Lucene search
K
HackeroneMost viewed

15370 matches found

Hacker One
Hacker One
added 2020/01/29 1:1 a.m.101 views

Razer: AWS subdomain Takeover at estore.razersynapse.com

The tester discovered the razersynapse.com domain was vulnerable to a subdomain takeover. Although this is out of scope of our program, we appreciate the tester bringing this to our attention...

2.5AI score
Exploits0
Hacker One
Hacker One
added 2017/12/15 2:29 p.m.101 views

HackerOne: HTTP Parameter Pollution using semicolons in iframe element at hackerone.com/careers allows loading external Greenhouse forms

Summary: I noticed that HackerOne career pages loads it's application forms from Greenhouse.io via an iframe. The ghjid parameter value is taken into the iframe element for the token parameter in the iframe URL boards.greenhouse.io. Any html characters are escaped in order to avoid XSS and possib...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2016/02/18 3:27 a.m.101 views

Uber: Multiple Vulnerabilities (Including SQLi) in love.uber.com

Hi, I noticed you are using a critically vulnerable version of WMPL. By accessing http://love.uber.com/wp-content/plugins/sitepress-multilingual-cms/changelog.md, Attacker could find out http://love.uber.com/ is running WMPL version 3.1.8.4 Which is Vulnerable to, 1. SQL injection which gives ful...

6.4CVSS7.3AI score0.13386EPSS
Exploits1
Hacker One
Hacker One
added 2023/01/22 12:3 a.m.100 views

Automattic: Stored XSS on app.crowdsignal.com your-subdomain.crowdsignal.net via Thank You Header

A stored XSS vulnerability was found on app.crowdsignal.com, allowing an attacker to execute arbitrary JavaScript code on the victim's browser. The vulnerability could be triggered by editing the Thank You Header with a malicious payload and could result in the compromise of sensitive user...

6.4AI score
Exploits0
Hacker One
Hacker One
added 2022/09/02 7:3 p.m.100 views

Node.js: Weak randomness in WebCrypto keygen

https://github.com/nodejs/node/pull/35093 introduced a call to EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1. It does not check the return value, it assumes EntropySource always succeeds, but it can and sometimes will fail. 2. The...

6.4CVSS9.2AI score0.0187EPSS
Exploits1
Hacker One
Hacker One
added 2022/05/05 11:54 p.m.100 views

Phabricator: Possible to make restricted files public on Phabricator via Diffusion

Files on Phabricator are always viewable to a user if they are attached to an object that they can view. It seems Phabricator does check if you can view a file before allowing you to a attach it. If you don't have access to the file, it will just look like this F99999999999 in plaintext. It seems...

2.3AI score
Exploits0
Hacker One
Hacker One
added 2021/07/26 2:28 p.m.100 views

U.S. Dept Of Defense: [CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!

Description: https://████████ is vulnerable to CVE-2021-29156. References https://nvd.nist.gov/vuln/detail/CVE-2021-29156 https://portswigger.net/research/hidden-oauth-attack-vectors...

5CVSS0.8AI score0.76385EPSS
Exploits5
Hacker One
Hacker One
added 2021/07/14 1:21 p.m.100 views

Nextcloud: HEIC image preview can be used to invoke Imagick

The HEIC image preview provider calls into Imagick at https://github.com/nextcloud/server/blob/5d097ddb4b99673f57b8c085dedd93880ee2539d/lib/private/Preview/HEIC.phpL98-L109. This is bad as Imagick processes all kind of image types. One can use this for example to exfiltrate arbitrary files by...

10CVSS0.9AI score0.02604EPSS
Exploits0
Hacker One
Hacker One
added 2021/05/13 1:59 p.m.100 views

Kaspersky: No Rate Limit On Forgot Password Page

Reported security issue allowed a potential attacker to abuse the password recovery option on our My Kaspersky portal for mass sending of password recovery messages. This was fixed with a password reset throttling feature to protect our service from its abuse by third parties. Note that this...

3.6AI score
Exploits0
Hacker One
Hacker One
added 2020/10/16 1:57 p.m.100 views

Basecamp: Possible DOM XSS on app.hey.com

Summary: Hello Team, While testing it was observed that on https://app.hey.com/, on Search box there is a possibility of XSS. Although the payload is reflected in the DOM but the CSP blocks the execution of the script, the XSS can happen if the CSP is somehow bypassed. The Subject parameter is...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2020/04/10 2:57 a.m.100 views

Topcoder: SVG file upload leads to XML injection

Summary: Upload Avatar option allows the user to upload image/ . Thus enabling the upload of many file formats including SVG files MIME type: image/svg+xml SVG files are XML based graphics files in 2D images. Thus, this opens up an attack vector to upload specially crafted malicious SVG files. Th...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2020/02/24 1:54 a.m.100 views

Monero: Monero wallet password change is confirmed when not matching

Summary: If you change your wallet password in gui, the confirmation does not need to match the new password. Releases Affected: list each version and OS of the application affected list each version and OS of the application affected Steps To Reproduce: Open your wallet. Go to settings. Change...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2020/01/31 8:36 a.m.100 views

Mail.ru: [API] ICQ user's avatar can be manipulated remotely

Description: При обращении к API методу установки аватара пользователя https://ub.icq.net/files/api/v1.1/avatar/set Можно передать дополнительный GET параметр: targetSn - с установленным UIN'ом любого пользователя Тем самым можем изменить аватарку у любого пользователя Steps To Reproduce: 1...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2019/11/01 11:26 a.m.100 views

New Relic: [Bypass] Code injection to open redirect in https://insights.newrelic.com/accounts/2521182/dashboards/1026927

INTRODUCES: Overcoming mechanism of controlling url insertion, redirecting users to fake pages STEPS: Payload: Add dashboard note and insert code malicious. Code : Click link to view note detail : Impact Redirecting users to malicious pages, stealing user information such as fake scripts and user...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2019/09/21 4:13 a.m.100 views

Razer: Race Condition in Oauth 2.0 flow can lead to malicious applications create multiple valid sessions

The tester discovered a flaw in the Razer ID authentication system that could allow multiple access tokens. This was a minor issue but could theoretically have led to extended access due to unexpired tokens. Razer thanks the tester for their diligence. Here is a write-up for similar bug:...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2019/09/01 11:28 a.m.100 views

HackerOne: Searching from Hacktivity returns hits for words in limited disclosure reports that are not visible

Summary: It appears I'm able to discover words used in limited disclosed reports, that are not publicly visible, by using the search function available from the Hactivity page. Description: Recently I was investigating a finding for another program which involved exploiting XSS ████. I wondered h...

6AI score
Exploits0
Hacker One
Hacker One
added 2018/10/15 11:12 p.m.100 views

PayPal: [PayPal Android] Remote theft of user session using push_notification_webview deeplink

A deeplink feature built into the PayPal Android application failed to validate the requested endpoint. A specifically crafted request from a website or separate app on the device could call the deeplink and direct traffic to any destination. While the impact was limited by compensating controls,...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2017/08/26 4:54 a.m.100 views

GSA Bounty: Server Side Misconfiguration (EMAIL SPOOFING)

Hi team, Bug Type: Server Security Misconfiguration Mail Server Misconfiguration Missing SPF on Email Domain Weakness: Improper Authentication Description: i observe this when i send a email from [email protected] through http://emkei.cz/ to email [email protected] and afte...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/07/30 9:59 a.m.100 views

Legal Robot: Lack of input validation in e-mail & user name, job title, company name field

Hi, During sign up input validation didn't deploy properly on e-mail & name field. I've tested inputing following e-mail during sign up: hacker%@gmail.com Your system send email to verification the account though the e-mail address is invalid as gmail doesn't allow user to sign up using special...

2.4AI score
Exploits0
Hacker One
Hacker One
added 2017/07/12 11:21 a.m.100 views

X (Formerly Twitter): XXE on sms-be-vip.twitter.com in SXMP Processor

Hi team, What type of issue are you reporting? Does it align to a CWE or OWASP issue? I've identified an XXE vulnerability in the cloudhopper sxmp servlet on sms-be-vip.twitter.com which discloses local files to an external attacker and allows web requests to be sent. This aligns to...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2017/05/04 8:28 p.m.100 views

Pornhub: I am because bug

I'm because I hacker found bug because I report this bug I want to report a bug and because want some $$$$ so please because you are telling me how much you pay money so I give you bug. Me because very poor :' want money because father :' F181917 Thank you wish you because pay lots $$$$$$$$...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2017/03/31 12:18 p.m.100 views

Udemy: sweet32

hello have found new attack against 3DES-CBC cipher in TLS,that they can decrypt customer data using a method called SWEET32 Birthday Attack. This Vulnerability has got CVE-2016-2183 and has cvss score 5.0 in atach you will see a print screen vuln confirmation by nmap script Mitigation for SWEET3...

5CVSS7.7AI score0.95707EPSS
Exploits7
Hacker One
Hacker One
added 2017/02/13 10:21 a.m.100 views

Boozt Fashion AB: Application code is not obfuscated -- OWASP M9 (2016)

Description : Boost android app is not obfuscated which lead to view the source code of the app. Impact : Attackers can steal code and reuse it or sell it to create new application or create a malicious fake application based on the initial one. POC : Step 1 : First, I did the basic reverse...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2016/02/01 2:15 p.m.100 views

Zomato: Subdomain Takeover

Hello, Your Subdomain engineering.zomato.com is Pointing to Tumblr.com You should immediately remove the DNS-entry for engineering.zomato.com is Pointing to Tumblr.com.. Any One Can Claim That Domain , Please Read The Advisory Below. Remediation Please make sure you're always going through your...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2015/10/04 9:38 p.m.100 views

Shopify: customers password hash leak!!!!

An endpoint in the Draft Order feature would return a serialized version of the Customer that contained the account password hashed and salted as well as the last password reset token when available...

2.4AI score
Exploits0
Hacker One
Hacker One
added 2015/05/28 12:0 a.m.100 views

Internet Bug Bounty: Null pointer dereference in phar_get_fp_offset()

https://bugs.php.net/bug.php?id=69720...

6.8CVSS8.3AI score0.10288EPSS
Exploits0
Hacker One
Hacker One
added 2015/04/10 7:33 a.m.100 views

Shopify: Lack of SSL Pinning on POS Application ( iOS )

Description Given that this is a POS application and handle CHD, cryptographic security is of most importance. Applications such as Square, Amazons POS, etc. have already implemented this. The iOS application is correctly checking for SSL certs using the os keychain, but due to the lack of checki...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2014/09/17 12:0 a.m.100 views

Internet Bug Bounty: mod_proxy_fcgi buffer overflow

This issue was reported directly to the Apache team. A buffer overflow was found in modproxyfcgi. A malicious FastCGI server could send a carefully crafted response which could lead to a heap buffer overflow. http://httpd.apache.org/security/vulnerabilities24.html2.4.11-dev...

5CVSS8.7AI score0.10783EPSS
Exploits0
Hacker One
Hacker One
added 2014/03/11 12:0 a.m.100 views

Internet Bug Bounty: Same Origin Security Bypass Vulnerability

This bug was reported directly to Adobe. http://helpx.adobe.com/security/products/flash-player/apsb14-08.html...

6.4CVSS6.3AI score0.04293EPSS
Exploits0
Hacker One
Hacker One
added 2023/04/21 10:49 a.m.99 views

8x8: Credential leak on GitHub: https://github.com/█/█/ (Peoplesoft CRM)

Credentials for a database associated with Peoplesoft CRM were leaked on GitHub. The leak was reported and the repository containing the credentials was taken down. The credentials were associated with a database that is no longer in use...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/02/27 6:52 a.m.99 views

U.S. Dept Of Defense: DoS at █████(CVE-2018-6389)

A vulnerability in WordPress allowed unauthenticated attackers to launch a denial of service attack by listing a large number of registered .js files from wp-includes/script-loader.php. The vulnerability was assigned CVE-2018-6389. Attackers could use this function to deplete server resources and...

7.5CVSS7.3AI score0.73098EPSS
Exploits11
Hacker One
Hacker One
added 2022/09/27 5:29 p.m.99 views

Mars: Jolokia Reflected XSS

Summary: salam Hi team i hope you are well , after doing some recon on mars.com i saw that the website use jolkia 1.3.5 it's vulnerable to reflected XSS Steps To Reproduce: 1. Vuln Link : https://couponsmanager-uat.b2b.mars.com/jolokia/read%3Csvg%20onload=alertdocument.cookie%3E?mimeType=text/htm...

4.3CVSS1.8AI score0.25459EPSS
Exploits1
Hacker One
Hacker One
added 2022/05/11 7:20 a.m.99 views

Internet Bug Bounty: CVE-2022-27782: TLS and SSH connection too eager reuse

Summary: Curl fails to consider some security related options when reusing TLS connections. For example: TLS CURLOPTSSLOPTIONS CURLOPTPROXYSSLOPTIONS CURLOPTCRLFILE CURLOPTPROXYCRLFILE CURLOPTTLSAUTHTYPE CURLOPTTLSAUTHUSERNAME CURLOPTTLSAUTHPASSWORD CURLOPTPROXYTLSAUTHTYPE...

5CVSS7AI score0.02596EPSS
Exploits1
Hacker One
Hacker One
added 2021/08/12 7:3 a.m.99 views

UPchieve: CLICKJACKING LEADS TO DEACTIVATE ACCOUNT

Hello UPCHEIVE SECURITY TEAM, I'm Anto Vulnerability : Clickjacking in https://hackers.upchieve.org/profile Steps to Reproduce: 1. Create a HTML file with following code Click the place where its shows Click 1 Click 2 Click 2 2, Save and Open it on your browser the page will be appear. Impact An...

6.4AI score
Exploits0
Hacker One
Hacker One
added 2021/07/02 10:43 p.m.99 views

GitHub Security Lab: [Java]: CWE-665 Insecure environment during RMI/JMX Server initialisation - All for one bounty

This bug was reported directly to GitHub Security Lab...

2.6AI score
Exploits0
Hacker One
Hacker One
added 2021/02/04 12:2 a.m.99 views

GitHub Security Lab: [Java] CWE-326: Query to detect weak encryption with an insufficient key size

This bug was reported directly to GitHub Security Lab...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2021/01/07 2:52 p.m.99 views

Kubernetes: XSS on kubernetes-csi.github.io (mdBook)

Report Submission Form Summary: Hi, I have recently found XSS vulnerability in mdBook CVE-2020-26297, fixed and disclosed on 4th January 2020. The details were published in a security advisory here: https://blog.rust-lang.org/2021/01/04/mdbook-security-advisory.html I did a quick recon and found ...

4.3CVSS6.5AI score0.01254EPSS
Exploits0
Hacker One
Hacker One
added 2020/12/17 5:58 p.m.99 views

GitHub Security Lab: Java: Add SSRF query for Java

This bug was reported directly to GitHub Security Lab...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2020/07/23 2:16 a.m.99 views

U.S. Dept Of Defense: Path traversal on https://███ allows arbitrary file read (CVE-2020-3452)

Summary: According to Cisco: A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targete...

5CVSS0.7AI score0.99992EPSS
Exploits24
Hacker One
Hacker One
added 2020/06/25 12:38 p.m.99 views

Mail.ru: HTML/iframe/XSS injection on https://www.ucs.ru/online/shelter/settings/check/

Potential XSS via POST parameters in www.ucs.ru...

3AI score
Exploits0
Hacker One
Hacker One
added 2020/06/10 7:52 p.m.99 views

h1-ctf: [h1-2006 2020] Chained vulnerabilities lead to account takeover

Summary Mårten Mickos lost his account for BountyPay, the new service HackerOne is using to pay bug bounties. In this report I explain how I accessed a customer's account using a log file and bypassed its 2FA validation. I then leverage an open redirect bug to gain access to an internal server an...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2020/05/11 10:12 p.m.99 views

HackerOne: Disclosure of the name of a program that has a private part with an external link

Summary: Hi team , @jobert , @bencode . Not so long ago, you made an output to the program panel of information about whether the program has the function- retest. Also, this is reflected in the report by the attribute activeretestsubscription. It seems that it is reflected in publish reports tha...

Exploits0
Hacker One
Hacker One
added 2019/12/28 1:7 a.m.99 views

Stripo Inc: my.stripo.emai email verification bypassed and also create email templates

Summary: According to the Stripo.emai When the new user sign up Stripo.email allow to create email templates after the verification of the email of Your stripo account. Until your email get verified You are not able to create a email templates in your acc. User need to verified their email...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2019/12/27 6:5 a.m.99 views

Kubernetes: Man in the middle using LoadBalancer or ExternalIPs services

I rated this vulnerability as high because trying to rate it with CVSS v3.0 Calculator gives me 9.9 which seems way too high as you do require to be able to create services in the K8S cluster. Summary: This report details 2 ways to man in the middle traffic by: a creating a LoadBalancer service a...

6CVSS5.6AI score0.09274EPSS
Exploits3
Hacker One
Hacker One
added 2019/11/14 6:1 p.m.99 views

Stripo Inc: Redirection through referer tag

Summary: I replaced the referer value https://stripo.email/de/ with www.google.com and it worked, it redirected me to google.com Steps To Reproduce: 1. Open URL https://stripo.email/de/subscribe/ 2. Intercept with BurpSuite 3. Change the parameter value of referer and insert any domain you want i...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2019/10/09 9:28 a.m.99 views

Razer: [razer-assets2] Listing of Amazon S3 Bucket accessible to any AWS cli

The tester determined that an S3 bucket had insecure permissions. No customer data was in danger, but thee was the potential for some Razer product collateral to be prematurely leaked, so Razer secured this bucket out of caution. Full writeup over at...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2019/09/22 8:48 p.m.99 views

Kartpay: bypass captcha in the form forgot password

Summary: In this issue I can bypass Captcha Protection in the Forgot Password form. Browsers Verified In: firefox url: https://affiliate.kartpay.com/ url vulnerable: https://affiliate.kartpay.com/forgotpassword Steps To Reproduce: 1-Enter your email in the forgot password parameter. 2-complet...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2019/06/08 2:0 a.m.99 views

Upserve : DOM Based XSS via postMessage at https://inventory.upserve.com/login/

Description DOM based XSS is possible at https://inventory.upserve.com/login/ due to insecure origin checking when receiving a postMessage. POC 1. Visit https://hq.upserve.com.████████/upservexss.html 2. Click link 3. View alert on https://inventory.upserve.com Vulnerable Code javascript...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2018/09/27 10:16 a.m.99 views

h1-5411-CTF: h1-5411-CTF report: LFI / Deserialization / XXE vulnerability,

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: h1-5411-ctf write-up The CTF...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2017/08/03 6:9 p.m.99 views

Udemy: Violation of secure design principle

A business process issue was reported as a security issue...

6.9AI score
Exploits0
Total number of security vulnerabilities5000