HackerOne Reports

# CVE-2016-4796 OpenJPEG color_cmyk_to_rgb Out-of-Bounds Read Vulnerability ## 1. About OpenJPEG OpenJPEG is an open-source JPEG 2000 codec written in C language. It's widely used in lots of Linux OSes such as Ubuntu, RedHat, Debian, Fedora, and so on. The official repository of the OpenJPEG project is available at [GitHub](https://github.com/uclouvain/openjpeg). …

Please check: https://bugs.php.net/bug.php?id=73017

Hi, Through api-v2/items you can list all information of users (except email). As items are sequential, you can just make a script that crawls items from: https://www.olx.com.ar/api-v2/items/822200000 to https://www.olx.com.ar/api-v2/items/901858309 Example of sensible user information from random curl: ``` ██████████ ``` ``` █████████ ``` Example of random curl: ``` $ curl …

Please check: https://bugs.php.net/bug.php?id=72895

Please check: https://bugs.php.net/bug.php?id=72893

# CVE-2016-1924 OpenJPEG opj_tgt_reset Out-of-Bounds Read Vulnerability ## 1. About OpenJPEG OpenJPEG is an open-source JPEG 2000 codec written in C language. It's widely used in lots of Linux OSes such as Ubuntu, RedHat, Debian, Fedora, and so on. The official repository of the OpenJPEG project is available at [GitHub](https://github.com/uclouvain/openjpeg). …

https://bugs.php.net/bug.php?id=73029 Please feel free to ask for more technical details if necessary. Thank you for your consideration.

# OpenJPEG opj_dwt_interleave_v Out-of-Bounds Write Vulnerability ## 1. About OpenJPEG OpenJPEG is an open-source JPEG 2000 codec written in C language. It's widely used in lots of Linux OSes such as Ubuntu, RedHat, Debian, Fedora, and so on. The official repository of the OpenJPEG project is available at [GitHub](https://github.com/uclouvain/openjpeg). ## …

Hi. There are the moments of sending unprotected broadcasts https://github.com/nextcloud/android/blob/master/src/com/owncloud/android/files/services/FileUploader.java#L1170 https://github.com/nextcloud/android/blob/master/src/com/owncloud/android/files/services/FileUploader.java#L1116 https://github.com/nextcloud/android/blob/master/src/com/owncloud/android/files/services/FileUploader.java#L1136 https://github.com/nextcloud/android/blob/600225c7c9684295bfdb43bcf7d078113b8b2f73/src/com/owncloud/android/services/SyncFolderHandler.java#L186 https://github.com/nextcloud/android/blob/600225c7c9684295bfdb43bcf7d078113b8b2f73/src/com/owncloud/android/services/SyncFolderHandler.java#L201 etc A malware can simply create a receiver: ```xml <receiver android:exported="true" android:enabled="true" android:name=".InterceptReceiver"> <intent-filter android:priority="999"> <action android:name="FileUploader.UPLOAD_START"/> <action android:name="FileUploader.UPLOAD_FINISH"/> <action android:name="FileUploader.UPLOADS_ADDED"/> </intent-filter> </receiver> ``` (and other actions) And receive the broadcasts **first** than your own receivers …

Please check: https://bugs.php.net/bug.php?id=73045

## Summary: Hi, I found reflected xss vuln on videostore.mtnonline.com ## Steps To Reproduce: 1. Open browser 2. Go to ``https://videostore.mtnonline.com/GL/Default.aspx?PId=126&CId=5&OprId=11&Ctg=OF25MTNNGVS_LapsInTime%22%27testxxx%3E%3Ciframe%20src=%22data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E%22%3E%3C/iframe%3E`` url 3. Browser show alert popup ## Impact We can run javascript code

## Summary The Nextcloud Talk app allows system administrators to setup chat commands that can be executed in Talk using the "/command" syntax. Users can provide additional arguments to the commands, such as "/calc 1+1" or "/wiki Hello", which are passed to the underlying script using `@exec`. If arguments are …

Hello ### Details: All My accounts have been closed i dnot know the reason so i have played around and manged to bypass this mechanism using the last unused password token ### Steps: - go to forget password page and get new password reset token and dnot use it - …

https://bugs.php.net/bug.php?id=72874

Hello I would like to report an XSS happening in Transfer Timeline because the Supplier Name input is not sanitized as it should! ***POC*** Set Supplier Name to "><img src=x onerror=prompt('XSS')> Create a Transfer with multiple items and cancel on of the items. Review the timeline In the timeline you …