HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 841 - 860
**Summary:** An exposed configuration file leaks FTP credentials to a DoD server. **Description:** The config file hosted on`ftp://█████████/pub/misc/FTP_███████Sign.exe.config` exposes a username `█████████` and associated password `███████`. These are valid credentials for the FTP server operating on `██████████:21`. This was verified by establishing a connection to the server with the credentials …
Description: this allowed an attacker to easily disrupt a remote system through excessive memory consumption. Writeup: https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ Demonstration video: https://www.youtube.com/watch?v=b38H3oEgrQw (this video shows that the attack doesn't necessarily just crashes the rpcbind process, but that the entire system can slow down severely because it has to resort to swap memory, …
**Summary:** An attacker could discover the emails of accounts on ██████ through the reset field. **Description:** https://████/███/accounts/request_reactivation/ This password reset field has no rate limiting, it additionally allows an attacker to guess at user accounts such as admin and it will then expose the account user's email. For example, I …
## Summary: CRLF / HTTP Header Injection. Allows you to set any headers/etc (Set-Cookie...) Page: https://bugzilla.mozilla.org/oauth/authorize Parameter: redirect_uri ## Steps To Reproduce: PoC - does not require authorization: 1. https://bugzilla.mozilla.org/oauth/authorize?client_id=&redirect_uri=%0d%0axxx:something&response_type=code 2. or (with true redirect): https://bugzilla.mozilla.org/oauth/authorize?client_id=&redirect_uri=\\name.tld%0d%0axxx:something&response_type=code HTTP response: ``` HTTP/2 302 server: nginx date: Tue, 21 Feb 2023 12:04:22 GMT …
> NOTE! Thanks for submitting a report! Please replace *all* the [square] sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to …
Linux client is vulnerable to directory traversal when downloading files
Medium
$250
Closed
## Summary The Nextcloud Linux client is vulnerable to directory traversal when downloading files from a Nextcloud server. A malicious Nextcloud administrator can exploit the vulnerability to write arbitrary files to a user computer(s) with the potential for remote command execution under certain conditions. ## Reproduction The issue is exploited …
**Description:** A reflected cross-site vulnerability was found at `███████/██████`. ## References ## Impact XSS is a versatile attack vector which opens the door to a large number of social-engineering and client-side attacks ## System Host(s) ██████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce 1. Open …
## Summary: Link preview in the left bottom of Brave Browser will show the link where the user will be redirected after clicking it, but after clicking the link, the affected user will be redirected to other website. ## Products affected: Latest Version of Brave browser ## Steps To Reproduce: …
**Summary:** When using the dropdown that selects the groups or users that are allowed to push or merge to a protected branch within a project, it is possible to trigger a XSS with a malicious user name string. **Description:** This vulnerability is similar to the recently announced CVE-2018-10379. The username …
**Summary:** When using the dropdown that selects the users that are allowed to approve a merge request, it is possible to trigger a XSS with a malicious user name string. **Description:** This vulnerability is similar to the recently announced CVE-2018-10379 (and another vulnerability I recently reported here in hackerone). The …
Hello, ## Issue descripton your incoming SMTP servers, provided by google , seems to be accepting without authentication mails from addresses `@paragonie.com` and destined for addresses `@paragonie.com`. This can greatly ease spear-phishing attacks, as users usually put much trust into emails coming from their own domain name, let alone people …
An authorization issue in the mobile app API allows any Instacart user to gain access to other users' order delivery chat logs. The `/api/v2/order_deliveries/:order_delivery_id/order_change_logs` endpoint does not sufficiently check if the user has permissions to access that particular order's chat logs. # Steps to Reproduce I used Burp Suite to …
python smtplib starttls stripping attack * affects: (basically all versions of smtplib with starttls support and projects relying on it) * python 2.7.2 - 2.7.11 (dates back ~14 years) * python 3.0 - 3.5.1 (dates back ~7 years) Python's implementation of `smtplib` fails to raise an exception upon an unexpected …
This bug was reported directly to GitHub Security Lab.