HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1901 - 1920
## Summary: [summary of the vulnerability] A buffer overflow vulnerability exists in the curl library's Rustls backend due to an integer overflow in the dynamic buffer management. This issue could potentially allow an attacker to overwrite memory, leading to application crashes or, in theory, arbitrary code execution. However, exploitation is …
## Summary: I found that Windows device names (CON, PRN, AUX, etc.) can still be used for path traversal attacks when working with UNC network paths, even after the CVE-2025-27210 patch. So basically, the fix only covered regular paths but missed the UNC path scenario when using `path.join()` ## Description: …
An attacker can register an account on www.hover.com using any email address without passing the required OTP verification. By omitting the code parameter entirely from the signup request, the backend completes the registration and returns a valid session. This constitutes a bypass of the OTP verification mechanism and a business …
Good day. My name is Lorentso Youriévitch Bogdanov. It has come to my attention that you are in need of higher-quality code review. Rest assured that you are not alone in noticing a certain degree of brain-drain in this field. As you can perhaps imagine, the recent shortage of qualified …
Hi, I'm not too sure if this is intentional and a expected feature or was it really an unnecessary information disclosure. If this is intentional, kindly close this as `Informative` or allow me to self-close so as not affect my signal. From my perspective, I noticed 2 issues, __PART 1:__ …
## Summary: SSRF vulnerability allows mapping the internal network. ## Steps To Reproduce: It is possible to run internal requests with the siteInfoLookup service. ``` GET /cabinet/stripeapi/v1/siteInfoLookup?url=http://10.0.0.100:8080 HTTP/1.1 Host: my.stripo.email ``` Based on the response we know if the ip / port is available or not. The port is not …
Issue background If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the …
Hey when I try to set the password while creating account I noticed that you haven't kept any password limit. You need to decrease password length :There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource consumption on behalf …
summery: You are able to copy and paste stored XSS code into the comment section of a product in the transfers tab and receive the error. Reproduce: 1. Create a product with the name '"'><img src=x onerror=alert(domain.domain)>' 2. add a transfer with that product 3. now go back to the …
This issue was first reported to the Perl security mailing list on 19 August 2016. It was inadvertently made public in another bug report on 23 August 2016. It was finally marked fixed around 23 January 2017. [Original bug report](https://rt.perl.org/Ticket/Display.html?id=128998): ``` perl -e 'v300&O|0' triggers a heap-buffer-overflow in Perl_my_atof2 (numeric.c:1349). …
Hi Team, I have found at many instances or places from signup till getting logged into application ( in domain "demo.weblate.org" ) that session maintaining cookies such as csrf token and session id's expiration dates are set to future date. As part of secure session management one should prohibit or …
Subject: [FG-VD-17-063] NextCloud Insufficient Attack Protection Vulnerability Notification ------- Vulnerability Notification May 26, 2017 Tracking Case #: FG-VD-17-063 Dear NextCloud, The following information pertains to information discovered by Fortinet's FortiGuard Labs. It has been determined that a vulnerability exists in NextCloud. To streamline the disclosure process, we have created a …
Hi Team I have found that to access the data of endpoint ```https://████████/███/?#/``` as user has to submit a password/passphrase. When we provide wrong password then we get and error message asked to get pass assistance message ```Contact ████ for password assistance.``` After analyzing the JS file I found that …
The tested application is Starbucks Turkey Android App. https://play.google.com/store/apps/details?id=com.starbucks.tr&hl=en All these things are made without any login. I did not login the app. 1. I tried to intercept traffic between starbucks app and server with burp suite. I could not be successful because of the ssl pinning. 2. Before the …