Snowflake Golang Driver vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication. Impacted driver package: gosnowflake Impacted version range: before Version 1.6.19 Attack Scenario In order to exploit the potential for...

Snowflake Python Connector vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Python connector via SSO browser URL authentication. Impacted driver package: snowflake-connector-python Impacted version range: before Version 3.0.2 Attack Scenario In order to exploit t...

GHSA-223G-8W3X-98WR Snowflake Connector .Net Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake .NET driver via SSO URL authentication. Impacted driver package: snowflake-connector-net Impacted version range: before Version 2.0.18 Attack Scenario In order to exploit the potential fo...

Exploit for Special Element Injection in Rocket.Chat

CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remot...

HackerOne: Asset Inventory Internal Descriptions are leaked in CSV export

An internal asset description in the Asset Inventory feature of HackerOne was leaked in the CSV export, potentially exposing sensitive information stored in the description...

HackerOne: Create miscellaneous support ticket on anyone's account through [email protected] email

A vulnerability was discovered where an attacker could create support tickets on anyone's account by sending a fake email to [email protected]. This allowed the attacker to create tickets on behalf of victims or even HackerOne staff. The issue was resolved internally and the created tickets...

Blind SSRF in the Mail app on avatar endpoint

None...

Contacts - PHOTO svg only sanitized if mime type is all lower case

None...

HackerOne: 2M Reports on HackerOne Celebration! - Ability to bulk-submit many reports.

Vulnerability description not provided...

user_oidc app is missing bruteforce protection

None...

Internet Bug Bounty: CVE-2023-28321: IDN wildcard match

CVE-2023-28321 is a vulnerability in curl that allowed for improper validation of certificates with host mismatch. The private wildcard matching function in curl could match IDN International Domain Name hosts incorrectly, potentially accepting patterns that should have mismatched. This issue was...

Domain-Protect - OWASP Domain Protect - Prevent Subdomain Takeover

OWASP Global AppSec Dublin - talk and demo Features scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover scan Cloudflare for vulnerable DNS records take over vulnerable subdomains yourself before attackers and bug bounty researchers automatically create known...

Nextcloud: Open redirect on "Unsupported browser" warning

An open redirect vulnerability was found in Nextcloud's UnsupportedBrowser.vue component. Attackers could construct a malicious URL that includes the redirecturl parameter and a URL of their choice, which would redirect the user to the attacker's URL without validating the decoded URL or checking...

Brave Android 1.51.110 Security Fixes

Prevent blind cross chain signing as reported on HackerOne by julianor. Upgraded Chromium to 113.0.5672.77 — refer to Google Chrome advisories for inherited CVEs...

HackerOne: Insecure Direct Object Reference (IDOR) - Delete Campaigns

An insecure direct object reference IDOR vulnerability was discovered on a website, which allowed an attacker to delete any campaign based on the campaign ID. By modifying the campaign ID parameter in the request, an attacker could delete campaigns on any program. This vulnerability could have...

Omise: Subdomain takeover http://accessday.opn.ooo/

Vulnerability description not provided...

Internet Bug Bounty: Possible DoS Vulnerability in Multipart MIME parsing in rack

A possible DoS vulnerability was found in the Multipart MIME parsing code in Rack. The vulnerability allowed carefully crafted requests to abuse the multipart parsing and cause it to take longer than expected, leading to high CPU and memory usage. All versions of Rack were affected, and the issue...

Users can set up workflows using restricted and invisible system tags

None...

CSRF protection on user_oidc login returned the expected token in case of an error

None...

Desktop client does not verify received singed certificate in end-to-end encryption

None...