Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Uber - HackerOne Reports

View on HackerOne

139

Total Reports

16

Critical

25

High

41

Medium

19

Low

SQL injection in 3rd party software Anomali

Reported by: kazan71p | Disclosed:

High

Weakness: SQL Injection

Bounty: $2500.00

SMS URL verification link does not expire on phone number change and lacks rate limiting

Reported by: hanuman1 | Disclosed:

Low

Weakness: Improper Authentication - Generic

Chained Bugs to Leak Victim's Uber's FB Oauth Token

Reported by: ngalog | Disclosed:

High

Weakness: Improper Authentication - Generic

Physical Access to Mobile App Allows Local Attribute Updates without Authentication

Reported by: jigarthakkar39 | Disclosed:

Weakness: Improper Authentication - Generic

Content injection on 404 error page at faspex.uber.com

Reported by: ak1t4 | Disclosed:

Weakness: Violation of Secure Design Principles

User Enumeration and Information Disclosure

Reported by: pl_bounty | Disclosed:

Weakness: Information Disclosure

Outdated Wordpress installation and plugins at www.uberxgermany.com create CSRF and XSS vulnerabilities

Reported by: healdb | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $500.00

Unrestricted File Upload Results in Cross-Site Scripting Attacks

Reported by: hunt4p1zza | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Information Leakage - GitHub - VCenter configuration scripts, StorMagic usernames and password along with default ESXi root password

Reported by: peuch | Disclosed:

Medium

Bounty: $1000.00

Privacy policy contains hardcoded link using unencrypted HTTP

Reported by: nightwatch-cybersecurity | Disclosed:

Low

Weakness: Code Injection

[IODR] Get business trip via organization id

Reported by: severus | Disclosed:

Weakness: Improper Authentication - Generic

Bounty: $2000.00

Stealing users password (Limited Scenario)

Reported by: geekboy | Disclosed:

Weakness: Violation of Secure Design Principles

Cookie Bombing cause DOS - businesses.uber.com

Reported by: m4ll0k | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Session not expired When logout [partners.uber.com]

Reported by: hurthearts | Disclosed:

IDOR leads to leak analytics of any restaurant

Reported by: 0xprial | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

4 Subdomains Takeover on 2 domains ( muberscolombia.com & ubereats.pl )

Reported by: m7mdharoun | Disclosed:

Medium

Weakness: Privilege Escalation

Bounty: $500.00

Bulk UUID enumeration via invite codes

Reported by: vijay_kumar | Disclosed:

Weakness: Information Disclosure

Reflected XSS on Partners Subdomain

Reported by: mefkan | Disclosed:

High

Bounty: $2000.00

newsroom.uber.com is vulnerable to 'SOME' XSS attack via plupload.flash.swf

Reported by: jamesclyde | Disclosed:

Weakness: Code Injection

private passenger information is exposed to the Uber Driver app during ride dispatch ("Ping") events

Reported by: beezlewaxin | Disclosed:

Medium

Weakness: Information Disclosure

Page 1 of 7 Next