Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Phabricator - HackerOne Reports

View on HackerOne

36

Total Reports

1

Critical

5

High

9

Medium

6

Low

Edit Policy restriction does not prevent comments.

Reported by: rhinosf1 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Slowvote and Countdown can cause Denial of Service due to recursive inclusion

Reported by: dyls | Disclosed:

Weakness: Uncontrolled Resource Consumption

Global default settings page is accessible to non-administrators

Reported by: dyls | Disclosed:

Weakness: Improper Access Control - Generic

Bounty: $300.00

User with only Viewing Privilege can send message to Room

Reported by: lucasveigaf | Disclosed:

Low

Weakness: Privilege Escalation

Bounty: $300.00

Issue:Form does not contain an anti-CSRF token

Reported by: saidul_khan | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Request vulnerable to CSRF

Reported by: saidul_khan | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Restricted file access when it exists in old versions of task or wiki document

Reported by: denispugachev | Disclosed:

Weakness: Violation of Secure Design Principles

Enumerating emails through "Forgot Password" form

Reported by: denispugachev | Disclosed:

Weakness: Violation of Secure Design Principles

Exposing voting results on the Slowvote application without actually voting

Reported by: mishre | Disclosed:

Low

Bounty: $300.00

Git flag injection leads to arbitrary file write

Reported by: crownpeanut | Disclosed:

High

Weakness: Path Traversal

link reset problem

Reported by: pradeepsmehta | Disclosed:

Credential gets exposed

Reported by: luke081515 | Disclosed:

Low

Weakness: Information Disclosure

The special code in editor has no Authority control and can lead to Information Disclosure

Reported by: xifengweiyu | Disclosed:

Medium

Weakness: Information Disclosure

The mailbox verification API interface is unlimited and can be used as a mailbox bomb

Reported by: xifengweiyu | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Error page Text Injection.

Reported by: akshay_raj | Disclosed:

Weakness: Violation of Secure Design Principles

Command injection on Phabricator instance with an evil hg branch name

Reported by: pnig0s | Disclosed:

Critical

Weakness: Command Injection - Generic

Possible to make restricted files public on Phabricator via Diffusion

Reported by: dyls | Disclosed:

Weakness: Improper Access Control - Generic

Bounty: $2000.00

An unsafe design practice in the Passphrase may result in Secret being accidentally changed.

Reported by: kevin_c | Disclosed:

High

Weakness: Violation of Secure Design Principles

User can link non-public file attachments, leading to file disclose on edit by higher-privileged user

Reported by: foobar7 | Disclosed:

Medium

Weakness: Business Logic Errors

Bounty: $500.00

The "Download Raw Diff" URL is viewable by everyone

Reported by: newfunction | Disclosed:

Low

Weakness: Information Disclosure

Page 1 of 2 Next