Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Ubiquiti Inc. - HackerOne Reports

View on HackerOne

86

Total Reports

11

Critical

33

High

20

Medium

6

Low

IDOR Causing Deletion of any account

Reported by: vibs123i | Disclosed:

[nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html

Reported by: bobrov | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

UniFi Video Server web interface Configuration Restore path traversal leading to local system compromise

Reported by: ajxchapman | Disclosed:

Critical

Weakness: Path Traversal

UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise

Reported by: ajxchapman | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

UniFi Video web interface Configuration Restore user privilege escalation

Reported by: ajxchapman | Disclosed:

High

Weakness: Privilege Escalation

Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web script via p parameter.

Reported by: edoverflow | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Readonly to Root Privilege Escalation on EdgeSwitch

Reported by: fr33rh | Disclosed:

High

Weakness: Command Injection - Generic

Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/

Reported by: inhibitor181 | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Firmware download/install vulnerable to CSRF

Reported by: mornaner | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Subdomain takeover on https://cloudfront.ubnt.com/ due to non-used CloudFront DNS entry

Reported by: linkks | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Privilege-0 to Root Privilege Escalation on EdgeSwitch

Reported by: fr33rh | Disclosed:

High

Weakness: Privilege Escalation

Authenticated RCE in ToughSwitch

Reported by: maxpl0it | Disclosed:

High

Weakness: OS Command Injection

XSS

Reported by: linkks | Disclosed:

Weakness: Cross-site Scripting (XSS) - Reflected

Web Server Predictable Session ID on EdgeSwitch

Reported by: fr33rh | Disclosed:

High

Weakness: Insufficient Session Expiration

CORS Misconfiguration leading to Private Information Disclosure

Reported by: sandh0t | Disclosed:

High

Weakness: Improper Access Control - Generic

CSRF: Replacing the router configuration backup having an 'operator' user and bypassing the "Referer:' whitelist protection

Reported by: hacknroll | Disclosed:

Critical

UniFi Video v3.2.2 (Windows) Local Privileges Escalation due to weak default install directory ACLs

Reported by: mrtuxracer | Disclosed:

High

Weakness: Privilege Escalation

UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise

Reported by: ajxchapman | Disclosed:

High

Weakness: Path Traversal

Reflected XSS

Reported by: aidantwoods | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

Format String Vulnerability in the EdgeSwitch restricted CLI

Reported by: maxpl0it | Disclosed:

High

Weakness: Use of Externally-Controlled Format String

Page 1 of 5 Next