HackerOne Reports

https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://hackerone.com/reports/2043807 Patch was provided about maintainer opted for different approach. ## Impact see reports

Hi, The bp_avatar_set action in BuddyPress when cropping avatars allows an attacker to arbitrarily delete a file the webserver can delete through the 'original_file' parameter. For example: * Create a user on a Buddypress-powered Wordpress instance (any user is OK, doesn't need to be admin, just needs to have the …

Summary: The HTTP/2 proxy implementation in curl contains potential integer overflow vulnerabilities in buffer size calculations that could lead to memory corruption or denial of service. AI Usage Statement: This report was prepared by a human security researcher after manual code review. No AI was used to generate this report. …

The `Object#instance_exec` method in `mrbgems/mruby-object-ext/src/object.c` executes a block in the context of an object. It sets the VM's `target_class` pointer to the singleton class of this object. `target_class` is used as the definition target for constants and methods. If a singleton class cannot be created for an object, `target_class` is …

Hi, The following file causes a segmentation fault in mruby, which also causes a segmentation fault in mruby-engine. I've minimized this file down to the bare bones what crashes it, then renamed variables and tidied so you can see what is needed and what isn't. ``` a=[0] b=nil a.each do …

## Summary I would like to report path traversal in `zenn-cli`. It allows the attacker to read arbitrary `.md` files. # Module **module name:** `zenn-cli` **version:** `0.1.39` **npm page:** `https://www.npmjs.com/package/zenn-cli` ## Module Description Manage Zenn content locally 👩‍💻 ## Module Stats 885 weekly downloads # Vulnerability ## Vulnerability Description Due …

Hi, I want to report an issue that I have found on http://www.urbandictionary.com/ when a user wants to up vote or down vote a term he simply presses on the up or down button. each user can up vote or down vote a term only once, but I have found …

Hi, Phew, this was a tricky one as the cause wasn't next door to where the dereference happened! The file causing this is: ``` a *case when nil redo end ``` ``` $ ./dev/bin/mruby --version mruby 1.2.0 (2015-11-17) ``` ``` $ ./dev/bin/mruby crash.rb crash.rb:1:3: '*' interpreted as argument prefix trace: …

steps to reproduce: 1.go to https://medium.com/sifchain-finance, click sign in. 2.click sign in with email,enter email and click continue 3.intercept the request in burp, POST /m/account/authenticate-email HTTP/2 Host: medium.com Cookie: optimizelyEndUserId=lo_4bda3b4cea4e; _parsely_visitor={%22id%22:%22pid=13a75549c26a866722a51d135fa2b89c%22%2C%22session_count%22:3%2C%22last_session_ts%22:1620281603472}; _ga=GA1.2.1757937864.1616482301; __cfduid=d0a35a5ebe2e01682dde453715c6515fe1620281559; __cfruid=b11d97eb0fc5c3ee677572c61f2d084d8675c401-1620289698; _parsely_session={%22sid%22:3%2C%22surl%22:%22https://medium.com/sifchain-finance%22%2C%22sref%22:%22%22%2C%22sts%22:1620281603472%2C%22slts%22:1616564318272}; lightstep_guid/lite-web=22de58625d1cfa62; lightstep_session_id=345c4f5a2565f1b5; _gid=GA1.2.1621057179.1620283390; lightstep_guid/medium-web=bb0c0eec415c9462; sz=1349; pr=1; tz=-60; uid=lo_99337b8e9a5c; sid=1:l7Xj/X4Y4ywkRvuW4AtGejuh54gTE6EKvj0sx87VwldyYk6AnotlImzfa574rnW5; _parsely_slot_click={%22url%22:%22https://medium.com/sifchain-finance%22%2C%22x%22:1026%2C%22y%22:21%2C%22xpath%22:%22//*[@id=%5C%22_obv.shell._surface_1620288206500%5C%22]/div[1]/div[1]/div[2]/div[2]/div[1]/div[1]/a[1]%22%2C%22href%22:%22https://medium.com/m/signin?redirect=https%253A%252F%252Fmedium.com%252Fsifchain-finance&source=--------------------------nav_reg&operation=login%22} User-Agent: Mozilla/5.0 (Windows NT 10.0; …

Hello team - Greetings! Hope you are fine. sifchain.finance website is vulnerable to Clickjacking. NOT ONLY THE HOME PAGE IS VULNERABLE, ALL THE PAGES IN THE WEBSITE IS VULNERABLE TO CLICKJACKING. And it has to be fixed because, Clickjacking is an attack that tricks the user to click a webpage …

## Summary: Hi, team. This is the same issue of #667739. Please take a look. I found one issue related to your 2FA system on https://cs.money/security/ ## Steps To Reproduce: 1. access the same account on https://cs.money/ in two devices 1. on device 'A' go to https://cs.money/security/ > complete all …

Hi team adding the flag here ``` ███ ``` ████ I will do the writeup in the below comments before the deadline itself Thanks Akshansh ## Impact ....

When a user creates an account using Google or Facebook and does not set an additional password, it is possible to set their passwords via CSRF. Since the account is created using a social media account, no existing password check is needed and the CSRF check on the endpoint is …