Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Mars - HackerOne Reports

View on HackerOne

64

Total Reports

11

Critical

11

High

30

Medium

10

Low

unsubscribe anyone from all ████████ emails @ █████

Reported by: abfe | Disclosed:

Low

Weakness: Improper Access Control - Generic

Unrestricted File Upload at ██████████

Reported by: xplo1t | Disclosed:

Critical

Weakness: Unrestricted Upload of File with Dangerous Type

CSRF to delete a pet on ██████

Reported by: dr34m14 | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

IDOR to account takeover on POST to █████████ by changing member_id parameter

Reported by: xandsz | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

Html injection

Reported by: ped_baq | Disclosed:

Medium

Weakness: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Account takeover using reset password link

Reported by: haoshokunoo | Disclosed:

Medium

Weakness: Open Redirect

RXSS on ██████ via customerId parameter

Reported by: 0xun7h1nk4ble | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

phpinfo() exposed on ██████████

Reported by: blax17 | Disclosed:

Medium

Weakness: Misconfiguration

sensitive data-creds for database - private key

Reported by: mo_salah12 | Disclosed:

Medium

Weakness: Missing Encryption of Sensitive Data

debug.log leaked [█████████]

Reported by: imeng | Disclosed:

Low

Weakness: Information Disclosure

RXSS in ███ via S parameter

Reported by: mo_salah12 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

RXSS on ████ via configUrl parameter

Reported by: kh4rish34v3n | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Google dork lead to unsubscribe anyone from all Banfield emails

Reported by: ractiurd | Disclosed:

Low

Weakness: Improper Access Control - Generic

CSRF in Delete Pet Function

Reported by: mo_salah12 | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Upload profile photo and Pets addition - IDOR

Reported by: cholo_ | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

sqli on █████████ search functionality

Reported by: b_i_n_i_a_m | Disclosed:

Medium

Weakness: SQL Injection

Users Data Exposure via Insecure Endpoint

Reported by: bughunter0x7 | Disclosed:

Medium

Weakness: Information Disclosure

change part of personal information all users

Reported by: bughunter0x7 | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Customer Data Exposure via Insecure Endpoint of coupon

Reported by: bughunter0x7 | Disclosed:

Medium

Weakness: Information Disclosure

unauthorized access and add user and change personal information all users

Reported by: bughunter0x7 | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Previous Page 3 of 4 Next