HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 381 - 400
## Summary: - Urban Company has an unclaimed broken link on their HackerOne security page which can be claimed by any malicious user. And then later the malicious user can exploit this issue to deceive new researchers to submit their legitimate findings to the wrong hands. ## Steps To Reproduce: …
Hi MTN team , i got a 500 error show the full path of the windows server containing the log file of today i navigate to it ==> https://ihelp.mtnbusiness.com/logfiles/Log_21-06-2021.txt i saw all logins i made with user administrator as u see the logs files is a date `Log_21-06-2021.txt` you can …
Open (wid param broken) http://prod.whisper.sh/whispers/replies?uid=050e3617a744474140874730dbe5055367c5c5&wid=04d27d987de7f897580096b099815691cd4a89%27%22&sme=false and got error stack trace
Directory index allowed in http://gateway.whisper.sh/ Info that might be useful in some other attack's vectors http://gateway.whisper.sh/presto-query.txt
It shouldn't be possible to send messages to users without following users: > You must be following at least one Vimeo member before you can send a private message. To get started, find a friend, family member, or someone with cool videos and click the "Follow" button on their profile …
I found another way to bypass Cloudflare Warp lock!
High
$1,000
Closed
This bug was reported directly to GitHub Security Lab.
This bug was reported directly to GitHub Security Lab.
The method `block_params` in class `RDoc::MethodAttr` uses a regular expression that is vulnerable to Denial of Service due to catastrophic backtracking. The regular expression is: ``` ([A-Z:a-z0-9_]+)\.([a-z0-9_]+)(\s*\(\s*[a-z0-9_.,\s]*\s*\)\s*)? ``` Source: https://github.com/ruby/ruby/blob/master/lib/rdoc/method_attr.rb#L265 The ReDoS requence is: `(\s*\(\s*[a-z0-9_.,\s]*\s*\)\s*)`. It contains three overlapping repeating groups (repeated characters are 0x20, 0xa0, [09-0d]), so the worst-case …
I submitted the following report to [email protected]: > I've been exploring CVE-2021-25742 and believe I've discovered a variant (although it appears there may be many). Most template variables are not escaped properly in `nginx.tmpl`, leading to injection of arbitrary nginx directives. For example, the `nginx.ingress.kubernetes.io/connection-proxy-header` annotation is not validated/escaped and …
**Summary:** By taking advantage of query named based batching in graphql a malicious actor has the ability to create many reports in bulk(up to ~75+ reports in 1 request), in combination with turbo intruder this can be abused to create ~6400+ reports using ~100 requests in roughly 40 seconds which …
## Summary: The Newspack Extended Access plugin omits to verify JWT signing on the registration and login JSON endpoint. This permits registration of accounts with arbitrary (user-supplied) details, and auth bypass and account hijack if a target account email is known. ## Platform(s) Affected: Any website using [Newspack Extended Access …
Hello, The RSI Test Environment application at https://███████████████/ords/f?p=842:1 does not enforce access controls on the user management endpoint. This allows any unauthenticated person to both create new users as well as give them the administrator role. This then provides access to https://███████████████/ords/f?p=303 as an administrator. The user management endpoint can …
A memory leak was found in libcurl in handling HTTP/2 push headers, which could lead to a denial of service due to memory exhaustion. Original report: https://hackerone.com/reports/2402845 ## Impact denial of service
The identified page allows unauthorized access to a user's profile management functionality without requiring authentication. Upon accessing the page, sensitive user details such as name, email address, and EDIPI, 10 digits are exposed. Additionally, an update function is available, suggesting potential for unauthorized data manipulation. ## Impact Sensitive Data Exposure: …
Hello, I found DOM XSS on login page of https://partners.acronis.com/ Open this URL https://partners.acronis.com/en-us/profile/login.html?-back=test123"> and search for `var back =`. Here input is HTML encoded but from that reflected value, element is created and appended to the form. {F983552} We can use JavaScript's unicode escaping to bypass this.. ## Steps …