Valve - HackerOne Reports
View on HackerOne82
Total Reports
25
Critical
24
High
27
Medium
6
Low
Malformed map detailed texture files in GoldSrc games lead to Remote Code Execution
Reported by:
nyancat0131
|
Disclosed:
Medium
Weakness: Stack Overflow
Bounty: $350.00
Buffer overflows in demo parsing
Reported by:
yalter
|
Disclosed:
Medium
Weakness: Classic Buffer Overflow
Malformed .MDL triggers an Access Violation on GoldSRC (hl.exe)
Reported by:
chippy
|
Disclosed:
High
Weakness: Memory Corruption - Generic
Stored XSS in the guide's GameplayVersion (www.dota2.com)
Reported by:
mvc
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Stored XXS @ https://steamcommunity.com/search/users/#text= via Profile Name
Reported by:
osintopsec
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $750.00
Potential buffer overflow in demoplayer module of GoldSource Engine
Reported by:
kohtep2010
|
Disclosed:
Low
Weakness: Classic Buffer Overflow
Bounty: $200.00
Buffer overrun in Steam SILK voice decoder
Reported by:
slidybat
|
Disclosed:
Critical
Weakness: Classic Buffer Overflow
Bounty: $7500.00
ajaxgetachievementsforgame is not guarded for unreleased apps
Reported by:
j4ln
|
Disclosed:
Medium
Weakness: Information Disclosure
Bounty: $750.00
[Half-Life 1] Malformed map name leads to memory corruption and code execution
Reported by:
kbeckmann
|
Disclosed:
High
Weakness: Classic Buffer Overflow
Bounty: $1500.00
RCE on partner.steampowered.com
Reported by:
lolcanyouexplainagainpleaselol
|
Disclosed:
Critical
Weakness: Command Injection - Generic
LFI in pChart php library
Reported by:
ramsexy
|
Disclosed:
High
Weakness: Path Traversal
[Source Engine] Material path truncation leads to Remote Code Execution
Reported by:
nyancat0131
|
Disclosed:
High
Weakness: Improper Input Validation
Bounty: $2500.00
WG call injection in /economy/contextcommand
Reported by:
lolcanyouexplainagainpleaselol
|
Disclosed:
Critical
Weakness: Command Injection - Generic
Vulnerability in GoldSource Engine allows to upload and run an arbitrary DLL on client
Reported by:
kohtep2010
|
Disclosed:
High
Weakness: Malware
Bounty: $1000.00
Shell command injection in https://partner.steamgames.com/bundles/savestore/ via overwriting asset_path_identifier
Reported by:
lolcanyouexplainagainpleaselol
|
Disclosed:
Critical
Weakness: OS Command Injection
Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser
Reported by:
irukandjisecresearch
|
Disclosed:
High
Weakness: Stack Overflow
[CS:GO] Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution
Reported by:
nyancat0131
|
Disclosed:
High
Weakness: Stack Overflow
Bounty: $2500.00
XSS @ store.steampowered.com via agecheck path name
Reported by:
tvmpt
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Bounty: $750.00
Signedness issue in ClassInfo message handler leads to RCE on CS:GO client
Reported by:
teapotd
|
Disclosed:
Critical
Weakness: Array Index Underflow
Bounty: $7500.00
Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games
Reported by:
gamer7112
|
Disclosed:
Critical
Weakness: Classic Buffer Overflow
Bounty: $7500.00