HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 41 - 60
# CVE-2016-4796 OpenJPEG color_cmyk_to_rgb Out-of-Bounds Read Vulnerability ## 1. About OpenJPEG OpenJPEG is an open-source JPEG 2000 codec written in C language. It's widely used in lots of Linux OSes such as Ubuntu, RedHat, Debian, Fedora, and so on. The official repository of the OpenJPEG project is available at [GitHub](https://github.com/uclouvain/openjpeg). …
Please check: https://bugs.php.net/bug.php?id=73017
Hi, Through api-v2/items you can list all information of users (except email). As items are sequential, you can just make a script that crawls items from: https://www.olx.com.ar/api-v2/items/822200000 to https://www.olx.com.ar/api-v2/items/901858309 Example of sensible user information from random curl: ``` ██████████ ``` ``` █████████ ``` Example of random curl: ``` $ curl …
## Summary: HTTP request smuggling vulnerabilities arise when websites route HTTP requests through webservers with inconsistent HTTP parsing. By supplying a request that gets interpreted as being different lengths by different servers, an attacker can poison the back-end TCP/TLS socket and prepend arbitrary data to the next request. Depending on …
##Description Hello. I often use mine `xp.ht` host as a beacon for SSRF/XSS payloads, and today one was triggered from the `https://███████████████/NSSI/controlcenterV2/index.htm?directlink&courses/classes/findstudent&&&&&&&&` endpoint (it was found in the Referer header) This domain isn't resolvable from outside, so I assume the request came from host in the internal network, connected to …
## Summary: Hi, I found a stored xss https://app.lemlist.com ## Steps To Reproduce: 1. go to https://app.lemlist.com/. 2. create or edit campaigns. 3. set the payload `/><svg src=x onload=confirm(document.domain);>` in the **Campaign Name**. 4. visit Buddies-to-Be tab . 5. click Add one on the right Top . or click on …
SUMMARY: ==================== The DoD **`https://██████/psc/EXPROD_1/`** Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution (RCE) and Denial of Service Attacks (DoS) over a Java Object Deserialization (CWE-502) in the “monitor” service. Thus an attacker can generate and send malicious java objects of special types to …
https://bugs.php.net/bug.php?id=73029 Please feel free to ask for more technical details if necessary. Thank you for your consideration.
## Summary: Hi, I found reflected xss vuln on videostore.mtnonline.com ## Steps To Reproduce: 1. Open browser 2. Go to ``https://videostore.mtnonline.com/GL/Default.aspx?PId=126&CId=5&OprId=11&Ctg=OF25MTNNGVS_LapsInTime%22%27testxxx%3E%3Ciframe%20src=%22data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E%22%3E%3C/iframe%3E`` url 3. Browser show alert popup ## Impact We can run javascript code
## Summary The Nextcloud Talk app allows system administrators to setup chat commands that can be executed in Talk using the "/command" syntax. Users can provide additional arguments to the commands, such as "/calc 1+1" or "/wiki Hello", which are passed to the underlying script using `@exec`. If arguments are …
Dear Ubiquiti Networks bug bounty team, # Short Description --- scores.ubnt.com is still vulnerable to reflected XSS, a form of client-side code injection wherein one can execute malicious scripts into a page. The fix to https://hackerone.com/reports/158484 does not suffice for some browsers (mainly older versions) since there are `style` attribute …
**Summary:** There exists a Local File Inclusion vulnerability on https://████ due to a known vulnerability in the ZendTo library. This was fixed in [Version 5.16-6 Beta](https://zend.to/changelog.php), although ██████ is still running ZendTo 5.11. ## Impact This allows path traversal in a file name that is then returned to the user. …
Hi, I want to submit my report https://hackerone.com/reports/473811 for the Internet Bug Bounty. Snyk's writeup: https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction **My assessment on why this report might be eligible:** >To qualify, vulnerabilities must meet the following criteria: - Be implementation agnostic: vulnerability is present in implementations from multiple vendors or a vendor with dominant …
## Disclaimer To triage, please note that this is still a 0-day that was alerted to Grafana already, in order to make sure the client is safe I report this issue now, please make sure to not spread it further or leak it, as the best interest is to let …
https://bugs.php.net/bug.php?id=72874
https://bugs.php.net/bug.php?id=72875