Lucene search
K
HackeroneRecent

15369 matches found

Hacker One
Hacker One
added 2022/07/18 8:47 p.m.10 views

U.S. Dept Of Defense: Directory Traversal at █████

Hi DoD! I found directory traversal vulnerability at ████. I didn't find available title for this issue that's why I selected remote file inclusion. Host: ██████ Vulnerability: Directory Traversal in Windows Server Tool Used: BurpSuite Parameter: ==path== HTTP GET Request ==GET...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2022/07/18 6:38 p.m.30 views

Nextcloud: Last video frame is still sent after video is disabled in a call

Summary: When a participant is in a call and that participant disables the video rather than a black frame the last frame of the video will be sent. Similarly, if the video is disabled before joining the call the last frame of the video before joining the call will be sent. The video is not...

5CVSS1.4AI score0.00547EPSS
Exploits0
Hacker One
Hacker One
added 2022/07/18 7:46 a.m.17 views

LY Corporation: Stored XSS Via Filename On https://partners.line.me/

An XSS vulnerability was found on the file upload feature of "partners.line.me". Attackers could upload a file with an XSS payload in the filename, which was not properly escaped by the server. This allowed for DOM-based XSS to be embedded in HTML. The uploaded files were stored for a limited tim...

6AI score
Exploits0
Hacker One
Hacker One
added 2022/07/17 11:58 p.m.76 views

Glassdoor: [CRITICAL] Full account takeover without user interaction on sign with Apple flow

An account takeover was detected with our sign-up with Apple flow where an email parameter was manipulated in the request flow to our servers. This scenario can only be performed on a previously unlinked apple ID account with Glassdoor. Changing the email in the request flow allowed the researche...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2022/07/17 2:43 p.m.18 views

Slack: Hashed data exposure via WebSockets to Workspace Members

A vulnerability in Slack's system allowed for the exposure of members' email addresses and sensitive data through WebSockets. This occurred when users created or revoked a Shared Invite Link for their workspace, resulting in the transmission of hashed passwords to other workspace members. The iss...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2022/07/17 7:56 a.m.30 views

Hyperledger: Insecure TLS Configuration #3530

An insecure configuration was reported; however, this configuration is set on purpose in test code. Please see the resolved conversation on GitHub...

2.1AI score
Exploits0
Hacker One
Hacker One
added 2022/07/17 4:4 a.m.15 views

U.S. Dept Of Defense: Local File Inclusion in download.php

The local file inclusion vulnerability was discovered in the download.php file. Arbitrary files could be downloaded by an attacker using directory traversal via the filePathDownload parameter, provided the attacker knew a valid file path of an externally-facing document...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2022/07/16 12:36 p.m.7 views

Planet Labs: Api data leak

A security vulnerability was identified where sensitive API keys were exposed through archived data accessible via the Wayback Machine. Some of these API keys were found to be valid...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2022/07/16 11:32 a.m.29 views

Hyperledger: fix(cmd-socketio-server): mitigate cross site scripting attack #2068

Please refer this fix and approve Bounty. See this In Github Security Fix @ryjones https://github.com/hyperledger/cactus/pull/2068issuecomment-1186157206 Impact fixcmd-socketio-server: mitigate cross site scripting attack...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2022/07/15 5:47 p.m.9 views

MTN Group: String length restriction byepass at https://callerfeel.mtnonline.com/profile/feedback.html

Summary: Hi, hope you are well : I found that the attacker can bye pass the lenght restriction of user name at the feedback form Steps To Reproduce: F1823237 Impact Attacker can make the receiver page to delay and can cause application level dos Mitigation: Restrict the lenght of the string in...

Exploits0
Hacker One
Hacker One
added 2022/07/15 1:2 p.m.20 views

Stripe: CSRF in Importing CSV files [app.taxjar.com]

A CSRF vulnerability was found in the CSV import feature of app.taxjar.com, allowing an attacker to import transactions into a user's account without their permission. The vulnerability was due to a lack of CSRF protection in the import process...

7AI score
Exploits0
Hacker One
Hacker One
added 2022/07/15 10:52 a.m.43 views

GitHub: Command injection in GitHub Actions ContainerStepHost

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

6.5CVSS2.4AI score0.01474EPSS
Exploits0
Hacker One
Hacker One
added 2022/07/15 9:28 a.m.181 views

GitLab: Found Origin IP's lead to access to gitlab

@m-narayanan disclosed a known Origin IP / CloudFlare bypass issue, remediation for which was and is being tracked at https://gitlab.com/gitlab-com/gl-infra/reliability/-/issues/9945 The requested disclosure, then later requested it to be made private again...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2022/07/15 9:16 a.m.41 views

8x8: Open Redirect ███.8x8.com

@mrk0anti reported to us an Open Redirect vulnerability utilising a misconfiguration which allowed https://█.█.█.█/.example.com to be redirected ➡️ https://www.8x8.com.example.com The issue has been swiftly rectified...

Exploits0
Hacker One
Hacker One
added 2022/07/14 8:46 a.m.76 views

Internet Bug Bounty: Node.js - DLL Hijacking on Windows

Full Node.js Security Releases - summarizing the issue is here:https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ The original Node.js HackerOne report is here: https://hackerone.com/bugs?reportid=1447455 ----- Node.js versions earlier than 16.16.0 LTS and 14.20.0 are vulnerabl...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2022/07/14 8:35 a.m.15 views

Khan Academy: Email Verification Bypass Allows Users to Add & verify Any Email As Guardians Email

Go to https://www.khanacademy.org/signup and signup as learner keeping date of birth below 13 years. F1821117 2. Now keep victims email as parent's email for example here I am keeping [email protected] as parents email and click on signup. ████ 3. Now you will see a following message "Your...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2022/07/14 4:21 a.m.18 views

Elastic: Synthetics Recorder: Code injection when recording website with malicious content

A vulnerability was discovered in the Synthetics Recorder tool, which allows attackers to inject arbitrary code into a recording session. The waitForNavigation event calls quote within the context of a multi-line comment, which can be escaped with a specially crafted URL. This can lead to code...

7.8AI score
Exploits0
Hacker One
Hacker One
added 2022/07/14 1:23 a.m.18 views

U.S. Dept Of Defense: Reflected cross site scripting in https://███████

It was observed that the application is vulnerable to cross-site scripting XSS. XSS is a type of attack that involves running a malicious scripts on a victim’s browser. request.txt attacked poc attached Impact Cookie Stealing - A malicious user can steal cookies and use them to gain access to the...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2022/07/13 11:31 p.m.22 views

Cloudflare Public Bug Bounty: Lack of Packet Sanitation in Goflow Results in Multiple DoS Attack Vectors and Bugs

sflow decode package of the Goflow application did not implement sufficient packet sanitisation which could lead to a denial of service attack. Attackers could craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service. The issue has been fixed...

5CVSS5.4AI score0.00803EPSS
Exploits0
Hacker One
Hacker One
added 2022/07/13 2:39 p.m.31 views

Hyperledger: Remote denial of service in HyperLedger Fabric

How to reproduce 1.Bring up the test network.https://hyperledger-fabric.readthedocs.io/en/latest/testnetwork.htmlbring-up-the-test-network 2.Run the PoC. bash go run poc.go -server=192.168.0.208:7051 go package main import "context" "crypto/tls" "flag" "fmt"...

5CVSS0.2AI score0.00912EPSS
Exploits0
Hacker One
Hacker One
added 2022/07/13 1:16 p.m.51 views

Cloudflare Public Bug Bounty: Ability to bypass locked Cloudflare WARP on wifi networks.

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint...

6.5CVSS0.9AI score0.00394EPSS
Exploits0
Hacker One
Hacker One
added 2022/07/13 6:20 a.m.54 views

Hyperledger: Fix : (Security) Mitigate Path Traversal Bug

Unsanitized input from arg0 argument flows into java.io.FileOutputStream, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. Impact Being able to access and manipulate an arbitrary path leads to vulnerabilities when a...

3.1AI score
Exploits0
Hacker One
Hacker One
added 2022/07/12 7:31 a.m.28 views

Stripe: Mass account takeover!

@akashhamal0x01 discovered an Organization Owner could update the email address of a member of their organization in TaxJar. This could have allowed an attacker to take over a victim’s account if the victim belonged to the attacker’s organization. The vulnerability was caused by the ability to ed...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2022/07/12 6:6 a.m.15 views

U.S. Dept Of Defense: Open Redirect at █████

Open Redirect on https://███ User can be redirect to malicious site POC: ████████/texis/search/redir.html?query=1234&pr=External+Meta&prox=page&rorder=500&rprox=500&rdfreq=500&rwfreq=250&rlead=500&rdepth=62&sufs=3&order=r&u=http://evil.com&m=0&p=2 I hope you know the impact of open redirect and...

1.3AI score
Exploits0
Hacker One
Hacker One
added 2022/07/11 9:19 a.m.50 views

Cloudflare Public Bug Bounty: Completely remove VPN profile from locked WARP iOS cient.

It was possible for a user to delete VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restriction enforced for enrolled devices by the Zero Trust platform. The issue was fixed in Warp...

5.5CVSS1.8AI score0.0037EPSS
Exploits0
Hacker One
Hacker One
added 2022/07/10 8:22 p.m.13 views

Kindred Group: [www.32red.com] Reverse proxy misconfiguration leads to 1-click account takeover

==Below is the original, partially-redacted report== --------- Hi team, Summary We have found a misconfiguration in the reverse proxy powering www.32red.com, as it's possible to manipulate the forwarded requests using URL-encoded characters. This leads to a full 1-click account takeover by...

5.3AI score
Exploits0
Hacker One
Hacker One
added 2022/07/10 6:1 p.m.53 views

Node.js: DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)

Summary: This is an insufficient fix of CVE-2022-32212, which itself is a fix of CVE-2018-7160. There exists a specific behaviour in browsers on macOS devices when handling the http://0.0.0.0URL that allows an attacker-controlled DNS server to bypass the DNS rebinding protection by resolving host...

6.8CVSS0.6AI score0.09916EPSS
Exploits0
Hacker One
Hacker One
added 2022/07/09 10:25 a.m.46 views

Reddit: Can use the Reddit android app as usual even though revoking the access of it from reddit.com

Summary: Hi Team, For the last 4 days, I kept testing reddit web. That time, I revoked app access from the old.reddit.com and i checked my app and as expected i was not able to use the account in my app. After 2 days I was checking the chat invites feature on the web and after some time I turned ...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2022/07/09 8:50 a.m.15 views

Glassdoor: XSS in http://www.glassdoor.com/Search/results.htm via Parameter Pollution

There was reflected XSS detected at http://www.glassdoor.com/Search/results.htm using parameter pollution via keyword and locName parameters resolved by our development team. Thanks @nokline for your report and co-operation. We are looking forward to more findings from you. Thank you once again. ...

1.3AI score
Exploits0
Hacker One
Hacker One
added 2022/07/09 8:25 a.m.11 views

U.S. Dept Of Defense: Sensitive information disclosure [HtUS]

Sensitive information was disclosed through an open server status directory, which displayed server status and sensitive information by server. Attackers could potentially access sensitive information from the server logs...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2022/07/08 3:33 p.m.14 views

U.S. Dept Of Defense: an internel important paths disclosure [HtUS]

Summary: i found CGI script environment variable disclosure an important paths Steps To Reproduce: 1. visit this link : https://███ 2. look at poc pic you should restrict this quickly Impact this is so dangerous because attacker now know an internal paths and this juicy information as u can see i...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2022/07/08 3:4 p.m.18 views

U.S. Dept Of Defense: STORED XSS in █████████/nlc/login.aspx via "edit" GET parameter through markdown editor [HtUS]

While looking through the source code of https://████████/nlc/login.aspx,I noticed this line 204: Cancel ,which exposes the edit GET parameter. Upon accessing https://█████████/nlc/login.aspx?edit=true ,a hidden markdown editor will be revealed if you click around where the bottom text is,which...

6.4AI score
Exploits0
Hacker One
Hacker One
added 2022/07/08 2:8 p.m.13 views

U.S. Dept Of Defense: solr_log4j - http://██████████

Hi security team, i found a solr log4j vulnerability in your aplication Impact Logging untrusted or user controlled data with a vulnerable version of Log4J may result in Remote Code Execution RCE against your application. This includes untrusted data included in logged errors such as exception...

1AI score
Exploits0
Hacker One
Hacker One
added 2022/07/08 1:59 p.m.12 views

U.S. Dept Of Defense: ██████_log4j - https://██████

Hi security team, i found a log4j vulnerability in your aplication Impact Logging untrusted or user controlled data with a vulnerable version of Log4J may result in Remote Code Execution RCE against your application. This includes untrusted data included in logged errors such as exception traces,...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2022/07/08 1:48 p.m.26 views

Node.js: Off-by-slash vulnerability in nodejs.org and iojs.org

Summary: Configuration files for Nginx in nodejs/build repository have multiple off-by-slash misconfigurations. Because nodejs.org and iojs.org are deployed using those files, it is possible for an attacker to gain access to unexpected directories. This report is not related to nodejs/node...

1.6AI score
Exploits0
Hacker One
Hacker One
added 2022/07/08 11:55 a.m.78 views

Rocket.Chat: Rocket.Chat Server RCE

Vulnerability description not provided...

8.8CVSS8.7AI score0.00978EPSS
Exploits0
Hacker One
Hacker One
added 2022/07/08 10:38 a.m.12 views

Stripo Inc: [demo.stripo.email] HTTP request Smuggling

A vulnerability in the demo.stripo.email website was reported, which has since been resolved...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2022/07/08 3:43 a.m.64 views

Internet Bug Bounty: CVE-2022-32214 - HTTP Request Smuggling Due To Improper Delimiting of Header Fields

Original Report: https://hackerone.com/reports/1524692 Impact Depending on the specific web application, HRS can lead to cache poisoning, bypassing of security layers, stealing of credentials and so on...

6.4CVSS7.2AI score0.77278EPSS
Exploits1
Hacker One
Hacker One
added 2022/07/08 3:42 a.m.60 views

Internet Bug Bounty: CVE-2022-32213 - HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding

Original Report: https://hackerone.com/reports/1524555 Impact Depending on the specific web application, HRS can lead to cache poisoning, bypassing of security layers, stealing of credentials and so on...

6.4CVSS7.3AI score0.35079EPSS
Exploits1
Hacker One
Hacker One
added 2022/07/08 3:41 a.m.80 views

Internet Bug Bounty: CVE-2022-32215 - HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding

Original Report: https://hackerone.com/reports/1501679 Impact Depending on the specific web application, HRS can lead to cache poisoning, bypassing of security layers, stealing of credentials and so on...

6.4CVSS7.3AI score0.68796EPSS
Exploits1
Hacker One
Hacker One
added 2022/07/07 5:14 p.m.66 views

Node.js: CVE-2022-32213 bypass via obs-fold mechanic

Summary The fix for CVE-2022-32213 can be bypass using an obs-fold, which Node's http parser supports Proof-Of-Concept const http = require'http'; http.createServerrequest, response = let body = ; request.on'error', err = response.end"error while reading body: " + err .on'data', chunk =...

6.4CVSS0.4AI score0.35079EPSS
Exploits1
Hacker One
Hacker One
added 2022/07/07 3:14 p.m.2029 views

XVIDEOS: Host Header Injection Attack - www.xnxx.com

Host Header Injection Attack - www.xnxx.com An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifi...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2022/07/07 2:17 p.m.24 views

U.S. Dept Of Defense: CSRF to delete accounts [HtUS]

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2022/07/07 2:17 p.m.12 views

U.S. Dept Of Defense: Exposed GIT repo on ██████████[HtUS]

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2022/07/06 4:7 p.m.38 views

U.S. Dept Of Defense: SQL Injection at https://████████.asp (█████████) [selMajcom] [HtUS]

Summary: SQL injection SQLi is a vulnerability in which an application accepts input into an SQL statement and treats this input as part of the statement. Typically, SQLi allows a malicious attacker to view, modify or delete data that should not be able to be retrieved. An SQLi vulnerability was...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2022/07/06 2:31 p.m.9 views

U.S. Dept Of Defense: SSRF in Functional Administrative Support Tool pdf generator (████) [HtUS]

Summary: I found that it is possible to inject a javascript payload during the PDF form creation process, which is then executed by the checklist application server. Vulnerable Software: Functional Administrative Support Tool FAST v1.0 Intro: ██████████ Administrative clerks create a dynamic acti...

Exploits0
Hacker One
Hacker One
added 2022/07/06 2:16 p.m.17 views

U.S. Dept Of Defense: Full read SSRF at █████████ [HtUS]

Heyy there, We have found a full read ssrf vuln in https://█████ , we were able to hit the AWS Metadata endpoint http://███████ though the SSRF Vuln. ------------ Steps to reproduce: 1.Goto https://██████/users/create and create an account 2.After you account is verified , get login If for some...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2022/07/06 2:7 p.m.12 views

U.S. Dept Of Defense: IDOR Lead To VIEW & DELETE & Create api_key [HtUS]

Hi Dod & Hackerone Team i hope you are Doing Well Today : Explaining: i found That a User With a Member Permission in a Organization Can Create & View & DELETE APIKEYS Step To Reproduce: 1 First Create 2 Accounts From Here https://███ 2 Log in With The Victim User and Create New Group From Here...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2022/07/06 2:4 p.m.46 views

U.S. Dept Of Defense: SQL injection at [https://█████████] [HtUS]

Hello, Summary while doing test on www.███ I’ve found that the endpoint at /olc/███comments/commentpost.php is vulnerable with SQL injection vulnerability Vulnerable parameters - staffstudent POC - using sqlmap run command jsx python3 sqlmap.py --level=5 --risk=3 --tamper=space2comment...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2022/07/06 2:2 p.m.8 views

U.S. Dept Of Defense: Unauthenticated access to internal API at██████████.███.edu [HtUS]

There was unauthenticated access to internal API at██████████.███.edu. Multiple API calls allowed an attacker to gain access to the internal API via the Azure API url appg3entcalapi.azurewebsites.net. The access to█████.██████.edu was only supposed to be available to internal users...

7.4AI score
Exploits0
Total number of security vulnerabilities15369