HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 321 - 340
## Summary: Hi! i found an Unrestricted File Upload on https://app.lemlist.com which let me upload anything. File Extensions Such as .html and others should not be executed on the server side. ## Steps To Reproduce: [add details for how we can reproduce the issue] * 1.) Login to https://app.lemlist.com * …
Hey Alan Similar to report #244813 , there is no rate limit in creating private leaderboards , I was able to create more than 300 private leaderboards on my test id. Kindly look into it. Ping me back if i am unable to demonstrate the issue. Regards Ahmad
Hello try to write this <p onload="javascript:alert('sss');">Done</p> <strike> test </strike> in the comments it will run. https://wakatime.com/blog/26-download-your-team-activity-as-csv#comments
Dear sir, This may be a low priority issue,but has the importance to resolve at your priority.I request you to think over this report,because this vulnerability is not a spam on many other sites. URL:- https://wakatime.com/signup https://wakatime.com/login Vulnerability:- ->Attacker can block users to create their own accounts on your site. …
Description: Session management issue in https://wakatime.com Cookies are used to maintain session of the particular user and they should expire once the user logs out of his account.In secure web application,Cookies immediately expire once the user logs out of his account. But this is not happening in the case of …
Hi there Vulnerability Title: Meta characters are not filtered into full name Description You haven't filtered control meta characters such as %00 etc in full name field which allows an attacker to impersonate or hide their real identity within the application. This one is not rejected. It turns out that …
Now we want to proof that our security sistem is most fit in this year
**Summary:** There is a stack overflow bug in json_parser when parsing nesting objects. **Description:** Monero's json parser (handled by epee libraries) doesn't check object tree depth while parsing ## Steps To Reproduce: Up the service ```bash > monerod ``` run ```bash > python2 poc.py ``` backtrace ``` SUMMARY: AddressSanitizer: stack-overflow …
## Summary: When I searched Github for sensitive information I found some privet key in GitHub repository. these are private RSA key and private server key, which could be used for unauthorized access. ## Steps To Reproduce: VISIT THESE LINKS: Repository : EX: https://github.com/mcu-tools/mcuboot/blob/137d79717764ed32d5da4b4b301f32f81b2bf40f/enc-x25519-priv.pem https://github.com/mcu-tools/mcuboot/blob/137d79717764ed32d5da4b4b301f32f81b2bf40f/root-ed25519.pem (This is just an example) …
Hi Team, Description While I was testing the application i found this bug where the application is sending the credentials over Plain text in URL : https://auth.ratelimited.me/login?username=testqaz%40grr.la&password=D33vanh%40h%40h%40 Vulnerable URl https://auth.ratelimited.me ## Impact Impact: if the application is sending the credentials over GET request it will be saved in the history …
Researchers have found new attack against 3DES-CBC cipher in TLS,that they can decrypt customer data using a method called SWEET32 Birthday Attack. This Vulnerability has got CVE-2016-2183 and has cvss score 5.0 This vulnerability can be found manually by simply using nmap script nmap -Pn -p --script ssl-enum-ciphers ip Mitigation …
Hello, there is no rate limiting implemented in sending the confirmation email. Thus, attacker can use this vulnerability to bomb out the email inbox of the victim. Proof of Concept : 1. Register a account in wakatime.com 2. Login to account and go to https://wakatime.com/settings/account 3. Under that click on …
Following the fixes: #241608 & #224072. there's still another way round this. ##Reproduction Steps 1. Register 2 accounts (Preferably using Gmail not third party) - Login both accounts on separate browsers - In Browser1, navigate to https://demo.weblate.org/accounts/profile/#auth - Add a new association with the Google third party link using the …
At this moment prevention from object injection is in the following line of code: ``` preg_match( '/^a:2:{/', $raw_custom ) && ! preg_match( '/[CO]:\+?[0-9]+:"/', $raw_custom ) && ( $custom = maybe_unserialize( $raw_custom ) ) ``` but the PHP native [unserialize](https://github.com/php/php-src/blob/master/ext/standard/var_unserializer.c) function supports little `o` as option in it and it is …