Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Ubiquiti Inc. - HackerOne Reports

View on HackerOne

86

Total Reports

11

Critical

33

High

20

Medium

6

Low

CRLF Injection on openvpn.svc.ubnt.com

Reported by: 0x0luke | Disclosed:

Medium

Weakness: CRLF Injection

XSS

Reported by: linkks | Disclosed:

Weakness: Cross-site Scripting (XSS) - Reflected

Web Server Predictable Session ID on EdgeSwitch

Reported by: fr33rh | Disclosed:

High

Weakness: Insufficient Session Expiration

Code Execution in restricted CLI of EdgeSwitch

Reported by: maxpl0it | Disclosed:

High

Weakness: Command Injection - Generic

Stored XSS => community.ubnt.com

Reported by: khizer47 | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

CORS Misconfiguration leading to Private Information Disclosure

Reported by: sandh0t | Disclosed:

High

Weakness: Improper Access Control - Generic

CSRF: Replacing the router configuration backup having an 'operator' user and bypassing the "Referer:' whitelist protection

Reported by: hacknroll | Disclosed:

Critical

HTML Injection on airlink.ubnt.com

Reported by: ruisilva | Disclosed:

Low

Weakness: Code Injection

UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise

Reported by: ajxchapman | Disclosed:

High

Weakness: Path Traversal

UniFi Video v3.2.2 (Windows) Local Privileges Escalation due to weak default install directory ACLs

Reported by: mrtuxracer | Disclosed:

High

Weakness: Privilege Escalation

Authentication bypass on sso.ubnt.com via subdomain takeover of ping.ubnt.com

Reported by: arneswinnen | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Reflected XSS

Reported by: aidantwoods | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

RCE in AirOS 6.2.0 Devices with CSRF bypass

Reported by: murmus | Disclosed:

High

Weakness: Command Injection - Generic

[dev-unifi-go.ubnt.com] Insecure CORS, Stealing Cookies

Reported by: bobrov | Disclosed:

Medium

Weakness: Information Exposure Through an Error Message

Reflected XSS in scores.ubnt.com

Reported by: enmach | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Login as root without password on EdgeSwitchX

Reported by: fr33rh | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Can upload files without authentication on AirFibre 3.2

Reported by: simongurney | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Wordpress directories/files visible to internet

Reported by: tk0 | Disclosed:

Medium

Weakness: Information Disclosure

XSS on Nanostation Loco M2 Airmax

Reported by: grampae | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Format String Vulnerability in the EdgeSwitch restricted CLI

Reported by: maxpl0it | Disclosed:

High

Weakness: Use of Externally-Controlled Format String

Previous Page 2 of 5 Next