HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 281 - 300
## Summary: Executable files downloaded through Brave don't have quarantine attribute. That means it's possible to launch any executable bypassing codesigning + quarantine. However, later I found that Brave has already [tracked similar report](https://github.com/brave/browser-laptop/issues/13088) but only in the context of `.pkg` files. Additionally, Brave is allowed to run apps in …
Hi, Just bypassed the fix of open redirect. See comments for more details. Best Regards, -MO ## Impact Open redirection
**Summary:** Hackerone.com using following script file https://js.driftt.com/include/1530431100000/hp9revvwkk62.js you can see the below script on page this.handleMessage=function(e){if(e&&e.data){var t=document.getElementById(Si);if(t&&(e.source===t.contentWindow||e.source===window.opener)){ handleMessage method used for handle the cross domain windows messaging here missing validation of origin and the condition e.source===window.opener always true So attacker can handle all the events in that page ### Steps …
## Summary: Hi team, ## Steps To Reproduce: [add details for how we can reproduce the issue] This is my CSRF POC: <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <form action="██████" method="POST" enctype="multipart/form-data"> <input type="hidden" name="nombre" value="aaaaaaaaaaaaaaaa" /> <input type="hidden" name="apellido" value="<script>alert()</script>" /> <input type="hidden" …
Hello team, ## Summary: The JetPack SSO manager is plugin that allows any user to log into their wordpress using the same log-in credentials you use for WordPress.com, then they’ll now be able to register for and sign in to self-hosted WordPress.org sites quickly, example : User creates their wordpress …
### Summary A stored XXS exists in the main page of a `project`. By changing the "default branch name" of a group a malicious user can inject arbitrary JavaScript into the main page of a project. Any user that is either at least developer of the project, or an administrator …
## Summary Hi Acronis Security Team , Hope you well. I found one of your subdomains which is `www.cyberlynx.lu` (One of your Acquisition) is pointing towards ` www.cyberlynx.lu canonical name = www118.wixdns.net. www118.wixdns.net canonical name = balancer.wixdns.net. balancer.wixdns.net canonical name = f7a0737a-balancer.wixdns.net. f7a0737a-balancer.wixdns.net canonical name = td-balancer-dc11-60-102.wixdns.net. ` see the …
## Abstract LibreSSL and BoringSSL implemented ``X509_VERIFY_PARAM_set1_host`` differently than OpenSSL. All applications that use the preferred and documented way to configure a TLS connection for hostname validation, silently neglect to perform hostname validation at all. As a consequence, they are vulnerable to MitM attacks. ## Description OpenSSL 1.0.2 introduced the …
Shopify
•
Blog posts atom feed of a store with password protection can be accessed by anyone
Medium
$5,000
Closed
Hi shopify, ###DESCRIPTION I found a issue with blog posts atom feed of a shopify store. So without password we can't access the blog post atom feed at ```https://yourstore.myshopify.com/blogs/news.atom``` . But this can be bypass to access the atom feed of the blog posts. For example try out this. I …
## Summary: Hi, I just found an issue when register account in https://mtnmobad.mtnbusiness.com.ng/#/auth/registerUser It allows an attacker to inject malicious text include html code in email content. ## Steps To Reproduce: 1. Go to https://uat.id.manulife.ca/mortgagecreditor/register?ui_locales=en-CA. 1. Use the following payload as your First Name: 1. Put the following code as …
##Summary: I found PII data leakage through the HackerOne report. I found a link in one of the disclosed report that allow me to get the address and phone numbers of security researchers. Here I got the address and phone number of ████ (███) Vulnerability Name: PII data Leakage through …
## Summary: The Newspack Extended Access plugin omits to validate JWT signing on the registration and login JSON endpoint. This permits registration of accounts with arbitrary (user-supplied) details, and auth bypass and account hijack if a target account email is known. ## Platform(s) Affected: Any website using [Newspack Extended Access …
## Summary: Integer overflow in the source code tool_cb_prg.c ## Steps To Reproduce: Review the source code of tool_cb_prg.c In the function fly, pay attention to Line 80, 82, 84 ```C 69 static void fly(struct ProgressData *bar, bool moved) 70 { 71 char buf[256]; 72 int pos; 73 int check …
Hii Team, Through researching your asset, I found a XSS vulnerability at `www.███.████████`. **The only concern is that it only works in the Firefox browser.** ## Impact An attacker could execute arbitrary javascript in the client browser. ## System Host(s) www.███.██████████ ## Affected Product(s) and Version(s) ## CVE Numbers ## …
## Summary: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. ## Description: An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls …
Hii Triager, **NOTE: Just to clarify, I reported a similar issue yesterday, but it was on a different endpoint. _In this report, the vulnerable domain is the same, but the endpoint is different._** I found that an attacker can change their email address to the victim's(existing user) email, which then …
Nextcloud allows multi account within the android client app and relies on a single lock Based on the (exposed) intent nc://login, it is possible to add a new account under attacker domain and open the Nextcloud without the lock check. # Proof of concept 1. open the NC app with …