Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Acronis - HackerOne Reports

View on HackerOne

127

Total Reports

5

Critical

19

High

61

Medium

35

Low

Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com]

Reported by: h4x0r_dz | Disclosed:

Medium

Weakness: Information Disclosure

admin password disclosure via log file

Reported by: darkdream | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $100.00

IDOR on www.acronis.com API lead to steal private business user information

Reported by: f_m | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $100.00

TrueImage for Acronis True Image 2020 - Untrusted DLL Search-Ordering lead to Privilege Escalation as Administrative account

Reported by: vanitas | Disclosed:

Medium

Weakness: Privilege Escalation

Bounty: $250.00

Local Privilege Escalation via DLL Search-Order Hijacking with Cyber Protection Agent - systeminfo.exe utility

Reported by: mmg | Disclosed:

Medium

Weakness: Privilege Escalation

Arbitrary Files and Folders Deletion vulnerability with Acronis Managed Machine Service

Reported by: mmg | Disclosed:

Medium

Weakness: Privilege Escalation

Ticket Trick at https://account.acronis.com

Reported by: sayaanalam | Disclosed:

High

Weakness: Improper Access Control - Generic

Bounty: $750.00

Stored XSS in Acronis Cyber Protect Console

Reported by: sbakhour | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $500.00

%0A (New line) and limitness URL leads to DoS at all system [Main adress (https://www.acronis.com/)]

Reported by: plantos | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Cross Origin Resource Sharing Misconfiguration

Reported by: parshwa_21 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Possible LDAP username and password disclosed on Github

Reported by: vovohelo | Disclosed:

Medium

Weakness: Information Disclosure

Stored XSS in backup scanning plan name

Reported by: sbakhour | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $500.00

CSRF and XSS on www.acronis.com

Reported by: cabelo | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Local Privilege Escalation when updating Acronis True Image

Reported by: z3ron3 | Disclosed:

Medium

Weakness: Privilege Escalation

Bounty: $250.00

Open redirect at mc-beta-cloud-acronis.com

Reported by: angeltsvetkov | Disclosed:

Weakness: Open Redirect

IDOR in backup recovery functionality

Reported by: theelgo64 | Disclosed:

High

Rate limit bypass on passport.acronis.work using X-Forwarded-For request header

Reported by: analyz3r | Disclosed:

Medium

Bounty: $250.00

CVE-2021-40438 on cp-eu2.acronis.com

Reported by: savik | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

CVEs: CVE-2021-40438

Missing rate limit for current password field (Password Change) Account Takeover

Reported by: full109tun | Disclosed:

Medium

Weakness: Improper Restriction of Authentication Attempts

Delete any user's added Email,Telephone,Fax,Address,Skype via csrf in (https://academy.acronis.com/)

Reported by: imranhudaa | Disclosed:

Low

Previous Page 2 of 7 Next