Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

PortSwigger Web Security - HackerOne Reports

View on HackerOne

32

Total Reports

0

Critical

5

High

9

Medium

11

Low

RCE of Burp Scanner / Crawler via Clickjacking

Reported by: mattaustin | Disclosed:

High

Weakness: Command Injection - Generic

Bounty: $3000.00

Business Logic, currency arbitrage - Possibility to pay less than the price in USD

Reported by: xctzn | Disclosed:

Medium

Weakness: Business Logic Errors

Privilege Escalation by abusing non-existent path. (Windows)

Reported by: 0x09al | Disclosed:

Medium

Weakness: Privilege Escalation

JSBeautifier BApp: Race condition leads to memory disclosure

Reported by: jelmer | Disclosed:

High

Weakness: Memory Corruption - Generic

Improper Certificate Validation

Reported by: srssingh | Disclosed:

Low

Weakness: Improper Certificate Validation

Redirection in Repeater & Intruder Tab

Reported by: mr_vrush | Disclosed:

Low

Weakness: Open Redirect

Bounty: $150.00

Incorrect logic when buy one more license which may lead to extend the expire date of existing license

Reported by: liru | Disclosed:

Weakness: Business Logic Errors

XSS in IE11 on portswigger.net via Flash

Reported by: opnsec | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Activat burp suite pro with the old license after transfared to anothe account

Reported by: egyptghost1 | Disclosed:

Weakness: Business Logic Errors

Title: Deceptive Manipulation of HTTP to HTTPS with VPN in Burp Suite

Reported by: rexifylo | Disclosed:

Medium

Weakness: Cleartext Transmission of Sensitive Information

Misconfiguration: Missing Custom Error Page (CWE-12 & CWE-756)

Reported by: wala3at | Disclosed:

[portswigger.net] Path Traversal al /cms/audioitems

Reported by: 0xd0m7 | Disclosed:

High

Weakness: Path Traversal

Build fetches jars over HTTP

Reported by: jlleitschuh | Disclosed:

Medium

Weakness: Man-in-the-Middle

Bounty: $1000.00

burp does not validate the common name of the presented collaborator server certificate

Reported by: morisson | Disclosed:

Medium

Weakness: Man-in-the-Middle

SMTP interaction theft via MITM

Reported by: duesee | Disclosed:

Medium

Weakness: Cryptographic Issues - Generic

CVEs: CVE-2011-0411

Information disclosure on error message

Reported by: cometome780 | Disclosed:

Low

Weakness: Information Exposure Through an Error Message

RCE in 'Copy as Node Request' BApp via code injection

Reported by: ryotak | Disclosed:

Weakness: Code Injection

CSP Bypass and escalation of https://hackerone.com/reports/2279346

Reported by: priyanshusharma9789 | Disclosed:

High

Weakness: Business Logic Errors

CSP bypass on PortSwigger.net using Google script resources

Reported by: joaxcar | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $1500.00

Leak of Platform Authentication credentials via Repeater

Reported by: jupenur | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $200.00

Page 1 of 2 Next