Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Basecamp - HackerOne Reports

View on HackerOne

41

Total Reports

6

Critical

11

High

13

Medium

10

Low

Subdomain Takeover due to ████████ NS records at us-east4.37signals.com

Reported by: nagli | Disclosed:

Medium

Weakness: Information Disclosure

CSRF on launchpad.37signals.com OAuth2 authorization endpoint

Reported by: carbon61 | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Remote Code Execution in Basecamp Windows Electron App

Reported by: co0sin | Disclosed:

High

Weakness: Code Injection

HEY.com email stored XSS

Reported by: jouko | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $5000.00

Account takeover via insecure intent handling

Reported by: fr4via | Disclosed:

Medium

Weakness: Deserialization of Untrusted Data

Improper Authentication via previous backup code login

Reported by: fuzzsqlb0f | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Unauthenticated request smuggling on launchpad.37signals.com

Reported by: hazimaslam | Disclosed:

Critical

Weakness: HTTP Request Smuggling

Attachments may be hijacked via AppCache+CookieBombing trick (bc3_production_blobs bucket)

Reported by: hudmi | Disclosed:

High

Weakness: Business Logic Errors

Able to steal bearer token from deep link

Reported by: danielllewellyn | Disclosed:

High

Weakness: Improper Authentication - Generic

Bounty: $6337.00

Possible DOM XSS on app.hey.com

Reported by: enigmaticjohn | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - DOM

Navgraph confusion allows any 3p app to send and read requests from the server at app.hey.com

Reported by: fr4via | Disclosed:

Medium

Weakness: Deserialization of Untrusted Data

Login session not expire

Reported by: zukito | Disclosed:

Low

Weakness: Insufficient Session Expiration

Bounty: $100.00

Domain Takeover [3737signals.com]

Reported by: mrmax4o4 | Disclosed:

Low

Weakness: Phishing

Premium Email Address Check Bypass - Hey

Reported by: ok_bye_now | Disclosed:

Medium

Weakness: Business Logic Errors

Password reset link not expiring after changing password in settings

Reported by: zukito | Disclosed:

Low

Weakness: Improper Authentication - Generic

Bounty: $250.00

stored XSS in hey.com message content

Reported by: carbon61 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

AWS keys and user cookie leakage via uninitialized memory leak in outdated librsvg version in Basecamp

Reported by: neex | Disclosed:

High

Weakness: Information Disclosure

Bounty: $8868.00

Bypass Tracking Blocker Protection Using Slashes Without Protocol On The Image Source.

Reported by: demonia | Disclosed:

Medium

Information Disclosure of Garbage Collection Cycle 'Again'

Reported by: wasjerry | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $100.00

Arbitrary write in the application's data folder and arbitrary read of server's replies from 3rd party apps.

Reported by: fr4via | Disclosed:

High

Weakness: Path Traversal

Previous Page 2 of 3 Next