Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Clario - HackerOne Reports

View on HackerOne

37

Total Reports

0

Critical

1

High

10

Medium

26

Low

Open Redirect at https://store.mackeeper.com/767/cookie via redirectto parameter

Reported by: sec0ndw0lf | Disclosed:

Low

Weakness: Open Redirect

Bounty: $50.00

Cookie injection leads to complete DoS over whole domain *.mackeeper.com. Injection point accountstage.mackeeper.com/

Reported by: mayurudiniya | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Bounty: $50.00

Open redirect on https://account.mackeeper.com

Reported by: jin0ne | Disclosed:

Low

Weakness: Open Redirect

Information disclosure of Internal php files on [mackeeper.com/blog/api/send-event]

Reported by: darkerhack | Disclosed:

Low

Weakness: Information Exposure Through an Error Message

Multiple Information Disclosure with Go PPROF on api-ne.mackeeper.com

Reported by: m4ll0k | Disclosed:

Low

Weakness: Information Disclosure

IDOR at https://account.mackeeper.com/at/load-reports/profile/<profile_id> leaks information about devices/licenses

Reported by: m4ll0k | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bypass front server restrictions and access to forbidden files and directories through X-Rewrite-Url/X-original-url header on account.mackeeper.com

Reported by: rumiljonov | Disclosed:

Medium

Weakness: Misconfiguration

Account verification bypass on translate.kromtech.com

Reported by: rumiljonov | Disclosed:

Medium

Weakness: Authentication Bypass Using an Alternate Path or Channel

Affiliates - Session Fixation

Reported by: jair | Disclosed:

Low

Weakness: Session Fixation

Local Privilege escalation to root via XPC

Reported by: r3ggi-on-h1 | Disclosed:

High

Weakness: Privilege Escalation

Reflected xss on mackeeper.com

Reported by: dilawer | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $50.00

Account Takeover because of the mis-configuration on the Password Reset Page

Reported by: karna__ | Disclosed:

Medium

Weakness: Business Logic Errors

Bounty: $300.00

XSS in https://affiliates.kromtech.com

Reported by: kphaks | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $300.00

rXSS on https://mackeeperapp.mackeeper.com/landings/download-blue/

Reported by: trungnd95 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Social media link hijack of team member [Linkedin] at https://mackeeper.com/team/

Reported by: beerboy_ankit | Disclosed:

Low

Weakness: Misconfiguration

MK Site Cross-Site Scripting (XSS) in script context

Reported by: adelin30 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

rxss at https://mackeeper.com page not found via rid parameter

Reported by: g0dzira | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Previous Page 2 of 2