Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Tor - HackerOne Reports

View on HackerOne

51

Total Reports

2

Critical

9

High

5

Medium

11

Low

Access to local file system using javascript

Reported by: cuso4 | Disclosed:

High

Weakness: Violation of Secure Design Principles

XSS on about:tbupdate

Reported by: qab | Disclosed:

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $100.00

Linux TBB SFTP URI allows local IP disclosure

Reported by: rethink5807 | Disclosed:

Critical

Weakness: Information Disclosure

Bounty: $3000.00

potential memory corruption in or/buffers.c (particularly on 32 bit)

Reported by: guido | Disclosed:

Weakness: Memory Corruption - Generic

Multiple Path Transversal Vulnerabilites

Reported by: myselfphoton | Disclosed:

Medium

Weakness: Path Traversal

Content spoofing on

Reported by: nonamehiiden | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Stack overflow in UnbindFromTree (browser can be crashed remotely)

Reported by: geeknik | Disclosed:

High

Weakness: Stack Overflow

Sql query disclosure,

Reported by: utkarsh1 | Disclosed:

Low

Weakness: Information Disclosure

De-anonymization by visiting specially crafted bookmark.

Reported by: qab | Disclosed:

High

Weakness: Information Disclosure

Email Spoofing Possible on torproject.org Email Domain

Reported by: greenwolf | Disclosed:

Medium

Weakness: Business Logic Errors

Expose relay IP in the debug (The source is different from the rendering)

Reported by: rbcafe | Disclosed:

Enforce minimum master password complexity

Reported by: dhiraj-mishra | Disclosed:

Medium

Weakness: Password in Configuration File

Zip bomb

Reported by: zerx | Disclosed:

Critical

Weakness: Incorrect Calculation of Buffer Size

Information Exposure Through Directory Listing

Reported by: sasikaran | Disclosed:

High

Weakness: Information Exposure Through Directory Listing

Use of unitialized value in crypto_pk_num_bits (src/common/crypto.c:971)

Reported by: geeknik | Disclosed:

Weakness: Memory Corruption - Generic

Use of uninitialized value in memarea_strdup (src/common/memarea.c:369)

Reported by: geeknik | Disclosed:

Weakness: Memory Corruption - Generic

Heap corruption via memarea.c

Reported by: guido | Disclosed:

Weakness: Memory Corruption - Generic

Expose user IP if TOR crashs

Reported by: rbcafe | Disclosed:

[rt.torproject.org] No Rate Limitting on Login Form

Reported by: 0xspade | Disclosed:

Weakness: Improper Restriction of Authentication Attempts

Tor Browser using --log or --verbose logs the exact connection time a client connects to any v2 domains.

Reported by: sickcodes | Disclosed:

High

Weakness: Information Disclosure

Page 1 of 3 Next