Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Acronis - HackerOne Reports

View on HackerOne

127

Total Reports

5

Critical

19

High

61

Medium

35

Low

Acronis True Image Local Privilege Escalation via insecure folder permissions

Reported by: theevilbit | Disclosed:

Medium

Weakness: Privilege Escalation

Bounty: $300.00

Subdomain takeover of main domain of https://www.cyberlynx.lu/

Reported by: doosec101 | Disclosed:

Medium

Weakness: Privilege Escalation

Bounty: $100.00

Potential XSS Vulnerability in Acronis Login Callback URL

Reported by: kindone | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $100.00

XSS on https://partners.acronis.com/

Reported by: yash_ | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - DOM

Stored Cross Site Scripting at http://www.grouplogic.com/ADMIN/store/index.cfm?fa=disprocode

Reported by: ub3rsick | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Store Admin Page Accessible Without Authentication at http://www.grouplogic.com/ADMIN/store/index.cfm

Reported by: ub3rsick | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $250.00

[CVE-2021-44228] nps.acronis.com is vulnerable to the recent log4shell 0-day

Reported by: rhinestonecowboy | Disclosed:

Critical

Weakness: Deserialization of Untrusted Data

Bounty: $1000.00

CVEs: CVE-2021-44228

CVE-2020-6287 https://redapi2.acronis.com

Reported by: savik | Disclosed:

Critical

Weakness: Improper Access Control - Generic

CVEs: CVE-2020-6287

Blind Stored XSS in https://partners.acronis.com/admin which lead to sensitive information/PII leakage

Reported by: mansishah | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $150.00

Missing brute force protection on login page on www.acronis.com

Reported by: ahacker1- | Disclosed:

Weakness: Improper Restriction of Authentication Attempts

Bounty: $250.00

Content Spoofing

Reported by: full109tun | Disclosed:

Weakness: Phishing

Cross Site Scripting (Reflected) on https://www.acronis.cz/dotaznik/roadshow-2020/

Reported by: darkdream | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $50.00

Local Privilege Escalation and Code Execution when restoring files from Quarantine

Reported by: z3ron3 | Disclosed:

Medium

Weakness: Privilege Escalation

Bounty: $250.00

Arbitrary DLL injection in mmsminisrv (Acronis Managed Machine Service Mini)

Reported by: adr | Disclosed:

High

Weakness: Privilege Escalation

No Rate Limit On Forgot Password Page

Reported by: bcbc04131e9a7775cc46c97 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Reflected Cross Site Scripting at ColdFusion Debugging Panel http://www.grouplogic.com/CFIDE/debug/cf_debugFr.cfm

Reported by: ub3rsick | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Local privilege escalation via insecure MSI file

Reported by: twvyy3vyaw8k | Disclosed:

High

Weakness: Privilege Escalation

Bounty: $250.00

Any expired reset password link can still be used to reset the password

Reported by: marciosz_ | Disclosed:

Low

Weakness: Improper Access Control - Generic

Bounty: $100.00

unauth mosquitto ( client emails, ips, license keys exposure )

Reported by: second_grade_pentester | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $150.00

Delete any user's added Email,Telephone,Fax,Address,Skype via csrf in (https://academy.acronis.com/)

Reported by: imranhudaa | Disclosed:

Low

Page 1 of 7 Next