Lucene search
K
HackeroneRecent

15369 matches found

Hacker One
Hacker One
added 2023/03/21 8:33 p.m.48 views

GitHub Security Lab: [ruby]: ZipSlip/TarSlip vulnerability detection

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/03/21 8:28 p.m.22 views

Nextcloud: End-to-end encrypted file-drops can be made inaccessible

An end-to-end encrypted file-drop vulnerability allowed attackers to modify the metadata file and make the uploaded file inaccessible. The vulnerability could break the availability of the file. The issue was resolved by not providing the metadata file to the user and appending the new entry in t...

6.5CVSS6.3AI score0.00493EPSS
Exploits0
Hacker One
Hacker One
added 2023/03/21 4:34 p.m.18 views

Nextcloud: No rate limit while adding Additional emails feature

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/03/21 12:5 p.m.49 views

curl: CVE-2023-28319: UAF in SSH sha256 fingerprint check

Vulnerability description not provided...

7.5CVSS6.5AI score0.02489EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/20 6:36 p.m.5 views

Mozilla: Race condition leads to add more than 5 email at Data breaches monitor system at https://stage.firefoxmonitor.nonprod.cloudops.mozgcp.net

A race condition vulnerability was identified in the Mozilla Monitor application. The application was designed to limit users to adding a maximum of 5 email addresses for monitoring potential data breaches. However, due to the race condition, it was possible to bypass this restriction and add mor...

7AI score
Exploits0
Hacker One
Hacker One
added 2023/03/20 5:50 p.m.11 views

Mozilla: HTML Injection at https://stage.firefoxmonitor.nonprod.cloudops.mozgcp.net/user/unsubscribe

An HTML injection vulnerability was discovered on the "Unsubscribe" page of the website. This vulnerability allowed an attacker to inject malicious code, potentially leading to various attacks against users of the application...

7AI score
Exploits0
Hacker One
Hacker One
added 2023/03/20 3:29 p.m.173 views

Internet Bug Bounty: CVE-2023-27537: HSTS double-free

A double-free vulnerability was discovered in libcurl's support for sharing HSTS data between separate handles, which could result in a use-after-free or double-free when two threads share the same HSTS data without proper mutexes or thread locks...

5.9CVSS6.7AI score0.01856EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/20 3:11 p.m.30 views

Nextcloud: Blind SSRF as normal user from mailapp

Vulnerability description not provided...

5.3CVSS4.5AI score0.00529EPSS
Exploits0
Hacker One
Hacker One
added 2023/03/20 7:44 a.m.65 views

Internet Bug Bounty: CVE-2023-27538: SSH connection too eager reuse still

A vulnerability was found in libcurl that allowed the reuse of a previously created SSH connection even when an SSH related option had been changed that should have prohibited reuse. This was due to two SSH settings being left out from the configuration match checks, making them match too easily...

5.5CVSS6.9AI score0.01162EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/20 7:42 a.m.97 views

Internet Bug Bounty: CVE-2023-27536: GSS delegation too eager connection re-use

A vulnerability was found in libcurl versions 7.22.0 to 7.88.1 that allowed for the reuse of a previously created connection even when the GSS delegation option had been changed, potentially changing the user's permissions in a second transfer. This could affect krb5/kerberos/negotiate/GSSAPI...

5.9CVSS7.2AI score0.01566EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/20 7:38 a.m.76 views

Internet Bug Bounty: CVE-2023-27535: FTP too eager connection reuse

A vulnerability was found in libcurl versions 7.13.0 to 7.88.1 that allowed the reuse of previously created FTP connections even when one or more options had been changed, leading to the second transfer being done with wrong credentials. This was due to several FTP settings being left out from th...

5.9CVSS7.2AI score0.01607EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/20 7:36 a.m.97 views

Internet Bug Bounty: CVE-2023-27534: SFTP path ~ resolving discrepancy

A vulnerability was discovered in curl's SFTP implementation that allowed the tilde character to be used as a prefix in the first element of a path, resulting in the wrong path being accessed. This could be exploited to circumvent filtering or other security measures. The vulnerability was presen...

8.8CVSS6.5AI score0.02195EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/20 7:32 a.m.91 views

Internet Bug Bounty: CVE-2023-27533: TELNET option IAC injection

A vulnerability CVE-2023-27533 was found in curl versions 7.7 to 7.88.1 that allowed users to pass on user name and "telnet options" for server negotiation without proper input scrubbing, potentially allowing for the injection of unintended TELNET commands to the telnet connection. The severity o...

8.8CVSS7AI score0.01993EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/20 12:36 a.m.93 views

U.S. Dept Of Defense: Sensitive Data Exposure via wp-config.php file

Sensitive data exposure occurred via the wp-config.php file, which contained confidential information such as MySQL and AWS credentials and various keys. The vulnerability was found on a specific endpoint, and it could potentially provide unauthorized access to sensitive information to users who ...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2023/03/19 6:49 p.m.90 views

Fastly VDP: CVE-2018-6389 exploitation - using scripts loader

Vulnerability description not provided...

7.5CVSS7.3AI score0.73098EPSS
Exploits11
Hacker One
Hacker One
added 2023/03/18 7:27 a.m.472 views

Fastly VDP: Unauthenticated cache purging

An unauthenticated cache purging vulnerability was found in the website of Fanout.io, allowing unauthenticated users to purge the cache of the website. This could potentially lead to various types of attacks such as website defacement, unauthorized access to sensitive data, or denial of service D...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/03/17 2:58 p.m.213 views

Internet Bug Bounty: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)

A vulnerability was found in Apache HTTP Server's modproxyuwsgi, affecting versions 2.4.30 through 2.4.55. The issue allowed special characters in the origin response header to truncate or split the response forwarded to the client, potentially resulting in security headers being ignored by the...

7.5CVSS8.6AI score0.02134EPSS
Exploits0
Hacker One
Hacker One
added 2023/03/15 1:18 a.m.255 views

Internet Bug Bounty: UAF in OpenSSL up to 3.0.7

A use-after-free vulnerability was found in OpenSSL up to version 3.0.7 following BIOnewNDEF calls. This could result in a crash when the BIOpop function is called after BIOnewNDEF fails and improperly cleans up the BIO chain. The vulnerability impacts the public API functions...

7.5CVSS7.8AI score0.04494EPSS
Exploits0
Hacker One
Hacker One
added 2023/03/13 10:26 p.m.279 views

Internet Bug Bounty: Potential DoS vulnerability in Django in multipart parser

A potential denial-of-service vulnerability was discovered in Django's multipart parser, which could result in too many open files or memory exhaustion. This vulnerability was fixed in Django 3.2.18, 4.0.10, and 4.1.7 by limiting the number of file parts parsed via a new setting. The severity of...

7.5CVSS7.3AI score0.62575EPSS
Exploits0
Hacker One
Hacker One
added 2023/03/13 1:44 p.m.16 views

Shipt: Improper Access Control + Financial fraud allows attacker to disclose + add arbitrary products to another's user's order

The vulnerability allowed an attacker to add arbitrary products to another user's order before it was placed. The attacker could also disclose the content of the victim's order, including their physical address. This was possible due to improper access control and lack of input validation on the...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2023/03/12 1:2 a.m.3 views

Acronis: IDOR in backup recovery functionality

The vulnerability allowed an authenticated attacker to recover a backup belonging to another user by using the user's machine UUID, backup ID, and other parameters to configure and run a recovery plan...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2023/03/12 12:36 a.m.5 views

Drugs.com: Stored Xss On "https://www.question.com/"

The vulnerability was a stored cross-site scripting XSS issue on the "https://www.question.com/" website. The vulnerability was discovered in the "ask" page, where a malicious script was injected directly into the web application. The impact of the vulnerability was that the malicious script coul...

5.7AI score
Exploits0
Hacker One
Hacker One
added 2023/03/11 7:22 p.m.62 views

GitHub: Authentication bypass on gist.github.com through SSH Certificates

An authentication bypass vulnerability was found in GitHub Enterprise Server that allowed unauthorized access to modify other users' secret gists through SSH certificates. The vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15,...

7.7CVSS5.7AI score0.00462EPSS
Exploits0
Hacker One
Hacker One
added 2023/03/11 11:51 a.m.10 views

Nextcloud: Dos in Form Submission at https://nextcloud.com/instant-trial/

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/03/09 6:9 p.m.169 views

curl: CVE-2023-27538: SSH connection too eager reuse still

A vulnerability CVE-2023-27538 existed in the SSH connection reuse feature of cURL library. The vulnerability allowed for connection reuse even when different SSH keys were used, due to a broken check for SSH key matching. The vulnerability could potentially lead to unauthorized access to sensiti...

5.5CVSS7AI score0.01162EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/09 5:23 p.m.35 views

GitHub Security Lab: [Python] Unsafe unpacking using shutil.unpack_archive() query and tests

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/03/08 11:1 p.m.12 views

TikTok: 1 Click to 'Close Account and Refund' via POSTMESSAGE

A vulnerability was reported where a TikTok Ads endpoint sending postmessages sent POST requests without proper origin checks. This could have enabled a cross-site request forgery CSRF attack to force users to send malicious POST requests. The vulnerability was reported through responsible...

7AI score
Exploits0
Hacker One
Hacker One
added 2023/03/08 6:10 p.m.249 views

curl: CVE-2023-27537: HSTS double-free

A double-free vulnerability CVE-2023-27537 existed in libcurl's HSTS HTTP Strict Transport Security implementation due to a lack of exclusion control when processing HSTS with multi-threading. This could lead to a use-after-free UAF issue when other threads access entries. An attacker could explo...

5.9CVSS7.3AI score0.01856EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/08 1:10 p.m.33 views

Nextcloud: Users can set up workflows using restricted and invisible system tags

Vulnerability description not provided...

8.8CVSS8.6AI score0.00627EPSS
Exploits0
Hacker One
Hacker One
added 2023/03/08 9:56 a.m.14 views

Nextcloud: Responsive Server-side Request Forgery (SSRF)

Vulnerability description not provided...

4.3CVSS4.5AI score0.00601EPSS
Exploits0
Hacker One
Hacker One
added 2023/03/08 6:35 a.m.14 views

8x8: Unprotected Atlantis Server at https://132.226.█.█

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/03/07 4:4 p.m.116 views

Internet Bug Bounty: CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service and Remote Command Execution

An improper input validation vulnerability was discovered in the Apache Airflow Google Provider, affecting versions before 8.10.0. Attackers could modify existing connection configuration information to execute malicious commands or create arbitrary files, leading to denial of service...

7.5CVSS7.5AI score0.01826EPSS
Exploits0
Hacker One
Hacker One
added 2023/03/07 3:11 p.m.157 views

Internet Bug Bounty: Apache Airflow Google Cloud Sql Provider Remote Command Execution

An improper input validation vulnerability was discovered in Apache Airflow Google Provider before version 8.10.0, which could allow an attacker to execute remote commands on the victim's machine by modifying the existing connection configuration information. The vulnerability was discovered by X...

7.6AI score
Exploits0
Hacker One
Hacker One
added 2023/03/07 11:0 a.m.141 views

curl: CVE-2023-27536: GSS delegation too eager connection re-use

A vulnerability existed in libcurl that could allow the reuse of previously established connections when more strict or no delegation was requested, due to different CURLOPTGSSAPIDELEGATION options not being taken into consideration. An attacker could potentially exploit this vulnerability to...

5.9CVSS7.4AI score0.01566EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/07 4:33 a.m.80 views

Nextcloud: Missing brute force protection for passwords of password protected share links

A missing brute force protection vulnerability was found in the password protection feature of shared files, allowing an attacker to bypass the password protection of the shared files due to the lack of rate limit. This could lead to unauthorized access to protected files...

7.5CVSS7.5AI score0.00774EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/06 5:55 p.m.37 views

HackerOne: SQL Injection in CVE Discovery Search

Unsanitized user-controlled inputs in the CVE Discovery Search allowed for SQL injection, which could lead to the disclosure of data in the Analytics Database, including report, team, and asset data...

7.6AI score
Exploits0
Hacker One
Hacker One
added 2023/03/06 1:48 p.m.48 views

Nextcloud: Reflected XSS vulnerability with full CSP bypass in Nextcloud installations using recommended bundle

A reflected XSS vulnerability with full CSP bypass was discovered in Nextcloud installations using the recommended bundle. The vulnerability allowed attackers to inject malicious code into web pages, which could be executed in the context of the victim's browser session, leading to a trivial...

6.1CVSS5.1AI score0.00398EPSS
Exploits0
Hacker One
Hacker One
added 2023/03/06 3:22 a.m.8 views

LinkedIn: Users can access exams in course without having to subscribe to PREMIUM

Improper access controls allowed users to access premium exams without subscribing...

7AI score
Exploits0
Hacker One
Hacker One
added 2023/03/05 9:25 p.m.153 views

curl: CVE-2023-27535: FTP too eager connection reuse

A vulnerability existed in libcurl FTPS protocol that allowed the reuse of a connection even if different credentials were specified for different connections, resulting in the use of cached credentials for the wrong content. The vulnerability was caused by the failure to refuse caching when...

5.9CVSS7.3AI score0.01607EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/05 2:8 a.m.144 views

curl: CVE-2023-27534: SFTP path ~ resolving discrepancy

A vulnerability CVE-2023-27534 existed in libcurl's Curlgetworkingpath function, which resolved as remote users' home directory in an undocumented way for the sftp protocol. This could lead to unexpected final paths for sftp access, allowing an attacker with partial path access to gain access to...

8.8CVSS6.6AI score0.02195EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/04 11:5 p.m.12 views

U.S. Dept Of Defense: XSS Reflected

A reflected XSS vulnerability was discovered in the web asset, allowing an attacker to inject and execute malicious code in a victim's browser...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2023/03/04 7:21 p.m.22 views

GitLab: Attacker can create malicious child epics linked to a victim's epic in an unrelated group

A vulnerability existed in GitLab that allowed an attacker to create malicious child epics linked to a victim's epic in an unrelated group. The attacker could create the malicious child epics by referring to the victim's epic via the parentid. The vulnerability was due to the lack of proper acces...

6.4AI score
Exploits0
Hacker One
Hacker One
added 2023/03/04 8:43 a.m.6 views

Acronis: Reflected XSS in https://www.acronis.com/products/cyber-protect/trial/

Enter: https://www.acronis.com/products/cyber-protect/trial/?SFDCCampaignID=zz;alert;// will only work outside of USA I've tried several countries with VPN Impact Leaking users data and and modify the webpage...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2023/03/04 2:59 a.m.221 views

Internet Bug Bounty: RCE vulnerability in apache-airflow-providers-apache-sqoop 3.1.0

A remote code execution vulnerability was found in the Apache Airflow Sqoop Provider before version 3.1.1, due to improper input validation in the libjars parameter, allowing attackers to execute arbitrary system commands on the machine performing the MR task...

9.8CVSS9.9AI score0.01895EPSS
Exploits0
Hacker One
Hacker One
added 2023/03/03 7:13 p.m.163 views

curl: CVE-2023-27533: Telnet option IAC injection

A vulnerability existed in the CURLOPTTELNETOPTIONS option of the cURL library, which allowed an attacker to inject unintended TELNET commands to the telnet connection by escaping out of the telnet subnegotiation. This could allow the attacker to execute arbitrary OS commands on the target system...

8.8CVSS7.3AI score0.01993EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/03 1:43 a.m.262 views

U.S. Dept Of Defense: Unauthenticated Blind SSRF at https://█████ via xmlrpc.php file

An unauthenticated blind SSRF vulnerability was discovered on the xmlrpc.php file at a certain endpoint, allowing an attacker to send requests to external URLs and potentially conduct further attacks. Input validation and filtering are recommended to prevent such attacks in the future...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/03/02 3:15 p.m.5 views

TikTok: CSRF in ticket function

A cross-site request forgery CSRF vulnerability was found on a TikTok Shop endpoint, which could have resulted in the arbitrary creation of tickets. The vulnerability was reported by @ibrahim0936356 to the TikTok team...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2023/03/02 2:10 p.m.141 views

TikTok: Unrestricted File Upload on https://partner.tiktokshop.com/wsos_v2/oec_partner/upload

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/03/01 8:3 a.m.49 views

Internet Bug Bounty: Security Unfavorable Specifications and Implementations in the CGI::Cookie Class

A vulnerability was found in the CGI::Cookie class that allowed an attacker to inject invalid attributes in the Set-Cookie header. Additionally, the cgi gem had a vulnerability that allowed an attacker to inject a malicious HTTP response header and/or body. The issue was fixed in versions 0.3.5,...

8.8CVSS8.6AI score0.02287EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/01 7:59 a.m.81 views

Internet Bug Bounty: Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information

A vulnerability was found in Ruby's CGI library that allowed an attacker to inject a malicious HTTP response header and/or body if an application used untrusted user input to generate HTTP responses. The vulnerability was fixed in version 0.3.5, 0.2.2, and 0.1.0.2 of the cgi gem...

8.8CVSS8.4AI score0.02287EPSS
Exploits1
Total number of security vulnerabilities15369