HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 541 - 560
<html> <head> <title>Clickjack test</title> </head> <body> <center><p>Website is vulnerable to clickjacking!</p></center> <center><iframe src="http://mailboxes.legalrobot-uat.com/" width="1000" height="600"></iframe></center> </body> </html>
Normal user(Non-privileged) can mask external storage shared by admin. Scenario : Created three users "admin", "attacker", "victim" Created group "samplegroup" containing all the three users with "victim" as group admin Steps: 1) User "admin" created external storage named "localstrg"(note: name is the attack vector) with properties: Folder Name : localstrg …
Hello Slack, This vulnerability is about a 2FA Bypass, On Slack Web Application there is rate limit implemented. After performing 4-6 failed 2FA Attempt, Rate limit logic will ge Triaged and ask user to wait for next attempt(preventing automated 2FA Attempts) I tested the same using iOS App(iOS 9.3.3 iPad …
## Summary: [Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim’s browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. The …
**Summary:** [CWE-829: Inclusion of Functionality from Untrusted Control Sphere](https://cwe.mitre.org/data/definitions/829.html) [CWE-494: Download of Code Without Integrity Check](https://cwe.mitre.org/data/definitions/494.html) Twitter maintains several Open Source Projects under the [Twitter GitHub organization](https://github.com/twitter). These projects contain build files that indicate that some of these projects are resolving dependencies over HTTP instead of HTTPS. This allows these …
**Description:** A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper …
Summery:- CORS misconfiguration which leads to the disclosure Steps:- 1- go to https://██████/wp-json/wp/v2/ 2- intercept request using burp suite Request:- GET /wp-json/wp/v2/ HTTP/1.1 Host: ███ User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Cookie: _ga=GA1.2.1267763940.1602392906; _gid=GA1.2.300647314.1602392906; fpestid=m59II9xYDw0S42dKx0Cc3XCBfUbEmQtDQ4B4JsVYBgWH42eGTLW6ZV4VEwfq_1FS-MQz0w; wordpress_test_cookie=WP+Cookie+check Upgrade-Insecure-Requests: …
## Summary: During the **authentication** flow, an SMS is sent to the user in order to validate the session and proceed to the user account. The way Zenly API handles this flow is by: 1. Calling the `/SessionCreate` endpoint with the mobile phone number of the user. 2. A session …
**Description:** While looking for *.mil, I found a website that is vulnerable to reflected XSS. ## Impact An attacker can use it to fetch cookies/tokens from any website which requires login by using a CORS bug if the site is vulnerable to CORS. ## System Host(s) ████.mil ## Affected Product(s) …
## Summary: With a TFTP server that does not send OACK, but instead starts anyway with first block with 512 bytes block size, the curl library fails to assume default 512 bytes blocks. Instead it detects EOF and does not return an error code. Consequence is a truncated file that …
Hi! [CVE-2017-7308](https://nvd.nist.gov/vuln/detail/CVE-2017-7308) is a vulnerability I found in the Linux kernel caused by a signedness issue in AF_PACKET sockets. It can be exploited to gain kernel code execution from an unprivileged process. The kernel has to be built with CONFIG_PACKET for the vulnerability to be present. A lot of modern …