Lucene search
K
HackeroneMost viewed

15369 matches found

Hacker One
Hacker One
added 2022/07/29 5:16 p.m.71 views

GoCD: Open S3 Bucket Accessible by any Aws User

Description: It has been observed that the amazon s3 bucket which i believe belongs to GoCD as it contains data related to GoCD █████ documents and all is misconfigured as a result any unauthenticated users can access it without any restrictions Step-by-step Reproduction Instructions 1.Access...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2021/09/17 10:50 a.m.71 views

Basecamp: Subdomain Takeover due to ████████ NS records at us-east4.37signals.com

Description Hi! I have discovered that us-east4.37signals.com was pointing to an unclaimed ████ NS zone and I've managed to claim it in my account. POC http://nagli.us-east4.37signals.com/takeover.html F1451587 Remediation Make sure to configure the DNS records under us-east4.37signals.com Best...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2021/08/05 3:25 a.m.71 views

Twitter Algorithmic Bias: Economic Harm through Twitter's Cropping Algorithm

Bounty Hunter Name: CyberQueenMeg About You: Megan, also known as CyberQueenMeg, is a passionate rising cybersecurity professional who is interested in programming, cybersecurity, and web development. Megan is a high school senior in a rigorous computer science program at her high school where sh...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2021/06/22 10:49 p.m.71 views

GitHub Security Lab: [Java] BeanShell Injection

This bug was reported directly to GitHub Security Lab...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2021/02/20 12:25 a.m.71 views

Shopify: Stored XSS on apps.shopify.com

Steps to reProduce: 1 Write payload luc1d"@wearehackerone.com as Store contact email in General Settings page.myshopify.com/admin/settings/general F1202181 -- Wait here around 60 mins maybe more idk, it was 60 mins for me for the change to reflect -- You can confirm the change on here...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2020/11/06 2:2 p.m.71 views

HackerOne: Open Redirect on http://events.hackerone.com/redirect?url=https://naglinagli.github.io

@nagli found an open redirect vulnerability in a 3rd party vendor that was used by HackerOne. This system did not contain any data related to reports submitted and stored on hackerone.com. HackerOne worked with the vendor to remediate the vulnerability. The report is partially disclosed to...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2020/10/13 6:21 a.m.71 views

TikTok: Blind SSRF in ads.tiktok.com

A Server Side Request Forgery SSRF vulnerability was reported on the TikTok ads portal. This flaw has since been remediated. We thank @chihuahua for reporting this vulnerability to our team and confirming the resolution...

2.5AI score
Exploits0
Hacker One
Hacker One
added 2020/08/24 1:8 p.m.71 views

Open-Xchange: Failed assert in `mail_index_transaction_lookup`

To reproduce, run test suite on following input : require"vnd.dovecot.testsuite";require "fileinto";require "mailbox";test"" fileinto:create "Folder"; if testresultexecute testmessage:folder "Folder" 2; Output is with ASAN enabled stack trace testsuite: Panic: file mail-index-transaction-update.c...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2020/08/20 5:48 p.m.71 views

Dropcontact: Registering with email [ +70 Chars ] Lead to Disclose some informations [Django Debug Mode ]

We were displaying / leaking sytems information in case of app crash...

2AI score
Exploits0
Hacker One
Hacker One
added 2020/07/28 9:14 a.m.71 views

Acronis: Arbitrary DLL injection in mmsminisrv (Acronis Managed Machine Service Mini)

During initialization, mmsmini.exe service binary of mmsminisrv loads library C:\Program Files x86\Common Files\Acronis\Home\libssl10.dll. The library then tries to load non-existing file: C:\bshudson\workspace\mod-openssl-fips-win\205\product\out\standard\vs2013release\OpenSSL\ssl\openssl.cnf. T...

2.2AI score
Exploits0
Hacker One
Hacker One
added 2020/05/05 4:10 p.m.71 views

Topcoder: Reflected XSS on https://apps.topcoder.com/wiki/pages/createpage.action

Summary: Hi : A reflected XSS occurs on https://apps.topcoder.com/wiki/pages/createpage.action when creating wiki pages. Steps To Reproduce: A user can create wiki pages on https://apps.topcoder.com/wiki/pages/createpage.action?spaceKey=tcwiki. In this url parentPageString and labelsString...

1AI score
Exploits0
Hacker One
Hacker One
added 2018/10/12 7:18 p.m.71 views

HackerOne: Improper UUID validation results in bypass of #419896

This was found while evaluating the vulnerability and patch identified in 419896. I determined the deployed patch to be effective. However, I noticed tracer values could be sent which didn't conform to the UUID specification as characters outside of the a-f and 0-9 ranges could be used. For...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2018/03/23 3:22 p.m.71 views

Upserve : reports.breadcrumb.com is vulnerable for Arbitrary file existence disclosur CVE-2014-7829

A directory traversal vulnerability in a third-party ruby gem allowed a remote actor to determine the existence but not the contents of files outside of the application root...

5CVSS6.2AI score0.04162EPSS
Exploits1
Hacker One
Hacker One
added 2017/11/17 9:58 p.m.71 views

Electroneum: Hackerone [Mainsite Vulnerability]

96 Hello, I was checking out the website Electroneum – Crowdfunding Token Sale – Electroneum – the mobile based cryptocurrency for any vulnerabilities through hackerone. I would like to submit a vulnerability for consideration towards a bounty. Currently you have the file...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2017/11/08 3:36 a.m.71 views

Valve: LFI in pChart php library

Local File Inclusion LFI vulnerability in the pChart php library...

1.6AI score
Exploits0
Hacker One
Hacker One
added 2017/10/31 2:44 p.m.71 views

Gratipay: Reflected SQL Execution

my friend are the best hackers hackerone.com/rashidziaur hackerone.com/smziaurrashid hackerone.com/s4k16 they teach me how to hack a toaster F234731 Please Giv us $$$$$ for our family we are pooor . please consider this bug in your site F234733...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/08/20 11:6 a.m.71 views

Gratipay: Missing Certificate Authority Authorization rule

Certificate Authority Authorization supported by LetsEncrypt and other CAs allows a domain owner to specify which Certificate Authorities should be allowed to issue certificates for the domain. All CAA-compliant certificate authorities should refuse to issue a certificate unless they are the CA o...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2017/04/18 7:39 a.m.71 views

Internet Bug Bounty: Certificate message OOB reads (CVE-2016-6306)

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms. The messages affected are client certificate, client certificate...

4.3CVSS7.9AI score0.41683EPSS
Exploits1
Hacker One
Hacker One
added 2017/03/18 11:25 a.m.71 views

Blockchain: HTTP Header Injection/HTTP_Response_Splitting

Submitter observed that CloudFlare-protected sites will serve content from other CloudFlare-protected sites when the "Host" HTTP request header is modified in transit. A PoC for an attacker to modify a victim user's "Host" HTTP request header could not be presented by the submitter; consequently...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2017/01/24 8:38 p.m.71 views

Internet Bug Bounty: Out of bounds memory read in unserialize()

I have found and reported an out of bounds memory read in PHP: https://bugs.php.net/bug.php?id=73825 It affected all three supported versions and has been fixed with the latest updates: https://secure.php.net/ChangeLog-5.php5.6.30 https://secure.php.net/ChangeLog-7.php7.0.15...

5CVSS8.5AI score0.13314EPSS
Exploits0
Hacker One
Hacker One
added 2016/12/26 2:14 p.m.71 views

Internet Bug Bounty: DoS vulnerability in mod_auth_digest CVE-2016-2161

Malicious input to modauthdigest will cause the server to crash, and each instance continues to crash even for subsequently valid requests. http://httpd.apache.org/security/vulnerabilities24.html...

5CVSS7.5AI score0.20952EPSS
Exploits0
Hacker One
Hacker One
added 2016/07/20 4:2 p.m.71 views

Harvest: CSRF token fixation in Sign in with Google

Hi There is CSRF token fixation in Sign in with Google at https://id.getharvest.com/sessions/new The state parameter is same for any time login https://id.getharvest.com/oauth2/callback?state=%7B%22intent%22:%22sign-in%22%7D&code=code Steps to reproduce 1. Go to...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2016/02/22 8:23 p.m.71 views

Gratipay: X-Content-Type Header Missing For aspen.io

The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared...

1.3AI score
Exploits0
Hacker One
Hacker One
added 2015/12/10 6:51 a.m.71 views

Square Open Source: git-fastclone allows arbitrary command execution through usage of ext remote URLs in submodules

I recently discovered a security vulnerability in git that also affects other programs that manually reimplement submodule-like operations. The recent security update to git0 concerning git-remote-ext URLs in submodules affects git-fastclone similarly. This bug was patched in Git v2.6.1, v2.5.4,...

9.3CVSS9.6AI score0.20144EPSS
Exploits1
Hacker One
Hacker One
added 2015/07/14 10:5 a.m.71 views

QIWI: Session Cookie without HttpOnly and secure flag set

vulnerable URL:https://portal.int.qiwi.com/login.php The PHPSESSID cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser that the cookie can only accessed by the server and not by client-side scripts. This is an important security...

1AI score
Exploits0
Hacker One
Hacker One
added 2014/09/01 8:28 a.m.71 views

Django: CSRF protection bypass on any Django powered site via Google Analytics

I shall explain all the steps to create the final PoC in order to be more clear. Part 1. Cookie Injection via Google Analytics --------------------- Reported to Google, rewarded, still working Google Analytics sets the cookie to track user source:...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2014/03/24 9:54 p.m.71 views

Internet Bug Bounty: SPDY memory corruption

A bug in the experimental SPDY implementation in nginx 1.5.10 was found, which might allow an attacker to corrupt worker process memory by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0088. The problem only affects nginx 1.5.10 on 32-bit platforms,...

7.5CVSS7AI score0.08663EPSS
Exploits0
Hacker One
Hacker One
added 2024/11/07 1:53 p.m.70 views

Localize: open redirected by host header

An Open Redirect vulnerability occurs when an application allows users to be redirected to an external, untrusted URL without validating the redirection target. By controlling the Host header and observing a redirection to the specified external site, you may have found an open redirect...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2024/11/07 8:50 a.m.70 views

Internet Bug Bounty: Apache Airflow: Sensitive Information Exposure in DAG Run Logs

The Apache Airflow platform was vulnerable to sensitive information exposure in DAG run logs. Passwords, secrets, and the Fernet key were logged in plain text, which could have resulted in the disclosure of this sensitive information to unauthorized users...

7.5CVSS6.2AI score0.01295EPSS
Exploits0
Hacker One
Hacker One
added 2024/07/09 4:15 p.m.70 views

Internet Bug Bounty: CVE-2024-38875: Denial-Of-Service through uncontrolled resource consumption caused by poor time complexity of strip_punctuation .

The vulnerability CVE-2024-38875 was discovered in the strippunctuation function used by the urlize and urlizetrunc filters. The function had a poor time complexity of On^2 in the worst case, which could lead to uncontrolled resource consumption when processing input with a large number of openin...

7.5CVSS6AI score0.01187EPSS
Exploits0
Hacker One
Hacker One
added 2024/07/03 7:10 a.m.70 views

Internet Bug Bounty: moderate: Apache HTTP Server: HTTP response splitting (CVE-2023-38709)

moderate: Apache HTTP Server: HTTP response splitting CVE-2023-38709 Faulty input validation in the core of Apache allowed malicious or exploitable backend/content generators to split HTTP responses. This issue affected Apache HTTP Server through version 2.4.58...

7.3CVSS7.2AI score0.03914EPSS
Exploits0
Hacker One
Hacker One
added 2023/11/12 3:57 p.m.70 views

Internet Bug Bounty: CVE-2023-47037: Airflow Broken Access Control Vulnerability

A broken access control vulnerability in Apache Airflow versions before 2.7.3 allowed authenticated users with DAG view authorization to modify some DAG run detail values when submitting notes, potentially altering details such as configuration parameters and start date...

4.3CVSS4.5AI score0.01497EPSS
Exploits0
Hacker One
Hacker One
added 2023/08/24 3:52 p.m.70 views

HackerOne: IDOR - Delete all Licenses and certifications from users account using CreateOrUpdateHackerCertification GraphQL query

All licenses and certifications in HackerOne could be deleted by changing the ID number in the CreateOrUpdateHackerCertification GraphQL query...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/08/11 5:18 p.m.70 views

HackerOne: Bypass of #2035332 RXSS at image.hackerone.live via the `url` parameter

A reflected cross-site scripting RXSS vulnerability was discovered on the image.hackerone.live website. The vulnerability allowed an attacker to bypass the fix implemented for a previous RXSS issue. By modifying the server's response to a HEAD request, the attacker could change the Content-Type a...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2023/05/25 1:38 p.m.70 views

Node.js: HTTP Request Smuggling via Empty headers separated by CR

HTTP Request Smuggling HRS was possible in Node.js v20.2.0 due to the llhttp parser in the http module not strictly using the CRLF sequence to delimit HTTP requests. The CR character without LF was sufficient to delimit HTTP header fields in the llhttp parser, which is not compliant with RFC7230...

7.5CVSS7.7AI score0.03906EPSS
Exploits1
Hacker One
Hacker One
added 2022/05/17 12:9 a.m.70 views

GitHub Security Lab: [python]: Zip Slip Vulnerability

This bug was reported directly to GitHub Security Lab...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2022/03/28 3:8 p.m.70 views

Node.js: HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding

Summary: The llhttp parser in the http module in Node v17.8.0 does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. Description: After 1501679, I did a bit more digging into the issue, and found that there were more flaws in the parsing of...

6.4CVSS7.5AI score0.35079EPSS
Exploits1
Hacker One
Hacker One
added 2022/01/06 1:52 p.m.70 views

Adobe: Log4j Java RCE in [beta.dev.adobeconnect.com]

Hello Security Team, Summary Log4j versions prior to 2.15.0 are subject to a remote code execution vulnerability via the ldap JNDI parser. As per Apache's Log4j security guide: Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2021/08/16 3:14 p.m.70 views

Revive Adserver: Use of a Broken or Risky Cryptographic Algorithm

revive-adserver utilizes a PRNG for session-token generation, this means that an attacker could theoretically be able to generate session tokens at random and take over accounts at random. This function does not generate cryptographically secure values, and should not be used for cryptographic...

4.3CVSS1.9AI score0.02627EPSS
Exploits1
Hacker One
Hacker One
added 2021/08/08 5:40 p.m.70 views

UPchieve: Failed to validate Session after Password Change

While conducting my research I discovered that the application Failed to validate session after password change. In this scenario changing the password doesn't destroys the other sessions which are logged in with old passwords in another browser. Steps To Reproduce: 1 Login with the same account ...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2021/04/12 12:20 p.m.70 views

Nextcloud: Notification implicit PendingIntent in com.nextcloud.client allows to access contacts

When the victim downloads files in nextcloud.A notification will be triggered. The content of the notification is "Downloaded".This notification is used to remind the user that the download is complete.The pendingintent in this notification is an implicit intent. At this time a malicious app with...

2.1CVSS2.4AI score0.00373EPSS
Exploits0
Hacker One
Hacker One
added 2020/12/03 11:52 p.m.70 views

VK.com: Path Traversal в iOS приложении

Передача файлов из внутреннего каталога iOS приложения. С помощью хакерской атаки можно было угнать файлы из внутреннего каталога IOS приложения...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2020/11/29 7:3 p.m.70 views

Logitech: One Click Account takeover using Ouath CSRF bypass by adding Null byte %00 in state parameter on www.streamlabs.com

Summary Hello Team I have found a bypass to the this report. 1039749 Steps To Reproduce: 1. Login to attacker's account and go to settings -- account settings. 2. Intercept the request in burp suite and click on merge twitch account. 3. Allow twitch access and once you see a get request in burp...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2020/08/31 8:31 p.m.70 views

Shopify: damage to the timeline so that comment fields cannot be displayed or not available to all members in the store

see https://a-alert-b-y000-b-finda.myshopify.com/admin/discounts/416981811222 I tried to make a discount code with a product name and a discount code like: ± ± when I havehtag the product name on the timeline comment and I get a "server error" reply and it causes crashes to the timeline, so...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2020/07/13 10:28 a.m.70 views

Mail.ru: [https://youdrive.today/] Nginx directory traversal

Invalid nginx configuration allowed limited path traversal in youdrive.today and leaking sensitive application data in configuration files. Nginx directory traversal via misconfigured alias leads for disclosing all the configuration. Exploit: https:///static../config.js...

2.4AI score
Exploits0
Hacker One
Hacker One
added 2020/01/19 7:48 p.m.70 views

Nord Security: Denial of Service with Cookie Bomb

Summary: This is Denial of Service attack by using which an attacker can make an user unable to access nordvpn.com website. For more information you can read this article. https://blog.innerht.ml/tag/cookie-bomb/ Steps To Reproduce: This will usually work on user's fresh session for which we can...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2019/12/20 7:25 a.m.70 views

Automattic: Follow by email allows for following by unverified emails

The initial report outlined being able to add any email to a Tumblr account without verifying it first which is expected behavior that does not pose a security risk. However, the reporter also reported that these unverified emails were able to be used in our “follow by email” feature which we did...

1AI score
Exploits0
Hacker One
Hacker One
added 2019/11/09 10:23 a.m.70 views

OWOX, Inc.: The URL in "Choose a data source'' at "https://bi.owox.com/ui/settings/connected-services/setup/" is not filtered => reflected XSS.

Hi team, This is another report with 732987. Because it is completely independent Detail -- In the process of selecting the data source at https://bi.owox.com/ui/settings/connected-services/setup/, I found a reflected XSS. Specifically, when you click on Google Analytics, a page will appear for y...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2019/09/10 10:29 p.m.70 views

Ed: Domain takeover on http://doesfranshaveashell.com/ due to expiration

Summary Hi Ed, I'm not so sure if registrar inform your domain had expired or it will auto renew upon reaching. To be safe, I decide to manual inform you. Step to Reproduce So lately I notice that http://doesfranshaveashell.com/ is no longer operate. It will show some advertisements there. F57967...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2019/05/29 6:27 a.m.70 views

Monero: Remote Daemon RPC Attack

Remote Daemon RPC Attack https://www.activism.net/cypherpunk/manifesto.html...

0.8AI score
Exploits0
Total number of security vulnerabilities5000