Lucene search
K
HackeroneRecent

15371 matches found

Hacker One
Hacker One
added 2018/12/30 5:48 a.m.20 views

Keybase: Privilege Escalation through Keybase Installer via Helper

Keybase.app is bundled with the components installer named KeybaseInstaller.app. When --install-app-bundle --source-path --app-path is given to installer, KBAppBundle.m checks if is properly codesigned, then copies it to . First, there's two vulnerabilities in the source path validation: the chec...

Exploits0
Hacker One
Hacker One
added 2018/12/29 2:54 p.m.17 views

Nextcloud: Content spoofing on https://surveyserver.nextcloud.com

Hi NextCloud team, the https://surveyserver.nextcloud.com domain is vulnerable against content spoofing in the forbidden page due to the fact that the request URI is reflected without validation inside the aforementioned page. 1. Go on...

1AI score
Exploits0
Hacker One
Hacker One
added 2018/12/29 9:2 a.m.54 views

Zomato: Open Redirect On Your Login Panel

Summery Hey There are a open Redirect on your login panel Platforms Affected: Website Browsers Verified In If Applicable: Chrome For Android Firefox For Android Steps To Reproduce: 1. Go To This Url :- https://www.zomato.com/login?redirecturl=https://askdcodes.org 2. Then login there 3. boom you...

1.9AI score
Exploits0
Hacker One
Hacker One
added 2018/12/27 5:39 p.m.36 views

Tron Foundation: Private key "tron" leaked via Travis CI Log

Hey Tron team, It appears that via your use of secured variables in Travis-CI, you do not want the content of the tron private key released. However, it appears that it was leaked in one of your logs. I generated a fingerprint and scanned the internet, but couldn't find any open servers with the...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2018/12/27 12:3 p.m.12 views

Python Cryptographic Authority: Reflected Xss bypass Content-Type: text/plain

Hello Team: -------------- 1 - vulnerable subdomain : ci.cryptography.io 2 - after i tested this subdomain i found many payloads injected by me reflected but not executed 3 - so that i taked alook at the response and i found Content-Type: text/plain 4 - so i searched about bypass Content-Type:...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2018/12/27 5:34 a.m.14 views

Uber: [manage.jumpbikes.com] Blind XSS on Jump admin panel via user name

By setting a user's name to an XSS payload, a user was able to inject JavaScript which was executed on the administrative panel for Jump bikes, allowing complete compromise of the panel, exposing user activity, personal information and billing information...

3.8AI score
Exploits0
Hacker One
Hacker One
added 2018/12/26 10:13 p.m.40 views

Weblate: Stored XSS @ /engage/<project_slug>

Description The vulnerability concerns a Stored XSS, while it is currently to the best of my knowledge not exploitable due to limitations stated below. I thought that the issue is worth reporting anyway. Steps to reproduce 1. Change a project's name or create one to the following payload:...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2018/12/26 4:19 a.m.343 views

Chaturbate: The auto login link does not expire on changing email id

The auto login link does not expire on changing email and can be reused to login into user account Eg link : https://chaturbate.com/accounts/autologin/?█████ Attack Scenario: 1: Users email id has been compromised so now user changes emall id & password of account 2:but attacker can login into us...

Exploits0
Hacker One
Hacker One
added 2018/12/26 1:46 a.m.138 views

X (Formerly Twitter): Changing email address on Twitter for Android unsets "Protect your Tweets"

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: Verifying email address on...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2018/12/25 9:3 p.m.12 views

Mail.ru: Make user buy items via clickjacking possibility

Clickjacking attack could allow to force user to buy some item on lootdog.io...

4.2AI score
Exploits0
Hacker One
Hacker One
added 2018/12/25 6:11 p.m.57 views

Mail.ru: astrumnival.com subdomain

Hostname in astrumnival.com domain was unintentionally delegated to external service. astrumnival.com domain is not currently in use...

5CVSS1.2AI score0.04294EPSS
Exploits1
Hacker One
Hacker One
added 2018/12/24 6:2 p.m.38 views

Keybase: macOS privilege escalation via keybase install

Environment OS: macOS Mojave 10.14.1 Kernel: Darwin Kernel Version 18.2.0 keybase version 2.12.2-20181218171841+29273f4110 Steps to reproduce Note: All steps are executed as an unprivileged user unless otherwise noted. For this PoC the unprivileged user is defined as below $ id test2 uid=508test2...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2018/12/24 11:2 a.m.26 views

Zendesk: Stored XSS in Macro Editing - Introduced by Admins to affect Admins

This issue was reported to us as a bypass to a previous fix by adjusting the payload. The cross-site scripting vulnerability can only be introduced by Support account administrators and only executes in a place where administrators within the account can access. We greatly appreciate the work and...

3AI score
Exploits0
Hacker One
Hacker One
added 2018/12/23 7:48 p.m.13 views

Nutanix: Local file disclosure through SSRF at next.nutanix.com

Issue marked resolved and test fixed in January 2019...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2018/12/22 6:27 p.m.45 views

Starbucks: unuse domain still in using at wechat by Starbucks East China

Summary: spcc.mobi is still using at wechat offical account by Starbucks East China. but this domain is on sale. Description: I had reported this at reportid=433843,bu your gays had ignored, because they said the domain is unused. In fact, spcc.mobi still having an interface using at wechat offic...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2018/12/21 11:28 p.m.157 views

RATELIMITED: Hackerone1

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: add summary of the vulnerabili...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2018/12/21 8:48 p.m.12 views

X (Formerly Twitter): Ability to perform actions (Tweet, Retweet, DM) and other actions, unauthenticated, on any account with SMS enabled.

Summary: By knowing the mobile phone number associated with a Twitter account, or by using random mobile phone numbers! It is possible to perform the following actions against a target without their knowledge or interaction. With no account takeover scenario. It's a case of, if I know the mobile...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2018/12/21 4:40 p.m.36 views

Slack: User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files

Summary GateKeeper/Quarantine bypass for downloaded files Lack of com.apple.quarantine meta-attribute for downloaded files allows a remote attacker to send an executable file that won't be checked by Gatekeeper . File opening doesn't trigger native alerts from GateKeeper/Quarantine Downloaded...

2.6AI score
Exploits0
Hacker One
Hacker One
added 2018/12/21 11:5 a.m.28 views

Kaspersky: Unauthorized command execution in Web protection component of Anti-Virus products family [FF, Chrome]

Summary When Kaspersky Protect browser extension is installed in Firefox or Chrome, arbitrary webpages can take control of the Kaspersky command interface and disable parts of the functionality for example. Description Unlike with https://hackerone.com/reports/470544 or...

4.3CVSS0.6AI score0.00844EPSS
Exploits0
Hacker One
Hacker One
added 2018/12/21 10:28 a.m.27 views

Kaspersky: Unauthorized command execution in Web protection component of Anti-Virus products family [IE]

Summary When Kaspersky add-on is installed in Internet Explorer, arbitrary webpages can take control of the Kaspersky command interface and disable parts of the functionality for example. Description Unlike with https://hackerone.com/reports/470544, when the Kaspersky add-on is installed in...

4.3CVSS0.8AI score0.00844EPSS
Exploits0
Hacker One
Hacker One
added 2018/12/21 10:6 a.m.36 views

Kaspersky: Unauthorized command execution in Web protection component of Anti-Virus products family

Summary When no browser extension is installed, arbitrary webpages can take control of the Kaspersky command interface and disable parts of the functionality for example. Description Without a browser extension e.g. because extension installation not confirmed by user, unsupported like in MS Edge...

4.3CVSS0.7AI score0.00844EPSS
Exploits0
Hacker One
Hacker One
added 2018/12/21 8:51 a.m.42 views

Valve: RCE on Steam Client via buffer overflow in Server Info

Introduction In Steam and other valve games CSGO, Half-Life, TF2 there is a functionality to find game servers called the server browser. In order to retrieve the information about these servers the server browser communicates with a specific UDP protocol called server queries. The protocol is we...

7.8AI score
Exploits0
Hacker One
Hacker One
added 2018/12/21 8:50 a.m.66 views

Kaspersky: Kaspersky Protection extension for Google Chrome is vulnerable to abuse its features

Summary The Google Chrome extension "Kaspersky Protection" installed automatically by Kaspersky Internet Security can be tricked by arbitrary websites into uninstalling browser extensions. Description Kaspersky Protection for Google Chrome has some functionality to uninstall malicious browser...

4.3CVSS1.6AI score0.00384EPSS
Exploits0
Hacker One
Hacker One
added 2018/12/20 9:33 p.m.37 views

Keybase: Local privilege escalation bug using Keybase redirector on macOS

There's a local privilege escalation bug in the latest version of Keybase for macOS. The issue is in the process of launching keybase-redirector. The process works as follows: 1. Copy keybase-redirector binary to a root-only location 2. Check its signature 3. Launch the binary Code ref. Note the...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2018/12/20 8:21 p.m.38 views

Mail.ru: Cross application scripting via account.mail.ru

Crossapplication scripting via User-Agent on push login confirmation functionality in mobile application in the context of account.mail.ru domain allowed session hijacking with minimal user interaction...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2018/12/20 3:15 p.m.181 views

U.S. Dept Of Defense: [██████] Cross-origin resource sharing misconfiguration (CORS)

Hi! In this report I want to describe High level bug which can seriously compromise a user account. If I am authorize on this site, I can steal user's sessions, some personal information or do some action. Steps for reproduce 1 Send this request GET...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2018/12/20 9:55 a.m.28 views

Shopify: Reflected XSS in *.myshopify.com/account/register

Shopify allows shop admin to enable customer registration. When a customer registers with a short password and HTML content as the first name and last name then customer redirects to .myshopify.com/account/register with error messages and the provided data. As there is no Cross-site Scripting...

2AI score
Exploits0
Hacker One
Hacker One
added 2018/12/19 7:34 p.m.23 views

GitLab: DoS on the Issue page by exploiting Mermaid.

Summary: An attacker could exploit Mermaid available in Markdown and cause DoS. Description: Markdown supported by GitLab can generate diagrams and flowcharts from text using Mermaid. An Attacker can exploit this function to prevent users from successfully accessing some functions. For example, y...

2.6AI score
Exploits0
Hacker One
Hacker One
added 2018/12/19 6:24 p.m.17 views

Mail.ru: Дюп предметов lootdog и возможность их продавать.

It was possible to duplicated item for sale infinitely via modified request on lootdog.io...

2.5AI score
Exploits0
Hacker One
Hacker One
added 2018/12/19 5:13 p.m.13 views

Mail.ru: [lootdog.io] User phone number disclosure

User phone could be self-disclosed on lootdog.io...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2018/12/19 4:43 p.m.63 views

Keybase: Privilege Escalation via Keybase Helper (incomplete security fix)

In the previous report, about the privileged helper lacks of validation so any applications can abuse it to gain root privilege. But the security fix is incomplete. I can describe 3 different ways to bypass possibly 4, I doubt. All the poc are simplified to not sending the actual attack payload,...

8.3AI score
Exploits0
Hacker One
Hacker One
added 2018/12/19 4:33 p.m.3 views

Nintendo: NEX: Stack overflow in UnicodeToUtf8

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2018/12/19 2:50 a.m.33 views

Upserve : Reflected XSS on https://inventory.upserve.com/ (affects IE users only)

The REQUESTURI was assigned as the value of a hidden field in the login form without proper escaping resulting in a reflected cross-site scripting bug. Browsers were mitigating the issue and IE was only impacted if XSS protection was disabled. We've improved the sanitization of this field. The...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2018/12/18 10:35 p.m.91 views

Upserve : Open redirect at https://inventory.upserve.com/http://google.com/

The following URL is vulnerable to an open redirect it will redirect to stanko.sh: https://inventory.upserve.com/http://stanko.sh/ Impact Users could get redirected to malicious domain...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2018/12/18 7:13 p.m.124 views

U.S. Dept Of Defense: [Urgent] Critical Vulnerability [RCE] on ███ vulnerable to Remote Code Execution by exploiting MS15-034, CVE-2015-1635

@ashutosh7 found a ███████ server in Shodan, vulnerable to MS15-034, confirmed using Metasploit. Thanks for participating in the DoD VDP. Found a ████ server in shodan, vulnerable to MS15-034. confirmed using Metasploit. will add the link for the writeup...

10CVSS8.8AI score0.99999EPSS
Exploits16
Hacker One
Hacker One
added 2018/12/18 4:44 p.m.28 views

Nextcloud: Passwords being stored as plain text in logging

When an exception occurs, any password sent to or being processed by the server may be stored as plain text in the log. I noticed that some methods are already being filtered in ExceptionSerializer.php, but many methods are missing from this list. Suggestion: instead of relying on a list of...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2018/12/18 11:43 a.m.45 views

Kaspersky: Web protection component in Anti-Virus products family uses predictable links for certificate warnings

Summary Websites can predict links used in certificate warnings, Safe Money prompts, anti-phishing warnings and similar pages. This allows them to initiate actions without the user's knowledge. Description The links used to override certificate warnings have the following format: https:///?kiscup...

5.8CVSS0.02217EPSS
Exploits0
Hacker One
Hacker One
added 2018/12/17 10:10 p.m.26 views

QIWI: account takeover https://idea.qiwi.com/

Здравствуйте. Обнаружил account takeover на данном сайте. С воспроизведением придется поднапрячься, но это стоит того. Учитывая то, что на сайте есть админский аккаунт, в теории можно натворить делов. Скажу сразу, что мне не удалось полностью понять механизм работы данного тейковера и я буду очен...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2018/12/17 2:0 p.m.149 views

Kaspersky: URL Advisor component in KIS products family is vulnerable to Universal XSS

Summary In Microsoft Edge, URL Advisor UI is served as first-party content on every domain. So the XSS vulnerability I found in this UI automatically applies to all websites, it allows running code in the context of any domain. Description URL Advisor frame is located under...

Exploits0
Hacker One
Hacker One
added 2018/12/17 1:39 p.m.19 views

VK.com: Просмотр новых фотографии со стены частной/закрытой группы или закрытого профиля.

Просмотр некоторых закрытых фотографий...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2018/12/17 1:12 p.m.28 views

HackerOne: Submitting report through Embedded Submission form gives user indefinite access to a profile

Summary: Hi team, @jobert , @ben After testing on the sandbox, I noticed that one of my accountswhich I removed from the program can see some of the information. I don't know if it affects other programs that have other States - private-only, private-only whit external link. I could not find the...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2018/12/17 10:2 a.m.17 views

Kaspersky: Certificate warnings and similar UI elements in Web protection of Anti-Virus products family are susceptible to clickjacking

Summary Clickjacking can be used to trick users into overriding certificate warnings, disabling Safe Money functionality or phishing alerts. Description On certificate warning pages, a single click is sufficient to trigger overriding a wrong certificate. While an additional warning is displayed...

Exploits0
Hacker One
Hacker One
added 2018/12/17 7:30 a.m.30 views

RATELIMITED: Editable Wiki repo by anyone

Description: I've created wiki page on your github repo without any permission Steps To Reproduce: https://github.com/EndlessHosting/Discord-LiveBot/wiki/Test-here Supporting Material/References: F391468 Impact Going on https://github.com/EndlessHosting/Discord-LiveBot/wiki/Test-here you can add ...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2018/12/17 1:13 a.m.16 views

RATELIMITED: Unrestricted File Upload on https://auth.ratelimited.me

Hello security team, Have found a way to upload files that aren't images on https://auth.ratelimited.me/ Steps to reproduce: 1. Login at https://auth.ratelimited.me/ 2. Click "change photo" and intercept with a tool used burpsuite 3. Choose "gravatar" option and change the 'url' parameter to...

7.5AI score
Exploits0
Hacker One
Hacker One
added 2018/12/16 3:41 p.m.19 views

arkadiyt-projects: Feature-Policy Header is Missing and Pastebin files

hey your website is very secure but i get only missing Feature-Policy Header if you add this webiste become more secure and i found two pastebin filesusing Google Dork : url : site:pastebin.com https://arkadiyt.com/ 1 https://pastebin.com/feaw9Ti8 2 https://pastebin.com/E0tLN2uJ Impact...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2018/12/16 7:46 a.m.54 views

Node.js third-party modules: [webpack-bundle-analyzer] Cross-site Scripting

I would like to report Cross-site Scripting in webpack-bundle-analyzer. It allows injecting and executing arbitray JavaScript code. Module module name: webpack-bundle-analyzer version: 3.0.3 npm page: https://www.npmjs.com/package/webpack-bundle-analyzer Module Description Visualize size of webpa...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2018/12/16 12:36 a.m.19 views

Rockstar Games: Account Takeover using Linked Accounts due to lack of CSRF protection

In this report, the researcher found a weakness in our third-party account linking process. They were able to create a malicious link that, if clicked by the victim, would under certain conditions give the attacker access to the victim's Social Club account. This issue has now been fixed...

3.3AI score
Exploits0
Hacker One
Hacker One
added 2018/12/15 8:54 p.m.24 views

Valve: Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games

With a specially crafted closed captions file, the parser calls CHudCloseCaption::GetNoRepeatValue which in turn calls CHudCloseCaption::SplitCommand which has no boundary checks allowing the on stack variables cmd and args to be overflowed which in turn allows Remote Code Execution. Buffer...

1.8AI score
Exploits0
Hacker One
Hacker One
added 2018/12/15 1:11 p.m.42 views

Razer US: DLL Hijacking Vulnerability in synapse-2

The Synapse 2 installer was subject to a DLL planting attack in the Downloads folder. This was fixed in May of 2019...

2.2AI score
Exploits0
Hacker One
Hacker One
added 2018/12/15 12:40 p.m.23 views

RATELIMITED: Information Disclosure PHPpgAdmin

PHPpgAdmin is a piece of script which allows system administrators to manage their Postgres databases easily from a webUI. We had forgotten to limit access to this script, resulting in the ability for a brute-force attack to happen...

3AI score
Exploits0
Total number of security vulnerabilities15371