HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 181 - 200
Go to: `nextcloud/index.php/apps/gallery/#%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3Ejavascript:alert%280%29//%00` Tested on: Firefox 43.0.1 If you need more information then write me.
Malstaller is a severe vulnerability that affects the installation process of an unknown number of software including many top-100 download software. The vulnerability affects Windows OS (WIN 7 verified vulnerable) users and variations of the attack can affect already installed software and native Windows OS tools. Malstaller allows attackers to …
https://bugs.php.net/bug.php?id=70741
Through research, I discovered a CSRF vulnerability in one of the DoD asset **`███████`** **NOTE: The previous report, I submitted was on a different subdomain (███).** There is a **feature to create albums** for a media collection such as photos and videos. While performing some actions on it, I found …
**Summary:** The configuration of the Sintra framework application hosted at `oauth-redirector.services.greenhouse.io` exposes internal information when exceptions occur. The application is configured with the `show_exceptions` setting which causes internal application configuration, environment variables and source code snippets to be exposed when exceptions occur. **Description:** When an unhandled exception occurs (such as …
The subdomain at https://support.invisionpower.com has an unclaimed CNAME record ( ipscommunity.zendesk.com ). I checked the username availability in the signup process at Zendesk, it was observed that the subdomain is vulnerable to a subdomain takeover which allows an attacker could exploit such a situation by registering the expired sub domain …
A buffer overflow has been found in the phar_tar_writeheaders_int() function. it does a strncpy to header->linkname from entry->link with the size of entry->link. As you can see in https://github.com/php/php-src/blob/master/ext/phar/tar.h#L66 , header->linkname is a char of the size 100. Once entry->link contains a value that's bigger than 100 it will overflow …
Description: The mobile application uses a predictable Random Number Generator (RNG). Under certain conditions this weakness may jeopardize mobile application data encryption or other protection based on randomization. For example, if encryption tokens are generated inside of the application and an attacker can provide application with a predictable token to …
### Steps to reproduce 1. Run GitLab `docker run --detach --hostname gitlab.example.com --publish 443:443 --publish 80:80 --publish 22:22 --name gitlab gitlab/gitlab-ce:latest` 2. Connect to the GitLab Docker container: `docker exec -it gitlab /bin/bash` 3. Install netcat: `apt update && apt install -y netcat` 4. Run server in container: `nc -llvp …
## Summary: The `flap` contract provides the ability to auction DAI for MKR. That's a fundamental functionality of the MCD system, invoked usually from the `vow` contract. A flaw in the validation of calls to `flap.kick`, however, allows a malicious user to create "fake' auctions that can be later used …
Reproduction: step no 1:Open URL:https://www.owox.com/products/ or open your user account step no 2: copy URL or paste another tab step no 3:Go back again first tab or logout your account step no 4: And check the copied URL section is working properly Reference From :#244875 Reference From :#263873 Reference From …
Hi GitLab Security Team ### Summary I found a stored XSS vulnerability in the admins page. The administrator can set up a Grafana dashboard. Here, the administrator can either enter a relative URL or an absolute address. However, when adding an absolute URL, the protocol is not checked allowing to …
1. Create a gist called: "><svg onload=alert(1)> 2. have gist integration enabled and put a link in a slack chat 3. Visit the 'raw' or 'new window' pages for this gist, for example: https://outpost.slack.com/files/zemnmez/F029MDY33/___svg_onload_alert_1__
Beginning ---------- HackerOne's official twitter account posted a tweet on 11th December announcing 12 days of hacky holidays where we have to take down the grinch and prevent him from ruining the Christmas holidays. {F1132156} Challenge 1: Something to get started -------------------------------------- I visited [https://hackerone.com/h1-ctf][1] to understand the scope of …
On December 12th, 2020, the CTF became live and the scope that we are allowed to attack was ``` In Scope Domain - **hackyholidays.h1ctf.com** ``` Our main motive was to infiltrate his network and take him down. The challenges appeared one by one till 24th of December. Here we will …