HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1721 - 1740
**Summary:** The Semrush Ad Builder for Display Ads is vulnerable to path traversal when extracting zip files and referencing images from the embedded `data.csv` file. **Description:** The Semrush Ad Builder for Display Ads allows users to import Display Ads from an uploaded zip file. The backend functionality that extracts the …
Hello Semrush Team, In this report id ```311330```, I was filled duplicate and redirection url is fixed which made me feel happy as deserving bounty hunter gets a reward. However, after fixing from last night, I finally bypassed the redirection method which not only Triggered Xss, but also it redirects …
**Description** There is a vulnerability in card.starbucks.com.sg that allows an attacker to modify the purchasing value of a starbucks gift card such that he is paying the minimum amount for the maximum value of the gift card. **Attack Summary** An attacker is able to pay $0.01 for a $100 gift …
Hi Guys, **public** allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript. **I put https://www.npmjs.com/package/public in Weakness section - 'Where is the stored content accessible?*' because it does not allowed me to open report with http://localhost:8000 - so it's only a placeholder …
**Summary:** An attacker can read feature notifications from any user. Just need to change `me` to `user(username:"filedescriptor")` in your request to get the features. ### Steps To Reproduce `POST /graphql HTTP/1.1 Host: hackerone.com {"query":"query New_feature {\n query {\n id,\n ...F0\n }\n}\nfragment F0 on Query {\n user(username:\"filedescriptor\") {\n id, username\n, reputation, …
Steps: First send a message to the channel and capture its request: {F2424019} Endpoint: /api/v1/method.call/sendMessage CZZqd6rMsiqbsqa9h is the message ID that will be used later to delete the message to this ID. Leave the channel. Now, don’t join the channel again, just try to see options available that you can …
## Summary: Found an XSS ## Steps To Reproduce: 1. Go to https://watchdocs.indriverapp.com/webview/v1/transport-change?phone=██████&token=█████████&service=intercity3&jwt=fw%22%3E%3Cimg%20src=fwa%20onerror=alert(1)%3E ## Supporting Material/References: ████ ## Impact Execute Javascript on any victim browser
**Description:** I found google drive link `https://drive.google.com/drive/folders/█████████` at `https://████████.aspx?Mode=ReadOnly&Id=90dd0d3b-0ed1-e76b-128f-11ebc799ba55` contains pdfs at '/████ Internal/Orders' that discloses the following PII: Full Name: ███████ Social Security Number (SSN): ███████ Home Address: ████, ██████ Marital Status: Married, 3 dependents (M03 in January 2021 orders; S00 in earlier orders) Security Clearance Level: ███ ## …
Open the url https://██████████.jetblue.com/████?url=http://www.dakshineswarkalitemple.org/ this as a result we see Open redirect issue POC video : ██████ ## Impact Open redirect
## Summary: Someone with a member permission who hasn't been given access to post message to the channel can post it by executing commands. ## Steps To Reproduce: ``` POST /api/v4/commands/execute HTTP/1.1 Host: test3.cloud.mattermost.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0 Accept: */* Accept-Language: en Accept-Encoding: gzip, deflate …
The issue occurs while sharing a bytearray between two workers. If both call bytearray.clear() at the same time, Flash does not correctly handle the race and may double free the array. Indentified as CVE-2014-0574, and reported to Adobe via Chrome VRP: http://helpx.adobe.com/security/products/flash-player/apsb14-24.html Original report with proof of concept: https://code.google.com/p/chromium/issues/detail?id=423703
As per policy header injection are low priority bug but i recently discovered that when attacker change host to a special domain then victim will be redirect there.... My Request : GET /sign-in HTTP/1.1 Host: app.legalrobot.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, …
A Clickjaking Issue had been previously reported by "giantfire" on Aug 9th (19 days ago) and the issue was fixed by "iandunn" on Aug 25th (3 days ago) and the same disclosed on Aug 28th. Here the affected URL is- https://mercantile.wordpress.org/ "iandunn closed the report and changed the status to …
here this is my mail id : [email protected] and pass : [email protected] i am able to set password as same as gmail address , but cant able to login , this was the issue here
When the ldap server is (temporarily) unavailable, data like the attached ends up in log files. I've replaced usernames with `XXX_USERn_XXX` and passwords with `XXX_PASSn_XXX`. It seems that at least the following are missing from `$methodsWithSensitiveParameters` in `lib/private/Log.php`: - `bind` - `areCredentialsValid` - `invokeLDAPMethod` - `checkPasswordNoLogging`