HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 641 - 660
in the source code "owncloud/client" in the file "src/gui/folderwatcher_linux.cpp" in the function "void FolderWatcherPrivate :: inotifyRegisterPath (const QString & path)" by calling "inotify_add_watch" the file paths are set for monitoring ```cpp int wd = inotify_add_watch(_fd, path.toUtf8().constData(), IN_CLOSE_WRITE | IN_ATTRIB | IN_MOVE | IN_CREATE | IN_DELETE | IN_DELETE_SELF | IN_MOVE_SELF | …
Hi team, **Summary:** There is a cross-site scripting vulnerability on the login page of www.starbucks.com and various regions, due to improper escaping on the URL path. **Description:** The login page at https://www.starbucks.com/account/signin builds several links by the relative URL path. An attacker can actually control the relative path: {F839656} Furthermore, …
## Description: There exists a stored XSS vulnerability in bbPress, due to which the XSS payload which I enter in my content, gets executed at **/wp-admin/edit.php?post_type=forum**. This vulnerability requires you to be an authenticated user. ## Steps To Reproduce: Step 1. Visit /wp-admin/edit.php?post_type=forum Step 2. Click on **Add New** Step …
## Description: Despite being deprecated since v3.5.0, the `wp_set_background_image` method (defined in wp-admin/includes/class-custom-background.php), registered as an authenticated AJAX call (`wp_ajax_set-background-image`), is still active. Given that the method is lacking CSRF checks, an attacker could change the background image of the blog to an arbitrary one from the media library via …
I would like to report `Command Injection` in `last-commit-log` It allows `execution of arbitrary commands` # Module **module name:** `last-commit-log` **version:** `[email protected]` **npm page:** `https://www.npmjs.com/package/last-commit-log` ## Module Description Node.js module to get the last git commit information - mostly to be used by CI/CD and building phase. ## Module Stats …
Hi again my favorite VDP team. I bring you 8th bug and 4th cross-site scripting. Currently trying to upload python code via self-serve data, not looking for XSS'es only, but they're a thing still, right? **Summary:** By sending specially crafted websockets request attacker can run javascript in algorithm collaborator's web …
Step To Produce : 1. Open : https://www.data.gov/issue/ 2. fill "Issue Title" and "Description" With XSSHunter Payload 3. XSS Fired In https://labs.data.gov/crm/admin/report/662445 ## Impact Can steal admin cookies
I would like to report n uninitialized Buffer allocation issue in `stringstream`. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed to the stream (e.g. from JSON), on Node.js 4.x …
Hi Team, While examining the domains that are in scope for Urban Dictionary, I noticed that https://urbandictionary.net is not currently protected by your SSL certificate. Steps to Reproduce: 1. Open Chrome and copy/paste the following into the search bar: https://www.urbandictionary.net 2. After you hit enter you will be transferred to …
I would like to report an uninitialized Buffer allocation issue in `put`. It allows to extract sensitive data from uninitialized memory by passing in non-round numbers, in setups where typed user input can be passed (e.g. from JSON). # Module **module name:** `put` **version:** 0.0.6 **npm page:** `https://www.npmjs.com/package/put` ## Module …
**Summary:** The monero daemon is compiled and linked without ASLR, at least on windows. This security hardening feature should be enabled in order to make exploiting of this service harder. **Description:** See above. ## Releases Affected: * At least v0.11.1.0 (probably more) / Tested on Windows 8.1 ## Steps To …
I would like to report an uninitialized Buffer allocation issue in `atob`. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed (e.g. from JSON), on Node.js 4.x and lower. # …
Hi, There's a HTML injection vulnerability present inside emails sent from slack when the FIRST name on the account contains HTML. The html is stored in the backend database and when emails are sent (promotional, etc), the HTML is sent along with the rest of the email. In my PoC, …
I would like to report an uninitialized Buffer allocation issue in `utile`. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed (e.g. from JSON). # Module **module name:** `utile` **version:** …
1. Go to order food tab and select any restaurant that delivers online. 2. Add Zomato Treat Subscription to cart. 3. Add more items to cart to fulfil the minimum order requirement for that restaurant. 4. Click on Continue and proceed to pay online. 5. While paying online I faced …
> NOTE! Thanks for submitting a report! Please replace *all* the [square] sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! **Summary:** Not sure there …
I would like to report an uninitialized Buffer allocation issue in `base64url`. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed (e.g. from JSON), on Node.js 4.x and lower. # …