Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Acronis - HackerOne Reports

View on HackerOne

127

Total Reports

5

Critical

19

High

61

Medium

35

Low

Subdomain takeover of main domain of https://www.cyberlynx.lu/

Reported by: doosec101 | Disclosed:

Medium

Weakness: Privilege Escalation

Bounty: $100.00

Potential XSS Vulnerability in Acronis Login Callback URL

Reported by: kindone | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $100.00

XSS on https://partners.acronis.com/

Reported by: yash_ | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - DOM

Stored Cross Site Scripting at http://www.grouplogic.com/ADMIN/store/index.cfm?fa=disprocode

Reported by: ub3rsick | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Store Admin Page Accessible Without Authentication at http://www.grouplogic.com/ADMIN/store/index.cfm

Reported by: ub3rsick | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $250.00

[CVE-2021-44228] nps.acronis.com is vulnerable to the recent log4shell 0-day

Reported by: rhinestonecowboy | Disclosed:

Critical

Weakness: Deserialization of Untrusted Data

Bounty: $1000.00

CVEs: CVE-2021-44228

CVE-2020-6287 https://redapi2.acronis.com

Reported by: savik | Disclosed:

Critical

Weakness: Improper Access Control - Generic

CVEs: CVE-2020-6287

Acronis True Image Local Privilege Escalation via insecure folder permissions

Reported by: theevilbit | Disclosed:

Medium

Weakness: Privilege Escalation

Bounty: $300.00

Blind Stored XSS in https://partners.acronis.com/admin which lead to sensitive information/PII leakage

Reported by: mansishah | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $150.00

Get ip and Geo location any user via Clickjacking with inspectlet technology

Reported by: abosala7 | Disclosed:

Weakness: Information Disclosure

Self-DoS due to template injection via email field in password reset form on access.acronis.com

Reported by: sudo_bash | Disclosed:

Content Spoofing

Reported by: full109tun | Disclosed:

Weakness: Phishing

Local Privilege Escalation and Code Execution when restoring files from Quarantine

Reported by: z3ron3 | Disclosed:

Medium

Weakness: Privilege Escalation

Bounty: $250.00

No brute force protection on web-api-cloud.acronis.com

Reported by: hensis | Disclosed:

Low

Weakness: Improper Restriction of Authentication Attempts

Bounty: $100.00

SQL Injection in agent-manager

Reported by: bourbon | Disclosed:

High

Weakness: SQL Injection

IDOR vulnerability (Price manipulation)

Reported by: spookhorror | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

CVE-2021-40438 on cp-eu2.acronis.com

Reported by: savik | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

CVEs: CVE-2021-40438

Broken Access Controls

Reported by: lucasandracoli | Disclosed:

Weakness: Improper Access Control - Generic

Cross Site Scripting (Reflected) on https://www.acronis.cz/

Reported by: darkdream | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $50.00

Delete any user's added Email,Telephone,Fax,Address,Skype via csrf in (https://academy.acronis.com/)

Reported by: imranhudaa | Disclosed:

Low

Page 1 of 7 Next