Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Hacker One
Hacker Oneadded 2017/09/09 10:7 a.m.195 views

Pornhub: Unsecured Elasticsearch Instance

The researcher has found an insecure Elasticsearch instance accessible to the public. A publicly accessible server running Elasticsearch instance was identified, due to a firewall misconfiguration. The instance was only intermittently accessible because of round robin ordering. The instance...

0.4AI score
Exploits0
Hacker One
Hacker Oneadded 2016/12/20 7:14 a.m.187 views

Pornhub: Account takeover via Pornhub Oauth

The researcher found it was possible to take over a YouPorn account by using an unverified account with matching email address to sign up to PornHub. this vulnerability works by abusing an insecure OAuth implementation. Due to improperly implemented oauth fuctionality and lack of user information...

1.3AI score
Exploits0
Hacker One
Hacker Oneadded 2016/12/07 12:32 p.m.132 views

Pornhub: Unsecured DB instance

The researcher identified vulnerable OrientDB server instances on our infrastructure. The DB servers were found to be vulnerable to script based remote code execution leading to privilege escalation. Two servers running OrientDB were identified, with default login/password combinations. Upon...

1.2AI score
Exploits0
Hacker One
Hacker Oneadded 2016/12/05 7:2 p.m.219 views

Pornhub: Unsecured Kibana/Elasticsearch instance

The researcher has found an insecure Kibana instance accessible to the public. A publicly accessible Kibana instance was identified. This vulnerability was discovered using the infrastructure monitoring platform BugLabs.me - http://buglabs.me...

0.9AI score
Exploits0
Hacker One
Hacker Oneadded 2016/11/29 8:22 a.m.76 views

Pornhub: IDOR - disclosure of private videos - /api_android_v3/getUserVideos

An API endpoint exposed private video links when a user added the video to their profile favourites. An API endpoint allowed to obtain a link to any private video by adding it to ones profile favourites. Check out the infrastructure monitoring platform BugLabs.me for bounty hunters -...

0.8AI score
Exploits0
Hacker One
Hacker Oneadded 2016/09/11 3:40 p.m.145 views

Pornhub: Unsecured Grafana instance

The researcher has found a Grafana instance accessible to the public. User sign-up was left open which allowed him to open an account and access charts on various server resource usage. This report is considered out-of-scope but Pornhub chose to reward the researcher due to the severity of the...

0.2AI score
Exploits0
Hacker One
Hacker Oneadded 2016/09/11 3:30 p.m.2627 views

Pornhub: Disclosure of private photos/albums - http://www.pornhub.com/album/show_image_box

An endpoint was identified by the researcher allowing private user albums/photos to be viewed. An endpoint allowing to view any private albums/photos was identified. Check out the infrastructure monitoring platform BugLabs.me for bounty hunters - https://buglabs.me...

1.7AI score
Exploits0
Rows per page
Query Builder