HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 2021 - 2040
Hi, I have found the Broken link profile in the website where the attacker can perform identity theft. Summary : When a web application has any pages, sources, links to external 3rd party services and are broken then the attacker can claim those endpoints to successfully conduct the attack and …
Hello there ! I'd like to report a 'XSS' vulnerability on a DoD website *https://███/unit/███ , Here in the search engine of the website please enter the following payloads <script>alert(document.domain)</script> & you can even use this payload to steal cookies <script>alert(document.cookie)</script> and hit enter and just scroll you're mouse below …
## Summary: In fly() there will be a division by zero if progress bar width is 2. That can happen if terminal width is 2. ## Steps To Reproduce: This script crash: stty rows 10 cols 2 ; curl --progress-bar somefile > temp ## Impact I believe that if it's …
### Description: There is no rate limiting implemented in sending the confirmation email. Thus, attacker can use this vulnerability to bomb out the email inbox of the victim. ### Affected URL: ``` https://biz.yelp.com/welcome/resend_confirmation ``` with POST method ### Details: 1. Login to biz.yelp.com 2. Go to https://biz.yelp.com/messaging/xxxxxxxxxxxxxxx/inbox, it should look …
Report Submission Form Hello Team, The Configuration Details are being leaked by the following url: https://prow.k8s.io/config ## Steps to Reproduce Click on the Below link to reproduce the issue - https://prow.k8s.io/config ## Impact The Sensitive Information is being leaked. This information can be used to launch further attacks.
**Summary:** I discovered a vulnerability Read-only path traversal (CVE-2020-3452) at https://████████ **Description:** A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a …
Vulnerability Explanation : An issue was discovered in Acronis Service Manager Service which intregated from Acronis Cyber Backup ver.15.0.24197. This service is suffered by untrusted search binary. The malicious users who are in “Authenticated Users” group can use malicious DLL file to execute arbitrary code and escalate privilege to impersonate …
Using the latest version of Cyber Protection Agent (Version 12.5.23130) is possible to perform DLL Search-Order Hijacking. The only requirement is to have modify rights to one folder defined in the PATH system variable, due to the order in which the DLL is loaded. -Impact: If a local attacker has …
**Summary:** ████████ is vulnerable to Read-Only Path Traversal Vulnerability as described at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 **Description:** Get request parameters at the /+CSCOT+/translation-table and the /+CSCOT+/oem-customization are not properly sanitized which allows for reading files within the webroot directory that are not intended to be readable. According to Cisco: The vulnerability is due …
I would like to report a Prototype pollution in supermixer, It allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation. # Module **module name:** supermixer **version:** 1.0.3 **npm page:** `https://www.npmjs.com/package/supermixer` ## Module Description Mixes/merges/extends your object in multiple ways. …
GitLab
•
Command injection by overwriting authorized_keys file through GitLab import
Critical
$2,000
Closed
The `Projects::GitlabProjectsImportService` contains a vulnerability that allows an attacker to write files to arbitrary directories on the server. This leads to an arbitrary command execution vulnerability by overwriting the `authorized_keys` file. To reproduce, sign in to a GitLab instance that has GitLab import enabled. This is enabled by default, so …
Hi, it is possible to determine the existence of a user account. It reveals username which can open new attack vectors. Version: Nextcloud 16.0.3 Request for *existing* account: ``` GET /avatar/admin/80?v=-472 HTTP/1.1 Host: localhost:8084 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: image/webp,*/* Accept-Language: pl,en-US;q=0.7,en;q=0.3 Accept-Encoding: …
Summary: Using the latest version of Cyber Protection Agent (Version 12.5.23130) is possible to perform arbitrary Files and Folders Deletion as SYSTEM. The only requirement is to have limited code execution privileged (as a member of the Authenticated users group) in order to abuse this vulnerability. Description: Using the latest …
This vulnerability is present in both Google Chrome's PepperFlash aswell as browsers with the NPAPI Flash Player versions. It works by MITM'ing the Flashplayer settings manager. Although this settings manager is served over HTTPS, it is still possible to place or edit the local settings cookie by serving it over …
**Description:** RabbitMQ is an open-source message-broker software (sometimes called message-oriented middleware) that originally implemented the Advanced Message Queuing Protocol (AMQP) and has since been extended with a plug-in architecture to support Streaming Text Oriented Messaging Protocol (STOMP), Message Queuing Telemetry Transport (MQTT), and other protocols. The instance of the rabbitmq …