Lucene search
K
HackeroneMost viewed

15371 matches found

Hacker One
Hacker One
added 2024/06/15 10:36 a.m.48 views

Basecamp: Navgraph confusion allows any 3p app to send and read requests from the server at app.hey.com

The vulnerability in the Navgraph system allowed any third-party app to send and read requests from the server at app.hey.com...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2024/03/08 4:43 a.m.48 views

Node.js: Proxy-Authorization header not cleared on cross-origin redirect in undici.request

The Proxy-Authorization and x-auth-token headers were not cleared on cross-origin redirects in versions of undici up to and including 6.7.0. This issue was similar to a previously fixed security vulnerability where Authorization and Cookie headers were not cleared on such redirects...

4.3CVSS4.6AI score0.00734EPSS
Exploits0
Hacker One
Hacker One
added 2023/11/15 1:23 a.m.48 views

curl: Buffer overflow and affected url:-https://github.com/curl/curl/blob/master/docs/examples/hsts-preload.c

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/11/03 3:41 a.m.48 views

Node.js: Code injection and privilege escalation through Linux capabilities

A vulnerability was found in Node.js on Linux where it incorrectly applied an exception for the CAPNETBINDSERVICE capability even when other capabilities were set. This allowed unprivileged users to inject code that inherited elevated privileges of the process...

7.5CVSS7.5AI score0.00562EPSS
Exploits0
Hacker One
Hacker One
added 2023/08/16 5:14 a.m.48 views

Mozilla: Stored Xss on bugzilla.mozilla.org via comment edit feature from non-admin to admin.

A stored XSS vulnerability was discovered on the comment edit feature of bugzilla.mozilla.org. This allowed an attacker to execute malicious JavaScript code when an admin attempted to edit a comment. The vulnerability was reported and a bug report was filed...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2023/07/28 6:7 p.m.48 views

Liberapay: Disavowed an email without any authentication

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/07/12 11:4 a.m.48 views

Internet Bug Bounty: jdbc apache airflow provider code execution vulnerability

A code execution vulnerability was discovered in the Apache Airflow JDBC Provider before version 4.0.0. The vulnerability allowed for privilege escalation by exploiting controllable parameters in the JDBC connection, enabling the execution of arbitrary Java code...

8.1AI score
Exploits0
Hacker One
Hacker One
added 2023/07/06 2:41 p.m.48 views

HackerOne: Hackerone All Private Program Name Leaked to Public Via Collaborator OR Attacker can Easily Dump all Private Program Names through Collaborator

A vulnerability was discovered in Hackerone that allowed an attacker to obtain the names of private programs. By manipulating the report ID and using the Collaborator feature, the attacker could determine if a program was private or public. This compromised the confidentiality of private programs...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2023/07/05 12:45 p.m.48 views

inDrive: Stored XSS on promo.indrive.com

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/06/16 4:2 p.m.48 views

Teleport: robots.txt file

The web server includes a robots.txt file that serves a crucial role in providing instructions to web robots, such as search engine crawlers, about the permissible areas of the website that they can crawl and index. While the presence of this file does not pose a direct threat to the security of...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2023/06/05 12:56 a.m.48 views

Automattic: Stored XSS on wordpress.com

A Stored XSS vulnerability was found on WordPress.com via app.crowdsignal.com. An attacker could execute malicious script code in the victim user's browser and redirect them to malicious sites by creating a poll with a specific payload and sharing the link on a WordPress post. The vulnerability w...

6AI score
Exploits0
Hacker One
Hacker One
added 2023/06/04 7:40 a.m.48 views

Internet Bug Bounty: [CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing

A denial of service vulnerability was discovered in the multipart parsing component of Rack. This vulnerability could be exploited by carefully crafted input to cause the RFC2183 multipart boundary parsing in Rack to consume an unexpected amount of time, potentially leading to a denial of service...

7.5CVSS7.1AI score0.01617EPSS
Exploits0
Hacker One
Hacker One
added 2023/05/09 3:47 p.m.48 views

Cloudflare Public Bug Bounty: Privilege escalation to root in Pages build image v2

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/04/05 5:50 p.m.48 views

Sony: SQL Injection at https://████ via ███ parameter

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/03/06 1:48 p.m.48 views

Nextcloud: Reflected XSS vulnerability with full CSP bypass in Nextcloud installations using recommended bundle

A reflected XSS vulnerability with full CSP bypass was discovered in Nextcloud installations using the recommended bundle. The vulnerability allowed attackers to inject malicious code into web pages, which could be executed in the context of the victim's browser session, leading to a trivial...

6.1CVSS5.1AI score0.00398EPSS
Exploits0
Hacker One
Hacker One
added 2022/11/17 5:40 p.m.48 views

LinkedIn: Unauthorized access to resumes stored on LinkedIn

Researcher found an IDOR on an endpoint where a recruiter could download resumes without the appropriate access - This security issue was unintentionally introduced in late-October 2022 - The reporter reached out and provided details to LinkedIn on this security issue in November 2022 - LinkedIn...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2022/08/31 12:1 p.m.48 views

Nextcloud: [user_oidc] Unencrypted Communications

The OpenID Connect User Backend allows users to login to Nextcloud using SSO and is - according to the policy - part of the main scope of this program. The implementation supports plain HTTP without TLS and transfers sensitive information such as OIDC clientsecrets in an unencrypted manner...

4CVSS0.1AI score0.0042EPSS
Exploits0
Hacker One
Hacker One
added 2022/08/30 2:48 a.m.48 views

Ruby on Rails: ReDoS (Rails::Html::PermitScrubber.scrub_attribute)

I have confirmed that ReDoS occurs on Rails::Html::PermitScrubber.scrubattribute. https://github.com/rails/rails-html-sanitizer/blob/v1.4.3/lib/rails/html/scrubbers.rbL134 ruby def scrubattributenode, attrnode attrname = if attrnode.namespace "attrnode.namespace.prefix:attrnode.nodename" else...

5CVSS0.9AI score0.01686EPSS
Exploits0
Hacker One
Hacker One
added 2022/06/26 8:46 a.m.48 views

curl: CVE-2022-35252: control code in cookie denial of service

Summary: I took a look at https://github.com/curl/curl/pull/9048/commits/d7bcbc7d8d4b6d972d3da12d54819169a19c287b a sneak peek on a vulnerability to be announced tomorrow. My guess for that vulnerability is that since cookies are persistent, someone who can trick curl into storing cookies can sto...

2.6CVSS5.9AI score0.01788EPSS
Exploits1
Hacker One
Hacker One
added 2022/05/12 8:9 p.m.48 views

IBM: sql injection via https://setup.p2p.ihost.com/

A SQL Injection against an IBM domain was reported to IBM, analyzed and has been remediated. Thank you to exploitmsf...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2022/01/18 7:25 a.m.48 views

TikTok: Reflected xss on ads.tiktok.com using `from` parameter.

A XSS cross-site scripting vulnerability was found on a TikTok ads endpoint using the "from" parameter. We thank @imrannisar for reporting this to our team and confirming its resolution...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2021/10/29 2:5 p.m.48 views

PortSwigger Web Security: Information disclosure on error message

Hai team, First of all , Thank you creating a wonderful place for learning web app pentesting : . In accessing a lab at the academy , my internet connection suddenly went down, I dont know the problem is on the lab or in academy, But the error message reveals some node codes.I attached a screensh...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2021/06/30 9:11 a.m.48 views

U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)

A vulnerability in ForgeRock OpenAM allowed unauthenticated remote code execution due to unsafe Java deserialization in the Jato framework. The vulnerability, tracked as CVE-2021-35464, could be exploited by sending a crafted request to the /openam/ccversion/Version endpoint with a malicious...

9.8CVSS9.7AI score0.99999EPSS
Exploits8
Hacker One
Hacker One
added 2021/04/19 4:26 p.m.48 views

Elastic: RCE hazard in reporting (via Chromium)

Summary: Reporting embeds a Chromium that is susceptible to RCEs Description: Reporting uses a headless Chromium to generate PNGs and PDFs. This is invoked at least on Elastic Cloud, ECE and ECK with --no-sandbox to work at all. There are RCEs readily available for Chrome, and at least the versio...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2021/03/03 2:7 p.m.48 views

VK.com: Отправляем смс на любой номер от имени vk.com. (Сообщение в смс всегда одно и то же, его менять нельзя.)

Отправка SMS на любой номер для установки официальных приложений есть лимиты...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2021/02/10 2:9 p.m.48 views

Automattic: SSRF & Blind XSS in Gravatar email

Nathan Cavitt rockybandana reported a blind XSS issue in the Gravatar service, which was due to incorrect/insufficient sanitization on adding emails to one's profile. The report was of good quality and the issue was fixed within a couple of days of report...

2.1AI score
Exploits0
Hacker One
Hacker One
added 2020/12/27 8:52 a.m.48 views

h1-ctf: [ Hacky Holidays CTF ] Completely taken down the Grinch Networks

Day 1 - Robot flag We're presented with sample ui page without any function. So I guessed content discovery is the best way to find flag. And robots.txt came to my mind and found the flag. https://hackyholidays.h1ctf.com/robots.txt Response User-agent: Disallow: /s3cr3t-ar3a Flag:...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2020/12/26 5:34 a.m.48 views

h1-ctf: Grinch Networks compromised!

Grinch Networks compromised! For fast triage/validation and inspired by @manoelt in other CTF, I made a bash script to find and print all the 12 flags of this CTF. The script uses curl, wget, google-chrome headless for flag 2, unzip, grep and sed. If any of these commands is missing, the script...

7.8AI score
Exploits0
Hacker One
Hacker One
added 2020/12/04 4:48 p.m.48 views

GitHub Security Lab: codeql-go: Expand Go standard library taint-tracking models to 63 packages, 554 models and 733 tests (from ~13 packages, ~103 models, ~50 tests)

This bug was reported directly to GitHub Security Lab...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2020/11/30 1:54 p.m.48 views

Internet Bug Bounty: Heap buffer overflow vulnerability while processing a malformed TIFF file.

A heap buffer overflow vulnerability occurs in magick while processing of a malformed TIFF file.Following is the version/build details: $ magick -version Version: ImageMagick 7.0.10-45 Q16 x8664 2020-11-30 https://imagemagick.org Copyright: © 1999-2020 ImageMagick Studio LLC License:...

4.3CVSS6.9AI score0.01204EPSS
Exploits0
Hacker One
Hacker One
added 2020/05/30 7:33 p.m.48 views

h1-ctf: [H1-2006 2020] H1-2006 CTF Writeup

Hi! The challenges were really great. I had a lot of fun and I can honestly say I learned a few tricks during this journey. I will be submitting the flag now and will work on a very good writeup until the deadline. My reasoning is that there are two different prizes, one for the first ten and...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2020/04/04 7:21 a.m.48 views

Mail.ru: Http Response Splitting on thumb.cloud.mail.ru

Limited CRLF injection at thumb.cloud.mail.ru allowed to manipulate cookies...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2020/04/03 3:35 p.m.48 views

Shopify: *.shopify.com - Authentication bypass

I´ve found a flaw in the authentication process when accessing the website https://upcoming.shopify.com. There seems to be an HTTP Authentication in place to prevent access without authentication. Please follow below POC to get access to https://upcoming.shopify.com without login. The website is...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2020/02/18 11:3 a.m.48 views

GSA Bounty: open redirect in eb9f.pivcac.prod.login.gov

poc: https://eb9f.pivcac.prod.login.gov/?nonce=wI0UglN84A06Q4z4JnkZVc3i1V8%3D&redirecturi=https%3A%2F%2Fgoogle.com%23%40secure.login.gov%2Flogin%2Fpivcac visit this and will redirect to google.com Impact phishing...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2020/02/17 4:32 p.m.48 views

Mail.ru: PHP code injection at tz.mail.ru

A chain of bugs involving unsafe usage of PHP unserialize led to possibility of code execution in tz.mail.ru...

7.5CVSS3.9AI score0.95438EPSS
Exploits16
Hacker One
Hacker One
added 2019/12/19 11:3 a.m.48 views

MTN Group: Information Disclosure FrontPage Configuration Information /_vti_inf.html in https://www.mtn.co.za/

Hi there i found a information disclosure Microsoft FrontPage configuration in the subdomain https://www.mtn.co.za/ that allows me to see version number and scripting paths off sharepoint using firefox. POC: Go to the following url: https://www.mtn.co.za/vtiinf.html and you will see a blank page...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2019/09/28 9:22 a.m.48 views

Node.js third-party modules: [treekill] RCE via insecure command concatenation (only Windows)

I would like to report a RCE issue in the treekill module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: treekill version: 1.0.0 npm page: https://www.npmjs.com/package/treekill Module Description treekill process and it's all children and child...

7.5CVSS0.1AI score0.02742EPSS
Exploits0
Hacker One
Hacker One
added 2019/08/31 9:18 a.m.48 views

Node.js third-party modules: gitlabhook OS Command Injection

I would like to report OS Command Injection in gitlabhook. It allows execution of arbitrary code on the remote server, that waits for instructions from gitlab. Module module name: gitlabhook version: 0.0.17 npm page: https://www.npmjs.com/package/gitlabhook Module Description This is an easy to u...

10CVSS0.1AI score0.59768EPSS
Exploits5
Hacker One
Hacker One
added 2019/08/04 9:41 a.m.48 views

GSA Bounty: Information disclosure (system username, server info) in the x-amz-meta-s3cmd-attrs response header on data.gov

Hi Team, I noticed, that the x-amz-meta-s3cmd-attrs response header returns sensitive information, like system username on data.gov x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33184/mtime:1513269652/atime:1513269652/md5:2049644b6b833f5dbb826f60a4721f64/ctime:1513269652 Server:...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2019/06/30 11:9 p.m.48 views

GitLab: Private System Note Disclosure using GraphQL

Summary When you use the REST API or UI to view an issue's discussion/notes, private system note is hidden to member's only. Such as moving an issue to a private project, making issue as duplicate of a confidential issue, someone mentioned this issue in a confidential issue. They are properly...

5CVSS0.7AI score0.01852EPSS
Exploits1
Hacker One
Hacker One
added 2019/05/29 6:28 p.m.48 views

Starbucks: Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice

@geekjeremy, at the same time as other hackers who submitted their own reports, discovered a browsable WSDL service on an API endpoint under the starbucks.com.cn domain, running on a non-standard port. @geekjeremy demonstrated that the service had several functions that executed without any...

4AI score
Exploits0
Hacker One
Hacker One
added 2019/05/22 10:48 a.m.48 views

phpBB: CSS injection via BB code tag "█████"

The input to the "█████" BBcode tag is not properly filtered. It gets converted into a CSS style attribute for a span HTML element. Quotes " are removed, so there's no way to break out of the CSS style attributed. However it is possible to arbitrarily dress the resulting span element. To illustra...

5CVSS7.3AI score0.01077EPSS
Exploits0
Hacker One
Hacker One
added 2019/03/01 9:59 a.m.48 views

WePay: Active mixed content issues on the site https://stage-go.wepay.com.

Hello. Summary: Page https://stage-go.wepay.com/static/ contains active mixed content: Description: Passive mixed content is content sent over HTTP that is contained on the HTTPS page, but which can not change other parts of the page. For example, an attacker can replace a picture sent via HTTP...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2019/02/27 10:58 a.m.48 views

Starbucks: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/

This report from @spaceraccoon demonstrated a valid attack resulting in RCE and full compromise of the target. The detailed and thorough report was especially helpful throughout the triage process, and ultimately helped us reproduce and resolve the issue as quickly as possible. The vulnerable sit...

7.5CVSS0.1AI score0.90768EPSS
Exploits7
Hacker One
Hacker One
added 2019/02/19 1:1 a.m.48 views

U.S. Dept Of Defense: [Critical] Full local fylesystem access (LFI/LFD) as admin via Path Traversal in the misconfigured Java servlet on the https://███/

Description Hello. I discovered a Path Traversal issue on the https://██████████/ I was able to turn it to the local file read, and after series of the test determined that it's possible to reach sensitive system files with administrator rights. POC The next request will read the...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2019/02/13 4:43 p.m.48 views

Notepad++: No SearchEngine sanatizing can lead to command injection

Information: Summary: Notepad++ is vulnerable to a command injection vulnerability. Debug Info: Notepad++ v7.6.3 32-bit Build time : Jan 27 2019 - 17:20:30 Path : C:\Program Files x86\Notepad++\notepad++.exe Admin mode : ON Local Conf mode : OFF OS : Windows 10 64-bit Plugins : none Description:...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2019/02/04 3:3 p.m.48 views

Semrush: XSS Reflected on my_report

Еще раз привет. На этот раз, кроме HTML-инъекции проходит полноценный XSS в дашбоарде пользователя. Payload: https://www.semrush.com/myreports/api/v1/document%22%3E%3Cimg%20src=x%20onerror=alertdocument.cookie%3E/4007861 PoC: На скрине Impact Кража сессионных куков...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2018/12/03 5:57 p.m.48 views

Mail.ru: [e.mail.ru] Stored xss in Mpop cookie

XSS on e.mail.ru domain via cookie content XSS in cookie via mitm. Good article - https://habr.com/en/post/460101/ by @w2w...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2018/11/29 1:54 a.m.48 views

Mail.ru: сервант статус

Apache server status was available at jw-cn-test-1.ext.terrhq.ru...

1.3AI score
Exploits0
Hacker One
Hacker One
added 2018/10/04 6:3 p.m.48 views

Mail.ru: Bypass security fixes by downgrading version of application

Version downgrade attack was possible in webagent web application webagent.mail.ru. It could allow attacker to force user to visit an older version of web application with known vulnerabilities...

4.7AI score
Exploits0
Total number of security vulnerabilities5000