Lucene search
K

378 matches found

Hacker One
Hacker One
added 2021/04/27 7:40 p.m.18 views

Uber: pam_ussh does not properly validate the SSH certificate authority

The pamussh module that Uber open-sourced in https://github.com/uber/pam-ussh does not validate that the SSH certificate presented by a user is actually signed by a trusted CA listed in the configured cafile...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/06 11:5 a.m.27 views

Phone Cloning Scam

A newspaper in Malaysia is reporting on a cell phone cloning scam. The scammer convinces the victim to lend them their cell phone, and the scammer quickly clones it. Whats clever about this scam is that the victim is an Uber driver and the scammer is the passenger, so the driver is naturally busy...

2.9AI score
Exploits0
Hacker One
Hacker One
added 2021/04/04 9:38 p.m.18 views

Uber: Chain of IDORs Between U4B and Vouchers APIs Allows Attackers to View and Modify Program/Voucher Policies and to Obtain Organization Employees' PII

The security researchers discovered a number of connected IDORs in the Uber business and voucher applications. By chaining these vulnerabilities together, the researchers could retrieve information related to existing voucher policies and modify those policies for monetary gain, such as for free...

2.8AI score
Exploits0
Hacker One
Hacker One
added 2021/04/02 2:50 p.m.15 views

Uber: Chain of vulnerabilities in Uber for Business Vouchers program allows for attacker to perform arbitrary charges to victim's U4B payment account

We have determined that through a chain of 3 vulnerabilities, it is possible for any U4B user to apply credit card charges or holds to any business using the Vouchers site. These charges originate from Uber and are unsolicited by the victim business, and can be made in any amount of the attacker'...

3.3AI score
Exploits0
Hacker One
Hacker One
added 2021/03/03 11:2 p.m.16 views

Uber: 4 Subdomains Takeover on 2 domains ( muberscolombia.com & ubereats.pl )

The host at https://muberscolombia.com/ and http://sklep.ubereats.pl/ had a dangling record pointing to unclaimed Wix and Shoplo assets. The hacker registered the latter, and claimed ownership of the resource...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2021/03/03 6:38 p.m.20 views

Uber: IDOR leads to leak analytics of any restaurant

The GraphQL service at https://restaurant.uber.com, did not properly perform an authZ check, allowing an attacker to obtain detailed sales statistics, etc for any restaurant. Writeup at https://0xprial.com/idor-leads-to-leak-any-uber-eats-restaurant-analytics/...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/10 12:57 p.m.99 views

Dependency Confusion Supply-Chain Attack Hit Over 35 High-Profile Companies

In what's a novel supply chain attack, a security researcher managed to breach over 35 major companies' internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution. The technique, called dependency confusion or a...

0.3AI score
Exploits0
CNVD
CNVD
added 2021/02/04 12:0 a.m.2 views

SQL injection vulnerability in the ne***.asp page of the website building system of Ruian Uber Technology Co. Ltd (CNVD-2021-15513)

Ltd. is a social mass to provide web design and production, Baidu / Google SEO optimization and promotion, cell phone website, WeChat public platform, foreign trade monitoring enterprise mailboxes and other network information consulting services, product albums catalogs, corporate CD-ROM design...

7.5AI score
Exploits0
CNVD
CNVD
added 2021/02/04 12:0 a.m.5 views

SQL injection vulnerability in the ne***.asp page of the website builder system of Ruian Uber Technology Co.

Ltd. is a social public to provide web design and production, Baidu / Google SEO optimization and promotion, cell phone website, WeChat public platform, foreign trade monitoring enterprise mailboxes and other network information consulting services, product albums catalogs, corporate CD-ROM desig...

7.3AI score
Exploits0
CNVD
CNVD
added 2021/02/04 12:0 a.m.3 views

SQL injection vulnerability in the ne***.asp page of the website building system of Ruian Uber Technology Co. Ltd (CNVD-2021-15514)

Ltd. is a social public to provide web design and production, Baidu / Google SEO optimization and promotion, cell phone website, WeChat public platform, foreign trade monitoring enterprise mailboxes and other network information consulting services, product albums catalogs, corporate CD-ROM desig...

7.3AI score
Exploits0
CNVD
CNVD
added 2021/02/04 12:0 a.m.8 views

SQL injection vulnerability in the pr***.asp page of the website building system of Ruian Uber Technology Co. Ltd (CNVD-2021-15516)

Ltd. is a social public to provide web design and production, Baidu / Google SEO optimization and promotion, cell phone website, WeChat public platform, foreign trade monitoring enterprise mailboxes and other network information consulting services, product albums catalogs, corporate CD-ROM desig...

7.4AI score
Exploits0
Huntr
Huntr
added 2021/01/04 12:0 a.m.11 views

Code Injection in uber/petastorm

Description Petastorm is an open source data access library developed at Uber ATG. This library enables single machine or distributed training and evaluation of deep learning models directly from datasets in Apache Parquet format. Petastorm supports popular Python-based machine learning ML...

1.6AI score
Exploits0References1
Hacker One
Hacker One
added 2020/12/20 4:27 p.m.18 views

Uber: Corss-Tenant IDOR on Business allowing escalation privilege, invitation takeover, and edition of any other Businesses' employees

A Business employee with the user role was able to escalate their privilege to admin using a crafted request to the https://business.uber.com/rpc?rpc=updateEmployees endpoint, as long as the employeeUuid is known...

1.6AI score
Exploits0
Kitploit
Kitploit
added 2020/12/15 8:30 p.m.109 views

APKLab - Android Reverse Engineering WorkBench For VS Code

APKLab seamlessly integrates the best open-source tools: Apktool, Jadx, uber-apk-signer and more to the excellent VS Code so you can focus on app analysis and get it done without leaving the IDE. Features Decode all the resources from an APK Disassemble the APK to Dalvik bytecode aka Smali...

7.4AI score
Exploits0References11
Hacker One
Hacker One
added 2020/10/17 9:21 p.m.29 views

Uber: Request Access for Uber Device Returns Management Platform (https://www.eats-devicereturns.com/request-access/) Bypass Allows Access to PII

The hacker identified a registration page on a website ran by a 3rd party for Uber for managing Uber Eats devices, for example devices' returns when they stop working. Due to the authentication not being integrated with Uber's central authentication, the website was interesting. Although the...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2020/10/13 3:27 p.m.209 views

Uber: RCE via npm misconfig -- installing internal libraries from the public registry

The hacker spotted some orphaned references to Uber-branded Node.js library packages and claimed them on the public NPM registry to run their own proof-of-concept code. Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies...

2.4AI score
Exploits0
Hacker One
Hacker One
added 2020/10/11 8:18 p.m.17 views

Uber: Unrestricted File Upload Results in Cross-Site Scripting Attacks

It was found that an attacker can upload any type of file including HTML files when adding a menu during the onboarding process after signing up at https://www.ubereats.com/restaurant/en-CA/signup. The hacker identified a file upload endpoint used by restaurants applying for Uber Eats which was...

6.3AI score
Exploits0
HackRead
HackRead
added 2020/08/21 10:40 p.m.35 views

Ex-Uber CSO Joseph Sullivan charged over 2016 data breach cover up

By Zara Khan Joseph Sullivan also paid hackers $100,000 in Bitcoin. This is a post from HackRead.com Read the original post: Ex-Uber CSO Joseph Sullivan charged over 2016 data breach cover up...

2.1AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2020/08/21 3:46 p.m.22 views

A Former Uber Exec's Indictment Is a Warning Shot

Prosecutors allege that former Uber security chief Joseph Sullivan covered up a major breach, in the first high-profile case of its kind...

4.1AI score
Exploits0
ThreatPost
ThreatPost
added 2020/08/21 12:43 p.m.101 views

Former Uber CSO Charged With Paying ‘Hush Money’ in 2016 Breach Cover-Up

A former Uber security executive has been charged for his role in the cover-up of a massive 2016 data breach, in which attackers accessed the company’s Amazon Web Services accounts and stole data associated with 57 million passengers and drivers. The U.S. State Attorney for the Northern District ...

7AI score
Exploits0References7
Rows per page
Query Builder