Brave Software: S3 Bucket Takeover : brave-apt

An unclaimed S3 bucket was found on the domain brave.com, which was being used in the installation of brave-browser in Linux distros. An attacker could have taken over the S3 bucket and used it to spread malware or create a fake login page to spoof users. The vulnerability was reported to the...

Calendar name length not validated before writing to database

None...

HackerOne: Any organization's assets pending review can be downloaded

Steps to reproduce - sign in as any user - visit https://hackerone.com/organizations/:handle/assets/downloadpendingreviews.csv, where :handle is the organization you want to download the assets for Impact This may leak sensitive data about an organization's attack surface...

MTN Group: Wordpress users Disclosure [ /wp-json/wp/v2/users/ ] Not Resolved ()

On this report's 735586 You closed the report and changed the status to Resolved. But it's Not Resolved The Bug It's Still there url: https://www.mtn.com/wp-json/wp/v2/users/ Sorry to say this still i can reproduce this issue please remove /wp-json/wp/v2/users/ file if your domain dont use that...

nextcloudcmd incorrectly trusts bad TLS certificates

None...

XSS in Desktop Client in call notification popup

None...

GHSA-3FJJ-P79J-C9HH Fastify: Incorrect Content-Type parsing can lead to CSRF attack

Impact The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could potentially be used to invoke routes that only accepts application/js...

HackerOne: adding h1_analyst_* to username for normal users

Vulnerability description not provided...

Exception logging in Sharepoint app reveals clear-text connection details

None...

Profile of disabled user stays accessible

None...

Adobe: DOM XSS at `https://adobedocs.github.io/OAE_PartnerAPI/?configUrl={site}` due to outdated Swagger UI

Vulnerability description not provided...

fastify vulnerable to denial of service via malicious Content-Type

Impact An attacker can send an invalid Content-Type header that can cause the application to crash, leading to a possible Denial of Service attack. Only the v4.x line is affected. This was updated: upon a close inspection, v3.x is not affected after all. Patches Yes, update to v4.8.0. Workarounds...

Uber hacked

Uber informed the public on Thursday it was responding to a cybersecurity incident after somebody breached its network. From what we have been able to find out so far, the attacker managed to compromise an employees access to the chat app Slack. The intruder may also have gained access to the...

Uber Says It's Investigating a Potential Breach of Its Computer Systems

Ride hailing giant Uber disclosed Thursday it's responding to a cybersecurity incident involving a breach of its network and that it's in touch with law enforcement authorities. The New York Times first reported the incident. The company pointed to its tweeted statement when asked for comment on...

Authentication header is passed on by Nextcloud Server due to a vulnerable GuzzleHTTP version

None...

GitLab: Unauthorized access

Hello Gents, I would like to report an issue where attackers are able to: 1. List about.gitlab.com GS bucket. 2. Access all resales through https://about.gitlab.com/all-releases.xml & https://about.gitlab.com/security-releases.xml, which contains undisclosed HackerOne reports. For Example: This...

HackerOne: Program managers can see draft reports using Export Reports feature

A bug in the HackerOne platform allowed program managers to see draft reports using the Export Reports feature, which led to the disclosure of PII without the reporter's permission. The bug was discovered when a user exported a report and found that it contained draft and disclosed report titles,...

Internet Bug Bounty: [CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname

GHSA: https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3 Report: https://hackerone.com/reports/1642017 Impact SSRF...

HackerOne: Ability to escape database transaction through SQL injection, leading to arbitrary code execution

HackerOne has an internal backend interface that gives debugging capabilities to its engineers. One of the features is the ability to run EXPLAIN ANALYZE queries against a connected database. This feature is accessible by a handful of engineers. The feature is vulnerable to a SQL injection that...

Slack: CSV export/import functionality allows administrators to modify member and message content of a workspace

On August 6th, 2022 @security-warrior submitted a report in HackerOne to Slack regarding the CSV export/import functionality primarily used by administrators to merge workspaces. The report centers on the ability of an administrator to modify an export to change user or message content. Upon...