Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Uber - HackerOne Reports

View on HackerOne

139

Total Reports

16

Critical

25

High

41

Medium

19

Low

SQL injection in 3rd party software Anomali

Reported by: kazan71p | Disclosed:

High

Weakness: SQL Injection

Bounty: $2500.00

Open Redirect on central.uber.com allows for account takeover

Reported by: ngalog | Disclosed:

High

Weakness: Improper Authentication - Generic

SMS URL verification link does not expire on phone number change and lacks rate limiting

Reported by: hanuman1 | Disclosed:

Low

Weakness: Improper Authentication - Generic

XSS on partners.uber.com due to no user input sanitisation

Reported by: 0x0luke | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $1000.00

No rate limiting on https://biz.uber.com/confirm allowed an attacker to join arbitrary business.uber.com accounts

Reported by: cablej | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Chained Bugs to Leak Victim's Uber's FB Oauth Token

Reported by: ngalog | Disclosed:

High

Weakness: Improper Authentication - Generic

Physical Access to Mobile App Allows Local Attribute Updates without Authentication

Reported by: jigarthakkar39 | Disclosed:

Weakness: Improper Authentication - Generic

Unrestricted File Upload Results in Cross-Site Scripting Attacks

Reported by: hunt4p1zza | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Disclosure of Co-Rider user (Uber-pooling) profile picture at Amazon AWS Cloudfront within HTTP RESPONSE

Reported by: fawazxq | Disclosed:

Low

Weakness: Information Disclosure

Session not expired When logout [partners.uber.com]

Reported by: hurthearts | Disclosed:

Information Leak - GitHub - Endpoint Configuration Details

Reported by: peuch | Disclosed:

Medium

Weakness: Information Disclosure

Content injection on 404 error page at faspex.uber.com

Reported by: ak1t4 | Disclosed:

Weakness: Violation of Secure Design Principles

User Enumeration and Information Disclosure

Reported by: pl_bounty | Disclosed:

Weakness: Information Disclosure

Outdated Wordpress installation and plugins at www.uberxgermany.com create CSRF and XSS vulnerabilities

Reported by: healdb | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $500.00

Information Leakage - GitHub - VCenter configuration scripts, StorMagic usernames and password along with default ESXi root password

Reported by: peuch | Disclosed:

Medium

Bounty: $1000.00

Privacy policy contains hardcoded link using unencrypted HTTP

Reported by: nightwatch-cybersecurity | Disclosed:

Low

Weakness: Code Injection

Get organization info base on uuid

Reported by: severus | Disclosed:

Weakness: Improper Authentication - Generic

Bounty: $3000.00

[IODR] Get business trip via organization id

Reported by: severus | Disclosed:

Weakness: Improper Authentication - Generic

Bounty: $2000.00

Stealing users password (Limited Scenario)

Reported by: geekboy | Disclosed:

Weakness: Violation of Secure Design Principles

private passenger information is exposed to the Uber Driver app during ride dispatch ("Ping") events

Reported by: beezlewaxin | Disclosed:

Medium

Weakness: Information Disclosure

Page 1 of 7 Next