Lucene search
K
HackeroneMost viewed

15369 matches found

Hacker One
Hacker One
added 2016/09/09 2:27 p.m.41 views

VK.com: Второй способ обхода 2FA

Недостаточная проверка пользователя при смене IP-адреса. Лазейка с релогином при смене IP у пользователя...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2016/09/02 12:15 a.m.41 views

Internet Bug Bounty: Additional information for CVE-2016-5699

I was not the first to report this issue, but the fix languished for quite some time, since no one realized quite how bad it was. I wasn't aware of the original bug report and discovered the issue independently. I was the first to report the much more serious consequences of it. The vulnerability...

4.3CVSS6.6AI score0.09887EPSS
Exploits3
Hacker One
Hacker One
added 2016/09/01 10:16 p.m.41 views

Instacart: Seemingly sensitive information at /api/v2/zones

Overview == https://www.instacart.com/api/v2/zones is accessible by a regular Instacart user and seems to return sensitive information such as names, emails, phone numbers, money amounts and dates. GET /api/v2/zones "meta": "code": 200 , "data": "zones": ... "id": 73, "name": "████", "createdat":...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2016/08/09 2:26 p.m.41 views

Shopify: (FULL PATH DISCLOSURE) Unknown MySQL server host 'shardm-reader.chi2.shopify.io'

Hello, Found a website of you guys that is poiting to: shardm-reader.chi2.shopify.io' This domain is disclosure fill path because there is none MySQL server host. POC: https://104.196.154.1/ Response a whole page with path disclosures: lib/patches/mysqlmonitoring.rb:19:in connect'...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2016/07/13 2:51 a.m.41 views

Internet Bug Bounty: Adobe Flash Player PSDK Class Use After Free Vulnerability

I. Summary Adobe Flash Player is prone to a vulnerability which leads to Use After Free. Since the release condition is highly controllable, it is feasible to build a fully working exploit for shellcode execution with proper AS3 object occupied the original PSDK memory...

9.3CVSS8.5AI score0.0672EPSS
Exploits0
Hacker One
Hacker One
added 2016/07/08 7:40 p.m.41 views

Ian Dunn: Brute force on wp-login

A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works...

1.9AI score
Exploits0
Hacker One
Hacker One
added 2016/06/27 2:12 a.m.41 views

Coinbase: Application error message

poc url:https://developers.coinbase.com/api/%e3h This page contains an error/warning message that may disclose sensitive information.The message can also contain the location of the file that produced the unhandled exception.This may be a false positive if the error message is found in...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2016/06/18 2:52 a.m.41 views

Nextcloud: No captcha on newsletter.nextcloudcom leaves vulnerable to email spammers

The lack of a captcah or verificationcodeX it's empty in your phplist configuration allows attackers to use this mail for to send as much spam as they like to victims. I did not reach an email sending limit when I had tested this. PoC images below: Burp suite automated requests:...

2.3AI score
Exploits0
Hacker One
Hacker One
added 2016/06/17 1:2 a.m.41 views

Internet Bug Bounty: Adobe Flash Player ShimContentResolver(resolverType=0) class Memory Corruption Vulnerability

I. Summary Adobe Flash Player is prone to a vulnerability which leads to memory corruption because of improper validation of ShimContentResolver.resolve. ------------------------------------------------------------------ II. Description Normally, resolve should validate its parameter with...

9.3CVSS9AI score0.04387EPSS
Exploits0
Hacker One
Hacker One
added 2016/04/06 9:37 a.m.41 views

Mail.ru: Множественные уязвимости приложения Mail.Ru Почта (Android)

Few mistakenly exported Content providers and activities are reported to have vulnerabilities, allowing application data access and manipulation. This report was marked as a duplicate due to known fact activities and content providers are exported by mistake fix is under development...

4.4AI score
Exploits0
Hacker One
Hacker One
added 2016/03/27 8:33 p.m.41 views

Coinbase: Email leak in transcations in Android app

When a user received bitcoin from another Coinbase user, it was possible for the recipient to see the sender's email address in the transactions list in the Android app, despite the fact that users are told their emails would not be shown to other users. test...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2016/03/27 7:15 p.m.41 views

Uber: Uber password reset link EMAIL FLOOD

Step to reproduce Uber password reset link EMAIL FLOOD POC Video https://youtu.be/PPJkOEo6Mw 1. Used OWSAP ZAP Proxy 2. Generated the forgotten password Link of my account [email protected] 3. Used ZAP to replay the packet 4. The Number of replay resulting into number of password link email...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2016/03/26 10:31 p.m.41 views

Uber: text injection in get.uber.com/check-otp

Text Injection no HTML or JS in a landing page on get.uber.com...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2016/03/16 5:17 p.m.41 views

Dropbox: Possible SQL injection can cause denial of service attack

Hi there, The https://www.dropbox.com// Double slash request returns Internal Server Error 500 Error and doesn't returns 404 so i believe it may be an injection. https://www.dropbox.com//shell.php any text added after the double slash will cause the same thing . It is a valid bug an should be...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2016/03/11 4:19 a.m.41 views

Internet Bug Bounty: Adobe Flash Player Uninitialised Memory Corruption

Description --------------- A Uninitialised Memory Corruption exist in Adobe Flash Player SA for Mac test in v20.0.0.228 sa version,successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Environment --------------- 1、Mac OSX 10.11.2...

9.3CVSS8.3AI score0.04576EPSS
Exploits0
Hacker One
Hacker One
added 2016/03/01 8:1 a.m.41 views

Internet Bug Bounty: Adobe Flash Player ASnative(900,1).call(MovieClip) Use-After-Free Vulnerability

I. Summary Adobe Flash Player is prone to a vulnerability which leads to Use-After-Free. ------------------------------------------------------------------ II. Description If the ASnative900,1 is invoked with MovieClip instance and getter properties associated with swfRoot where the getter method...

9.3CVSS8.3AI score0.05929EPSS
Exploits0
Hacker One
Hacker One
added 2016/02/16 6:48 p.m.41 views

VK.com: vk.com/login.php

Выполнив 3 простейших шага, и Вы столкнётесь с отказом сервера что-либо делать. Шаг 1: Перейти по адресу vk.com/login.php Шаг 2: Ввести в поле "логин" символы 00 или 000 или 0000, и так до 17 нулей, пароль указать любой. Шаг 3: Нажать логин и сервер будет сильно недоволен. Спасибо, и исправьте св...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2015/12/18 7:14 a.m.41 views

HackerOne: Know whether private program for company exist or not

HI, There are some company which are hosting private BB on HackerOne which are not visible unless they invite you. However, you can check if any company is hosting private BB on HackerOne or not if you can guess the username they use. Generally most company chooses the same name as their company...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2015/11/25 7:39 a.m.41 views

Shopify: Open redirect using theme install

An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Vulnerable Endpoint -...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2015/11/19 4:6 p.m.41 views

HackerOne: Pre-generation of 2FA secret/backup codes seems like an unnecessary risk

If you manage to get a malicious script running in HackerOne, requesting https://hackerone.com/settings/authentication/edit and parsing out the two factor authentication form will yield either… - the 2FA secret key and backup codes that will be used if 2FA is enabled for the first time this sessi...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2015/11/12 9:24 p.m.41 views

Algolia: an xss issue

i found an xss issue here : https://www.algolia.com/explorer?index=test&tab=ranking i tried to put an xss payload " in index ranking so i put the xss payload in Ranking formula then hit save ...when it is being saved the xss payload is being stored that upon Indices xss payload executed p.s pleas...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2015/10/19 4:0 p.m.41 views

Whisper: SMS Invite Form Abuse

whisper.sh fails to protect the invite form from abuse from attackers. If a malicious individual wants to abuse this functionality, they could send repeated/automated requests to the same phone number or range of phone numbers that do no actually belong to himself. This would result in lots of...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2015/06/01 10:3 p.m.41 views

VK.com: XSS on added name album on videos.

Hi Steps to reproduce: First go to : https://vk.com/video Next click on Add a Video After add a video from youtube and on title Field Insert TEST XSS And click save. Next after this go to https://vk.com/video again and you will see video with the name TEST XSS Click above TEST XSS and you will fo...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2015/02/13 11:7 a.m.41 views

Enter: Email Enumeration (POC)

HI i am opening the ticket again now i have a poc to show you First here is the issue again: 1.log in robocoin account go to settings 2.choose change my email 3.enter your pass 4.enter any email you want to check 5.if the email isn't registered a message appears sayingthe email is changed 6.if it...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2015/02/04 2:8 a.m.41 views

HackerOne: Insecure Direct Object Reference vulnerability

In the program portal, there is an option to add external people as participants in a bug report. The admin can then remove this person as well if needed. The request for removing an external reporter looks like: DELETE /reports//externalusers/ HTTP/1.1 Host: hackerone.com User-Agent:...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2015/01/21 5:37 a.m.41 views

X (Formerly Twitter): Flaw in login with twitter to steal Oauth tokens

Hey hi, Steps to reproduce: ============================================= I have been testing the twitter kit in fabric. I added login with twitter integration to my application. I pushed the application to my android phone , clicked login with twitter. entered my username and password. Searched ...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2014/09/27 4:34 a.m.41 views

Coinbase: Credit Card Validation Issue

Hi Coinbase, I'm not sure if this counts as a bug, but it definitely counts as a vulerability. The issue is in your credit card verification for instant purchases. The system does not or rarely check the validity of a credit card after it is added. This allows me to make instant buy purchases,...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2014/07/15 3:53 a.m.41 views

Automattic: Missing HSTS header in https://public-api.wordpress.com

Hi, Vulnerable Website: https://public-api.wordpress.com/oauth2/authorize?clientid=930&responsetype=code&blogid=0&state=05f9c401dedcb9b3f33d82e8b335d1128d24d4cbc4a73903374f952acdfd34f6&redirecturi=https%3A%2F%2Fvaultpress.com%2Flogin%2F%3Faction%3Drequestaccesstoken I tested the website using...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2014/06/27 12:30 p.m.41 views

Faceless: Tap Jacking Attack on Button Tags

UI Redressing Tap jacking attack may trick users into tapping a specifically crafted malicious App popup window e.g. toast view, making it a gateway for varied threats such as framing attack. Using this technique, a malicious App could potentially trick a user into making purchases, clicking on...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2014/05/29 7:2 p.m.41 views

Mail.ru: connect.mail.ru: SSRF

Можно лазить по внутренним ресурсам в сети mail.ru : POST /ajax?ajaxcall=1&funcname=perlfetchconnectpage HTTP/1.1 Host: connect.mail.ru User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.9; rv:29.0 Gecko/20100101 Firefox/29.0 Accept: text/javascript, text/html, application/xml, text/xml, /...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2014/04/21 5:7 p.m.41 views

Mail.ru: Clickjacking

URL :- http://promo.calendar.mail.ru/ POC :- Clickjack test page Website is vulnerable to clickjacking!...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2014/04/07 3:45 p.m.41 views

Yahoo!: reflected XSS, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean

Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2014/03/22 10:54 a.m.41 views

Slack: Stored XSS in Slackbot Direct Messages

Whenever a new team is created, Slackbot uses automated profile completion by asking a few questions from the user like the first name, last name, skype account etc. But instead of providing the correct details we provide as input then Slackbot will cause the data go inside the anchor tag ... so...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2014/02/16 1:0 a.m.41 views

Yahoo!: Flickr: Invitations disclosure (resend feature)

Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2026/05/13 11:33 p.m.40 views

curl: TLS verifyhost bypass in rustls, mbedTLS, and wolfSSL when verifypeer=0

The now-well-known CURLOPTSSLVERIFYHOST-bypass-when-CURLOPTSSLVERIFYPEER=0 defect exists in three of curl's TLS backends: rustls EXPERIMENTAL, mbedTLS, and wolfSSL DNS hostnames only. The documented contract at docs/libcurl/opts/CURLOPTSSLVERIFYPEER.md:57-59: The check that the host name in the...

5.8CVSS6.5AI score0.04888EPSS
Exploits0
Hacker One
Hacker One
added 2026/01/17 7:52 a.m.40 views

curl: libcurl: Improper Authentication State Management on Cross-Protocol Redirects

Following the recent advisory for CVE-2025-14524, I conducted an investigation into how libcurl manages OAuth2 credentials during complex redirect chains. I have confirmed that while the library successfully protects traditional user credentials, it fails to clear OAuth2 Bearer tokens in the same...

5.7CVSS7.4AI score0.01595EPSS
Exploits2
Hacker One
Hacker One
added 2025/03/18 3:27 p.m.40 views

AWS VDP: Amazon Kendra Intelligent Ranking Service Reporting "AWS Internal" for CloudTrail Events Generated from FIPS Endpoints

The AWS Kendra Intelligent Ranking service was found to incorrectly report the user-agent and network information as "AWS Internal" for four API endpoints that are FIPS endpoints. This issue can lead to the obscuring of request information that may be used to track down an adversary...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2024/10/19 10:28 a.m.40 views

Internet Bug Bounty: [CVE-2024-47888] Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text

There is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888. Carefully crafted text was found to cause the plaintextforblockquotenode helper to take an unexpected amount of time, possibly...

8.7CVSS6.7AI score0.00991EPSS
Exploits0
Hacker One
Hacker One
added 2024/04/23 5:16 p.m.40 views

HackerOne: Confirmed #2118458: Intentional redirect from www.hackerone.com to domain which is up for sale

The report describes an intentional redirect from www.hackerone.com to a domain that is currently for sale. The report states that the endpoint https://www.hackerone.com/node/9386 automatically redirects to https://www.iotna.com/, and that the domain iotna.com is currently up for sale...

7AI score
Exploits0
Hacker One
Hacker One
added 2024/04/17 1:32 p.m.40 views

Liberapay: Unsafe yaml load can lead to remote code execution

The YAML load function can lead to remote code execution vulnerability. The vulnerability allows the construction of arbitrary Python objects from untrusted YAML data, which can be exploited by an attacker...

8.2AI score
Exploits0
Hacker One
Hacker One
added 2024/03/26 4:32 p.m.40 views

U.S. Dept Of Defense: Reflected Cross-site Scripting via search query on ██████

The summary is as follows: A reflected cross-site scripting vulnerability was discovered in the search query functionality of the ████████ website. An attacker could execute arbitrary JavaScript code in the victim's browser by injecting malicious payload into the search query parameter...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2023/12/09 5:47 p.m.40 views

PortSwigger Web Security: CSP bypass on PortSwigger.net using Google script resources

A cross-site scripting vulnerability was discovered on PortSwigger.net. The site's content security policy allowed resources from Google's reCAPTCHA domain, which contains AngularJS. This could be abused to bypass the CSP and load arbitrary scripts from other domains. The issue allowed an attacke...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2023/10/03 12:6 p.m.40 views

U.S. Dept Of Defense: User automatically logged in as Sys Admin user on https://███/Administration/Administration.aspx

A vulnerability was discovered where any user could be automatically logged in as a system administrator on a web application. This allowed unrestricted access and privileges could be abused to modify user privileges, add or delete users, and upload files, jeopardizing the integrity of the...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2023/05/19 7:37 a.m.40 views

IBM: response manipulation leads to bypass in register at employee website than 0 click account takeover

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/04/03 12:58 p.m.40 views

Reddit: RichText parser vulnerability in scheduled posts allows XSS

Hyperlinks were not being filtered on the server-side in Reddit's scheduled post feature, allowing an attacker to modify a request with a normal hyperlink that embeds a malicious link using a javascript scheme. This could result in an XSS attack if an admin clicked on the malicious link while...

6AI score
Exploits0
Hacker One
Hacker One
added 2022/09/26 5:58 a.m.40 views

GitHub: Github Apps can use Scoped-User-To-Server Tokens to Obtain Full Access to User's Projects in Project V2 GraphQL api

An incorrect authorization vulnerability was found in GitHub Enterprise Server that allowed GitHub Apps to gain access to and modify most organization-level resources that are not tied to a repository, regardless of granted permissions. This vulnerability affected all versions of GitHub Enterpris...

9.8CVSS9.6AI score0.01244EPSS
Exploits0
Hacker One
Hacker One
added 2022/05/25 10:45 p.m.40 views

Exodus: 2 Cache Poisoning Attack Methods Affect Core Functionality www.exodus.com

Summary: www.exodus.com hosts static js and css files on Server: cloudflare . Which is cached by cloudflare and passed to all other users accessing the source. I was able to impact the core functionality by using a custom HTTP. Here are 2 details of the Bug. Steps To Reproduce: 1. 501 Not...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2022/05/25 12:26 p.m.40 views

Rocket.Chat: Regex account takeover

Summary: get admin reset token with authenticated user Description: normal user login can access to admin reset token and set a new password for admin user Releases Affected: 3.18.5 3.0.5 Steps To Reproduce from initial installation to vulnerability: Add details for how we can reproduce the issue...

6.5CVSS1.3AI score0.01077EPSS
Exploits1
Hacker One
Hacker One
added 2022/02/11 1:11 p.m.40 views

Showmax: Cross-origin resource sharing

A misconfiguration on recent deployment caused CORS headers not to be set on the https://stories.showmax.com service. While no customer data could be exposed via this channel, it's a good practice to set CORS headers if possible. Please note that CORS is actually out-of-scope of our program since...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2021/10/05 7:33 a.m.40 views

Nextcloud: When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL

Summary: This report is similar to 1337178 In Nextcloud Deck a user can post their decks in to a conversation via nextcloud talk. The link in metaData can be manipulated to point to a another URL. Steps To Reproduce: 0. Setup burpsuite to proxy 1. Go to Nextcloud Deck and pick a board 2. Pick any...

5.8CVSS0.4AI score0.00897EPSS
Exploits1
Total number of security vulnerabilities5000