HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 241 - 260
SUMMARY: ==================== This report describes a vulnerability similar to that described in my other reports #329376, #329397, #329399 The DoD **`https://████/psc/EXPROD/`** Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution (RCE) and Denial of Service Attacks (DoS) over a Java Object Deserialization (CWE-502) in the …
**Summary:** As part of our ([SoftwareLab@TU Darmstadt](https://www.sola.tu-darmstadt.de/de/software-lab/)) latest research project, we discovered a privacy-related vulnerability in multiple high-profile websites, including Twitter. An attacker exploiting this vulnerability can identify a user of your website while the user visits an attacker-controlled website, using the cookie you set in his or her browser. …
I would like to report a Stored XSS issue in module **public** It allows executing malicious javascript code in the user's browser. # Module **module name:** public **version:** 0.1.3 **npm page:** https://www.npmjs.com/package/public # Module Description Run static file hosting server with specified public dir & port. Support a "direcotry index" …
###Summary I have been working on the partner web portal and have noticed the referrals feature contains an issue where a user with limited privileges can create referrals in an unauthorized manner. ###Steps to Reproduce First you must authenticate with an administrator user and then invite another with limited privileges …
Description: I discovered that a private RSA key along with its certificate is publicly accessible inside the curl GitHub repository under the file tests/data/stunnel.pem. This file contains a PEM-formatted RSA private key, which should be kept strictly confidential. Steps to Reproduce: Navigate to the following URL in the curl GitHub …
Hi Team, Hope you are doing great. Note: IoS APP Vs.: 4.9.1 I got a vulnerability in your applications via which an attacker is able to bypass the PIN. The attacker just need to bruteforce the 4 digit PIN as unlimited tries is accepted by the application, the attacker can …
I would like to report a Path Traversal vulnerability in localhost-now. It allows to read arbitrary files on the server. This is a bypass on the mitigation of #312889 . # Module **module name:** localhost-now **version:** 1.0.2 **npm page:** `https://www.npmjs.com/package/localhost-now` ## Module Description >Am I the only one who is …
SUMMARY: ==================== The DoD **`https://███/psc/EXPROD/`** Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution (RCE) and Denial of Service Attacks (DoS) over a Java Object Deserialization (CWE-502) in the “monitor” service. Thus an attacker can generate and send malicious java objects of special types to …
hello team, There is a stored xss in lp.reverb.com. Attacker can inject malicious script into server while adding shop name as `lll"></script><script>alert('xss');</script>`. Exploit: https://lp.reverb.com/shops/faniyos-boutique/listings Steps to reproduce: 1. Navogate to https://reverb.com/my/lp_shop/edit 2. Change your lp shop name to this: lll"></script><script>alert('xss')</script> 3. Save the changes. 4. View your lp shop. Fix: …
**Summary:** the h1-202 event took several photos for the event that rotate on the *public* leaderboard. One of these photos disclosed the local wifi SSID and Password. **Description:** SSID: HackerOne Password: █████████ ### Steps To Reproduce 1. Look at the photo attached ### Remediation Have your staff photographer revie the …
Description === **Vulnerable parameter:** user **Vulnerable script:** https://github.algolia.com/github-btn.html **Vulnerable code:** ```js var params = function() { for (var t, e = [], o = window.location.href.slice(window.location.href.indexOf("?") + 1).split("&"), r = 0; r < o.length; r++) t = o[r].split("="), e.push(t[0]), e[t[0]] = t[1]; return e }(), user = params.user, repo = params.repo, …
## Summary: The app is exposing a firebase database url that has no read/write protections. ## Steps To Reproduce: 1. Decompile the Android app 2. Do a string search for `firebase_database` 3. Use the project name (i.e. `msdict-dev`) in combination with the Firestore REST API to modify the database. ## …
## Summary: If the `io.kubernetes.client.util.generic.dynamic.Dynamics` is used to deserialize a `DynamicKubernetesObject `from untrusted YAML, an attacker can achieve code execution inside of the JVM. Since this is a part of the public API, down stream consumers can be using this API in a way that leaves them vulnerable. I have …