Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Phabricator - HackerOne Reports

View on HackerOne

36

Total Reports

1

Critical

5

High

9

Medium

6

Low

Markdown parsing issue enables insertion of malicious tags

Reported by: sectex | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

SSRF in notifications.server configuration

Reported by: codeprivate | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $300.00

Autoclose can close any task regardless of policies/spaces

Reported by: almanac | Disclosed:

Conduit feed.publish API allows you to spoof other users or make it look like you have access to a restricted object

Reported by: dyls | Disclosed:

Bounty: $300.00

Window.opener fix bypass

Reported by: mishre | Disclosed:

Low

Bounty: $300.00

Fetching binaries (for software installation) over HTTP without verification (RCE as ROOT by MITM)

Reported by: e3amn2l | Disclosed:

Bounty: $300.00

Differential "Show Raw File" feature exposes generated files to unauthorised users

Reported by: calvium | Disclosed:

Medium

Weakness: Information Disclosure

IRC-Bot exposes information

Reported by: luke081515 | Disclosed:

Medium

Weakness: Information Disclosure

Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks.

Reported by: edoverflow | Disclosed:

Medium

Weakness: Missing Required Cryptographic Step

Bounty: $750.00

Administrator can create user without entering high security mode

Reported by: ivh | Disclosed:

Low

Weakness: Improper Authentication - Generic

TOTP Key is shorter than RFC 4226 recommended minimum

Reported by: insufficiententropy | Disclosed:

Weakness: Cryptographic Issues - Generic

Bounty: $300.00

Hyper Link Injection In email and Space Characters Allowed at Password Field.

Reported by: iamnot1337 | Disclosed:

Medium

Window.opener protection Bypass

Reported by: ranjit_p | Disclosed:

Bounty: $300.00

Deprecated owners.query API bypasses object view policy

Reported by: dyls | Disclosed:

Weakness: Improper Access Control - Generic

Bounty: $300.00

Broken Authentication and Session Management lead to take over account

Reported by: thund3r17 | Disclosed:

High

Weakness: Improper Access Control - Generic

IDOR bug to See hidden slowvote of any user even when you dont have access right

Reported by: ranjit_p | Disclosed:

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $300.00

Previous Page 2 of 2