Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Valve - HackerOne Reports

View on HackerOne

82

Total Reports

25

Critical

24

High

27

Medium

6

Low

Arbitrary file creation with semi-controlled content (leads to DoS, EoP and others) at Steam Windows Client

Reported by: xi-tauw | Disclosed:

Medium

Weakness: Path Traversal

Bounty: $1250.00

Big Picture web browser leaks login cookies and discloses sensitive information (may lead to account takeover)

Reported by: bugstar | Disclosed:

High

Weakness: Information Disclosure

Getting all the CD keys of any game

Reported by: moskowsky | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Bounty: $20000.00

[GoldSrc] RCE via malformed BSP file

Reported by: gamer7112 | Disclosed:

High

Weakness: Classic Buffer Overflow

Bounty: $450.00

Unfiltered input allows for XSS in "Playtime Item Grants" fields

Reported by: xpaw | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Modify in-flight data to payment provider Smart2Pay

Reported by: drbrix | Disclosed:

Critical

Weakness: Business Logic Errors

Bounty: $7500.00

Shell command injection in https://partner.steamgames.com/admin/game/publish/ via screenshot URL

Reported by: lolcanyouexplainagainpleaselol | Disclosed:

Critical

Weakness: OS Command Injection

GetGlobalAchievementPercentagesForApp is missing the same release checks as GetSchemaForGame

Reported by: xpaw | Disclosed:

Medium

Weakness: Information Disclosure

ISteamAssets gives partners control over unrelated community market transactions

Reported by: lolcanyouexplainagainpleaselol | Disclosed:

High

Weakness: Improper Access Control - Generic

Malformed BSP in GoldSrc Engine may cause shellcode injection

Reported by: kohtep2010 | Disclosed:

High

Weakness: Classic Buffer Overflow

Bounty: $1750.00

Malformed save files (.sav) allow to write files with arbitrary extensions and content in GoldSrc-based games.

Reported by: splatt581 | Disclosed:

High

Weakness: Malware

Bounty: $1500.00

Access to microtransaction sales data for lots of apps from 2014 to present at /valvefinance/sanity/

Reported by: lolcanyouexplainagainpleaselol | Disclosed:

Critical

Weakness: Improper Access Control - Generic

RCE on CS:GO client using unsanitized entity ID in EntityMsg message

Reported by: teapotd | Disclosed:

Critical

Weakness: Out-of-bounds Read

Bounty: $9000.00

MySQL username and password leaked in developer.valvesoftware.com via source code dislosure

Reported by: nahamsec | Disclosed:

Medium

Weakness: Password in Configuration File

Unauthorized updates to extended_info properties in /store/ajaxpackagesave

Reported by: lolcanyouexplainagainpleaselol | Disclosed:

High

Weakness: Improper Access Control - Generic

https://srcds.valve.net/find/ is leaking server config / API keys

Reported by: lolcanyouexplainagainpleaselol | Disclosed:

High

Weakness: Information Disclosure

OOB reads in network message handlers leads to RCE

Reported by: slidybat | Disclosed:

Critical

Weakness: Out-of-bounds Read

Bounty: $7500.00

Malformed .WAV triggers an Access Violation on GoldSRC (hl.exe)

Reported by: chippy | Disclosed:

Medium

Weakness: Memory Corruption - Generic

Malformed NAV file leads to buffer overflow and code execution in Left4Dead2.exe

Reported by: hunterstanton | Disclosed:

Critical

Weakness: Classic Buffer Overflow

Bounty: $10000.00

Reflected XSS on help.steampowered.com

Reported by: xpaw | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Previous Page 3 of 5 Next