HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1021 - 1040
## Hi Team! Our team discovered a ``Blind SQL Injection`` by Abusing LocalParams (`res_id`) in `/php/geto2banner` **We are working to create a full PDF Report as an WriteUp ;)** ## Here is a Temporal Exploit based on the Vulnerable request: ``` POST /php/geto2banner HTTP/1.1 Host: www.zomato.com Connection: close Content-Length: 73 …
If the admin forces password for link shares and federated shares are enabled, users can bypass this enforcement. Tested with Nextcloud 18.0.3 Steps to reproduce: - enable password enforcement for link shares as admin - as user1 create a link share with password - open the link share in a …
Hi there, I found a stored xss [app.lemlist.com](https://app.lemlist.com/). ## Steps To Reproduce: 1. go to https://app.lemlist.com/. 1. create or edit **campaigns**. 1. visit tab **Buddies-to-Be**. 1. click **Add one** on the right Top. 1. Fill in the input 1. add `/><svg src=x onload=confirm(document.domain);>` ** Icebreaker** and **companyName** 1. click create …
This is an imported report from the email i have sent a month ago about a code injection vulnerability The vulnerability was assigned as CVE-2023-5528 As a reference i have talked with Balaji from the k8 team. Excerpts from the email chain that might be relevant: "Just a quick update …
Hi Team! I'm reporting a rather unusual DOMXSS that allows an attacker to perform a XSS attack on any Shopify apps that use the Embedded SDK. To exploit this, several techniques were chained together: Cookie Stuffing -> Login CSRF -> (Not Open) Redirect -> DOMXSS. #Details Inspired by #381192, I …
Dear Team, **Summary:** [add summary of the vulnerability] After looking into https://aaf.com/ i get to know that there is way where i can book a ticket and can play around , but it asked for valid credit card and all stuff so , i tried to bypass and bought a …
##Summary## Hi Team, I am here again with one interesting issue. This issue deals with the fact that according to the policies of chaturbate, a broadcaster cannot modify the option - Chat Allowed By - until and unless he/she has verified his/her age (default choice is set to all). This …
# Description : Hi, I have found a reflected cross site scripting vulnerability in <any>.myshopify.com/admin through return_url parameter . # Step to reproduce : 1-Go to https://<Any>.myshopify.com/admin/authenticate?return_url=javascript:alert(100)// 2-Click on reload this page 3-Xss alert message ## Impact Xss attack in <Any>.myshopify.com/admin
Hello Security team, i foud Full path disclosure vulnerability via Upload .htaccess file see POC video. Thankz ## Impact Sensitive File/Folder Information
If a user has access to a logged in session on Khan Academy, they are able to conduct a full account takeover. This is due to the fact that a new email address can be added to an account without a method of re-authentication. Once this email address has been …
## Summary: In Squid 4.8, a local buffer overflow vulnerability exists in the Smb_Connect() and Smb_Connect_Server() functions of Squid's smblib.c, in which an attacker can achieve code execution that can result in the disclosure of credential hashes. The cause of this overflow is due to the SMB domain controller names …
Vulnerability: Content Spoofing or Text Injection Description: This vulnerability will reflect text on to the web page which is used to scam a victim to visit or send information to a malicious website. Because it is inside the domain and trusted web page, there is chances of scam. Open the …
This is a Security Bug Report for mod_proxy_ftp. This bug is present in ftp_getrc_msg method of modules/proxy/mod_proxy_ftp.c file. This is the line which causes this bug. ```c ... mb = apr_cpystrn(mb, response + 4, me - mb); ... ``` If ftp server returns a response like "\r\n", which has 3 …
Spring Actuator endpoints publicly available and broken authentication
Critical
$12,500
Closed
I would like to report a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on `Object.prototype`. # Module module name: lodash version: 4.17.15 npm page: https://www.npmjs.com/package/lodash ## Module Description A modern JavaScript utility library delivering modularity, performance, & extras. ## Module Stats 28M downloads in the …
Summary: ===================== The Application concrete5 CMS available on github is vulnerable to remote code execution through the functionality of setting the log file in "Loggin Settings". It is possible to bypass the portion of code responsible for the verification of the extension of the log file (.log). Description: ===================== The …