Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Hacker One
Hacker Oneadded 2018/07/04 12:45 a.m.28 views

Stellar.org: Admin panel of https://www.stellar.org/wp-admin/

https://www.stellar.org/wp-admin/ link has various operations which should not be accessible to an anonymous user. As admin panel is accessible an attacker can use this information in targeted attack and he can bruteforce the username and password. on the other side server information is easily...

2.2AI score
Exploits0
Hacker One
Hacker Oneadded 2018/04/25 3:8 a.m.20 views

Stellar.org: brute force attack allowed on admin page https://www.stellar.org/wp-admin/

hi security team -due to your bug bounty program , i found basic authentication method -by doing many trials the server will response and will not block the logging process - the attack can be automated by burp intruder till getting access to admin page - in second screen the request is intercept...

0.1AI score
Exploits0
Hacker One
Hacker Oneadded 2017/08/27 1:40 p.m.14 views

Stellar.org: Direct URL access to PDF files

hi, I was able to access the following PDF files without any authentication https://www.stellar.org/wp-content/uploads/2014/07/Bylaws-00580045-10.pdf https://www.stellar.org/wp-content/uploads/2014/07/FILED-STELLAR-DEVELOPMENT-FOUNDATION-00594674.pdf the pdf files under path...

1.5AI score
Exploits0
Hacker One
Hacker Oneadded 2017/06/24 11:54 a.m.10 views

Stellar.org: Bypassing Verify Humans Page

Hi Team, I was able to bypass verify Human dialog Box , while subscribing . Vulnerable request: ==================== POST /subscribe/post HTTP/1.1 Host: stellar.us9.list-manage.com User-Agent: Mozilla/5.0 X11; Linux x8664; rv:54.0 Gecko/20100101 Firefox/54.0 Accept:...

7AI score
Exploits0
Hacker One
Hacker Oneadded 2017/06/16 8:20 a.m.14 views

Stellar.org: heap-buffer-overflow (READ of size 1) in cpptoml::parser::consume_whitespace()

@geeknik found a heap buffer overflow in stellar-core's toml parser. This is low severity because toml parser is only used to parse config file of stellar-core...

1.7AI score
Exploits0
Hacker One
Hacker Oneadded 2017/06/13 6:25 a.m.67 views

Stellar.org: HTTP - Basic Authentication on https://www.stellar.org/wp-login.php

Greetings, noticed https://www.stellar.org/wp-login.php using basic authentication. PoC: YWRtaW46YWRtaW4= is base64 encode of admin:admin Impact: Vulnerable to client side attacks. Vulnerable to MITM attack. Vulenrable to Eavesdropping attack. Vulnerable to Brute force attacks. Fix: HTTP-Basic...

0.9AI score
Exploits0
Hacker One
Hacker Oneadded 2017/06/12 11:57 p.m.57 views

Stellar.org: Session Cookie without HttpOnly and secure flag set

vulnerable URL: www.stellar.org The PHPSESSID cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser that the cookie can only accessed by the server and not by client-side scripts. This is an important security protection for session...

0.9AI score
Exploits0
Rows per page
Query Builder