HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1001 - 1020
Hello ## Summary: I have found at api.tumblr.com two parameters ```consumer_key ``` && ```consumer_secret``` allow to modify ```oa-consumer_key``` && ```oa_consumer_secret``` cookies values and property. An attacker can send a malicious link to reset the cookies of api.tumblr.com, this lead to DOS. To trigger the DOS, the target/victim account need to …
The server can be accessed without any authentication and it contains information that should not be kept public for anyone. I advice you to take look if this data are sensitive or not! ## References ███████ ## Impact There might be sensitive info that should not have to be leaked …
## Summary: curl command `--libcurl` option can be tricked to generate C code that when compiled contains arbitrary code execution. ## Steps To Reproduce: 1. `curl --libcurl client.c --user-agent "??/\");char c[]={'i','d',' ','>','x',0},m[]={'r',0};fclose(popen(c,m));//" http://example.invalid` 2. `gcc -trigraphs client.c -lcurl -o client` 3. `./client` 4. `ls -l x` Note: In this PoC …
It is found that an authenticated Basecamp 2 user can desync front and backend servers and poison the socket with harmful response for the next visitor. During redirect probe, It also appears that front-end infrastructure performs caching of content. Using HTTP request smuggling attack, It is possible to poison the …
Hi , Seem report #351555 is not full fixed where `434762629765715:PQlkrSHPqqjhIBc0MmUkdjcqpps` basic auth details are Still work on login #`Poc :` https://api.cloudinary.com/v1_1/reverb/usage {F309894} ## Impact information Disclose
GET /test.php HTTP/1.1 Host: 52.90.193.152 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* ## Impact This file may expose sensitive information that may help an malicious user to prepare more advanced attacks.
An attacker can deploy a `cosmwasm` contract on a chain and execute _any_ action on that chain, even when the executing chain does not allow that capability. This issue stems from a naive implementation of capabilities and misleading documentation. This goes against the `Capabilites` description in `CAPABILITIES.md` (https://github.com/CosmWasm/cosmwasm/blob/main/docs/CAPABILITIES.md): ``` The …
This bug was reported directly to GitHub Security Lab.
I would like to report a ReDoS in `is-my-json-valid` It allows cause a denial of service if schema uses the built-in `style` format. # Module **module name:** `is-my-json-valid` **version:** 2.20.1 **npm page:** `https://www.npmjs.com/package/is-my-json-valid` ## Module Description > A JSONSchema validator that uses code generation to be extremely fast. ## Module …
This bug was reported directly to GitHub Security Lab.
PHP bug report (made public by the maintainers at the time of writing): https://bugs.php.net/bug.php?id=79371 Mitre CVE page: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065 Link to the release notes: https://www.php.net/ChangeLog-7.php#7.4.4 ## Impact One of impacts is that the issue allows an attacker to straightforwardly crash the PHP interpreter provided a specific UTF character can be passed …
Hi, https://vdc.mtnonline.com/crossdomain.xml contains the following xml file: ``` <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="all"/> <allow-access-from domain="*" secure="false" to-ports="*"/> <allow-http-request-headers-from domain="*" headers="*"/> </cross-domain-policy> ``` ## Impact This will make any one able to receive content from https://vdc.mtnonline.com/ , attacker can steal CSRF tokens and user PII. More information …
Dear Team, Greetings!!! I have observed an Improper access control Issue. Member users do not have permission to rooms area of the admin section. But member users can exploit this via GET /meet-external/spot-roomkeeper/v1/calendar/auth/init?successRedirectUrl=https%3A%2F%2Fadmin.8x8.vc%2F%23%2Frooms%2Fadd HTTP/2 Steps to reproduce **Step1**: Member users do not have access to the room's area. Use {F1625870} …
This bug was reported directly to GitHub Security Lab.
### Description: first, it was a very good bug for me it starts when I was testing the form for I found a CSRF I sent it here #838778 I tested the form again and after few minutes I found that this parameter `locationId` in the post request is vulnerable …
Hello, I found an outdated version of Telerik Web UI (v2016.2.607.40) at the following URL: https://███/Telerik.Web.UI.WebResource.axd?type=rau. This means that we can achieve full RCE by chaining two different CVEs: CVE-2017-11317, which allows us to upload arbitrary files on the server, and CVE-2019-18935, which is a deserialization vulnerability. First of all, …
## Summary: A rate limiting algorithm is used to check if the user session (or IP address) has to be limited based on the information in the session cache. In case a client made too many requests within a given time frame, HTTP servers can respond with status code 429: …
## Summary: Note: I noticed that that the team has fixed issues like an XSS that's caused only from a header value (typically OOS since it's not directly exploitable) https://github.com/WorldHealthOrganization/app/pull/855, so in the spirit of this I'm also reporting another "good-to-fix" issue. On the WHO app, users send approximate location …