Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Starbucks - HackerOne Reports

View on HackerOne

128

Total Reports

20

Critical

39

High

41

Medium

21

Low

Hong Kong - Open Redirect on card.starbucks.com.hk

Reported by: l00ph0le | Disclosed:

Low

Weakness: Open Redirect

Able to reset other user's password in https://card.starbucks.com.sg/

Reported by: qwacsawd | Disclosed:

Medium

Weakness: Improper Authentication - Generic

XXE at ecjobs.starbucks.com.cn/retail/hxpublic_v6/hxdynamicpage6.aspx

Reported by: johnstone | Disclosed:

Critical

Weakness: XML External Entities (XXE)

Minimal information disclosure of internal asset names and links which were not publicly accessible.

Reported by: e4366eolywrgpidfbio | Disclosed:

Low

Weakness: Information Disclosure

Host header injection/redirection via newsletter signup

Reported by: b3nac | Disclosed:

Low

Korea - LFI via path traversal at https://msr.istarbucks.co.kr:6443/appif/

Reported by: iampuky | Disclosed:

Critical

Weakness: Path Traversal

Reflected XSS on card.starbucks.com.sg/unsub.php via the 'ct' Parameter

Reported by: gnux | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Information disclosure on sim.starbucks.com

Reported by: johnstone | Disclosed:

Low

Weakness: Information Disclosure

CVEs: CVE-2019-3403 CVE-2019-8442

http://digital.starbucks.com/ Creation of Google G Suite Account on Behalf of starbucks.

Reported by: khizer47 | Disclosed:

Low

Weakness: Information Disclosure

Webshell via File Upload on ecjobs.starbucks.com.cn

Reported by: johnstone | Disclosed:

Critical

Weakness: OS Command Injection

China – Limited Partner PII Regarding Work Scheduling via Unauthenticated API Endpoint

Reported by: 0xpatrik | Disclosed:

Critical

Weakness: Information Disclosure

RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/

Reported by: spaceraccoon | Disclosed:

Critical

Weakness: Code Injection

Singapore - XXE at https://www.starbucks.com.sg/RestApi/soap11

Reported by: rugb | Disclosed:

High

Weakness: XML External Entities (XXE)

Leaking sensitive files on Github leads to internal files (python scripts,SQL files)

Reported by: xsam | Disclosed:

Critical

Weakness: Information Disclosure

[mena.starbucks.com] Laravel App Log & Configuration Disclosure.

Reported by: bobrov | Disclosed:

High

Weakness: Information Disclosure

SAP Server - default credentials enabled

Reported by: ak1t4 | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Starbucks.com is reachable via ip address thus possible to link any doamin to Starbucks.

Reported by: cj862530 | Disclosed:

Medium

Weakness: Cryptographic Issues - Generic

Thailand - SNMP Publicly Accessible

Reported by: k3mlol | Disclosed:

High

Weakness: Improper Access Control - Generic

Store Development Resource Center was vulnerable to a Remote Code Execution - Unauthenticated Remote Command Injection (CVE-2019-0604)

Reported by: l00ph0le | Disclosed:

Critical

Weakness: OS Command Injection

Exposed Unencrypted Telnet Endpoint

Reported by: zephrfish | Disclosed:

Low

Previous Page 6 of 7 Next