Lucene search
K
HackeroneMost viewed

15368 matches found

Hacker One
Hacker One
added 2014/03/07 9:10 a.m.41 views

RelateIQ: Captcha Bypass With Extension

Hello, These days Captcha's are one of the most vulnerable methods To Protect The Website From Bots, But there is a Extension Named Rumola Which Automatically Fills up the Captcha While We Fill Other Credentials like Email etc. Here a Vulnerability Arises That Bots May Use This Extension Script i...

1.6AI score
Exploits0
Hacker One
Hacker One
added 2014/02/16 1:0 a.m.41 views

Yahoo!: Flickr: Invitations disclosure (resend feature)

Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2026/05/13 11:33 p.m.40 views

curl: TLS verifyhost bypass in rustls, mbedTLS, and wolfSSL when verifypeer=0

The now-well-known CURLOPTSSLVERIFYHOST-bypass-when-CURLOPTSSLVERIFYPEER=0 defect exists in three of curl's TLS backends: rustls EXPERIMENTAL, mbedTLS, and wolfSSL DNS hostnames only. The documented contract at docs/libcurl/opts/CURLOPTSSLVERIFYPEER.md:57-59: The check that the host name in the...

5.8CVSS6.5AI score0.04888EPSS
Exploits0
Hacker One
Hacker One
added 2026/04/21 2:58 p.m.40 views

Rocket.Chat: Unauthenticated reading of every file via livechat auth and predicting MongoDB ObjectId()

Vulnerability description not provided...

9.3CVSS5.3AI score0.00304EPSS
Exploits0
Hacker One
Hacker One
added 2026/01/17 7:52 a.m.40 views

curl: libcurl: Improper Authentication State Management on Cross-Protocol Redirects

Following the recent advisory for CVE-2025-14524, I conducted an investigation into how libcurl manages OAuth2 credentials during complex redirect chains. I have confirmed that while the library successfully protects traditional user credentials, it fails to clear OAuth2 Bearer tokens in the same...

5.7CVSS7.4AI score0.01595EPSS
Exploits2
Hacker One
Hacker One
added 2025/03/18 3:27 p.m.40 views

AWS VDP: Amazon Kendra Intelligent Ranking Service Reporting "AWS Internal" for CloudTrail Events Generated from FIPS Endpoints

The AWS Kendra Intelligent Ranking service was found to incorrectly report the user-agent and network information as "AWS Internal" for four API endpoints that are FIPS endpoints. This issue can lead to the obscuring of request information that may be used to track down an adversary...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2024/10/19 10:28 a.m.40 views

Internet Bug Bounty: [CVE-2024-47888] Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text

There is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888. Carefully crafted text was found to cause the plaintextforblockquotenode helper to take an unexpected amount of time, possibly...

8.7CVSS6.7AI score0.00991EPSS
Exploits0
Hacker One
Hacker One
added 2024/04/17 1:32 p.m.40 views

Liberapay: Unsafe yaml load can lead to remote code execution

The YAML load function can lead to remote code execution vulnerability. The vulnerability allows the construction of arbitrary Python objects from untrusted YAML data, which can be exploited by an attacker...

8.2AI score
Exploits0
Hacker One
Hacker One
added 2024/03/26 4:32 p.m.40 views

U.S. Dept Of Defense: Reflected Cross-site Scripting via search query on ██████

The summary is as follows: A reflected cross-site scripting vulnerability was discovered in the search query functionality of the ████████ website. An attacker could execute arbitrary JavaScript code in the victim's browser by injecting malicious payload into the search query parameter...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2024/02/06 9:29 p.m.40 views

Publitas: Unauthorized Access to Offline Publication Cover Pages via SOURCE_DOCUMENT_ID

A vulnerability was discovered that allowed unauthorized access to offline publication cover pages by sending requests with specific source document IDs. This exposed cover pages and associated user and publication IDs that were intended to be private...

7AI score
Exploits0
Hacker One
Hacker One
added 2024/01/11 2:21 p.m.40 views

Enjin: Weak Email Verification: Newly Registered Users Can Bypass Email Verification Step and Log In

Newly registered users were able to bypass email verification and log in. This vulnerability has since been addressed...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/12/09 5:47 p.m.40 views

PortSwigger Web Security: CSP bypass on PortSwigger.net using Google script resources

A cross-site scripting vulnerability was discovered on PortSwigger.net. The site's content security policy allowed resources from Google's reCAPTCHA domain, which contains AngularJS. This could be abused to bypass the CSP and load arbitrary scripts from other domains. The issue allowed an attacke...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2023/10/03 12:6 p.m.40 views

U.S. Dept Of Defense: User automatically logged in as Sys Admin user on https://███/Administration/Administration.aspx

A vulnerability was discovered where any user could be automatically logged in as a system administrator on a web application. This allowed unrestricted access and privileges could be abused to modify user privileges, add or delete users, and upload files, jeopardizing the integrity of the...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2023/10/03 4:55 a.m.40 views

Mozilla: Subdomain takeover on one of the subdomain under mozgcp.net

A subdomain takeover was reported on a subdomain under mozgcp.net due to a dangling DNS record that had been registered by researchers, allowing them to host content under the subdomain...

7AI score
Exploits0
Hacker One
Hacker One
added 2023/08/08 12:28 p.m.40 views

HackerOne: Able to see Bonus amount given to a report even if the bounty and Bonus is not visible to public or mentioned in {Report-Id}.json

A vulnerability allowed users to see the bonus amount given to a report, even if the bounty and bonus were not visible to the public or mentioned in the report's JSON file. This resulted in the exposure of confidential information...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2023/07/12 8:54 a.m.40 views

Internet Bug Bounty: unsanitized input goes to regex function leads to ReDos that make request hangs

An authenticated user could exploit a vulnerability in Apache Airflow versions prior to 2.6.3 by providing crafted input, causing the current request to hang...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2023/06/25 7:28 p.m.40 views

Automattic: Authentication bypass on JetPack SSO manager - Allows to access the administration panel of wordpress without user interaction

A vulnerability was found in the JetPack SSO manager plugin that allowed authentication bypass on WordPress sites using the plugin. By exploiting the plugin's account invitation and email verification features, an attacker could gain administrative access to WordPress sites with a user account...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2023/06/22 11:40 p.m.40 views

HackerOne: RXSS at image.hackerone.live via the `url` parameter

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/04/03 12:58 p.m.40 views

Reddit: RichText parser vulnerability in scheduled posts allows XSS

Hyperlinks were not being filtered on the server-side in Reddit's scheduled post feature, allowing an attacker to modify a request with a normal hyperlink that embeds a malicious link using a javascript scheme. This could result in an XSS attack if an admin clicked on the malicious link while...

6AI score
Exploits0
Hacker One
Hacker One
added 2023/01/14 6:46 a.m.40 views

Brave Software: S3 Bucket Takeover "brave-browser-rpm-staging-release-test"

An unclaimed S3 bucket was found on the domain hosting services of brave.com, which could have been taken over by an attacker to spread malware using the keyrings of the brave browser. The bucket was used to get keyrings of the browser in Linux distros, and it was pointing towards an unclaimed S3...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/01/06 1:9 p.m.40 views

Yelp: Direct access to tox.ini file which is contain configuration details

The tox.ini file, which contained configuration details, was publicly accessible...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2022/09/28 2:45 p.m.40 views

Yelp: Subdomain Takeover on delivey.yelp.com

Summary: Subdomain takeover vulnerabilities occur when a subdomain delivery.yelp.com is pointing to a service Vulnerable url : delivery.yelp.com This is an verify Link. F1959331 Platforms Affected: website Steps To Reproduce 1. Create the Amazon S3 Bucket on this Name : delivery.yelp.com F1959320...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2022/09/26 5:58 a.m.40 views

GitHub: Github Apps can use Scoped-User-To-Server Tokens to Obtain Full Access to User's Projects in Project V2 GraphQL api

An incorrect authorization vulnerability was found in GitHub Enterprise Server that allowed GitHub Apps to gain access to and modify most organization-level resources that are not tied to a repository, regardless of granted permissions. This vulnerability affected all versions of GitHub Enterpris...

9.8CVSS9.6AI score0.01244EPSS
Exploits0
Hacker One
Hacker One
added 2022/05/27 10:17 a.m.40 views

Reddit: Misconfigurated login page able to lock login action for any account without user interaction

Summary While observing a few things about the login feature, I found that the account was locked after a certain number of requests. Although this feature is actually added to prevent problems such as rate limit, it is open to account lock attacks by attackers. PoC 1. Save this code as exploit.p...

7AI score
Exploits0
Hacker One
Hacker One
added 2022/05/25 12:26 p.m.40 views

Rocket.Chat: Regex account takeover

Summary: get admin reset token with authenticated user Description: normal user login can access to admin reset token and set a new password for admin user Releases Affected: 3.18.5 3.0.5 Steps To Reproduce from initial installation to vulnerability: Add details for how we can reproduce the issue...

6.5CVSS1.3AI score0.01077EPSS
Exploits1
Hacker One
Hacker One
added 2022/05/23 8:44 p.m.40 views

GitHub Security Lab: [Java]: Flow sources and steps for JMS and RabbitMQ

This bug was reported directly to GitHub Security Lab...

2AI score
Exploits0
Hacker One
Hacker One
added 2022/05/06 11:0 a.m.40 views

TikTok: disclosure the live_analytics information of any livestream.

A possible disclosure of the liveanalytics information for any livestream was found by accessing the roomid parameter via devtools. We thank @datph4m for reporting this to our team...

2.3AI score
Exploits0
Hacker One
Hacker One
added 2022/03/30 8:27 p.m.40 views

GitHub Security Lab: [Java]: CWE-200 - Query to detect insecure WebResourceResponse implementation

This bug was reported directly to GitHub Security Lab...

1.6AI score
Exploits0
Hacker One
Hacker One
added 2022/03/22 3:38 a.m.40 views

Evernote: Reflected XSS in the shared note view on https://evernote.com

Summary: There is a reflected XSS vulnerability on https://evernote.com, in the shared web note view, triggered through the view and ionUrl parameters of the /shard/sSHARDNUMBER/client/snv endpoint. Description: When a user creates a note and shares it, it is stored in the following endpoint, bei...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2021/11/25 9:55 p.m.40 views

Shopify: Reflected XSS online-store-git.shopifycloud.com

Summary: Hello, I hope you are having a good day!, There is a feature called "Shopify Github Integration", it helps to associate a GitHub account to a Shopify store. In the Github connection proccess there is a URL https://online-store-git.shopifycloud.com which is vulnerable to XXS reflected...

Exploits0
Hacker One
Hacker One
added 2021/10/05 7:33 a.m.40 views

Nextcloud: When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL

Summary: This report is similar to 1337178 In Nextcloud Deck a user can post their decks in to a conversation via nextcloud talk. The link in metaData can be manipulated to point to a another URL. Steps To Reproduce: 0. Setup burpsuite to proxy 1. Go to Nextcloud Deck and pick a board 2. Pick any...

5.8CVSS0.4AI score0.00897EPSS
Exploits1
Hacker One
Hacker One
added 2021/04/20 8:48 p.m.40 views

Nextcloud: Attacker can obtain write access to any federated share/public link

Hi mates, I stumbled across this with public links. But the same holds true for any federated share. I will try to describe the link scenario. At first I thought there were more steps and resharing was involved. But it really is very simples: 1. An attacker obtains a public link again plenty of...

6.4CVSS8.6AI score0.01849EPSS
Exploits0
Hacker One
Hacker One
added 2021/04/16 8:43 p.m.40 views

Mail.ru: [tanks.mail.ru] SSRF + Кража cookie

Введение: Этим прекрасным вечером решили начать движок форума vBulletin, ведь он стоит на 7 сайтах которые относятся к Ext.B, а награды Вы там подняли в 3 раза практически, звучит вкусно : Глаз упал на forumrunner, ведь там была sql-injcve 16 года ПРимерно за час была обнаружена SSRF, да не прост...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2021/04/09 7:12 p.m.41 views

HackerOne: New link opening method makes hackerone vulnerable to tabnabbing

Summary: Hackerone recently changed how it opens the external links and this new way is vulnerable to tabnabbing. Description: Please see the POC. Steps To Reproduce 1. Click here: https://awasthi7.github.io/ 2. Click on proceed when warning appears. 3. The site will open in new tab and hackerone...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2021/04/02 10:40 a.m.41 views

Moneybird: No rate Limit

Mailing to our support team using the support center in the application was improperly rate limited. There is now a better rate limiter in place...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2021/03/31 8:24 a.m.40 views

Nextcloud: Leak arbitrary file under nextcloud android client privacy directory

Steps to reproduce: 1.install and login nextcloud android client 2.create a directory and set it 'shareable' 3.install the poc app "setresultcontactphotocrop" key code: EvilActivity public class EvilActivity extends AppCompatActivity final static String PRIVATEURI =...

4.3CVSS1.4AI score0.00881EPSS
Exploits1
Hacker One
Hacker One
added 2021/03/29 5:9 a.m.40 views

HackerOne: Bypassing the External Link Warning

Summary: As the HackerOne team is aware, the URL https://hackerone.com/users/saml/[email protected] can redirect users to external pages. Because of this, there is a protection in the links created by Markdown to show the user a warning when clicking in any link started with...

2.2AI score
Exploits0
Hacker One
Hacker One
added 2021/03/24 12:40 p.m.40 views

BlockFi: credentials found in config file on github

Summary: Hi, credentials belonging to blockfi.com was found exposed on github, these credentials can lead to attackers gaining access into the network and stealing information and destroying servers Steps To Reproduce:...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2021/03/10 5:13 a.m.40 views

Mail.ru: Stored xss in calendar via call link

Call link URI schema in calendar.mail.ru web application was filtered improperly, allowing malicious javascript: links...

2.6AI score
Exploits0
Hacker One
Hacker One
added 2021/01/11 12:36 a.m.40 views

TikTok: Lack of rate limitation on careers site allows the attacker to brute force the verification code

An attacker could have potentially attempted to brute force the verification code needed to reset a candidate's password by leveraging a lack of rate limiting on the TikTok careers portal. We thank @iambouali for reporting this to our team and confirming the resolution...

4.1AI score
Exploits0
Hacker One
Hacker One
added 2020/11/30 3:27 p.m.40 views

Stripo Inc: No rate limit in email subscription

I managed to bypass the following report 1029723 please follow the steps below: Description: No rate limit in Email Subscription, you just have to add a fixed throttle in Burp Suite to avoid the 429 response. Note: I will use tempmail in the screenshots PoC Steps: 1. Go to https://stripo.email/ a...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2020/11/20 5:1 p.m.40 views

Automattic: Stored XSS in Intense Debate comment system

Hi Team, Summary: The Intense Debate comment system is vulnerable to stored xss by users , this would allow for atacking admins/users on the blog , Platforms Affected: Intense Debate comment system Steps To Reproduce: 1. Go to intensedebate.com/moderate/-ID- 2. Go to comments allow images in...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2020/09/28 12:24 a.m.40 views

Mail.ru: Stored XSS through fileupload

Stored XSS in view uploaded file functionality on static.donationalerts.ru...

1.8AI score
Exploits0
Hacker One
Hacker One
added 2020/09/26 12:29 a.m.40 views

U.S. Dept Of Defense: hardcoded password stored in javascript of https://████.mil

Summary: I have discovered a cleartext password stored within a javascript. This password allows me to authentication to https://█████.mil. Description: I have discovered a cleartext password stored within a javascript. This password allows me to authentication to https://███████.mil. To confirm...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2020/09/24 6:40 a.m.40 views

Zomato: Improper Validation at Partners Login

Timeline | Timeline | Action | |---|---| | Thu, 24 Sep 2020, 12:10 IST | Researcher submitted the report on H1 with initial severity as High. | | Thu, 24 Sep 2020, 12:32 IST | First response - we asked for clarification via demonstration on attack scenarios. Parallelly, we began our own...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2020/09/18 6:33 a.m.40 views

Shopify: Privilege Escalation in Point Of Sale Application from POS Manage Staff Role to potentially Store Owner

I was playing a bit with the Point Of Sale application and it came to my attention that it is possible to navigate from the Point Of Sale Application up to the Plan & Permission in the admin. I am not sure if this is intentional, but since it leads to potentially take over a shop, I'm reporting i...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2020/05/31 8:37 a.m.40 views

h1-ctf: [H1-2006 2020] I made the CEO's bounty payment!

^FLAG^736c635d8842751b8aafa556154eb9f3$FLAG$ I will write the details in comment. Impact I have headache now...

2.1AI score
Exploits0
Hacker One
Hacker One
added 2020/05/21 2:16 a.m.40 views

Mail.ru: MySQL username and password leaked on [2017.russianaicup.ru]

Configuration file available via web interface could disclosure potenrially sensitive inormation Configuration file available via web interface could disclosure potentially sensitive information...

2.2AI score
Exploits0
Hacker One
Hacker One
added 2020/05/13 6:5 p.m.40 views

Concrete CMS: Stored XSS in the file search filter

Download Concrete5 8.5.2 and install it 2. Log into your Concrete5 instance as admin 3. Go to Dashboard Files Search 4. In the file search bar, click Advanced 5. In the window that appears, enter a phrase and click the save button, paste the following payload: and click the save button 6. In the...

7AI score
Exploits0
Hacker One
Hacker One
added 2020/04/20 6:18 p.m.40 views

X (Formerly Twitter): 暴力破解用户密码没有速率控制

http://www.twitter.com的登录功能存在一个问题,只限制了单个用户尝试登录系统的错误次数,并不限制用固定的密码去尝试登录不同用户,或者是撞库 请您跟着视频操作,否则无法复现到此问题 Impact 暴力破解用户密码没有速率控制...

6.9AI score
Exploits0
Total number of security vulnerabilities5000