Improper Access Control in chocobozzz/peertube

Description Unauthenticated users can obtain comments on private videos Proof of Concept Vísit the following API link where 123 is the ID of the private video: /api/v1/videos/123/comment-threads Response contains all the comments on that private video. Impact This vulnerability disclosure comment...

WordPress plugin Jetpack Carousel module of the JetPack 安全漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. redirection is a redirection management plugin used in it. jetpack is a WordPress website security management tool used in i...

HackerOne: Partial disclosure of report activity through new "Export as .zip" feature

Hello Team, I noticed a new feature has been launched, which allows to export report. Great feature. But unfortunately it discloses comments of partially disclosed reports which supposed to be hidden.. POC: Go to this partially disclosed report https://hackerone.com/reports/██████████ Click Expor...

JVN#92038939: mixi for Android information management vulnerability

mixi for Android provided by mixi, Inc. contains an issue which stores friends' comments on a SD card, therefore other applications can access this information directly from the SD card. Impact If a user of the affected product uses a malicious Android application, friends' comments may be...