Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Udemy - HackerOne Reports

View on HackerOne

22

Total Reports

0

Critical

2

High

0

Medium

4

Low

[engineering.udemy.com] - Subdomain Takeover (ghost.io)

Reported by: kazan71p | Disclosed:

Low

Weakness: Improper Access Control - Generic

No password length restriction

Reported by: alirazzaq4 | Disclosed:

Weakness: Weak Cryptography for Passwords

Csrf on creating course

Reported by: oldc4u53 | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

NON VALIDATION OF SESSIONS AFTER PASSWORD CHANGE

Reported by: w3b7ricks73r | Disclosed:

Weakness: Improper Authentication - Generic

S3 bucket unnecessarily discloses permissions

Reported by: salmon | Disclosed:

Weakness: Improper Access Control - Generic

Content Spoofing in udemy

Reported by: csanuragjain | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Critical : Malware and XSS file can be uploaded and executed on udemy

Reported by: csanuragjain | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at https://jenkins101.udemy.com

Reported by: cha5m | Disclosed:

High

Weakness: Code Injection

Showing Up Source Code

Reported by: kashif | Disclosed:

AWS S3 bucket writable for authenticated aws user

Reported by: dpgribkov | Disclosed:

Weakness: Improper Authentication - Generic

Subdomain Takeover (and Stored XSS) via Trailing Dot at https://coding-exercises.udemy.com

Reported by: cha5m | Disclosed:

Jenkins

Reported by: top | Disclosed:

High

Able to view others' gifts on /gift/share URL, giftId is predictable, and easy to manipulate

Reported by: caffeinewriter | Disclosed:

Weakness: Improper Authentication - Generic

[affiliates.udemy.com] Wordpress user admin information discloure

Reported by: toannc123 | Disclosed:

Low

Weakness: Information Disclosure

Violation of secure design principle

Reported by: kaushalag29 | Disclosed:

Weakness: Violation of Secure Design Principles

CSRF Token

Reported by: hi_man | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

sweet32

Reported by: doglife | Disclosed:

Weakness: Cryptographic Issues - Generic

CVEs: CVE-2016-2183

Subdomain Takeover at Landing.udemy.com

Reported by: computer-engineer | Disclosed:

Low

Weakness: Privilege Escalation

CSRF Token Design Flaw

Reported by: hdarji | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Udemy s3 storage can be used by an attacker personal website because of missing CSRF Token

Reported by: csanuragjain | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Page 1 of 2 Next