Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Ubiquiti Inc. - HackerOne Reports

View on HackerOne

86

Total Reports

11

Critical

33

High

20

Medium

6

Low

[scores.ubnt.com] DOM based XSS at form.html

Reported by: s_p_q_r | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Privilege escalation in the client impersonation functionality

Reported by: twicedi | Disclosed:

High

Weakness: Privilege Escalation

UBNT Amplification DDOS Attack

Reported by: csiete | Disclosed:

Critical

Reflected File Download in community.ubnt.com/restapi/

Reported by: a0xnirudh | Disclosed:

Unauthenticated request allows changing hostname

Reported by: giany | Disclosed:

Medium

Weakness: Improper Authentication - Generic

3x Reflected XSS vectors for services.cgi (XM.v6.1.6, build 32290)

Reported by: nih8l | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Stored XSS in unifi.ubnt.com

Reported by: b7882330c6060c6b277c5a1 | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

JetBrains .idea project directory

Reported by: linkks | Disclosed:

Weakness: Violation of Secure Design Principles

sqli

Reported by: linkks | Disclosed:

Critical

Weakness: SQL Injection

SNMP Community String Disclosure to ReadOnly Users on EdgeSwitch

Reported by: fr33rh | Disclosed:

High

Weakness: Information Disclosure

Weak credentials for nutty.ubnt.com

Reported by: korprit | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Privilege Escalation From user to SYSTEM via unauthenticated command execution

Reported by: b0yd | Disclosed:

Critical

Weakness: Command Injection - Generic

[EdgeSwitch] Web GUI command injection as root with Privilege-1 and Privilege-15 users

Reported by: phenix | Disclosed:

Medium

Weakness: Command Injection - Generic

account.ubnt.com CSRF

Reported by: benkhlifafahmi | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Exposed API-key allows to control nightly builds of firmwares (█████████ & ████████)

Reported by: tripwire | Disclosed:

High

Weakness: Violation of Secure Design Principles

Stored XSS in community.ubnt.com

Reported by: vibs123i | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Remote Code Execution at http://tw.corp.ubnt.com

Reported by: hassham | Disclosed:

Critical

Weakness: Command Injection - Generic

Expired SSL certificate

Reported by: simongurney | Disclosed:

Low

Weakness: Use of a Key Past its Expiration Date

200 http code in 403 forbidden directories on main Ubnt.com domain

Reported by: 4websecurity | Disclosed:

Weakness: Forced Browsing

View Only to Root Privilege Escalation on UniFi Protect

Reported by: fr33rh | Disclosed:

High

Weakness: Command Injection - Generic

Previous Page 3 of 5 Next