HackerOne Reports
Search through disclosed security reports
10,202 reports found
Showing 101 - 120
SUMMARY: ==================== This report describes a vulnerability similar to that described in my other reports #329376, #329397, #329399 The DoD **`https://████/psc/EXPROD/`** Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution (RCE) and Denial of Service Attacks (DoS) over a Java Object Deserialization (CWE-502) in the …
**Summary:** As part of our ([SoftwareLab@TU Darmstadt](https://www.sola.tu-darmstadt.de/de/software-lab/)) latest research project, we discovered a privacy-related vulnerability in multiple high-profile websites, including Twitter. An attacker exploiting this vulnerability can identify a user of your website while the user visits an attacker-controlled website, using the cookie you set in his or her browser. …
I would like to report a Stored XSS issue in module **public** It allows executing malicious javascript code in the user's browser. # Module **module name:** public **version:** 0.1.3 **npm page:** https://www.npmjs.com/package/public # Module Description Run static file hosting server with specified public dir & port. Support a "direcotry index" …
SUMMARY: ==================== The DoD **`https://██████/psc/EXPROD_1/`** Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution (RCE) and Denial of Service Attacks (DoS) over a Java Object Deserialization (CWE-502) in the “monitor” service. Thus an attacker can generate and send malicious java objects of special types to …
## Summary: When using WolfSSL as the TLS backend, there is an issue where the CN or SAN in the certificate is not verified when connecting to an IP address over HTTP/3. wolfSSL_X509_check_host is only called when `peer->sni` is not NULL. However, when an IP address is specified, `peer->sni` is …
I would like to report a Path Traversal vulnerability in localhost-now. It allows to read arbitrary files on the server. This is a bypass on the mitigation of #312889 . # Module **module name:** localhost-now **version:** 1.0.2 **npm page:** `https://www.npmjs.com/package/localhost-now` ## Module Description >Am I the only one who is …
https://bugs.php.net/bug.php?id=73029 Please feel free to ask for more technical details if necessary. Thank you for your consideration.
## Summary: Hi, I found reflected xss vuln on videostore.mtnonline.com ## Steps To Reproduce: 1. Open browser 2. Go to ``https://videostore.mtnonline.com/GL/Default.aspx?PId=126&CId=5&OprId=11&Ctg=OF25MTNNGVS_LapsInTime%22%27testxxx%3E%3Ciframe%20src=%22data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E%22%3E%3C/iframe%3E`` url 3. Browser show alert popup ## Impact We can run javascript code
## Summary The Nextcloud Talk app allows system administrators to setup chat commands that can be executed in Talk using the "/command" syntax. Users can provide additional arguments to the commands, such as "/calc 1+1" or "/wiki Hello", which are passed to the underlying script using `@exec`. If arguments are …
SUMMARY: ==================== The DoD **`https://███/psc/EXPROD/`** Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution (RCE) and Denial of Service Attacks (DoS) over a Java Object Deserialization (CWE-502) in the “monitor” service. Thus an attacker can generate and send malicious java objects of special types to …
hello team, There is a stored xss in lp.reverb.com. Attacker can inject malicious script into server while adding shop name as `lll"></script><script>alert('xss');</script>`. Exploit: https://lp.reverb.com/shops/faniyos-boutique/listings Steps to reproduce: 1. Navogate to https://reverb.com/my/lp_shop/edit 2. Change your lp shop name to this: lll"></script><script>alert('xss')</script> 3. Save the changes. 4. View your lp shop. Fix: …
**Summary:** the h1-202 event took several photos for the event that rotate on the *public* leaderboard. One of these photos disclosed the local wifi SSID and Password. **Description:** SSID: HackerOne Password: █████████ ### Steps To Reproduce 1. Look at the photo attached ### Remediation Have your staff photographer revie the …