HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 341 - 360
This crash was triggered with `642f773 ` while fuzzing `tile-count-merge` with AFL on Debian 8 x64. `./tile-count-merge -o /dev/null test000` ``` ASAN:SIGSEGV ================================================================= ==10201==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000048d0af bp 0x7ffd8644b6a0 sp 0x7ffd8644ae30 T0) #0 0x48d0ae in __interceptor_memcmp (/root/tile-count/tile-count-merge+0x48d0ae) #1 0x4dc6c9 in finder::operator<(finder const&) const /root/tile-count/merge.cpp:115:10 #2 …
When any user wants to change the password, current password is asked for proceeding the request. This should also be implemented on changing the email. Attack Scenerio : When some forget to logout from the account in a publc computer, anyone can change the email to its own and verify …
Reproduction Details: #dig txt debian.weblate.org|grep "v=spf1"
The bug submitted at: https://bugs.php.net/bug.php?id=74614 The fix committed at: https://github.com/php/php-src/commit/d02f953faf4afdd1576acb1380e4cd3c050ac599
## Summary: When using WolfSSL as the TLS backend, there is an issue where the CN or SAN in the certificate is not verified when connecting to an IP address over HTTP/3. wolfSSL_X509_check_host is only called when `peer->sni` is not NULL. However, when an IP address is specified, `peer->sni` is …
# Summary: The vulnerability occurs in the "EmailAddress" parameter in the member creation area and affects all users. ##Steps To Reproduce: Before proceeding with the steps of the vulnerability, have a previously created account or open it now to scenario the attack against existing accounts. 1-to become a member First, …
# **0x00 Vulnerability Overview: Fatal Flaw in HTTP/2 Protocol Stack** ## **1. HTTP/2 Header Block Fragmentation Mechanism** * **RFC 7540 Specification**: * Header blocks are transmitted using a HEADERS frame followed by one or more CONTINUATION frames. * All frames must belong to the **same stream** and be sent **sequentially**. …
Hello, I would like to mention a bug here that is regarding changing the name of the owner of a leaderboard by a member that is first shown forbidden but when you again try to change owner's name you can see the changes to name made in the pop up …
**Summary:** Sending specific crafted messages to Node.js libuv signal event pipe allows an attacker to obtain arbitrary code execution primitives, bypassing any module-based permissions and process-based permissions enforced. **Description:** Node.js uses [libuv](https://github.com/libuv/libuv) which uses pipes to signal and handle events in order to support asynchronous I/O event loops. As communication …
Hello Team, When I was testing your web application I found that we can change the email address to a new email address. I tested that feature and noticed that after changing the email to a new email and then back to the old email, I can still access the …
##Description Hi. I found a non-critical session management bug, which still can have serious impact in some scenarios. When user perform login to the Federalist through Github, federalist checks his Organization ID (but only upon login). When the user was deleted from organization for some reasons, but he was logged …
Vulnerability Exploited : cross site scripting using csrf Vulnerable URL:https://gratipay.com/search Vulnerability Explanation :The application is vulnerable with Reflected Cross Site Scripting. Here application fails to validate user supplied inputs due to which an attacker can inject his own JavaScript on your web application. Impact :The attacker can access the victim's …
##Description Hello. I discovered a Stored XSS attack vector in the `Custom Domain` field ##POC & Reproduction steps 1. Login to the federalist and go to the some instance `http://localhost:1337/sites/<siteid>/settings` 2. Fill the `Custom Domain` field by the ``` javascript:alert(document.domain) ``` and `Demo domain` ``` javascript:alert(document.domain); ``` (it cannot be …
hello wakatime security team i found security vulnerability:Sensitive Cookie Without 'HttpOnly' Flag when i was testing your website then i notice that there is some csrftoken cookie appare in responce but the cookie have not httponly flag.you must should set httponly flag for some following security resons The HttpOnly flag …
##Description Hi. I found an Insecure Direct Object Reference vulnerability on the `http://192.168.119.128:1337/v0/build/` endpoint. {F200108} When the user wants to restart the build, next request are sent to the endpoint: ``` {"site":<siteid>,"branch":"master"} ``` where siteid is numeric ID of the site. However, this endpoint does not check, do this site …
Sequel to the fix on #243594, this is still possible. ##Reproduction Steps 1. Request password reset - Load the link in email and set a new password - Navigate to https://demo.weblate.org/accounts/reset/ - Fill the email and captcha - You'll be prompted to enter a new password NOTE: I figured that …
Summary: I have found a vulnerability name authentication Bypass Using Default Credentials on admin console of █████████. ## Impact Access to the portal and the data in the portal like emails links data etc ## System Host(s) ██████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce …