Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Clario - HackerOne Reports

View on HackerOne

37

Total Reports

0

Critical

1

High

10

Medium

26

Low

XSS in https://mackeeper.com

Reported by: kphaks | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $300.00

Reflected XSS (mackeeperapp2.mackeeper.com)

Reported by: sec0ndw0lf | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $75.00

Reflected XSS

Reported by: patient_zero | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

CORS Misconfiguration, could lead to disclosure of sensitive information (translate.kromtech.com)

Reported by: sec0ndw0lf | Disclosed:

Low

Bounty: $50.00

No rate limiting on password reset page

Reported by: karna__ | Disclosed:

Low

Weakness: Business Logic Errors

Bounty: $50.00

Cookie injection leads to complete DoS over whole domain *.mackeeper.com. Injection point accountstage.mackeeper.com/

Reported by: mayurudiniya | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Bounty: $50.00

IDOR at https://account.mackeeper.com/at/load-reports/profile/<profile_id> leaks information about devices/licenses

Reported by: m4ll0k | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Multiple Information Disclosure with Go PPROF on api-ne.mackeeper.com

Reported by: m4ll0k | Disclosed:

Low

Weakness: Information Disclosure

CSS Injection on static.mackeeper.com - Potential XSS

Reported by: m4ll0k | Disclosed:

Low

Weakness: Resource Injection

Lack of HTTPS in service communications

Reported by: patient_zero | Disclosed:

Medium

Weakness: Cleartext Transmission of Sensitive Information

Bypass front server restrictions and access to forbidden files and directories through X-Rewrite-Url/X-original-url header on account.mackeeper.com

Reported by: rumiljonov | Disclosed:

Medium

Weakness: Misconfiguration

Account verification bypass on translate.kromtech.com

Reported by: rumiljonov | Disclosed:

Medium

Weakness: Authentication Bypass Using an Alternate Path or Channel

Affiliates - Session Fixation

Reported by: jair | Disclosed:

Low

Weakness: Session Fixation

Google API key leaks and security misconfiguration leads Open Redirect Vulnerability

Reported by: br33z3 | Disclosed:

Medium

Weakness: Open Redirect

Bounty: $300.00

Reflected xss

Reported by: dilawer | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $50.00

Local Privilege escalation to root via XPC

Reported by: r3ggi-on-h1 | Disclosed:

High

Weakness: Privilege Escalation

Reflected xss on mackeeper.com

Reported by: dilawer | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $50.00

open redirect at https://account.mackeeper.com/auth/signin/continue via improper uri sanitization

Reported by: dilawer | Disclosed:

Low

Weakness: Open Redirect

Bounty: $50.00

No rate Limit on Licenses Activation

Reported by: akash-labade | Disclosed:

Medium

Weakness: Business Logic Errors

Bounty: $300.00

RXSS on thankyou.pixels.php (yapi.mackeeper.com)

Reported by: sec0ndw0lf | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $75.00

Page 1 of 2 Next