Lucene search
K
HackeroneMost viewed

15369 matches found

Hacker One
Hacker One
added 2014/08/18 4:4 a.m.161 views

Greenhouse.io: openssh-server Forced Command Handling Information Disclosure Vulnerability on blog.greenhouse.io

Summary of the issue: The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by...

3.5CVSS5.3AI score0.03672EPSS
Exploits0
Hacker One
Hacker One
added 2025/07/13 8:12 p.m.161 views

8x8: █.8x8.vc/index.js: Exposed Google Maps API Key Allowing Potential Abuse of Paid Services

The Google Maps API key was inadvertently exposed in client-side code, allowing potential unauthorized access to some Google Maps services. The issue was promptly addressed by implementing appropriate API key restrictions where feasible...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2024/09/16 4:20 a.m.160 views

mycompany VDP: This test report has been disclosed by 20_root.

This test report has been disclosed by 20root. ████...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/07/20 4:31 p.m.160 views

Daimler Truck: Time-based SQL Injection

CWE: CWE-89 CVSS: 9.1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N URL: www.bharatbenz.com//dealer/0'XORifnow=sysdate,sleep20,0XOR'Z QL injection SQLi refers to an injection attack wherein an attacker can execute malicious SQL statements that control a web application's database server. Impact ...

9AI score
Exploits0
Hacker One
Hacker One
added 2021/12/13 11:42 p.m.160 views

Acronis: [CVE-2021-44228] nps.acronis.com is vulnerable to the recent log4shell 0-day

Summary The website at nps.acronis.com is vulnerable to CVE-2021-44228 Steps To Reproduce I used this script to find this. It spins up an interact-sh server to receive the callback and send the payload in the query string and about 30 diffent headers. You can reproduce manually with curl and...

9.3CVSS1.3AI score0.99999EPSS
Exploits348
Hacker One
Hacker One
added 2020/06/11 2:35 a.m.160 views

h1-ctf: [h1-2006 2020] Write up for H1-2006 CTF

I huffed and puffed my way up a flight of stairs into a dimly lit, dusty room, looking for Sherlock. As I made way through scattered books, I exclaimed, "Sherlock, wake up! It’s that time of the year. h1-ctf, a chance to get an invitation to hackerone’s live hacking event. “zer0ttl, of course! Yo...

7AI score
Exploits0
Hacker One
Hacker One
added 2018/11/17 8:41 a.m.160 views

OLX: SQL Injection https://www.olx.co.id

I found the SQL Injection security hole on the website https://www.olx.co.id, this is a critical finding. here is the POC from the findings that I got Affectect:https://www.olx.co.id/ajax/buybundle/getbundle/ POC: Request DATA POST /ajax/buybundle/getbundle/ HTTP/1.1 Host: www.olx.co.id User-Agen...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2021/06/28 5:37 p.m.159 views

Nextcloud: Text app leaks file path of shared files

By sending a request for a share without a README.md, the whole file path will be returned to the user: PUT /apps/text/public/session/create?token=EHTs4P7kATowiMg HTTP/1.1 Host: cloud.nextcloud.com User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:89.0 Gecko/20100101 Firefox/89.0 Accept...

5CVSS6.2AI score0.01381EPSS
Exploits0
Hacker One
Hacker One
added 2020/09/14 3:56 p.m.159 views

Basecamp: Information Disclosure of Garbage Collection Cycle

Hello, Upon enumerating a subdomain content I found a directory that discloses the duration of the garbage collection cycles. I think that these information should be kept private because public should not know information about the target application and how it operates or do its garbage...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2020/08/18 2:19 a.m.159 views

Solana BBP: Sensitive data leaks [username, password, keys]

Summary: Hello team, This bug shows some critical asset like secret username, password, keys, etc. publicly on githubq Steps To Reproduce: Please visit the url below 1. https://github.com/solana-labs/solana/blob/e310bad7ab09a4a5bd23314983bffa1707506230/.buildkite/env/secrets.ejson 2...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2020/04/29 3:28 a.m.159 views

Semrush: OAuth `redirect_uri` bypass using IDN homograph attack resulting in user's access token leakage

Issue Summary: It was found that SEMrush OAuth implementation fails to properly validate the value of redirecturi parameter which was bypassed using IDN homograph attack which results in leaking the user's access token to an attacker-controlled domain name. IDN homography attack exploits the fact...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2019/08/26 7:17 p.m.159 views

WordPress: Parameter tampering : Price Manipulation of Products

Hello Security Team, I have found that you can buy any products in less amount or even we can say as free by changing the price of the product!! POC : 1 go to https://mercantile.wordpress.org/ 2 choose any product and add to cart 3 Now go to cart add your billing details 4 Intercept request with...

7AI score
Exploits0
Hacker One
Hacker One
added 2019/08/19 10:30 p.m.159 views

GitLab: Container scanning and Dependency scanning report leaked to unauthorized users

Hi GitLab Security team Summary GitLab makes the container scanning and dependency scanning information available as part of a JSON endpoint for merge requests. These reports are output of the CI job and should only be displayed if the visiting user has access to CI. However, right now GitLab...

9.3CVSS8.6AI score0.51298EPSS
Exploits24
Hacker One
Hacker One
added 2017/08/19 11:53 p.m.159 views

Mail.ru: Clickjacking Full account takeover and editing the personal information at [account.my.com]

Hi, while i was testing i found that my.com is vulnerable to clickjacking so i checked if the settings page is vulnerable or not and it was vulnerable so now this has a risk!, the attacker could make an exploit code at the changing password page to takeover the victim account, and the same with t...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2015/04/17 2:37 a.m.159 views

Dropbox: SSRF vulnerablity in app webhooks

Server Side Request Forgery SSRF is a vulnerabilty which allows an attacker to make web requests from the context of the server host machine to arbitrary URL's. This vulnerability can allow the attacker to access resources internal to the network, which would otherwise be inaccessible. This...

Exploits0
Hacker One
Hacker One
added 2022/04/29 10:49 p.m.158 views

U.S. Dept Of Defense: [CVE-2020-3452] Unauthenticated file read in Cisco ASA

i found out that https://█████████/ was vulnerable to CVE-2020-3452 The IP has a SSL certificate pointing to █████████ curl -kv https://██████████/ Output Server certificate: subject: C=US; ████.mil Impact Anyone can read any file present on the server. System Hosts ███ Affected Products and...

5CVSS0.2AI score0.99992EPSS
Exploits24
Hacker One
Hacker One
added 2020/07/05 4:53 a.m.158 views

Shopify: Subdomain Takeover of multiple *.ttcdn.co domains

@priyanshuxo demonstrated being able to takeover multiple ttcdn.co subdomains. While we removed the DNS records, the ttcdn.co domain is out of scope for our program, making this report ineligible for a bounty. This is a limited disclosure at their request...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2020/07/01 9:43 a.m.158 views

SMTP2GO: Stored XSS at https://app.smtp2go.com/settings/users/

Vulnerability : A. Type:- Cross Site Scripting Stored B. Description:- Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Summary : When you will create a particular user...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2020/06/09 8:48 p.m.158 views

h1-ctf: [H1-2006 2020] From multiple vulnerabilities to complete ATO on any customer account and staff admin

First of all, thanks for the awesome CTF. I enjoyed it very much : Summary The CTF was about helping HackerOne's beloved CEO, @martenmickos, to approve May bug bounty payments after he has lost his login details for BountyPay. It all started with this tweet: F860982 And as you all know, I had to...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2020/06/04 8:41 p.m.158 views

GitHub Security Lab: [Java] CWE-939 - Address improper URL authorization

This bug was reported directly to GitHub Security Lab...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2020/01/07 8:3 p.m.158 views

Ian Dunn: xmlrpc.php FILE IS enable it can be used for conducting a Bruteforce attack and Denial of Service(DoS)

Hi Team, The website https://www.iandunn.name has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. URL:...

7AI score
Exploits0
Hacker One
Hacker One
added 2019/10/22 12:37 p.m.158 views

Infogram: LFI through the MySQL connection

Hello team! I've found a way to read Infogram's server local files through the MySQL connection. The problem is that you're using the LOAD DATA LOCAL feature with your MySQL client. This how an attacker can easily send server's local files to her/his database. I've successfully readed the...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2017/04/27 2:29 a.m.158 views

WordPress: Lack of Password Confirmation when Changing Password and Email

Hello Team, I noticed that it is not necessary to put your Password when Changing Emails, Password, etc.. which is easy to an attacker to Change it's Victim's Credentials when he hijack or takeover an account on wordpress forum account. Let me know if you need more information. Best Regards,...

2AI score
Exploits0
Hacker One
Hacker One
added 2016/05/30 3:56 a.m.158 views

Pornhub: [phpobject in cookie] Remote shell/command execution

The researcher was able to exploit a vulnerable deserialization function in PHP leading to remote shell on a production server...

3.7AI score
Exploits0
Hacker One
Hacker One
added 2016/02/26 11:12 a.m.158 views

Algolia: API Key added for one Indices works for all other indices too.

Hi, I created one API key and restricted it to only one index by adding it and gave it right for creating record. Now this api can be used to add records in other indeces in same account. Screenshot is attached...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2016/01/28 4:56 p.m.158 views

Internet Bug Bounty: OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

Full write up: http://intothesymmetry.blogspot.ch/2016/01/openssl-key-recovery-attack-on-dh-small.html DH small subgroups CVE-2016-0701 ================================== Severity: High Historically OpenSSL usually only ever generated DH parameters based on "safe" primes. More recently in version...

2.6CVSS6AI score0.83645EPSS
Exploits1
Hacker One
Hacker One
added 2015/06/06 8:37 a.m.158 views

HackerOne: mailto: link injection on https://hackerone.com/directory

I just found that entering a non-existing porogram returns the following response: The Directory doesn't have a profile matching these criteria. If an organization has published security contact information or a vulnerability disclosure policy, please let us know. The bold part has a mailto: link...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2023/03/07 3:11 p.m.157 views

Internet Bug Bounty: Apache Airflow Google Cloud Sql Provider Remote Command Execution

An improper input validation vulnerability was discovered in Apache Airflow Google Provider before version 8.10.0, which could allow an attacker to execute remote commands on the victim's machine by modifying the existing connection configuration information. The vulnerability was discovered by X...

7.6AI score
Exploits0
Hacker One
Hacker One
added 2023/02/09 11:24 a.m.157 views

HackerOne: Scope information is leaked when visiting policy scopes tab of any External Program

Scope information was leaked when visiting the policy scopes tab of any external program on HackerOne, allowing unauthorized users to view private program details. The vulnerability was caused by the new scope policy feature that displayed all program names and scopes using the new functionality...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2021/07/09 8:59 p.m.157 views

Acronis: Subdomain takeover of main domain of https://www.cyberlynx.lu/

Summary Hi Acronis Security Team , Hope you well. I found one of your subdomains which is www.cyberlynx.lu One of your Acquisition is pointing towards www.cyberlynx.lu canonical name = www118.wixdns.net. www118.wixdns.net canonical name = balancer.wixdns.net. balancer.wixdns.net canonical name =...

Exploits0
Hacker One
Hacker One
added 2021/03/09 6:23 p.m.157 views

GitHub Security Lab: Java: Fix NashornScriptEngine detection in ScriptEngine query

This bug was reported directly to GitHub Security Lab...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2020/03/05 11:34 p.m.157 views

Mail.ru: Brute-force any email account through allods.mail.ru

!!! Полная версия отчета со скриншотами находится во вложенном PDF-файле. Vulnerability Technical description ========================= По адресу https://allods.mail.ru/account.php находится форма регистрации нового пользователя в игре. В процессе заполнения формы, посылается Ajax POST-запрос в...

7AI score
Exploits0
Hacker One
Hacker One
added 2019/11/24 10:24 a.m.157 views

Internet Bug Bounty: Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd

Full background information is at our website and detailed information can be found in our research paper. Vulnerability Summary First Disclosure Summarized, the Dragonfly handshake of WPA3 and EAP-pwd is supposed to prevent dictionary attacks. However, we discovered design flaws that still enabl...

7.5CVSS8AI score0.07624EPSS
Exploits1
Hacker One
Hacker One
added 2019/07/18 3:45 p.m.157 views

Equifax-vdp: Important information leaked on Github

While searchin on Github about Equifax i found some juicy information like a username and password of this subdomain https://transport5.ec.equifax.com/, internal ip of the database and its username & password In the following link...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2019/01/05 2:46 a.m.157 views

Liberapay: User Enumeration

@offgouvea reported a user enumeration issue. User enumerations are out-of-scope as mentioned in our program's policy...

1.8AI score
Exploits0
Hacker One
Hacker One
added 2018/12/21 11:28 p.m.157 views

RATELIMITED: Hackerone1

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: add summary of the vulnerabili...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2017/10/24 5:36 p.m.157 views

Infogram: User enumeration via forgot password error message

Hi Team, Vulnerable URL : https://infogram.com/forgot Description: During testing forgot password field whether it's rate limiting is working or not, I noticed forgot password field is vulnerable to user enumeration. When user enter email id which is not available into database it shows an error ...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/06/24 6:50 a.m.157 views

arxius: Local File Disclosure via ffmpeg

Summary ffmpeg is a video and audio software that is used for generating previews and for converting videos. Your current installation allows HLS playlists that contain references to external files, which leads to local file disclosure. Reproduction 1. Download this script...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2016/12/01 6:27 a.m.157 views

Open-Xchange: Web Browser XSS Protection Not Enabled

Web Browser XSS Protection is not enabled, or is disabled by the configuration of the 'X-XSS-Protection' HTTP response header on the web server http://www.dovecot.fi/s=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Csystem.ini&submit=Search...

6AI score
Exploits0
Hacker One
Hacker One
added 2016/01/13 11:59 p.m.157 views

HackerOne: HTML injection can lead to data theft

Hey, This is more like an in-depth security thing with a reasonable attack scenario. In some occasions, it seems to be possible to leak sensitive data to an external server, not affected by the CSP. This can happen in the following situation: 1. There's a HTML injection vulnerability 2. The...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2023/05/19 7:34 p.m.156 views

curl: Cache purge requests are not authenticated

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2021/02/27 9:14 p.m.156 views

Internet Bug Bounty: Integer overflow in CipherUpdate

Summary: I reported an integer overflow to the OpenSSL security list on Dec 13, 2020 and it was fixed in OpenSSL 1.1.1j. Reporting it here for the bounty. It was assigned CVE-2021-23840 https://nvd.nist.gov/vuln/detail/CVE-2021-23840 which NVD rated CVSS 7.5. Amusingly, the same bug worked around...

6.4CVSS8.1AI score0.50732EPSS
Exploits1
Hacker One
Hacker One
added 2021/01/05 5:35 p.m.156 views

GitHub Security Lab: [Java] CWE-555: Query to detect password in Java EE configuration files

This bug was reported directly to GitHub Security Lab...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2020/07/18 12:52 a.m.156 views

curl: curl overwrites local file with -J option if file non-readable, but file writable.

Summary: When using -J -O options on curl command line tool and a server responding with a header that is using Content-Disposition to provide a filename, existing local file will be overwritten if the file is non-readable by the current user, but file is writable by the current user. Curl contai...

4.6CVSS7.4AI score0.01236EPSS
Exploits1
Hacker One
Hacker One
added 2020/06/10 6:38 a.m.156 views

h1-ctf: [H1-2006 2020] Multiple vulnerabilities allow to leak sensitive information

Summary: --------------------- Hello team! This report is detailed write-up for chain of vulnerabilities that ended up with leaking sensitive information - a flag. CTF itself was really fun and I've enjoyed it. Hope you find my report valid and useful. Steps To Reproduce: ---------------------...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2019/07/12 3:23 p.m.156 views

Internet Bug Bounty: Basic Authentication Heap Overflow

Summary: An attacker can get arbitrary data overflowed in the heap via Basic Authorization base64 blob. Even when basic auth isn't configured. Report sent to developers When calling HttpHeader::getAuth the field value will be base64 decoded. The call to the decode method doesn't ensure that the...

6.8CVSS9.9AI score0.50454EPSS
Exploits0
Hacker One
Hacker One
added 2017/01/02 7:10 p.m.156 views

Slack: Subdomain takeover on podcasts.slack-core.com

I noticed slack-core.com is used for Slack's call infrastructure. I had never seen that domain before, so I decided to find out what else was running on it. It turned out podcasts.slack-core.com was pointing to a Podcast and RSS hosting service called Feed.Press. However, there was no Feed.Press...

Exploits0
Hacker One
Hacker One
added 2021/07/15 10:57 p.m.155 views

GitHub Security Lab: [Java]: CWE 295 - Insecure TrustManager - MiTM

This bug was reported directly to GitHub Security Lab...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2020/07/06 8:58 p.m.155 views

GitHub Security Lab: CodeQL query for disabled revocation checking

This bug was reported directly to GitHub Security Lab...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2020/06/25 8:26 a.m.155 views

8x8: PHPinfo page on http://█████.callstats.io

PHPInfo file was exposed on legacy system. phpinfo was available at callstats.io subdomain. It disclosing information on a server and PHP version information...

0.3AI score
Exploits0
Total number of security vulnerabilities5000