Valve - HackerOne Reports
View on HackerOne82
Total Reports
25
Critical
24
High
27
Medium
6
Low
Arbitrary File Write as SYSTEM from unprivileged user
Reported by:
b0yd
|
Disclosed:
High
Weakness: Privilege Escalation
Bounty: $1250.00
Aapp name leakage on economy history page
Reported by:
xpaw
|
Disclosed:
Medium
Weakness: Information Disclosure
Malformed playlist.txt in GoldSrc games leads to Access Violation & arbitrary code execution
Reported by:
nyancat0131
|
Disclosed:
High
Weakness: Stack Overflow
Bounty: $1000.00
Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message
Reported by:
shayhelman
|
Disclosed:
Critical
Weakness: Code Injection
Link filter protection bypass
Reported by:
ramsexy
|
Disclosed:
Medium
Weakness: Open Redirect
Unchecked weapon id in WeaponList message parser on client leads to RCE
Reported by:
nyancat0131
|
Disclosed:
Critical
Weakness: Array Index Underflow
Bounty: $3000.00
Comment restriction in subsection "Workshop" of domain "steamcommunity.com" can be bypassed using IDOR
Reported by:
ronak_9889
|
Disclosed:
Low
Weakness: Insecure Direct Object Reference (IDOR)
Hidden scheduled partner events are propagated to Steam clients in CMsgClientClanState
Reported by:
xpaw
|
Disclosed:
Medium
Weakness: Information Disclosure
Web API key registration allows registering multiple keys by reusing `request_id`
Reported by:
xpaw
|
Disclosed:
Low
CSRF | Ban or unban users in broadcast's chat
Reported by:
romesful
|
Disclosed:
Low
Weakness: Cross-Site Request Forgery (CSRF)
Deleting other people's comments on ModeratorMessages
Reported by:
creekie
|
Disclosed:
Low
Weakness: Improper Authentication - Generic
Bounty: $500.00
[GoldSrc] RCE via 'spk' Console Command
Reported by:
gamer7112
|
Disclosed:
High
Weakness: Classic Buffer Overflow
Bounty: $350.00
Suspended users can bypass UGC upload ban
Reported by:
delite
|
Disclosed:
Low
Weakness: Improper Access Control - Generic
Bounty: $500.00
SQL Injection in report_xml.php through countryFilter[] parameter
Reported by:
moskowsky
|
Disclosed:
Critical
Weakness: SQL Injection
Bounty: $25000.00
CS:GO Server -> Client RCE through OOB access in CSVCMsg_SplitScreen + Info leak in HTTP download
Reported by:
simonscannell
|
Disclosed:
Critical
Weakness: Out-of-bounds Read
Bounty: $7500.00
Xss was found by exploiting the URL markdown on http://store.steampowered.com
Reported by:
kenziy
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - DOM
Bounty: $1000.00
[CS 1.6] Map cycle abuse allows arbitrary file read/write
Reported by:
fe7ch
|
Disclosed:
Medium
Weakness: Improper Access Control - Generic
Bounty: $750.00
Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution
Reported by:
chippy
|
Disclosed:
Critical
Weakness: Classic Buffer Overflow
resetreportedcount & updatetags doesn't verify appid param
Reported by:
creekie
|
Disclosed:
Medium
Weakness: Improper Authentication - Generic
Bounty: $750.00
ImageMagick GIF coder vulnerability leading to memory disclosure
Reported by:
alyssa_herrera
|
Disclosed:
Medium
Weakness: Information Disclosure
Page 1 of 5
Next