HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1101 - 1120
Version 2.0.27 of the WooCommerce Product Vendors plugin doesn't appear to correctly escape the "vendor description" POST parameter and can be manipulated to reflect arbitrary scripting. The good news is that it does appear to do some form of clientside validation before posting, in addition to some serverside validation later, …
Your SPF record is present (attachments : spf) Which very well shows that you don't want spoofed email to be sent from your domains, but you just forget one thing: DKIM (DomainKeys Identified Mail) is an important authentication mechanism to help protect both email receivers and email senders from forged …
Hello, It appears that there is an XSS vulnerability on the about:tbupdate page. Steps to reproduce: 1. Visit: about:tbupdate?javascript:alert(1) 2. Click on 'visit our website' Because the page is a privileged one (given it cannot be opened from a normal web page) this XSS may lead to a more severe …
## Summary This vulnerability allows an in overflow when adding TLS buffer sizes during an encrypted data tranmission which can lead to incorrect data sizes being sent and TLS security issues while in testing. Within testing on a Windows 10 enviroment, Windows's Schannel rejected the malformed TLS handshake constructed as …
Browsing to a simple URL to an sftp URI allows bypasses socks proxy for DNS and browsing. Tested on a clean install of Ubuntu 16.04 with TBB 7.0.2 (4097d43aa0be86ae3fe43ec8f3ac5394) download from https://www.torproject.org/dist/torbrowser/7.0.2/tor-browser-linux64-7.0.2_en-US.tar.xz POC: Navigate to sftp://104.131.180.179:80/index.php After ~1 minute check http://104.131.180.179/ip,txt for your IP address It appears that ubuntu's default …
I. Summary Adobe Flash Player is prone to a vulnerability which leads to Use After Free. Since the release condition is highly controllable, it is feasible to build a fully working exploit for shellcode execution with proper AS3 object occupied the original PSDK memory. ------------------------------------------------------------------ II. Description PSDK Class expose …
Hey, I've captured the HTTP request while visiting assets.gratipay.com **_The whole HTTP response is as following_**: ``` GET / HTTP/1.1 Host: assets.gratipay.com:443 Accept: */* Accept-Encoding: gzip, deflate, sdch, br Accept-Language: en-US,en;q=0.8 Origin: https://www.youtube.com Referer: https://www.youtube.com/watch?v=0-gIBjd8Hws User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 X-Chrome-UMA-Enabled: 1 X-Client-Data: CIq2yQEIpLbJAQjEtskBCPGcygE= …
Hello Again, The doesn't have a header settings for X-Content-Type Options which means it is vulnerable to MIME sniffing. The only defined value, "nosniff", prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome when downloading extensions. This reduces …
Hello, Another report here. **Description** I found that www.joinolx.com has an option to do subscription for vacancy alert. So I took a look at that. I was able to include my HTML codes to manipulate emails sent to my address. The *Name* field in the subscription form doesn't validate the …
Summary ownCloud contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by 'ownCloud-2.2.2.6192-setup.exe' improperly. And it allows an attacker to load this DLL file of the attacker’s choosing that …
Hi, I would like to report a privilege escalation issue in which a member of the team is able to create a post on a channel even if the permission to do so is denied to him by the admin.After the admin has limited the number of users who can …
There is not Rate limit in Inviting a similar contact Multiple times See the attachment for confirmation :