HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 661 - 680
stellar-core improperly handles creation of a buy offer which crosses existing sell offers (immediate execution) but can only be filled partially due to a trustline limit on the source account. This makes it possible to create a valid offer to buy any custom asset at higher price than existing sell …
This bug was reported directly to GitHub Security Lab.
Hello, i discovered XSS in `sharjah.dubizzle.com`. XSS is reflected inside HTML Link tag `<link>` so it need some condition to trigger the payload. ### Step to Reproduce - Visit `https://sharjah.dubizzle.com/property-for-sale/land" accesskey="X" onclick=alert(1337) codelatte="/2018/10/10/commercial-land-for-sale-in-al-sajja-12/` (you can copy and paste). - XSS is reflected inside HTML Link tag {F435656} - Press `ALT …
GitHub
•
Information Leakage via Clicked Link in GitHub Repository (Fingerprinting)
Medium
$4,000
Closed
I would like to report an uninitialized Buffer allocation issue in `njwt`. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed (e.g. from JSON). # Module **module name:** `njwt` **version:** …
**Summary:** Open redirect through svg file upload **Description:** When you upload a file to a chat, the link to it will look like https://open.rocket.chat/file-upload/ID/filename.svg, but the file will be on storage.googleapis.com. We can embed js in our svg and when the victim goes to https://open.rocket.chat/file-upload/6ksXL2Mk4MonCcTpx/svgxss.svg, a redirect to the phishing …
Hi Security Team, Found that DNS record of `engineering.udemy.com` domain was pointing to inactive ghost.io instance. So when we visit https://engineering.udemy.com we will be notified that site doesn't exist. {F310092} ``` $ host engineering.udemy.com engineering.udemy.com is an alias for udemy-engineering-blog.ghost.io. udemy-engineering-blog.ghost.io has address 141.101.114.35 udemy-engineering-blog.ghost.io has address 141.101.115.35 udemy-engineering-blog.ghost.io has …
Ingress nginx annotation injection causes arbitrary command execution
High
$2,500
Closed
Report Submission Form ## Summary: [add a summary of the vulnerability] For CVE-2021-25742 and CVE-2021-25746, I found a bypass method, which is fatal to the current measures taken by the team I can easily bypass restrictions and execute arbitrary commands in the express nginx container. ## Kubernetes Version: [add Kubernetes …
Good Night Team and a Merry Christmas!!! The failure occurs as follows, to change the email the user has to click on a link sent to their email to confirm the change.if the user creates a new account with this email before clicking on the change email link,one second link …
Hi, When I opened this domain of yours, https://accounts.shopify.com/password-reset/new I just put the following text into email address box, <h1 style="color:blue;">█████</h1> it change the colour of the text. Well my point here is that if you could inject HTML, you might be able to add a <form> tag to the …
Full background information is at [krackattacks.com](https://www.krackattacks.com) and all detailed information can be found in our [research paper](https://papers.mathyvanhoef.com/ccs2017.pdf). # Key Reinstallation Attack: 4-way handshake example We use the 4-way handshake to illustrate the idea behind key reinstallation attacks (CVE-2017-13077). Note that in practice, all protected Wi-Fi network rely on the 4-way …
# Thank you, HackerOne I would like to make this the final report to Gratipay and thank everyone that was involved in this amazing journey. Gratipay is shutting down at the end of the year (https://gratipay.news/the-end-cbfba8f50981) and to finish on a happy note we closed all of our reports as …
This bug was reported directly to GitHub Security Lab.
This bug was reported directly to GitHub Security Lab.
I discovered a bug in an android mobile app that allowed STAFF No Permissions using Receipt Send to Mobile of any Order information in the Store. #Steps to reproduce: **1)** STAFF account is created and assigned "No Permissions" on a Shop by Owner/Admin **2)** STAFF then login to shop. Notice …
This bug was reported directly to GitHub Security Lab.