HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 621 - 640
## Description: Vulnerable URL: https://wordpressfoundation.org/donate/ Clickjacking on the vulnerable URL allows an attacker to redirect a victim to do a donation at an attacker's page. ## Steps To Reproduce: 1) To test whether the page is vulnerable to clickjacking or not use this code <!DOCTYPE HTML> <html lang="en-US"> <head> <meta …
GlassWire contains a DLL hijacking vulnerability that could allow an authenticated attacker to execute arbitrary code on the targeted system. The vulnerability exists due to GlassWire loading DLL files from the PATH environment variable without verification. The machine should have at least one writable PATH directory for the privilege escalation …
Slack
•
TURN server allows TCP and UDP proxying to internal network, localhost and meta-data services
Critical
$3,500
Closed
The TURN servers used by Slack allow TCP connections and UDP packets to be proxied to the internal network. This gives an attacker the ability to scan and interact with internal systems. The attacker may proxy TCP connections to the internal network by setting the `XOR-PEER-ADDRESS` of the TURN connect …
Hey there, there is a DOM XXS vulnerability on the https://duckduckgo.com/ search result page through the `kp` and `kae` parameters of the [Cloud Save](https://help.duckduckgo.com/duckduckgo-help-pages/settings/cloud-save/) feature. POC URL: https://duckduckgo.com/?q=s&key=bb6e45e894d7b1f3a2619df967be873b15f8eccd55d3a729f58429b59f72431e4fd4b736a0ae5cf74933bcb5136103e1c09664972b3c489d1b682f08ce070325 Video (Firefox 78.0.1): {F904609} Video (Chromium 83.0.4103.116): {F904637} ## How to reproduce? First, we need to create malicious "Cloud Save" setting with …
## Summary: * There are some exposed `directory/files` publicly accessible for anyone, when it should be restricted on the server ## Steps To Reproduce: * Go to `http://bcm-bcaw.mtn.cm/wp-content/uploads/` and navigate between available folders ==**Poc:**== {F707036} ## Impact > * Every uploaded data can be accessible through this directory listing vulnerability …
## Summary Due to incorrect buffer management ext_lm_group_acl is vulnerable to a denial of service attack when processing NTLM Authentication credentials. This problem is limited to installations using the ext_lm_group_acl binary. ## Affected Versions Squid 2.x -> 2.7.STABLE9 Squid 3.x -> 3.5.28 Squid 4.x -> 4.9 ## Severity Due to …
By using BruteForce with random passwords, we have succedded the account ## Impact Account can be taken out
When a user makes a direct upload using ActiveStorage, the browser makes a request to the DirectUploadsController containing the direct_upload parameters filename, content_type, byte_size, and checksum. These are used to generate a presigned url that is then passed back to the browser, allowing the user to upload directly to S3. …
##Summary: I Found an XSS(Reflected) at the URL mentioned and the injected parameter is: pt Steps To Reproduce: 1-go to this URL [https://www.topcoder.com/tc?module=ReviewBoard&pt=1] $$you will recognize that is parameter (pt) is reflecting its value into the page 2- try injecting this parameter with HTML tags or XSS payloads the payloads …
**Summary:** There exists a Cross Site Scripting and Content Injection vulnerability at https://www.glassdoor.com/Salary/* via the `filter.jobTitleExact` query parameter. Using URL encoded HTML entities, it is possible to inject HTML content and break out of the context of a <meta> tag. The WAF does a good job blocking most javascript payloads …
As stated in a brief exchange with @rvn in my other report ##312433, I might have found a logic flaw in the way https://helpdesk.bistudio.com handles the reset flow and tokens. I've asked if it was possible to obtain a test account, but I fully understand that it's something that cannot …
**Summary:** Two-factor authentication bypass lead to information disclosure about the program and all hackers participate **Description:** Hi dear when you have an invitation from a program and to accept that invitation to see the program content you need to have Two-factor authentication turned on , try to use google app …
libcurl at commit [04739054cdac5a0614fb94e3655e313c03399f35](https://github.com/curl/curl/tree/04739054cdac5a0614fb94e3655e313c03399f35) contains a NULL-dereference in function `encodeDN()` when parsing the certificate of a server during the TLS connect-phase. The vulnerable code is in [lib/vtls/x509asn1.c:701](https://github.com/curl/curl/blob/04739054cdac5a0614fb94e3655e313c03399f35/lib/vtls/x509asn1.c#L701): ```c static CURLcode encodeDN(struct dynbuf *store, struct Curl_asn1Element *dn) { struct dynbuf temp; Curl_dyn_init(&temp, MAX_X509_STR); for(p1 = dn->beg; p1 < dn->end;) { for(p2 …
## Summary: There are still a lot of valuable erc20 tokens compiled with solc < 0.5.0 on the eth mainnet. The methods compiled with Solc below 0.5.0 will not check if the length of the input calldata matches the params types. It will load the calldata as long as the …
##Summary: There is an Email Spoofing vulnerability on your domain sifchain.finance which allows an attacker to send an email with your domain name(such as [email protected] and so on). ##Steps To Reproduce: Go to http://emkei.cz Fill "From Email" field to [email protected] or any other sifchain.finance email. Fill the victim's address (your …