Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Phabricator - HackerOne Reports

View on HackerOne

36

Total Reports

1

Critical

5

High

9

Medium

6

Low

Edit Policy restriction does not prevent comments.

Reported by: rhinosf1 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

User with only Viewing Privilege can send message to Room

Reported by: lucasveigaf | Disclosed:

Low

Weakness: Privilege Escalation

Bounty: $300.00

Window.opener fix bypass

Reported by: mishre | Disclosed:

Low

Bounty: $300.00

Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks.

Reported by: edoverflow | Disclosed:

Medium

Weakness: Missing Required Cryptographic Step

Bounty: $750.00

Autoclose can close any task regardless of policies/spaces

Reported by: almanac | Disclosed:

Issue:Form does not contain an anti-CSRF token

Reported by: saidul_khan | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Request vulnerable to CSRF

Reported by: saidul_khan | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Restricted file access when it exists in old versions of task or wiki document

Reported by: denispugachev | Disclosed:

Weakness: Violation of Secure Design Principles

Enumerating emails through "Forgot Password" form

Reported by: denispugachev | Disclosed:

Weakness: Violation of Secure Design Principles

Exposing voting results on the Slowvote application without actually voting

Reported by: mishre | Disclosed:

Low

Bounty: $300.00

Git flag injection leads to arbitrary file write

Reported by: crownpeanut | Disclosed:

High

Weakness: Path Traversal

link reset problem

Reported by: pradeepsmehta | Disclosed:

Administrator can create user without entering high security mode

Reported by: ivh | Disclosed:

Low

Weakness: Improper Authentication - Generic

Credential gets exposed

Reported by: luke081515 | Disclosed:

Low

Weakness: Information Disclosure

The special code in editor has no Authority control and can lead to Information Disclosure

Reported by: xifengweiyu | Disclosed:

Medium

Weakness: Information Disclosure

The mailbox verification API interface is unlimited and can be used as a mailbox bomb

Reported by: xifengweiyu | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Error page Text Injection.

Reported by: akshay_raj | Disclosed:

Weakness: Violation of Secure Design Principles

Hyper Link Injection In email and Space Characters Allowed at Password Field.

Reported by: iamnot1337 | Disclosed:

Medium

Command injection on Phabricator instance with an evil hg branch name

Reported by: pnig0s | Disclosed:

Critical

Weakness: Command Injection - Generic

Possible to make restricted files public on Phabricator via Diffusion

Reported by: dyls | Disclosed:

Weakness: Improper Access Control - Generic

Bounty: $2000.00

Page 1 of 2 Next