HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1941 - 1960
**Summary:** default username and password i found in one of your DVR camera system **Description:** hi after scanning on starbucks register ip from this site http://bge.he.net i start to scan the ip subnet : ████ then i found this ip : █████ then i try to browse it then i …
Greetings, Hope Y'all good and fine! ## Summary: I found a Boolean Blind based SQL Injection in your website => 3d.cs.money It's a URI path injection. The vulnerability tested on the Original IP behind the CloudflareWAF and I've already reported this in my other report #1105673 ### The Affected URI …
**Summary:** This is a buffer oob read vulnerability in miniupnpc when parsing xml response. This vulnerability could result in denial of service attack in monero client to in local area Network. **Description:** In miniupnpc, file "Minixml.c": The funnction parseelt: static void parseelt(struct xmlparser * p) { ... if(memcmp(p->xml, "<![CDATA[", 9) …
I would like to report command injection in pdf-image It allows executing commands on the server # Module **module name:** pdf-image **version:** 1.0.5 **npm page:** `https://www.npmjs.com/package/pdf-image` ## Module Description > Provides an interface to convert PDF's pages to png files in Node.js by using ImageMagick. ## Module Stats [2013] downloads …
I recently found an abandoned and/or overlooked nodejs.org subdomain that was indirectly pointing to Fastly. Fastly doesn't require any proof of DNS ownership to register new distributions that use a given domain, so I was able to effectively take it over. Vulnerability: Subdomain Takeover via Fastly Host: http://registry.nodejs.org Solution: There …
Good day, I truly hope it treats you awesomely on your side of the screen :) I have found that your website cdn.grab.com is pointed via a cname to a cloudfront instance cdn.grab.com => *.cloudfront.net This was not registered on Amazon Aws Cloudfront. I was able to take over the …
## Summary: I found a vulnerability in https://fanout.io/ page known as unauthenticated cache purging vulnerability. This vulnerability arises when cache purging requests are available to the unauthenticated users. ## Steps To Reproduce: 1. Go to any terminal of an OS which has curl installed in it. 2. Type in the …
Hi, I would like to report an issue where attackers can bypass the upload restriction on upload.twitter.com to cause XSS on ton.twitter.com and cache poisoning. ##Detail When using upload.twitter.com to upload audience data, it checks if the file type is allowed and rejects any harmful files (e.g. .html). However it …
https://distributors.ubnt.com.cn/combine/;%3Cvideo%3E%3Csource%20onerror=%22javascript:alert(1)%22%3E FORK FF
Hi Team Hope you are doing well. I found vulnerability. Issue: Email Spoofing I just sent a forged email to [email protected] that appears to originate from [email protected] I was able to do this because of SPF Soft Fail and I could not find DMARC record of this domain. SPF record …
## Summary: lib/vtls/openssl.c `ossl_connect_step1` sets up the `ossl_new_session_cb` sessionid callback with `SSL_CTX_sess_set_new_cb`, and adds association from `data_idx` and `connectdata_idx` to current `conn` and `data` respectively: ``` SSL_CTX_set_session_cache_mode(backend->ctx, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL); SSL_CTX_sess_set_new_cb(backend->ctx, ossl_new_session_cb); ``` ... ``` SSL_set_ex_data(backend->handle, data_idx, data); SSL_set_ex_data(backend->handle, connectdata_idx, conn); ``` Whenever the `ossl_new_session_cb` callback is called the code …
**Summary:** When using Undici with its ProxyAgent, it does not use CONNECT or correctly verify the upstream server's HTTPS certificate. **Description:** This affects both Undici itself and global fetch() in Node 18 when used with Undici's ProxyAgent. I've submitted this here for Node as it affects global fetch, and Undici …
# Summary The Bumble app allows matches to chat with each other. In the mobile apps it is possible to see whether a message has been delivered (the webapp does not offer this feature), but the read status of messages is never disclosed. However, by issuing a POST request to …
## Summary: Hi Team, I am able to see and use uploaded backgrounds and able to upload new ones without proper authentication of 2FA. I hope you remember this report #993786. ## Steps To Reproduce: 1. Login with a steam account and enable 2FA. 1. Now logout your account. Clear …