HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 741 - 760
You have left a dns record pointing to a dead cloudapp vm. ``` svcardproxydevus.starbucks.com -> s00307ntmp0svcardproxydev0.trafficmanager.net -> s00307dpipsvcardproxy00.eastus.cloudapp.azure.com = Dead ``` ## Impact ``` 1) Attacker takes over subdomain and then puts something like porn or something that shouldn't be on the domain. 2) hacker then contacts support pretending to …
**Summary:** A Xss vulnerability using svg file & html file. ## Step-by-step Reproduction Instructions 1. Go to https://██████████/SitePages/Register.aspx and register. 2. Go to `https://██████████/Profiles/My/#Your Username#/Blog/default.aspx` and click `Create a Post` button. 3. Click `Body` textarea and click `Insert` button. 4. Click `Upload File` button and choose file (mygf.html or evilsvgfile.svg) …
I would like to report a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype. # Module **module name:** lodash **version:** 4.17.10 **npm page:** `https://www.npmjs.com/package/lodash` ## Module Description The Lodash library exported as Node.js modules. ## Module Stats 12M downloads in the last week # …
I would like to report a prototype pollution vulnerability in defaults-deep. It allows an attacker to inject properties on Object.prototype. # Module **module name:** defaults-deep **version:** 0.2.4 **npm page:** `https://www.npmjs.com/package/defaults-deep` ## Module Description Like `extend` but recursively copies only the missing properties/values to the target object. ## Module Stats 6,659 …
Hi, we have noticed that the Windows Desktop Client doesn't enable the protections ASLR and DEP (and others). These protections are per-default enabled since approximately 10 years in Visual Studio and are very important because they make exploitation a lot harder (or even make some vulnerabilities not exploitable). Please note: …
**Summary:** Hello. Similar to other reports, suddenly after the update with ordering users, the GraphQL API is exposing the amount of participants in a private program to non-invited users. This allows an attacker to retrieve the amount of participants in a private program, as well as their details. **Description:** Steps …
The following program triggers a heap buffer overflow: ```text [][]=% [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]-=0 ``` ASAN Report: ```text ================================================================= ==7193==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61d00001e888 at pc 0x00000062a87f bp 0x7ffed3653990 sp 0x7ffed3653988 WRITE of size 4 at 0x61d00001e888 thread T0 #0 0x62a87e in mrb_vm_exec /vagrant/src/vm.c:1164:9 #1 0x622c5b in mrb_vm_run /vagrant/src/vm.c:815:10 #2 0x650048 in …
Hello Security Team, Description According to its self-reported version number, the Unix operating system running on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security …
**Note I put this as Medium because that's what the CVE is. This vulnerability is known and it's classified under CVE-2018-5230. Here's a link to the thread on it by Atlassian: https://jira.atlassian.com/browse/JRASERVER-67289 Description --------------------- I noticed when testing that your Jira installation at jira.roblox.com is running on version 7.6.3, which …
Hi guys! When administering a shop, the owner has the ability to preview his shop with various themes. When previewing, a unique link is generated, which the owner can share with various people without any authentication. The generation of that unique link does not require authentication, which means any user …
It is possible for an attacker to see anyone's phone numbers abusing bug in reset password functionality. Bug allows to see anyone's phone number via email address. I will provide video POC a bit later. Steps to reproduce. 1) Go to `Forget password` page ███ 2) Type your email press …
Hi team, I hope you're doing well. An HTML Injection vulnerability was discovered in the Swagger UI, which could potentially allow attackers to inject malicious HTML content. This vulnerability could be exploited to execute arbitrary scripts in the context of the user's browser, leading to cross-site scripting (XSS) attacks and …
Hi Team, I observe a strange behaviour in your registration form. When we are making account and entering the first and last name. According to security concerns you should force user to write their first and last names which actually looks like name for example your should force users that …
The exploit exists in `paragraph` formatting that allows malicious code to be injected into the generated documentation. PoC ---- For example, let's create the `example` file with the following content: ``` \x[\<script>alert(1);</script>\] ``` Now, run rdoc: ```sh rdoc --all ``` The output html will have the following injected javascript code: …
### Summary Importing a modified exported GitLab project archive can overwrite uploads for other users. If the `secret` and `file name` of an upload are known (these can be easily identified for any uploads to public repositories), any user can import a new project which overwrites the served content of …
Good afternoon. Sorry, its me again .. I use NC on a daily basis so I often makes some checks .. As per #489105, document thumbnail shall not be disclosed. The exposure on thumbnailCache/ is an already know issue. However, malicious apps are still able to extract (at least) pictures …
## Summary: A CSRF in `https://chatstory.pixiv.net/imported` can trick users to import a novel of the attacker as the users' chatstory. ## Steps To Reproduce: 1. Attacker creates a novel 2. Go to the novel (https://www.pixiv.net/novel/show.php?id=10997105) Import the novel as chatstory by clicking the "チャットストーリーを作る" on the sidebar. You show notice …