave in Windows Steps To Reproduce: We can trick someone into viewing it like this:...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2016/10/12 3:9 p.m.22 views

Brave Software: [website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html

go to https://brave.com/braveyouthprogramsignup.html click become an ambasador insert malicious payloads in the fields YOU JUST WON 1m$ you will receive a mail like in the image attached. You can send phising emails and do other bad stuff. If you need more details i'm here...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2016/10/12 11:27 a.m.34 views

Brave Software: Brave: Admin Panel Access

Steps to reproduce While browsing through the https://blog.brave.com/admin, it is getting redirected to a admin login panel https://brave.ghost.io/ghost/signin/. Consequence An attacker can easily enumerate this admin panel with the url such as https://blog.brave.com/admin and with brute force...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2016/10/12 7:29 a.m.22 views

Brave Software: 2 Directory Listing on ledger.brave.com & vault-staging.brave.com

Hi Brave team, Have found 2 Directory listing on: - https://ledger.brave.com/swaggerui/ - https://vault-staging.brave.com/swaggerui/ Refer to screenshosts for clarification: F127337 F127336...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2016/10/12 4:25 a.m.34 views

Brave Software: Homograph attack

Summary: when we add a site to our Homepage, it's not validate a url properly, make sure it's display the punycode. Products affected: Brave 0.12.4 Tested on mac os Steps To Reproduce: In browser add homepage with IDN http://ebаy.com/ now close and open browser again you can see it's redirect to...

0.1AI score
Exploits0
Filippo.io
Filippo.io
added 2016/07/05 10:18 a.m.17 views

Securing a travel iPhone

These are dry notes I took in the process of setting up a burner iPhone SE as a secure travel device. They are roughly in setup order. I believe iOS to be the most secure platform one can use at this time, but there are a lot of switches and knobs. This list optimizes for security versus...

6.4AI score
Exploits0
hackapp
hackapp
added 2016/04/03 7:37 a.m.41 views

FINAL FANTASY BRAVE EXVIUS - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application FINAL FANTASY BRAVE EXVIUS published at the 'play' market has multiple vulnerabilities...

0.2AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/03 7:29 a.m.14 views

BLEACH Brave Souls - Dynamic Code Loading, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application BLEACH Brave Souls published at the 'play' market has multiple vulnerabilities...

0.1AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:4 a.m.12 views

Brave Trials - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Brave Trials published at the 'play' market has multiple vulnerabilities...

0.4AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:3 a.m.23 views

Brave Frontier RPG - Customized SSL, Redefined SSL Common Names verifier, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Brave Frontier RPG published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:3 a.m.14 views

Brave Cross - Base64 encoded String, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Brave Cross published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder