Lucene search
K
HackeroneMost viewed

15371 matches found

Hacker One
Hacker One
added 2013/11/07 12:0 a.m.54 views

Internet Bug Bounty: OpenSSH: Memory corruption in AES-GCM support

Vulnerability A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher [email protected] or [email protected] is selected during kex exchange. If exploited, this vulnerability might permit code execution with the privileges of the...

6CVSS7.3AI score0.0267EPSS
Exploits1
Hacker One
Hacker One
added 2024/05/24 1:42 p.m.53 views

U.S. Dept Of Defense: CVE-2023-26347 in https://████.mil/hax/..CFIDE/adminapi/administrator.cfc?method=getBuildNumber&_cfclient=true

CVE-2023-26347 was discovered in Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier. The vulnerability was an Improper Access Control issue that could result in a Security feature bypass. Unauthenticated access was possible to the administration CFM and CFC endpoints...

7.5CVSS7.3AI score0.10072EPSS
Exploits0
Hacker One
Hacker One
added 2023/11/10 8:55 p.m.53 views

Nextcloud: RCE on Wordpress website

A remote code execution vulnerability was exploited on a WordPress website due to unsafe deserialization of user input. This allowed arbitrary code execution as the web server user...

8.3AI score
Exploits0
Hacker One
Hacker One
added 2023/10/14 12:8 a.m.53 views

Internet Bug Bounty: Integrity checks according to policies can be circumvented in Node.js 20 and Node.js 18

Integrity checks according to Node.js policies can be circumvented, allowing untrusted code to execute with elevated permissions. This affects Node.js 18.x and 20.x when using the experimental policy feature. The vulnerability was reported by Tobias Nießen, who also provided a patch that has been...

7.5CVSS7.8AI score0.01107EPSS
Exploits0
Hacker One
Hacker One
added 2023/10/11 7:18 p.m.53 views

Mars: Test 4 █████

This is test team summary with limited disclosure...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2023/09/22 7:22 p.m.53 views

PlayStation: Remote vulnerabilities in spp

A vulnerability was discovered in the spp PPPoE implementation on the PS4/PS5. The vulnerability could allow a malicious PPPoE server to cause a heap buffer overwrite and overread, potentially leading to denial-of-service or remote code execution in kernel context. The vulnerability was caused by...

10CVSS7.2AI score0.11319EPSS
Exploits0
Hacker One
Hacker One
added 2023/09/05 9:31 p.m.53 views

Mozilla: Mozilla Mastodon Staging Instance Admin API Key Disclosure Through Slack

Admin Mastodon API keys were inadvertently disclosed in the trust-and-safety-eng channel on Mozilla's Slack workspace, potentially granting unauthorized access to the Mastodon server and compromising user data. Immediate action is required to mitigate this vulnerability...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/08/27 1:22 a.m.53 views

inDrive: Unlimited fake rate to the passenger in city to city, Affected endpoint `/api/v1/reviews/ride/<ID>/driver`

The vulnerability allowed an unlimited increase of the passenger's rating in the city-to-city shared ride feature. The request to the /api/v1/reviews/ride//driver endpoint was manipulated by changing the rating value to a higher number, which was accepted by the application and resulted in an...

7AI score
Exploits0
Hacker One
Hacker One
added 2023/07/24 7:31 p.m.53 views

HackerOne: Register & create a ticket as somebody else on HackerOne Support

A vulnerability was discovered on HackerOne Support that allowed an attacker to register and create tickets as different individuals. The issue was resolved by adjusting a setting in the Freshdesk Software...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2023/07/01 3:41 a.m.53 views

U.S. Dept Of Defense: CVE-2023-24488 xss on https://██████/

Vulnerability description not provided...

6.1CVSS6.2AI score0.80907EPSS
Exploits3
Hacker One
Hacker One
added 2023/05/25 2:40 p.m.53 views

HackerOne: Create miscellaneous support ticket on anyone's account through [email protected] email

A vulnerability was discovered where an attacker could create support tickets on anyone's account by sending a fake email to [email protected]. This allowed the attacker to create tickets on behalf of victims or even HackerOne staff. The issue was resolved internally and the created tickets...

7AI score
Exploits0
Hacker One
Hacker One
added 2022/10/25 8:59 a.m.53 views

Consensys: CSV Injection at https://assets-paris-demo.codefi.network/

Summary: Hi consensys Security Team. I have found CSV Injection when generate report at https://assets-paris-demo.codefi.network/ CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program such as Microsoft Excel or...

9.3CVSS6.6AI score0.14596EPSS
Exploits0
Hacker One
Hacker One
added 2022/09/19 12:13 a.m.53 views

U.S. Dept Of Defense: External service interaction ( DNS and HTTP ) in www.████████

An External Service Interaction vulnerability was found in www.█████████, allowing an attacker to induce the application to interact with arbitrary external services such as DNS and HTTP. This could lead to various attacks, including DDoS, OS Command Injection, DOS, and Code Manipulation...

7.6AI score
Exploits0
Hacker One
Hacker One
added 2022/07/10 6:1 p.m.53 views

Node.js: DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)

Summary: This is an insufficient fix of CVE-2022-32212, which itself is a fix of CVE-2018-7160. There exists a specific behaviour in browsers on macOS devices when handling the http://0.0.0.0URL that allows an attacker-controlled DNS server to bypass the DNS rebinding protection by resolving host...

6.8CVSS0.6AI score0.09916EPSS
Exploits0
Hacker One
Hacker One
added 2022/03/22 6:27 p.m.53 views

Internet Bug Bounty: Renderers can obtain access to random bluetooth device without permission

With the default configuration in Electron, renderer processes which should not have access to system resources by default can gain read/write access to a nearby bluetooth device. To reproduce: Run the electron-quick-start app with a vulnerable version of Electron:...

4CVSS5.5AI score0.00909EPSS
Exploits0
Hacker One
Hacker One
added 2022/03/08 7:45 p.m.53 views

TikTok: Impersonation of tiktok account via Broken Link in TikTok Newsroom

A broken link was found on TikTok Newsroom, which could have allowed an attacker to claim the associated username and hijack the link. We thank @bushidobrown200 for reporting this to our team and confirming its resolution...

4.3AI score
Exploits0
Hacker One
Hacker One
added 2022/02/06 9:48 a.m.53 views

Shopify: Xss triggered in Your-store.myshopify.com/admin/apps/shopify-email/editor/****

Hi team, I have found Store Xss in shopify-email Reproduction Instructions / 1.Configure shopify-email for Shopify stores at https://apps.shopify.com/shopify-email 2.Goto Your-store.myshopify.com/admin/apps/shopify-email/template-branding 3.Change F1607675 with " click Save. 4.Now Select any...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2022/01/21 10:38 p.m.53 views

JetBlue: Open Redirect

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2022/01/19 5:21 p.m.53 views

VK.com: Reflected Xss On https://vk.com/search

XSS in Search...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2021/11/25 8:12 a.m.53 views

Zomato: Race condition in User comments Likes

The researcher found a Race Condition to artificially inflate the upvotes of user comments in the Restaurant's review section...

2.6AI score
Exploits0
Hacker One
Hacker One
added 2021/10/10 10:59 a.m.53 views

Traffic Factory: WordPress Plugin Update Confusion at trafficfactory.com

Hi, I'm currently researching a "novel" supply chain attack affecting WordPress plugins, and I believe your website might be vulnerable. The way it works is similar to a recent Dependency Confusion attack, where a malicious actor can take over internal packages unclaimed on PyPI / npm registry. I...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2021/09/25 5:49 a.m.53 views

TikTok: Reflected XSS in TikTok endpoints

Cross site scripting vulnerability was found in few TikTok endpoints using the region parameter. We thank @sh1yo for reporting this to our team...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2021/06/15 8:44 a.m.53 views

Bumble: Exfiltrating a victim's exact location (to within 5m)

I used Bumble's distance feature to exfiltrate the exact location to within approx 5m of a victim. I did this by using the Bumble API to move my attacker account's location around the approximate area of the victim. I was able to obtain the exact distance between attacker and victim at 3 separate...

7AI score
Exploits0
Hacker One
Hacker One
added 2021/06/07 11:5 a.m.53 views

HackerOne: Report Bulk endpoint "agree-on-going-public" action may reveal Report disclosure state for invite-only programs

Hello, Hope you are doing well, SUMMARY -In hackerone user doesn't have permission to do any action like "disclosing/undiclosing" in disclosed report. -Here user can send the "cancel-disclosure-request" request to the server and server accepts the request gave 200ok response with ""flash":"The...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2021/06/03 8:56 a.m.53 views

Mattermost: Mattermost Server OAuth Flow Cross-Site Scripting

Summary: The vulnerability is a reflected Cross-Site Scripting XSS via the OAuth flow. A victim clicking a malicious link pointing to the target Mattermost host will trigger the XSS. If the victim is a regular user, it is possible to obtain all of their Mattermost chat contents; if it’s an...

4.3CVSS0.1AI score0.03288EPSS
Exploits0
Hacker One
Hacker One
added 2021/05/12 6:27 p.m.53 views

Nextcloud: Virtual Data Room / Hide download on collabora is easy to bypass

So, let me start with saying I'm not sure if this is a security issue or if it is by design. The reason I'm reporting it here is since Nextcloud promotes this Virtual Data Room a lot...

4CVSS4.3AI score0.00986EPSS
Exploits0
Hacker One
Hacker One
added 2021/04/23 11:38 a.m.53 views

Exodus: Cache Poisoning DoS on downloads.exodus.com

Summary: Hello, The subdomain downloads.exodus.com hosts all files meant to be downloaded by exodus users. A few of the file I found are: https://downloads.exodus.com/releases/exodus-linux-x64-21.4.9.zip https://downloads.exodus.com/releases/hashes-exodus-21.2.12.txt...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2021/04/16 3:3 p.m.53 views

Homebrew: Brew bootstrap process is insecure

The process described in this page is not secure - no checksum / PGP signature is published and there is no way to check the download is legit: https://brew.sh/ "/bin/bash -c "$curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh"" This can lead to supply chain attacks su...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2021/02/19 3:37 p.m.53 views

WordPress: Privilege Escalation via REST API to Administrator leads to RCE

Kien Hoang reported a privilege escalation vulnerability in the BuddyPress REST-API. Through this issue, if registrations for new users is enabled, a non-admin user can gain administrator access on the site. The administrator access can then lead to remote code execution, as admins have the right...

9CVSS4.3AI score0.13882EPSS
Exploits2
Hacker One
Hacker One
added 2021/01/07 12:15 p.m.53 views

Topcoder: IDOR at https://fast.trychameleon.com/observe/v2/profiles/ via uid parameter discloses users' PII data

Summary: Hello, A API on apps.topcoder.com/forums/ exposes the email of any user on topcoder.com and some PIIs name, surname, id. Steps To Reproduce: 1 Create a profile at topcoder.com 2 Go to apps.topcoder.com/forums and login forum 3 Entery any topic example:...

7AI score
Exploits0
Hacker One
Hacker One
added 2020/08/10 3:8 p.m.53 views

GitLab: GitLab-Runner on Windows `DOCKER_AUTH_CONFIG` container host Command Injection

Summary GitLab-Runner, when running on Windows with a docker executor, is vulnerable to Command Injection via the DOCKERAUTHCONFIG build variable. Injected commands are executed on the container host, not within a Docker container, as such could compromise all future builds which are executed by...

2.1AI score
Exploits0
Hacker One
Hacker One
added 2020/08/06 5:42 p.m.53 views

Kubernetes: CVE-2019-11250 remains in effect.

Report Submission Form Summary: "CVE-2019-11250: TOB-K8S-001: Bearer tokens are revealed in logs" remains in effect. Kubernetes Version: Effects at least all versions since 1.4. - This was determined with some git archaeology. This was determined by following the code snippet from it's current...

3.5CVSS0.01766EPSS
Exploits0
Hacker One
Hacker One
added 2020/07/06 7:27 p.m.53 views

InnoGames: Stored XSS on recruit.innogames.de

Summary: When applying for a Supporter/Moderator job at recruit.innogames.de the drop-down field "Position" is vulnerable to a stored XSS as the content is not validated. Description: Steps To Reproduce: 1. Visit https://recruit.innogames.de/staemme/de/index/page/show/apply 2. Fill out all requir...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2020/05/07 1:8 a.m.53 views

Snapchat: CreatorID leaked from public content posted to SnapMaps

TL;DR - the Snap Map media responses unnecessarily return a creatorId. The creator's Snap username cannot be immediately derived from creatorId, but users can use the creatorId to correlate multiple public snaps with that creator. The impact is limited by the fact that all Our Story Snaps that...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2020/05/04 9:44 a.m.53 views

Open-Xchange: Blind SSRF in /appsuite/api/oxodocumentfilter&action=addfile

Summary Logic in AddFileAction.getImageDataFromUrl for fetching images from external URLs when handling /appsuite/api/oxodocumentfilter&action=addfile implemented here validates the redirected URLs only after following all redirects java response = httpClient.executegetRequest, context; int...

7AI score
Exploits0
Hacker One
Hacker One
added 2020/04/11 12:0 p.m.53 views

Mail.ru: Information Disclosure on {http://pro.tracker.my.com}

Prometheus performance metrics were publicly available on pro.tracker.my.com...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2020/03/22 12:37 p.m.53 views

GitLab: SSRF on project import via the remote_attachment_url on a Note

Summary The Note model has an attachment which is provided by a CarrierWave uploader: ruby mountuploader :attachment, AttachmentUploader One of the features this provides is the ability to download and attach a file via a url, see...

1.6AI score
Exploits0
Hacker One
Hacker One
added 2020/02/27 4:24 p.m.53 views

Google: CVE-2020-8913 - Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC

██████████████████████████...

5.7AI score0.02883EPSS
Exploits1
Hacker One
Hacker One
added 2019/08/29 3:52 p.m.53 views

curl: Heap buffer overflow in TFTP when using small blksize

Summary: With a TFTP server that does not send OACK, but instead starts anyway with first block with 512 bytes block size, the curl library fails to assume default 512 bytes blocks. Instead it detects EOF and does not return an error code. Consequence is a truncated file that is 512 bytes without...

7.5CVSS9AI score0.49739EPSS
Exploits1
Hacker One
Hacker One
added 2019/08/17 4:33 p.m.53 views

Internet Bug Bounty: Out of Bounds Memory Read in exif_scan_thumbnail

I have found and reported an out of bounds memory read in PHP exifscanthumbnail When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data wha...

5.8CVSS6.1AI score0.0442EPSS
Exploits1
Hacker One
Hacker One
added 2019/08/13 1:14 p.m.53 views

Informatica: accounts.informatica.com - RCE due to exposed Groovy console

Researcher identified a misconfigured "Groovy" panel on an AEM web application that was vulnerable to RCE. The panel was subsequently disabled...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2019/07/31 8:19 a.m.53 views

Nextcloud: SignUp using Fake Email

In this trial I used the email '[email protected]' and after pressing the SIGN UP button it will automatically redirect to https://ppp.woelkli.com/apps/preferredproviders/password/set/emailfakeforregister/H2qlEWHxQ3yiJgCsEXkR8, not through the account verification process first. For full the link Po...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2019/07/27 7:14 p.m.53 views

Paragon Initiative Enterprises: Github wikis are editable by anyone https://github.com/paragonie/password_lock/wiki

submitted a misconfiguration in some of our GitHub repositories to us. Wikis are inherently editable for all users, but for some repositories an organization may want to restrict this access. In some cases it was possible for GitHub users . Github wikis on the following project...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2019/04/16 6:40 p.m.53 views

TomTom: Reflected Cross Site Scripting vuln in tomtom.com

Hello Tomtom security team I found a reflected cross site scripting security vulnerability in tomtom.com https://www.tomtom.com/nlnl/search/?q=27%22--%3E%3CDetails%20Open%20OnToggle=confirmdocument.domain%3E This payload when loaded displays the domain the XSS vulnerability occurs in www.tomtom.c...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2019/04/02 5:7 p.m.53 views

Mail.ru: phpinfo

phpinfo was available at terrhq.ru subdomain...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2019/04/02 4:50 p.m.53 views

Mail.ru: Phpinfo

phpinfo was available at terrhq.ru subdomain...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2019/02/16 11:5 a.m.53 views

Mail.ru: PHP-FPM Status Page

PHP-FPM Status Page available on pubg.my.com...

1.3AI score
Exploits0
Hacker One
Hacker One
added 2019/01/17 4:51 p.m.53 views

Shopify: Bypass GraphQL rate limit by abusing negative cost queries

Hi security team, While looking into the graphql app I noticed an interesting implementation where each app has a bucket of query cost they are allowed to used in a given time with a certain refresh rate associated with it. The details can be found at...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2018/12/29 9:2 a.m.53 views

Zomato: Open Redirect On Your Login Panel

Summery Hey There are a open Redirect on your login panel Platforms Affected: Website Browsers Verified In If Applicable: Chrome For Android Firefox For Android Steps To Reproduce: 1. Go To This Url :- https://www.zomato.com/login?redirecturl=https://askdcodes.org 2. Then login there 3. boom you...

1.9AI score
Exploits0
Hacker One
Hacker One
added 2018/10/31 12:31 a.m.53 views

Ruby on Rails: Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS

The multi-part body parsing in Rack and consequently Rails has a worse-than-linear performance relative to the number of parts in the request body. In small scale i.e. non-disruptive tests on a variety of Rails applications on the internet, including my own, GitHub.com, Heroku API, Instacart,...

5CVSS7.4AI score0.02033EPSS
Exploits0
Total number of security vulnerabilities5000