- https://hackerone.com/reports/120 | Missing SPF for hackerone.com
- https://hackerone.com/reports/280 | Real impersonation
- https://hackerone.com/reports/284 | Broken Authentication and session management OWASP A2
- https://hackerone.com/reports/288 | Session Management
- https://hackerone.com/reports/298 | RTL override symbol not stripped from file names
- https://hackerone.com/reports/321 | CSP not consistently applied
- https://hackerone.com/reports/353 | Session not expired on logout
- https://hackerone.com/reports/390 | Pixel flood attack
- https://hackerone.com/reports/400 | GIF flooding
- https://hackerone.com/reports/454 | PNG compression DoS
- https://hackerone.com/reports/477 | Flawed account creation process allows registration of usernames corresponding to existing file names
- https://hackerone.com/reports/487 | DNS Cache Poisoning
- https://hackerone.com/reports/499 | Ruby: Heap Overflow in Floating Point Parsing
- https://hackerone.com/reports/500 | OpenSSH: Memory corruption in AES-GCM support
- https://hackerone.com/reports/501 | TLS Virtual Host Confusion
- https://hackerone.com/reports/523 | PHP openssl_x509_parse() Memory Corruption Vulnerability
- https://hackerone.com/reports/546 | Logical issues with account settings
- https://hackerone.com/reports/547 | CSRF login
- https://hackerone.com/reports/575 | Email spoofing
- https://hackerone.com/reports/713 | Upload profile photo from URL
- https://hackerone.com/reports/727 | Switching the user to the attacker's account
- https://hackerone.com/reports/737 | Improper session management
- https://hackerone.com/reports/738 | Information disclosure (reset password token) and changing the user's password
- https://hackerone.com/reports/742 | A password reset page does not properly validate the authenticity token at the server side.
- https://hackerone.com/reports/774 | Log in a user to another account
- https://hackerone.com/reports/809 | Improperly implemented password recovery link functionality
- https://hackerone.com/reports/842 | Autocomplete enabled in Paypal preferences
- https://hackerone.com/reports/1356 | PHP Heap Overflow Vulnerability in imagecrop()
- https://hackerone.com/reports/1509 | DNS Misconfiguration
- https://hackerone.com/reports/2106 | Flash type confusion vulnerability leads to code execution
- https://hackerone.com/reports/2107 | Handling of jar: URIs bypasses AllowScriptAccess=never
- https://hackerone.com/reports/2140 | Flash local-with-fileaccess Sandbox Bypass
- https://hackerone.com/reports/2170 | Flash double free vulnerability leads to code execution
- https://hackerone.com/reports/2221 | CSS leaks SCSS debug info
- https://hackerone.com/reports/2224 | Bypass auth.email-domains
- https://hackerone.com/reports/2228 | Login CSRF using Twitter OAuth
- https://hackerone.com/reports/2233 | Bypass auth.email-domains (2)
- https://hackerone.com/reports/2421 | Value of JSESSIONID and XSRF token parameter in cookie remains same before and after login
- https://hackerone.com/reports/2427 | XSRF token problem
- https://hackerone.com/reports/2439 | Cross Site Scripting (XSS) - app.relateiq.com
- https://hackerone.com/reports/2497 | Reflective XSS can be triggered in IE
- https://hackerone.com/reports/2559 | Broken Authentication (including Slack OAuth bugs)
- https://hackerone.com/reports/2575 | Slack OAuth2 "redirect_uri" Bypass
- https://hackerone.com/reports/2584 | Weird Bug - Ability to see partial of other user's notification
- https://hackerone.com/reports/2617 | Stored XSS in www.slack-files.com
- https://hackerone.com/reports/2622 | URL redirection flaw
- https://hackerone.com/reports/2625 | Stored XSS in username.slack.com
- https://hackerone.com/reports/2628 | CSRF vulnerability on https://sehacure.slack.com/account/settings
- https://hackerone.com/reports/2652 | Stored XSS in Channel Chat
- https://hackerone.com/reports/2735 | HTML injection in "Invite Collaborators"
- https://hackerone.com/reports/2777 | Reflected Xss
- https://hackerone.com/reports/3227 | Control Characters Not Stripped From Username on Signup
- https://hackerone.com/reports/3356 | UnAuthorized Editorial Publishing to Blogs
- https://hackerone.com/reports/3370 | Directory traversal attack in view resolver
- https://hackerone.com/reports/3441 | Captcha Bypass With Extension
- https://hackerone.com/reports/3455 | flash content type sniff vulnerability in api.slack.com
- https://hackerone.com/reports/3596 | OAuth access_token stealing in Phabricator
- https://hackerone.com/reports/3921 | Control character allowed in username
- https://hackerone.com/reports/3930 | OAuth Stealing Attack (New)
- https://hackerone.com/reports/3986 | Securing sensitive pages from SearchBots
- https://hackerone.com/reports/4114 | Persistent XSS: Editor link
- https://hackerone.com/reports/4409 | TRACE disclosure attack may be possible
- https://hackerone.com/reports/4561 | Stored XSS in Slackbot Direct Messages
- https://hackerone.com/reports/4638 | Duplicate of #4550
- https://hackerone.com/reports/4689 | SPDY memory corruption
- https://hackerone.com/reports/4690 | SPDY heap buffer overflow
- https://hackerone.com/reports/5314 | Coinbase Android Application - Bitcoin Wallet Leaks OAuth Response Code
- https://hackerone.com/reports/5786 | Coinbase Android Security Vulnerabilities
- https://hackerone.com/reports/5928 | Uncontrolled Resource Consumption with XMPP-Layer Compression
- https://hackerone.com/reports/5933 | Multiple Issues related to registering applications
- https://hackerone.com/reports/5946 | Marking notifications as read CSRF bug
- https://hackerone.com/reports/6002 | Stored XSS in Slack.com
- https://hackerone.com/reports/6017 | Facebook Takeover using Slack using 302 from files.slack.com with access_token
- https://hackerone.com/reports/6350 | creating titleless and non-closable bugs
- https://hackerone.com/reports/6353 | Wildcard DNS in website
- https://hackerone.com/reports/6380 | Same Origin Security Bypass Vulnerability
- https://hackerone.com/reports/6389 | Integer overflow in strop.expandtabs
- https://hackerone.com/reports/6626 | TLS heartbeat read overrun
- https://hackerone.com/reports/6871 | Login CSRF
- https://hackerone.com/reports/6872 | Sign up CSRF
- https://hackerone.com/reports/6877 | Unsecure cookies, cookie flag secure not set
- https://hackerone.com/reports/6883 | Bruteforcing irccloud login
- https://hackerone.com/reports/6884 | Leaking Referrer in Reset Password Link
- https://hackerone.com/reports/6907 | Session Token is not Verified while changing Account Setting's which Result In account Takeover
- https://hackerone.com/reports/6910 | Full account takeover using CSRF and password reset
- https://hackerone.com/reports/6935 | Missing X-Content-Type-Options
- https://hackerone.com/reports/7036 | Bug in iOS application which could lead to unauthorised access.
- https://hackerone.com/reports/7041 | iOS application does not destroy session upon logout.
- https://hackerone.com/reports/7121 | Persistent Cross Site Scripting within the IRCCloud Pastebin
- https://hackerone.com/reports/7277 | TLS Triple Handshake Attack
- https://hackerone.com/reports/7357 | Host Header is not validated resulting in Open Redirect
- https://hackerone.com/reports/7369 | 2 factor authentication design flaw
- https://hackerone.com/reports/7441 | Dangerous Persistent xss
- https://hackerone.com/reports/7531 | Login CSRF can be bypassed (Similar approach to previous one).
- https://hackerone.com/reports/7803 | Security bypass could lead to information disclosure
- https://hackerone.com/reports/7931 | Issue with remember_user_token
- https://hackerone.com/reports/8082 | Password Reset Bug
- https://hackerone.com/reports/8724 | Clickjacking
- https://hackerone.com/reports/8846 | localStorage не чи�тит�� по�ле выхода
- https://hackerone.com/reports/9318 | Home page reflected XSS
- https://hackerone.com/reports/9375 | Stored XSS in all fields in Basic Google Maps Placemarks Settings
- https://hackerone.com/reports/9391 | Xss in CampTix Event Ticketing
- https://hackerone.com/reports/9479 | Anti-MIME-Sniffing header X-Content-Type-Options header has not been set.
- https://hackerone.com/reports/9774 | Stored XSS Found
- https://hackerone.com/reports/9919 | SQL injection [дырка в движке форума]
- https://hackerone.com/reports/9921 | Time based sql injection
- https://hackerone.com/reports/10037 | SQL inj
- https://hackerone.com/reports/10081 | SQL
- https://hackerone.com/reports/10297 | Stored XSS in slack.com (integrations)
- https://hackerone.com/reports/10373 | Bypassing Same Origin Policy With JSONP APIs and Flash
- https://hackerone.com/reports/10468 | SQL inj
- https://hackerone.com/reports/10554 | Bypassing 2FA for BTC transfers
- https://hackerone.com/reports/10563 | CSRF on "Set as primary" option on the accounts page
- https://hackerone.com/reports/10829 | CSRF in function "Set as primary" on accounts page
- https://hackerone.com/reports/11073 | XSS in gist integration
- https://hackerone.com/reports/11410 | XSS in https://e.mail.ru/cgi-bin/lstatic (Limited use)
- https://hackerone.com/reports/11861 | SQL injection update.mail.ru
- https://hackerone.com/reports/11919 | Stored XSS on http://top.mail.ru
- https://hackerone.com/reports/11927 | Stored XSS on http://cards.mail.ru
- https://hackerone.com/reports/12297 | Python vulnerability: reading arbitrary process memory
- https://hackerone.com/reports/12497 | Adobe Flash Player FileReference Use-after-Free Vulnerability
- https://hackerone.com/reports/12583 | XXE and SSRF on webmaster.mail.ru
- https://hackerone.com/reports/12588 | XSS in a file or folder name
- https://hackerone.com/reports/13195 | auth.mail.ru: XSS in login form
- https://hackerone.com/reports/13286 | Host Header Injection - irccloud.com
- https://hackerone.com/reports/13748 | Potential denial of service in hackerone.com/teams/new
- https://hackerone.com/reports/13959 | privilege escalation
- https://hackerone.com/reports/14033 | connect.mail.ru: SSRF
- https://hackerone.com/reports/14127 | SSRF on https://whitehataudit.slack.com/account/photo
- https://hackerone.com/reports/14570 | Login password guessing attack
- https://hackerone.com/reports/14631 | Clickjacking at https://www.mavenlink.com/ main website
- https://hackerone.com/reports/15166 | Password reset token not expiring
- https://hackerone.com/reports/15362 | Flash Sandbox Bypass
- https://hackerone.com/reports/15412 | Leaking CSRF token over HTTP resulting in CSRF protection bypass
- https://hackerone.com/reports/15762 | SQL Injection on 11x11.mail.ru
- https://hackerone.com/reports/15785 | Session not invalidated after password reset
- https://hackerone.com/reports/15852 | Non Validation of session after password reset
- https://hackerone.com/reports/16315 | Abusing VCS control on phabricator
- https://hackerone.com/reports/16330 | Multiple issues in looking-glass software (aka from web to BGP injections)
- https://hackerone.com/reports/16392 | Abusing daemon logs for Privilege escalation under certain scenarios
- https://hackerone.com/reports/16568 | Failed Certificate Validation On Custom Server (Register)
- https://hackerone.com/reports/16571 | SSRF (Portscan) via Register Function (Custom Server)
- https://hackerone.com/reports/16718 | Open Redirect login account
- https://hackerone.com/reports/16935 | e.mail.ru: SMS spam with custom content
- https://hackerone.com/reports/17160 | Password Policy issue (Weak Protect)
- https://hackerone.com/reports/17383 | Category- Broken Authentication and Session Management (leads to account compromise if some conditions are met)
- https://hackerone.com/reports/17474 | Broken Authentication and Session Management
- https://hackerone.com/reports/17540 | Reflected XSS in Pastebin-view
- https://hackerone.com/reports/17688 | LZ4 Core
- https://hackerone.com/reports/17785 | Denial of Service
- https://hackerone.com/reports/18691 | XSS in editor by any user
- https://hackerone.com/reports/18698 | Resubmitted with POC #18685 Password reset CSRF
- https://hackerone.com/reports/18843 | use-after-free vulnerability in Flash Player
- https://hackerone.com/reports/18992 | Possibility to attach any mobile number to any email
- https://hackerone.com/reports/20049 | Cross-site Scripting in mailing (username)
- https://hackerone.com/reports/20391 | m.agent.mail.ru: Подделываем j2me app-descriptor
- https://hackerone.com/reports/20616 | e.mail.ru: File upload "Chapito" circus
- https://hackerone.com/reports/20671 | integer overflow in 'buffer' type allows reading memory
- https://hackerone.com/reports/20720 | cloud.mail.ru: File upload XSS using Content-Type header
- https://hackerone.com/reports/20861 | moderate: mod_deflate denial of service
- https://hackerone.com/reports/20873 | rsync hash collisions may allow an attacker to corrupt or modify files
- https://hackerone.com/reports/21034 | Invoice Details activate JS that filled in
- https://hackerone.com/reports/21069 | Login CSRF
- https://hackerone.com/reports/21110 | Clickjacking
- https://hackerone.com/reports/21150 | Flash XSS on swfupload.swf showing at app.mavenlink.com
- https://hackerone.com/reports/21210 | privilege escalation
- https://hackerone.com/reports/21248 | Content spoofing at Stripe Integrations
- https://hackerone.com/reports/22093 | Content Spoofing all Integrations in https://team.slack.com/services/new/
- https://hackerone.com/reports/23363 | Forgot Password Issue
- https://hackerone.com/reports/23386 | Redirect while opening links in new tabs
- https://hackerone.com/reports/23852 | money.mail.ru: Странное поведение SMS
- https://hackerone.com/reports/25160 | Open redirection on secure.phabricator.com
- https://hackerone.com/reports/25281 | Change Any username and profile link in hackerone
- https://hackerone.com/reports/26647 | CSRF protection bypass on any Django powered site via Google Analytics
- https://hackerone.com/reports/26825 | Full path disclosure at ads.twitter.com
- https://hackerone.com/reports/26935 | XSS via .eml file
- https://hackerone.com/reports/26962 | open redirect in rfc6749
- https://hackerone.com/reports/27166 | Missing Rate Limiting on https://twitter.com/account/complete
- https://hackerone.com/reports/27404 | Delete Credit Cards from any Twitter Account in ads.twitter.com [New Vulnerability]
- https://hackerone.com/reports/27511 | ads.twitter.com xss
- https://hackerone.com/reports/27651 | Flash Local Sandbox Bypass
- https://hackerone.com/reports/27846 | Stored xss
- https://hackerone.com/reports/27987 | Window Opener Property Bug
- https://hackerone.com/reports/28150 | Cross site scripting on ads.twitter.com
- https://hackerone.com/reports/28445 | SPL ArrayObject/SPLObjectStorage Unserialization Type Confusion Vulnerabilities
- https://hackerone.com/reports/28449 | Active Record SQL Injection Vulnerability Affecting PostgreSQL
- https://hackerone.com/reports/28450 | Active Record SQL Injection Vulnerability Affecting PostgreSQL
- https://hackerone.com/reports/28500 | iOS App can establish Facetime calls without user's permission
- https://hackerone.com/reports/28832 | touch.mail.ru XSS via message id
- https://hackerone.com/reports/28865 | Redirect FILTER bypass in report/comment
- https://hackerone.com/reports/29234 | Credit Card Validation Issue
- https://hackerone.com/reports/29328 | XSS platform.twitter.com
- https://hackerone.com/reports/29331 | No email verification on username change
- https://hackerone.com/reports/29360 | XSS platform.twitter.com | video-js metadata
- https://hackerone.com/reports/29480 | Unvalidated Channel names causes IRC Command Injection
- https://hackerone.com/reports/29491 | homograph attack. IDNs displayed in unicode in bug reports and on external link warning page
- https://hackerone.com/reports/29835 | Profile Pic padding (Length-hiding) fails due to use of GZIP
- https://hackerone.com/reports/29839 | GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability
- https://hackerone.com/reports/30238 | New Device confirmation tokens are not properly validated.
- https://hackerone.com/reports/30567 | Adobe Flash Player MP4 Use-After-Free Vulnerability
- https://hackerone.com/reports/30852 | Relateiq SSLv3 deprecated protocol vulnerability.
- https://hackerone.com/reports/30975 | Improper Verification of email address while saving Account Settings
- https://hackerone.com/reports/31082 | Unauthorized Tweeting on behalf of Account Owners
- https://hackerone.com/reports/31168 | Cryptographic Side Channel in OAuth Library
- https://hackerone.com/reports/31383 | Ability to see common response titles of other teams (limited)
- https://hackerone.com/reports/31408 | Adobe Flash Player Out-of-Bound Read/Write Vulnerability
- https://hackerone.com/reports/31415 | PoodleBleed
- https://hackerone.com/reports/31554 | Singup Page HTML Injection Vulnerability
- https://hackerone.com/reports/31756 | Drupal 7 pre auth sql injection and remote code execution
- https://hackerone.com/reports/32519 | XSS in fabric.io
- https://hackerone.com/reports/32570 | OpenSSL HeartBleed (CVE-2014-0160)
- https://hackerone.com/reports/32825 | URGENT - Subdomain Takeover on media.vine.co due to unclaimed domain pointing to AWS
- https://hackerone.com/reports/33018 | a stored xss in slack integration https://onerror.slack.com/services/import
- https://hackerone.com/reports/33091 | DOM Cross-Site Scripting ( XSS )
- https://hackerone.com/reports/33935 | File Name Enumeration
- https://hackerone.com/reports/34084 | Bad extended ascii handling in HTTP 301 redirects of t.co
- https://hackerone.com/reports/34112 | SMPT Protection not used, I can hijack your email server.
- https://hackerone.com/reports/34686 | �шибка фильтрации
- https://hackerone.com/reports/34725 | XSS via Fabrico Account Name
- https://hackerone.com/reports/35102 | Locale::parseLocale Double Free
- https://hackerone.com/reports/35237 | Gain reputation by creating a duplicate of an existing report
- https://hackerone.com/reports/35287 | getting emails of users/removing them from victims account [using typical attack]
- https://hackerone.com/reports/35363 | [static.qiwi.com] XSS proxy.html
- https://hackerone.com/reports/35413 | [send.qiwi.ru] XSS at auth?login=
- https://hackerone.com/reports/36105 | CRLF Injection [ishop.qiwi.com]
- https://hackerone.com/reports/36211 | Logic Issue with Reputation: Boost Reputation Points
- https://hackerone.com/reports/36264 | mod_proxy_fcgi buffer overflow
- https://hackerone.com/reports/36279 | Adobe Flash Player MP4 Use-After-Free Vulnerability
- https://hackerone.com/reports/36319 | [qiwi.com] /oauth/confirm.action XSS
- https://hackerone.com/reports/36450 | [send.qiwi.ru] Soap-based XXE vulnerability /soapserver/
- https://hackerone.com/reports/36594 | New Device Confirmation, token is valid until not used.
- https://hackerone.com/reports/36986 | [Stored XSS] vine.co - profile page
- https://hackerone.com/reports/37240 | Race condition in Flash workers may cause an exploitabl​e double free
- https://hackerone.com/reports/38007 | Subdomain Takeover using blog.greenhouse.io pointing to Hubspot
- https://hackerone.com/reports/38157 | [qiwi.com] Open Redirect
- https://hackerone.com/reports/38170 | Misc Python bugs (Memory Corruption & Use After Free)
- https://hackerone.com/reports/38189 | xss in /browse/contacts/
- https://hackerone.com/reports/38232 | Breaking Bugs as team member
- https://hackerone.com/reports/38343 | Issue with password change
- https://hackerone.com/reports/38345 | [sms.qiwi.ru] XSS via Request-URI
- https://hackerone.com/reports/38615 | [connect.mail.ru] Memory Disclosure / IE XSS
- https://hackerone.com/reports/38965 | Phabricator Diffusion application allows unauthorized users to delete mirrors
- https://hackerone.com/reports/39181 | [vimeopro.com] CRLF Injection
- https://hackerone.com/reports/39428 | Phabricator Phame Blog Skins Local File Inclusion
- https://hackerone.com/reports/39486 | No bruteforce protection leads to enumeration of emails in http://e.mail.ru/
- https://hackerone.com/reports/39631 | Open redirection in fabric.io
- https://hackerone.com/reports/41240 | POODLE Bug: 199.16.156.44, 199.16.156.108, mx4.twitter.com
- https://hackerone.com/reports/41469 | Error stack trace
- https://hackerone.com/reports/41758 | Stored XSS in api key of operator wallet
- https://hackerone.com/reports/41856 | HTML/XSS rendered in Android App of Crashlytics through fabric.io
- https://hackerone.com/reports/42161 | stored xss in transaction
- https://hackerone.com/reports/42236 | URGENT - Subdomain Takeover on users.tweetdeck.com , the same issue of report #32825
- https://hackerone.com/reports/42240 | chrome allows POST requests with custom headers using flash + 307 redirect
- https://hackerone.com/reports/42393 | XSS on partners.uber.com
- https://hackerone.com/reports/42582 | Vimeo.com - Reflected XSS Vulnerability
- https://hackerone.com/reports/42584 | Vimeo.com - reflected xss vulnerability
- https://hackerone.com/reports/42587 | Vimeo.com Insecure Direct Object References Reset Password
- https://hackerone.com/reports/42702 | APIs for channels allow HTML entities that may cause XSS issue
- https://hackerone.com/reports/42797 | Denial of Service in Action Pack Exception Handling
- https://hackerone.com/reports/42961 | fabric.io - app member can make himself an admin
- https://hackerone.com/reports/43065 | Fabric.io - an app admin can delete team members from other user apps
- https://hackerone.com/reports/43440 | Arbitrary file existence disclosure in Action Pack
- https://hackerone.com/reports/43443 | PyUnicode_FromFormatV crasher
- https://hackerone.com/reports/43602 | Buying ondemand videos that 0.1 and sometimes for free
- https://hackerone.com/reports/43617 | Adding profile picture to anyone on Vimeo
- https://hackerone.com/reports/43672 | player.vimeo.com - Reflected XSS Vulnerability
-
https://hackerone.com/reports/43770 | Ability to Download Music Tracks Without Paying (Missing permission check on
/musicstore/download
) - https://hackerone.com/reports/43850 | abusing Thumbnails(https://vimeo.com/upload/select_thumb) to see a private video
- https://hackerone.com/reports/43988 | twitter android app Fragment Injection
- https://hackerone.com/reports/43998 | CRITICAL full source code/config disclosure for Cameo
- https://hackerone.com/reports/44052 | Hadoop Node available to public
- https://hackerone.com/reports/44146 | Make API calls on behalf of another user (CSRF protection bypass)
- https://hackerone.com/reports/44217 | Application XSS filter function Bypass may allow Multiple stored XSS
- https://hackerone.com/reports/44294 | Heartbleed: my.com (185.30.178.33) port 1433
- https://hackerone.com/reports/44492 | Flaw in login with twitter to steal Oauth tokens
- https://hackerone.com/reports/44512 | XSS on any site that includes the moogaloop flash player | deprecated embed code
- https://hackerone.com/reports/44513 | RCE due to Web Console IP Whitelist bypass in Rails 4.0 and 4.1
- https://hackerone.com/reports/44727 | Insecure Data Storage in Vine Android App
- https://hackerone.com/reports/44798 | Vimeo Search - XSS Vulnerability [http://vimeo.com/search]
- https://hackerone.com/reports/44888 | Improper way of validating a program
- https://hackerone.com/reports/45368 | ftp upload of video allows naming that is not sanitized as the manual naming
- https://hackerone.com/reports/45484 | XSS on Vimeo
-
https://hackerone.com/reports/45960 | CRITICAL vulnerability - Insecure Direct Object Reference - Unauthorized access to
Videos
of Channel whose privacy is set toPrivate
. - https://hackerone.com/reports/46072 | Vulnerability with the way \ escaped characters in http://danlec.com style links are rendered
- https://hackerone.com/reports/46113 | Can message users without the proper authorization
- https://hackerone.com/reports/46345 | Directory index and information disclosure
- https://hackerone.com/reports/46366 | Error stack trace
- https://hackerone.com/reports/46397 | Insecure Direct Object Reference vulnerability
- https://hackerone.com/reports/46429 | Team member invitations to sandboxed teams are not invalidated consistently
- https://hackerone.com/reports/46485 | Problem with OAuth
- https://hackerone.com/reports/46618 | Frictionless Transferring of Wallet Ownership
- https://hackerone.com/reports/46747 | Team admin can change unauthorized team setting (require_at_for_mention)
- https://hackerone.com/reports/46750 | Team admin can change unauthorized team setting (allow_message_deletion)
- https://hackerone.com/reports/46818 | Twitter Card - Parent Window Redirection
- https://hackerone.com/reports/46916 | Markdown parsing issue enables insertion of malicious tags and event handlers
- https://hackerone.com/reports/47012 | Adobe Flash Player Out-of-Bound Access Vulnerability
- https://hackerone.com/reports/47227 | Race condition in workers may cause an exploitable double free by abusing bytearray.compress()
- https://hackerone.com/reports/47232 | Use after free during the StageVideoAvailabilityEvent can result in arbitrary code execution
- https://hackerone.com/reports/47234 | Use After Free in Flash MessageChannel.send can cause arbitrary code execution
- https://hackerone.com/reports/47280 | JSON keys are not properly escaped
- https://hackerone.com/reports/47472 | CSP Bypass: Click handler for links with data-method="post" can cause authenticity_token to be sent off domain
- https://hackerone.com/reports/47495 | Same Origin Policy bypass
- https://hackerone.com/reports/47536 | [ishop.qiwi.com] XSS + Misconfiguration
- https://hackerone.com/reports/47627 | Email Enumeration (POC)
- https://hackerone.com/reports/47779 | Heap overflow in H. Spencer’s regex library on 32 bit systems
- https://hackerone.com/reports/47888 | Reporting user's profile by using another people's ID
- https://hackerone.com/reports/47940 | Team admin can add billing contacts
- https://hackerone.com/reports/48065 | open authentication bug
- https://hackerone.com/reports/48100 | Bad Write in TTF font parsing (win32k.sys)
- https://hackerone.com/reports/48422 | Team member invitations to sandboxed teams are not invalidated consistently (v2)
- https://hackerone.com/reports/48516 | Redirect URL in /intent/ functionality is not properly escaped
- https://hackerone.com/reports/49035 | HDFS NameNode Public disclosure: http://185.5.139.33:50070/dfshealth.jsp
- https://hackerone.com/reports/49139 | scfbp.tng.mail.ru: Heartbleed
- https://hackerone.com/reports/49170 | Information disclosure - emails disclosed in response > staging.seatme.us
- https://hackerone.com/reports/49408 | RCE через JDWP
- https://hackerone.com/reports/49561 | Vimeo + & Vimeo PRO Unautorised Tax bypass
- https://hackerone.com/reports/49652 | Improperly validated fields allows injection of arbitrary HTML via spoofed React objects
- https://hackerone.com/reports/49663 | URGENT - Subdomain Takeover on status.vimeo.com due to unclaimed domain pointing to statuspage.io
- https://hackerone.com/reports/49759 | Open Redirect leak of authenticity_token lead to full account take over.
- https://hackerone.com/reports/49806 | Twitter Ads Campaign information disclosure through admin without any authentication.
- https://hackerone.com/reports/49935 | rails-ujs will send CSRF tokens to other origins
- https://hackerone.com/reports/49974 | The csrf token remains same after user logs in
- https://hackerone.com/reports/50134 | XSS in original referrer after follow
- https://hackerone.com/reports/50170 | FREAK: Factoring RSA_EXPORT Keys to Impersonate TLS Servers
- https://hackerone.com/reports/50752 | open redirect sends authenticity_token to any website or (ip address)
- https://hackerone.com/reports/50776 | A user can edit comments even after video comments are disabled
- https://hackerone.com/reports/50786 | A user can add videos to other user's private groups
- https://hackerone.com/reports/50829 | A user can post comments on other user's private videos
- https://hackerone.com/reports/50884 | Bypass pin(4 digit passcode on your android app)
- https://hackerone.com/reports/50885 | CVE-2014-0224 openssl ccs vulnerability
- https://hackerone.com/reports/50941 | A user can enhance their videos with paid tracks without buying the track
- https://hackerone.com/reports/51265 | Flash Cross Domain Policy Bypass by Using File Upload and Redirection - only in Chrome
- https://hackerone.com/reports/51817 | Post in private groups after getting removed
- https://hackerone.com/reports/52035 | Open redirect in "Language change".
- https://hackerone.com/reports/52042 | HTTP Response Splitting (CRLF injection) in report_story
- https://hackerone.com/reports/52176 | Insecure Direct Object References in https://vimeo.com/forums
- https://hackerone.com/reports/52181 | Insecure Direct Object References that allows to read any comment (even if it should be private)
- https://hackerone.com/reports/52635 | UniFi v3.2.10 Cross-Site Request Forgeries / Referer-Check Bypass
- https://hackerone.com/reports/52646 | Insecure direct object reference - have access to deleted DM's
- https://hackerone.com/reports/52707 | Invite any user to your group without even following him
- https://hackerone.com/reports/52708 | Share your channel to any user on vimeo without following him
- https://hackerone.com/reports/52822 | XSS with Time-of-Day Format
- https://hackerone.com/reports/52982 | [URGENT ISSUE] Add or Delete the videos in watch later list of any user .
- https://hackerone.com/reports/53004 | Blacklist bypass on Callback URLs
- https://hackerone.com/reports/53088 | SSRF vulnerability (access to metadata server on EC2 and OpenStack)
- https://hackerone.com/reports/53098 | XSS in twitter.com/safety/unsafe_link_warning
- https://hackerone.com/reports/53843 | HTTP Response Splitting (CRLF injection) due to headers overflow
- https://hackerone.com/reports/53858 | Insecure Direct Object Reference - access to other user/group DM's
- https://hackerone.com/reports/54094 | HTTP MitM on Flash Player settings manager allows attacker to set sandbox settings
- https://hackerone.com/reports/54321 | Xss in website's link
- https://hackerone.com/reports/54327 | Persistent cross-site scripting (XSS) in map attribution
- https://hackerone.com/reports/54610 | Logout any user of same team
- https://hackerone.com/reports/54631 | Vulnerable to JavaScript injection. (WXS) (Javascript injection)!
- https://hackerone.com/reports/54641 | Captcha Bypass in Snapchat's Geofilter Submission Process
- https://hackerone.com/reports/54719 | e.mail.ru stored XSS in agent via sticker (smile)
- https://hackerone.com/reports/54733 | Sandboxed iframes don't show confirmation screen
- https://hackerone.com/reports/54779 | Missing spf flags for myshopify.com
- https://hackerone.com/reports/55017 | Multiple Python integer overflows
- https://hackerone.com/reports/55018 | Segmentation fault for invalid PSS parameters
- https://hackerone.com/reports/55028 | Free called on unitialized pointer in exif.c
- https://hackerone.com/reports/55029 | Use after free vulnerability in unserialize() with DateTimeZone
- https://hackerone.com/reports/55030 | SoapClient's __call() type confusion through unserialize()
- https://hackerone.com/reports/55033 | Use after free vulnerability in unserialize()
- https://hackerone.com/reports/55140 | Race Conditions in OAuth 2 API implementations
- https://hackerone.com/reports/55431 | XML Parser Bug: XXE over which leads to RCE
- https://hackerone.com/reports/55525 | Open redirection in OAuth
- https://hackerone.com/reports/55530 | Authentication Failed Mobile version
- https://hackerone.com/reports/55546 | Open Redirect after login at http://ecommerce.shopify.com
- https://hackerone.com/reports/55670 | Fabric.io: Ex-admin of an organization can delete team members
- https://hackerone.com/reports/55716 | Force 500 Internal Server Error on any shop (for one user)
- https://hackerone.com/reports/55842 | [persistent cross-site scripting] customers can target admins
- https://hackerone.com/reports/55911 | CSRF token fixation in facebook store app that can lead to adding attacker to victim acc
- https://hackerone.com/reports/56002 | Shopify android client all API request's response leakage, including access_token, cookie, response header, response body content
- https://hackerone.com/reports/56385 | Double free vulnerability in Flash Player Settings Manager (CVE-2015-0346)
- https://hackerone.com/reports/56511 | IDOR expire other user sessions
- https://hackerone.com/reports/56626 | Shop admin can change external login services
- https://hackerone.com/reports/56742 | SPF whitelist of mandrill leads to email forgery
- https://hackerone.com/reports/56779 | XSS on ecommerce.shopify.com
- https://hackerone.com/reports/56828 | SSRF vulnerablity in app webhooks
- https://hackerone.com/reports/56936 | Notification request disclose private information about other myshopify accounts
- https://hackerone.com/reports/57163 | Open-redirect on hackerone.com
- https://hackerone.com/reports/57356 | DOM based cookie bomb
- https://hackerone.com/reports/57459 | XSS in experts.shopify.com
- https://hackerone.com/reports/57603 | API: missing invalidation of OAuth2 Authorization Code during access revocation causes authorization bypass
- https://hackerone.com/reports/57692 | Server responds with the server error logs on account creation
- https://hackerone.com/reports/57764 | ByPassing the email Validation Email on Sign up process in mobile apps
- https://hackerone.com/reports/57914 | HTML injection in email sent by romit.io
- https://hackerone.com/reports/57918 | Insecure Local Data Storage : Application stores data using a binary sqlite database
- https://hackerone.com/reports/58612 | Homograph attack
- https://hackerone.com/reports/58630 | Content Spoofing
- https://hackerone.com/reports/58679 | SSL cookie without secure flag set
- https://hackerone.com/reports/59015 | Stored XSS in the Shopify Discussion Forums
- https://hackerone.com/reports/59179 | Race condition when redeeming coupon codes
- https://hackerone.com/reports/59356 | XSS in dropbox main domain
- https://hackerone.com/reports/59369 | Making any Report Failed to load
- https://hackerone.com/reports/59375 | Homograph attack
- https://hackerone.com/reports/59469 | Fake URL + Additional vectors for homograph attack
- https://hackerone.com/reports/59505 | Create and Update patients vulnerability
- https://hackerone.com/reports/59508 | Accessing all appointments vulnerability
- https://hackerone.com/reports/59659 | Reopen Disable Accounts/ Hidden Access After Disable
- https://hackerone.com/reports/60016 | xss profile
- https://hackerone.com/reports/60058 | teach.udemy.com log poison vulnerability through wordpress debug.log being publically available
- https://hackerone.com/reports/60402 | Content Spoofing - External Link Warning Page
- https://hackerone.com/reports/60573 | http://fitter1.i.mail.ru/browser/ торчит Graphite в мир
- https://hackerone.com/reports/61312 | Bypass of the SSRF protection (Slack commands, Phabricator integration)
- https://hackerone.com/reports/61367 | xss on autoserch
- https://hackerone.com/reports/61371 | leak receipt of another user
- https://hackerone.com/reports/62301 | Ability to add pishing links in discusion ," Bypassing uneductional Links add "
- https://hackerone.com/reports/62400 | XSS on https://www.udemy.com/asset/export.html
- https://hackerone.com/reports/62427 | XSS in myshopify.com Admin site in TAX Overrides
- https://hackerone.com/reports/62531 | tt-mac.i.mail.ru: Quagga 0.99.23.1 (Router) : Default password and default enable password
- https://hackerone.com/reports/62544 | http://tp-dev1.tp.smailru.net/
- https://hackerone.com/reports/62778 | Multiple sub domain are vulnerable because of leaking full path
- https://hackerone.com/reports/62861 | Bulk Discount App in myshopify.com exposes http://bulkdiscounts.shopifyapps.com vulnerable to XSS
- https://hackerone.com/reports/63158 | External URL page bypass
- https://hackerone.com/reports/63324 | Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298
- https://hackerone.com/reports/63537 | XSS in https://app.mavenlink.com/workspaces/
- https://hackerone.com/reports/63729 | Logic error with notifications: user that has left team continues to receive notifications and can not 'clean' this area on account
- https://hackerone.com/reports/63865 | Potential denial of service in hackerone.com//reward_settings
- https://hackerone.com/reports/63888 | Cross site scripting
- https://hackerone.com/reports/64731 | Able to intercept app Traffic after choosing up the Secured Connection using SSL (HTTPS)
- https://hackerone.com/reports/64963 | API: Bug in method auth.validatePhone
- https://hackerone.com/reports/65013 | HTML Injection на e.mail.ru
- https://hackerone.com/reports/65084 | Big Bug with Vault which i have already reported: Case #606962
- https://hackerone.com/reports/65284 | Stored Cross-Site Scripting in Map Share Page
- https://hackerone.com/reports/65330 | �е до�таточна� проверка логина �кайп
- https://hackerone.com/reports/65729 | Activities are not Protected and able to crash app using other app (Can Malware or third parry app).
- https://hackerone.com/reports/66121 | XSS at http://vk.com on IE using flash files
- https://hackerone.com/reports/66151 | Invitation is not properly cancelled while inviting to bug reports.
- https://hackerone.com/reports/66235 | У�звимо�ть в Указание ме�т на фото + фича + хакинг
- https://hackerone.com/reports/66257 | [s.mail.ru] CRLF Injection
- https://hackerone.com/reports/66262 | mailto: link injection on https://hackerone.com/directory
- https://hackerone.com/reports/66386 | [www.*.myshopify.com] CRLF Injection
- https://hackerone.com/reports/66962 | Misusing of FPU Instruction Could Cause Security Vulnerabilities in Adobe Flash Player
- https://hackerone.com/reports/67125 | XSS at importing Product List
- https://hackerone.com/reports/67132 | XSS at Bulk editing products
- https://hackerone.com/reports/67161 | Possible xWork classLoader RCE: shared.mail.ru
- https://hackerone.com/reports/67220 | Expire User Sessions in Admin Site does not expire user session in Shopify Application in IOS
- https://hackerone.com/reports/67377 | SSRF via 'Add Image from URL' feature
- https://hackerone.com/reports/67386 | [my.mail.ru] CRLF Injection
- https://hackerone.com/reports/67389 | SSRF via 'Insert Image' feature of Products/Collections/Frontpage
- https://hackerone.com/reports/67660 | Verification code issues for Two-Step Authentication
- https://hackerone.com/reports/71614 | XSS in Myshopify Admin Site in DISCOUNTS
- https://hackerone.com/reports/72243 | Publicly exposed SVN repository, ht.pornhub.com
- https://hackerone.com/reports/72331 | XSS at Bulk editing ProductVariants
- https://hackerone.com/reports/72785 | CSV Injection with the CVS export feature
- https://hackerone.com/reports/73234 | out of bounds read crashes php-cgi
- https://hackerone.com/reports/73235 | Use After Free Vulnerability in unserialize()
- https://hackerone.com/reports/73236 | X509_to_X509_REQ NULL pointer deref
- https://hackerone.com/reports/73237 | Buffer Over flow when parsing tar/zip/phar in phar_set_inode
- https://hackerone.com/reports/73238 | Buffer Over-read in unserialize when parsing Phar
- https://hackerone.com/reports/73239 | ZIP Integer Overflow leads to writing past heap boundary
- https://hackerone.com/reports/73240 | Integer overflow in ftp_genlist() resulting in heap overflow
- https://hackerone.com/reports/73241 | Malformed ECParameters causes infinite loop
- https://hackerone.com/reports/73244 | Use after free vulnerability in unserialize() with DateInterval
- https://hackerone.com/reports/73245 | Type Confusion Vulnerability in SoapClient
- https://hackerone.com/reports/73246 | Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER
- https://hackerone.com/reports/73247 | php_stream_url_wrap_http_ex() type-confusion vulnerability
- https://hackerone.com/reports/73248 | Tokenizer crash when processing undecodable source code
- https://hackerone.com/reports/73249 | Multiple use after free bugs in element module
- https://hackerone.com/reports/73250 | Multiple use after free bugs in heapq module
- https://hackerone.com/reports/73251 | Multiple use after free bugs in json encoding
- https://hackerone.com/reports/73252 | Use after free in get_filter
- https://hackerone.com/reports/73253 | Multiple type confusions in unicode error handlers
- https://hackerone.com/reports/73255 | str_repeat() sign mismatch based memory corruption
- https://hackerone.com/reports/73256 | PHP yaml_parse/yaml_parse_file/yaml_parse_url Double Free
- https://hackerone.com/reports/73257 | PHP yaml_parse/yaml_parse_file/yaml_parse_url Unsafe Deserialization
- https://hackerone.com/reports/73258 | Python: imageop Unsafe Arithmetic
- https://hackerone.com/reports/73259 | Integer overflow in _pickle.c
- https://hackerone.com/reports/73260 | Integer overflow in _json_encode_unicode leads to crash
- https://hackerone.com/reports/73276 | Internet-based attacker can run Flash apps in local sandboxes by using special URL schemes (PSIRT-3299, CVE-2015-3079)
- https://hackerone.com/reports/73491 | Buffer Overflow in PHP of the AirMax Products
- https://hackerone.com/reports/73566 | Reflected XSS in chat
- https://hackerone.com/reports/73567 | Attention! Remote Code Execution at http://wpt.ec2.shopify.com/
- https://hackerone.com/reports/73808 | Extremely high Course rating values could be set in order to make really high Average rating of the course. Negative values could be set to.
- https://hackerone.com/reports/74004 | Other Buffer Overflow in PHP of the AirMax Products
- https://hackerone.com/reports/74025 | Yet another Buffer Overflow in PHP of the AirMax Products
- https://hackerone.com/reports/74147 | Potential for financial loss, negative Values for "Buy fee" and "Sell Fee"
- https://hackerone.com/reports/75357 | Session Cookie without HttpOnly and secure flag set
- https://hackerone.com/reports/75556 | Accessing title of the report of which you are marked as duplicate
- https://hackerone.com/reports/75702 | No rate limit which leads to "Users information Disclosure" including verfification documents etc.
- https://hackerone.com/reports/75727 | Stored Cross site scripting In developer.zendesk.com
- https://hackerone.com/reports/76307 | Self XSS Protection not used , I can trick users to insert JavaScript
- https://hackerone.com/reports/76713 | XSS - Gallery Search Listing
- https://hackerone.com/reports/76733 | Using GET method for account login with CSRF token leaking to external sites Via Referer.
- https://hackerone.com/reports/76738 | Open redirect filter bypass
- https://hackerone.com/reports/77060 | SMTP protection not used
- https://hackerone.com/reports/77065 | Stealing CSRF Tokens
- https://hackerone.com/reports/77067 | No rate limiting for sensitive actions (like "forgot password") enables user enumeration
- https://hackerone.com/reports/77076 | GA code not verified on the server side allows sending Verification Documents on behalf of another user
- https://hackerone.com/reports/77081 | Content Sniffing not disabled
- https://hackerone.com/reports/77221 | Open/Unvalidated Redirect Issue
- https://hackerone.com/reports/77231 | Weak Cryptographic Hash
- https://hackerone.com/reports/77319 | Full path disclosure at https://keybase.io/_/api/1.0/invitation_request.json
- https://hackerone.com/reports/77802 | TCP Source Port Pass Firewall
- https://hackerone.com/reports/78052 | xss in group
- https://hackerone.com/reports/78158 | Wrong Handling of Content-Type allows Flash injection and Rosseta flash patch bypass
- https://hackerone.com/reports/78219 | Покупка пе�ни дешевле, чем она �тоит.
- https://hackerone.com/reports/78253 | Покупка=>�качка пе�ен, которые не предназначены дл� продажи
- https://hackerone.com/reports/78412 | Cross site scripting
- https://hackerone.com/reports/78436 | (URGENT!) Покупка OK дешевле, чем он �тоит
- https://hackerone.com/reports/78443 | Time-Based Blind SQL Injection Attacks
- https://hackerone.com/reports/78516 | До�туп к чужим приватным фотографи�м (3) через обложку видео
- https://hackerone.com/reports/78765 | information disclosure
- https://hackerone.com/reports/79046 | До�туп к чужим групповым бе�едам.
- https://hackerone.com/reports/79185 | Content spoofing through Referel header
- https://hackerone.com/reports/79348 | OSX slack:// protocol handler javascript injection
- https://hackerone.com/reports/79393 | �ткрытый до�туп к корпоративным данным.
- https://hackerone.com/reports/79552 | [gratipay.com] CRLF Injection
- https://hackerone.com/reports/80298 | Внедрение произвольного javascript-�ценари� в функционале про�мотра изображений мобильной вер�ии �айта
- https://hackerone.com/reports/80597 | Number of invited researchers disclosed as part of JSON search response
- https://hackerone.com/reports/80936 | Private Program and bounty details disclosed as part of JSON search response
- https://hackerone.com/reports/80990 | JetBrains .idea project directory
- https://hackerone.com/reports/81083 | Internal bounty and swag details disclosed as part of JSON response
- https://hackerone.com/reports/81441 | XSS https://delivery.shopifyapps.com/ (Digital Downloads App in myshopify.com)
- https://hackerone.com/reports/81701 | Possible SQL injection on "Jump to twitter"
- https://hackerone.com/reports/81736 | XSS in WordPress
- https://hackerone.com/reports/81757 | Reflected XSS in chat.
- https://hackerone.com/reports/82725 | Stored XSS in comments
- https://hackerone.com/reports/84287 | DKIM records not present, Email Hijacking is possible
- https://hackerone.com/reports/84601 | XSS and cache poisoning via upload.twitter.com on ton.twitter.com
- https://hackerone.com/reports/84709 | [API ISSUE] agents can Create agents even after they are disabled !
- https://hackerone.com/reports/84740 | Stored XSS On Statement
- https://hackerone.com/reports/85201 | Full Path Disclosure
- https://hackerone.com/reports/85291 | XSS https://www.shopify.com/signup
- https://hackerone.com/reports/85488 | Stored XSS on player.vimeo.com
- https://hackerone.com/reports/85615 | Reflected XSS on vimeo.com/musicstore
- https://hackerone.com/reports/85624 | Highly wormable clickjacking in player card
- https://hackerone.com/reports/85720 | IDOR on remoing Share
- https://hackerone.com/reports/86022 | Multiple so called 'type juggling' attacks. Most notably PhabricatorUser::validateCSRFToken() is 'bypassable' in certain cases.
- https://hackerone.com/reports/86468 | [https://www.anghami.com/updatemailinfo/] Sql Injection
- https://hackerone.com/reports/86504 | [CRITICAL] Login To Any Account Linked With Google+ With Email Only
- https://hackerone.com/reports/87027 | [keybase.io] Open Redirect
- https://hackerone.com/reports/87040 | XSS on OAuth authorize/authenticate endpoint
- https://hackerone.com/reports/87168 | www.shopify.com XSS on blog pages via sharing buttons
- https://hackerone.com/reports/87505 | Full Path Disclosure
- https://hackerone.com/reports/87531 | Mail spaming
- https://hackerone.com/reports/87577 | Stored XSS on vimeo.com and player.vimeo.com
- https://hackerone.com/reports/87586 | �ебезопа�на� �хема выдачи номера карты QVC (возможно, также QVV и QVP)
- https://hackerone.com/reports/87588 | XSS Vulnerability
- https://hackerone.com/reports/87854 | XSS on vimeo.com/home after other user follows you
- https://hackerone.com/reports/88105 | XSS on vimeo.com | "Search within these results" feature (requires user interaction)
- https://hackerone.com/reports/88395 | Information leakage through Graphviz blocks
- https://hackerone.com/reports/88508 | XSS when using captions/subtitles on video player based on Flash (requires user interaction)
- https://hackerone.com/reports/88719 | Multiple DOMXSS on Amplify Web Player
- https://hackerone.com/reports/88881 | XSS: https://light.mail.ru/compose, https://m.mail.ru/compose/[id]/reply при ответе на �пециальным образом �формированное пи�ьмо
- https://hackerone.com/reports/89505 | Self-XSS in posts by formatting text as code
- https://hackerone.com/reports/89624 | Cross-site Scripting https://www.zendesk.com/product/pricing/
- https://hackerone.com/reports/90131 | CSV Excel Macro Injection Vulnerability in export customer tickets
- https://hackerone.com/reports/90172 | Tweetdeck (twitter owned app) not revoked
- https://hackerone.com/reports/90274 | CSV Excel Macro Injection Vulnerability in export chat logs
- https://hackerone.com/reports/90308 | User email enumuration using Gmail
- https://hackerone.com/reports/90688 | create staff member without owner access
- https://hackerone.com/reports/90690 | change Login Services settings without owner access
- https://hackerone.com/reports/90753 | Content Spoofing
- https://hackerone.com/reports/91343 | Information disclosure (No rate limting in forgot password & other login)
- https://hackerone.com/reports/91421 | Reflected Flash XSS using swfupload.swf with an epileptic reloading to bypass the button-event
- https://hackerone.com/reports/91599 | WooCommerce: Support Ticket indirect object reference
- https://hackerone.com/reports/91816 | Server Side Request Forgery In Video to GIF Functionality
- https://hackerone.com/reports/92251 | Issue with Password reset functionality
- https://hackerone.com/reports/92353 | CSV Injection in polldaddy.com
- https://hackerone.com/reports/92472 | Tokens from services like Facebook can be stolen
- https://hackerone.com/reports/92740 | SPF records not found
- https://hackerone.com/reports/93004 | unauthorized access to all collections name
- https://hackerone.com/reports/93020 | Спо�об узнать им� человека и ВУЗ удаленной �траницы
- https://hackerone.com/reports/93394 | Unauthenticated access to details of hidden products in any shop via title emuneration
- https://hackerone.com/reports/93691 | Arbitrary write on s3://shopify-delivery-app-storage/files
- https://hackerone.com/reports/93901 | Bypassing password requirement during deletion of accout
- https://hackerone.com/reports/93921 | Unauthorized access to all collections, products, pages from other stores
- https://hackerone.com/reports/94087 | Arbitrary read on s3://shopify-delivery-app-storage/files
- https://hackerone.com/reports/94230 | Cross-site Scripting in all Zopim
- https://hackerone.com/reports/94584 | Sql-inj in https://maximum.com/ajax/people
- https://hackerone.com/reports/94610 | Version Disclosure (NginX)
- https://hackerone.com/reports/94637 | Host Header Injection/Redirection
- https://hackerone.com/reports/94642 | SMS Invite Form Abuse
- https://hackerone.com/reports/94899 | Paid account can review\download any invoice of any other shop
- https://hackerone.com/reports/94909 | XSS risk reduction with X-XSS-Protection: 1; mode=block header
- https://hackerone.com/reports/95089 | Reflected XSS in cart at hardware.shopify.com
- https://hackerone.com/reports/95231 | XSS in the "Poll" Feature on Twitter.com
- https://hackerone.com/reports/95243 | Following a User Actually Follows Another User
- https://hackerone.com/reports/95552 | IDOR- Activate Mopub on different organizations- steal api token- Fabric.io
- https://hackerone.com/reports/95555 | CSRF on cards API
- https://hackerone.com/reports/95564 | Persistent XSS in image title
- https://hackerone.com/reports/95589 | Privilege escalation and circumvention of permission to limited access user
- https://hackerone.com/reports/95981 | Http Response Splitting - Validate link
- https://hackerone.com/reports/96229 | XSS on player.vimeo.com without user interaction and vimeo.com with user interaction
- https://hackerone.com/reports/96337 | Stored XSS in Slack (weird, trial and error)
- https://hackerone.com/reports/96470 | Missing of csrf protection
- https://hackerone.com/reports/96636 | Password Reset - query param overrides postdata
- https://hackerone.com/reports/96662 | crossdomain.xml too permissive on eu1.badoo.com, us1.badoo.com, etc.
- https://hackerone.com/reports/96847 | Un-handled exception leads to Information Disclosure
- https://hackerone.com/reports/96855 | Staff members with no permission to access domains can access them.
- https://hackerone.com/reports/96890 | A 'Full access' administrator is able to see the shop owners user details
- https://hackerone.com/reports/96908 | An administrator without the 'Settings' permission is able to see payment gateways
- https://hackerone.com/reports/97161 | Can see private tweets via keyword searches on tweetdeck
- https://hackerone.com/reports/97191 | Send AJAX request to external domain
- https://hackerone.com/reports/97292 | HTTP header injection in info.hackerone.com allows setting cookies for hackerone.com
- https://hackerone.com/reports/97295 | Multiple critical vulnerabilities in Odnoklassniki Android application
- https://hackerone.com/reports/97452 | Staff members with no permission can access to the files, uploaded by the administrator
- https://hackerone.com/reports/97501 | SVG parser loads external resources on image upload
- https://hackerone.com/reports/97510 | Following a User After Favoriting Actually Follows Another User (related to #95243)
- https://hackerone.com/reports/97535 | List of devices is accessible regardless of the account limitations
- https://hackerone.com/reports/97657 | File upload XSS (Java applet) on http://slackatwork.com/
- https://hackerone.com/reports/97672 | File Upload XSS in image uploading of App in mopub
- https://hackerone.com/reports/97683 | Reflected Self-XSS in Slack
- https://hackerone.com/reports/97938 | XSS m.imgur.com
- https://hackerone.com/reports/97948 | Cross-domain AJAX request
- https://hackerone.com/reports/98012 | Stored XSS on https://www.algolia.com/realtime-search-demo/*
- https://hackerone.com/reports/98247 | login to any user's cashier account and full account information disclosure
- https://hackerone.com/reports/98259 | 'Limited' RCE in certain places where Liquid is accepted
- https://hackerone.com/reports/98281 | XSS Reflected in test.qiwi.ru
- https://hackerone.com/reports/98432 | Urgent : Disclosure of all the apps with hash ID in mopub through API request (Authentication bypass)
- https://hackerone.com/reports/98469 | Email Verification Link can be Used as Password Reset Link!
- https://hackerone.com/reports/98499 | Apps can access 'channels' beta api
- https://hackerone.com/reports/99157 | RC4 cipher suites detected on status.slack.com
- https://hackerone.com/reports/99245 | XSS in L.mapbox.shareControl in mapbox.js
- https://hackerone.com/reports/99321 | [CSRF] Activate PayPal Express Checkout
- https://hackerone.com/reports/99368 | an xss issue
- https://hackerone.com/reports/99374 | deleted staff member can add his amazon marketplace web services account to the store.
- https://hackerone.com/reports/99424 | Mass Assignment Vulnerability in partners.uber.com
- https://hackerone.com/reports/99435 | Open redirect helps to steal Facebook access_token
- https://hackerone.com/reports/99594 | Reflected XSS on www.boozt.com
- https://hackerone.com/reports/99600 | Urgent : Unauthorised Access to Media content of all Direct messages and protected tweets(Indirect object reference)
- https://hackerone.com/reports/99647 | CSRF Add Album On onpatient.com
- https://hackerone.com/reports/99708 | Limited CSRF bypass.
- https://hackerone.com/reports/99857 | Request Accepts without X-CSRFToken [ Header - Cookie ]
- https://hackerone.com/reports/99969 | User with limited access to Index configuration can rename the Index
- https://hackerone.com/reports/100509 | Pre-generation of 2FA secret/backup codes seems like an unnecessary risk
- https://hackerone.com/reports/100820 | Add tweet to collection CSRF
- https://hackerone.com/reports/100849 | URGENT : NICHE.co Account Take Over Vulnerability
- https://hackerone.com/reports/100931 | xss in link items (mopub.com)
- https://hackerone.com/reports/100938 | An administrator without any permission is able to get order notifications using his APNS Token.
- https://hackerone.com/reports/101063 | Drivers can change profile picture
- https://hackerone.com/reports/101104 | Subdomain Expired
- https://hackerone.com/reports/101145 | Remove anyone's pic gravtar
- https://hackerone.com/reports/101324 | RC4 cipher suites detected
- https://hackerone.com/reports/101330 | SSL certificate invalid date
- https://hackerone.com/reports/101331 | RC4 cipher suites detected
- https://hackerone.com/reports/101450 | XSS in creating tweets
- https://hackerone.com/reports/101909 | account.ubnt.com CSRF
- https://hackerone.com/reports/101962 | Open redirect using theme install
- https://hackerone.com/reports/102194 | [CRITICAL] CSRF leading to account take over
- https://hackerone.com/reports/102234 | Same-Origin Policy bypass on main domain - ok.ru
- https://hackerone.com/reports/102236 | Same-Origin Policy Bypass #2
- https://hackerone.com/reports/102327 | content injection
- https://hackerone.com/reports/102376 | �бход защиты от csrf-ок в m.ok.ru
- https://hackerone.com/reports/102755 | Stored XSS in name selection
- https://hackerone.com/reports/103351 | [CSRF] Install premium themes
- https://hackerone.com/reports/103772 | Open Redirect at *.myshopify.com/account/login?checkout_url=
- https://hackerone.com/reports/103787 | CSRF possible when SOP Bypass/UXSS is available
- https://hackerone.com/reports/103990 | Null pointer dereference in phar_get_fp_offset()
- https://hackerone.com/reports/103991 | mod_lua: Crash in websockets PING handling
- https://hackerone.com/reports/103992 | Integer overflow in _Unpickler_Read
- https://hackerone.com/reports/103993 | Request Hijacking Vulnerability In RubyGems 2.4.6 And Earlier
- https://hackerone.com/reports/103994 | Python 3.3 - 3.5 product_setstate() Out-of-bounds Read
- https://hackerone.com/reports/103995 | Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
- https://hackerone.com/reports/103996 | Use After Free Vulnerability in unserialize() with SplObjectStorage
- https://hackerone.com/reports/103997 | Use After Free Vulnerability in unserialize()
- https://hackerone.com/reports/103998 | Use After Free Vulnerability in session deserializer
- https://hackerone.com/reports/103999 | Use after free vulnerability in unserialize() with GMP
- https://hackerone.com/reports/104000 | Python xmlparse_setattro() Type Confusion
- https://hackerone.com/reports/104001 | time_strftime() Buffer Over-read
- https://hackerone.com/reports/104002 | Python scan_eol() Buffer Over-read
- https://hackerone.com/reports/104003 | Python deque.index() uninitialized memory
- https://hackerone.com/reports/104004 | Mem out-of-bounds write (segfault) in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER
- https://hackerone.com/reports/104005 | null pointer deref (segfault) in zend_eval_const_expr
- https://hackerone.com/reports/104006 | Null pointer deref (segfault) in spl_autoload via ob_start
- https://hackerone.com/reports/104007 | Buffer over-read in exif_read_data with TIFF IFD tag
- https://hackerone.com/reports/104008 | Uninitialized pointer in phar_make_dirstream
- https://hackerone.com/reports/104009 | zend_throw_or_error() format string vulnerability
- https://hackerone.com/reports/104010 | SOAP serialize_function_call() type confusion / RCE
- https://hackerone.com/reports/104011 | AddressSanitizer reports a global buffer overflow in mkgmtime() function
- https://hackerone.com/reports/104012 | Integer overflow in unserialize() (32-bits only)
- https://hackerone.com/reports/104013 | heap buffer overflow in enchant_broker_request_dict()
- https://hackerone.com/reports/104014 | libcurl duphandle read out of bounds
- https://hackerone.com/reports/104015 | curl_setopt_array() type confusion
- https://hackerone.com/reports/104016 | Dangling pointer in the unserialization of ArrayObject items
- https://hackerone.com/reports/104017 | Arbitrary code execution in str_ireplace function
- https://hackerone.com/reports/104018 | Multiple Use After Free Vulnerabilites in unserialize()
- https://hackerone.com/reports/104019 | Files extracted from archive may be placed outside of destination directory
- https://hackerone.com/reports/104020 | audioop.lin2adpcm Buffer Over-read
- https://hackerone.com/reports/104021 | audioop.adpcm2lin Buffer Over-read
- https://hackerone.com/reports/104022 | hotshot pack_string Heap Buffer Overflow
- https://hackerone.com/reports/104023 | bytearray.find Buffer Over-read
- https://hackerone.com/reports/104024 | array.fromstring Use After Free
- https://hackerone.com/reports/104025 | use after free in load_newobj_ex
- https://hackerone.com/reports/104026 | invalid pointer free() in phar_tar_process_metadata()
- https://hackerone.com/reports/104027 | Memory Corruption in phar_parse_tarfile when entry filename starts with null
- https://hackerone.com/reports/104028 | Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)
- https://hackerone.com/reports/104032 | PyFloat_FromString & PyNumber_Long Buffer Over-reads
- https://hackerone.com/reports/104033 | tokenizer crash when processing undecodable source code
- https://hackerone.com/reports/104087 | Trick make all fixed open redirect links vulnerable again
- https://hackerone.com/reports/104359 | shopifyapps.com XSS on sales channels via currency formatting
- https://hackerone.com/reports/104465 | git-fastclone allows arbitrary command execution through usage of ext remote URLs in submodules
- https://hackerone.com/reports/104543 | HTML injection in apps user review
- https://hackerone.com/reports/104559 | XSS on codex.wordpress.org
- https://hackerone.com/reports/104917 | Cross-Site Scripting Reflected On Main Domain
- https://hackerone.com/reports/104931 | CSRF in Connecting Pinterest Account
- https://hackerone.com/reports/105190 | Unsafe usage of Ruby string interpolation enabling command injection in git-fastclone
- https://hackerone.com/reports/105419 | Cookie-Based Injection
- https://hackerone.com/reports/105463 | risk of having secure=false in a crossdomain.xml
- https://hackerone.com/reports/105659 | many xss in widgets.shopifyapps.com
- https://hackerone.com/reports/105688 | DOM Based XSS in Checkout
- https://hackerone.com/reports/105887 | Know whether private program for company exist or not
- https://hackerone.com/reports/105953 | Parameter pollution in social sharing buttons
- https://hackerone.com/reports/105977 | DLL Hijacking Vulnerability in GlassWireSetup.exe
- https://hackerone.com/reports/105991 | "Remember me" token generated when "Remember me" box unchecked
- https://hackerone.com/reports/106084 | Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports
- https://hackerone.com/reports/106293 | Reflective XSS on wholesale.shopify.com
- https://hackerone.com/reports/106305 | Improve signals in reputation
- https://hackerone.com/reports/106348 | text injection can be used in phishing 404 page should not include attacker text
- https://hackerone.com/reports/106350 | text injection can be used in phishing 404 page should not include attacker text
- https://hackerone.com/reports/106384 | Application error message
- https://hackerone.com/reports/106427 | HTTP-Response-Splitting on v.shopify.com
- https://hackerone.com/reports/106548 | Format string vulnerability in zend_throw_or_error()
- https://hackerone.com/reports/106636 | Strored Cross Site Scripting
- https://hackerone.com/reports/106779 | Stored XSS in comments
- https://hackerone.com/reports/106897 | Stored XSS in /admin/orders
- https://hackerone.com/reports/106982 | XSS in imgur mobile
- https://hackerone.com/reports/107036 | XSS in imgur mobile 3
- https://hackerone.com/reports/107213 | GlassWireSetup.exe subject to EXE planting attack
- https://hackerone.com/reports/107296 | Possible Timing Side-Channel in XMLRPC Verification
- https://hackerone.com/reports/107336 | Team Member(s) associated with a Group have Read-only permission (Post internal comments) can post comment to all the participants
- https://hackerone.com/reports/107358 | reflected in xss
- https://hackerone.com/reports/107780 | [cfire.mail.ru] Time Based SQL Injection
- https://hackerone.com/reports/107960 | Reflected File Download in community.ubnt.com/restapi/
- https://hackerone.com/reports/108082 | Exploiting unauthenticated encryption mode
- https://hackerone.com/reports/108113 | Bypassing callback_url validation on Digits
- https://hackerone.com/reports/108681 | Use After Free Vulnerability in WDDX Packet Deserialization
- https://hackerone.com/reports/108682 | Type Confusion Vulnerability in PHP_to_XMLRPC_worker()
- https://hackerone.com/reports/108683 | Session WDDX Packet Deserialization Type Confusion Vulnerability
- https://hackerone.com/reports/109054 | HTTP trace method is enabled
- https://hackerone.com/reports/109161 | protect against tabnabbing in statement
- https://hackerone.com/reports/109175 | Use After Free in sortWithSortKeys()
- https://hackerone.com/reports/109212 | [parapa.mail.ru] SQL Injection
- https://hackerone.com/reports/109483 | User with Read-Only permissions can request/approve public disclosure
- https://hackerone.com/reports/109699 | Subdomain Takeover in http://assets.goubiquiti.com/
- https://hackerone.com/reports/109815 | Direct URL access to completed reports
- https://hackerone.com/reports/109843 | Uninitialized pointer in phar_make_dirstream()
- https://hackerone.com/reports/109959 | Extended policy checks are buggy
- https://hackerone.com/reports/110293 | Insufficient OAuth callback validation which leads to Periscope account takeover
- https://hackerone.com/reports/110352 | Perl 5.22 VDir::MapPathA/W Out-of-bounds Reads and Buffer Over-reads
- https://hackerone.com/reports/110417 | Heap corruption in tar/zip/phar parser
- https://hackerone.com/reports/110467 | Bypassing Digits bridge origin validation
- https://hackerone.com/reports/110578 | HTML injection can lead to data theft
- https://hackerone.com/reports/110655 | Information Exposure Through Directory Listing
- https://hackerone.com/reports/110720 | Arbitary Memory Read via gdImageRotateInterpolated Array Index Out of Bounds
- https://hackerone.com/reports/110722 | Heap BufferOver Flow in escapeshellargs and escapeshellcmd functions
- https://hackerone.com/reports/110801 | Internal GET SSRF via CSRF with Press This scan feature
- https://hackerone.com/reports/111078 | Sub Domain Take over
- https://hackerone.com/reports/111094 | Content Spoofing OR Text Injection in https://withinsecurity.com
- https://hackerone.com/reports/111192 | CSV Injection via the CSV export feature
- https://hackerone.com/reports/111216 | Twitter Disconnect CSRF
- https://hackerone.com/reports/111218 | Attach Pinterest account - no State/CSRF parameter in Oauth Call back
- https://hackerone.com/reports/111365 | XSS at www.woothemes.com
- https://hackerone.com/reports/111386 | Legacy API exposes private video titles
- https://hackerone.com/reports/111417 | Checking whether user liked the media or not even when you are blocked
- https://hackerone.com/reports/111500 | XSS at wordpress.com
- https://hackerone.com/reports/111752 | Big Bug in SSL : breach compression attack (CVE-2013-3587) affect imgur.com
- https://hackerone.com/reports/111860 | Error Page Text Injection #106350
- https://hackerone.com/reports/111915 | [CRITICAL] HTML injection issue leading to account take over
- https://hackerone.com/reports/111950 | [allods.my.com] SSRF / XSPA
- https://hackerone.com/reports/111968 | Interstitial redirect bypass / open redirect in https://hackerone.com/zendesk_session
- https://hackerone.com/reports/112057 | Heapoverflow in zipimporter module
- https://hackerone.com/reports/112386 | smartlist_add, smartlist_insert (may) cause heap corruption as a result of inadequate checks in smartlist_ensure_capacity
- https://hackerone.com/reports/112496 | Session Issue Maybe Can lead to huge loss [CRITICAL]
- https://hackerone.com/reports/112555 | [afisha.mail.ru] SQL Injection
- https://hackerone.com/reports/112632 | [tor] libevent dns remote stack overread vulnerability
- https://hackerone.com/reports/112723 | PHP-FPM fpm_log.c memory leak and buffer overflow
- https://hackerone.com/reports/112784 | libevent (stack) buffer overflow in evutil_parse_sockaddr_port
- https://hackerone.com/reports/112855 | EIP control using type confusion in json encoding
- https://hackerone.com/reports/112858 | UAF in xmlparser_setevents (1)
- https://hackerone.com/reports/112860 | UAF in xmlparser_setevents (2)
- https://hackerone.com/reports/112863 | Trivial age-old heap overflow in 32-bit PHP
- https://hackerone.com/reports/112935 | Unintended HTML inclusion as a result of https://hackerone.com/reports/110578
- https://hackerone.com/reports/112955 | WordPress Failure Notice page will generate arbitrary hyperlinks
- https://hackerone.com/reports/113070 | Multiple issues with Markdown and URL parsing
- https://hackerone.com/reports/113112 | Open-redirect on paragonie.com
- https://hackerone.com/reports/113120 | An integer overflow bug in php_implode() could lead heap overflow, make PHP to crash
- https://hackerone.com/reports/113122 | An integer overflow bug in php_str_to_str_ex() led arbitrary code execution.
- https://hackerone.com/reports/113268 | Integer overflow in wordwrap
- https://hackerone.com/reports/113288 | OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)
- https://hackerone.com/reports/113424 | [tor] control connection pre-auth DoS (infinite loop) with --enable-bufferevents
- https://hackerone.com/reports/113798 | Null pointer deref with ob_start with compact
- https://hackerone.com/reports/113799 | Null pointer deref with ob_start with get_defined_vars
- https://hackerone.com/reports/114024 | Stack overflow when decompressing tar archives
- https://hackerone.com/reports/114078 | Use-after-free vulnerability in SPL(ArrayObject, unserialize)
- https://hackerone.com/reports/114079 | Use-after-free vulnerability in SPL(SplObjectStorage, unserialize)
- https://hackerone.com/reports/114125 | Remote Server Restart Lead to Denial of Server by only one Request.
- https://hackerone.com/reports/114169 | Bypassing Digits web authentication's host validation with HPP
- https://hackerone.com/reports/114172 | Out-of-Bound Read in phar_parse_zipfile()
- https://hackerone.com/reports/114339 | Type Confusion in WDDX Packet Deserialization
- https://hackerone.com/reports/114414 | openssl_seal() uninitialized memory usage
- https://hackerone.com/reports/114430 | CSRF on https://shopify.com/plus
- https://hackerone.com/reports/114476 | Внедрение внешних �ущно�тей в функционале импорта пользователей YouTrack
- https://hackerone.com/reports/114529 | Content Spoofing and Local Redirect in Mapbox Studio
- https://hackerone.com/reports/114698 | Remote Server Restart Lead to Denial of Service by only one Request.
- https://hackerone.com/reports/115007 | Race conditions can be used to bypass invitation limit
- https://hackerone.com/reports/115205 | Putting link inside link in markdown
- https://hackerone.com/reports/115230 | Content spoofing due to the improper behavior of the not-found meesage
- https://hackerone.com/reports/115275 | SPF DNS Record
- https://hackerone.com/reports/115284 | prevent content spoofing on /search
- https://hackerone.com/reports/115291 | [orsotenslimselfie.lady.mail.ru] SQL Injection
- https://hackerone.com/reports/115337 | Full Path Disclosure
- https://hackerone.com/reports/115686 | [tor] pre-emptive defenses, potential vulnerabilities
- https://hackerone.com/reports/115702 | [tor] libevent dns OOB read
- https://hackerone.com/reports/115748 | SSRF in https://imgur.com/vidgif/url
- https://hackerone.com/reports/115857 | SSRF and local file read in video to gif converter
- https://hackerone.com/reports/115978 | SSRF / Local file enumeration / DoS due to improper handling of certain file formats by ffmpeg
- https://hackerone.com/reports/116006 | XSS on hardware.shopify.com
- https://hackerone.com/reports/116029 | Private program activity timeline information disclosure
- https://hackerone.com/reports/116032 | Private Program Disclosure in /:handle/reports/draft.json endpoint
- https://hackerone.com/reports/116286 | Type confusion in partial.setstate, partial_repr, partial_call leads to memory corruption, reliable control flow hijack
- https://hackerone.com/reports/116360 | The POODLE attack (SSLv3 supported) for https://grtp.co/
- https://hackerone.com/reports/116372 | Use-After-Free / Double-Free in WDDX Deserialize
- https://hackerone.com/reports/116419 | an xss issue in https://hunter22.slack.com/help/requests/793043
- https://hackerone.com/reports/116508 | [3k.mail.ru] SQL Injection
- https://hackerone.com/reports/116570 | VERY DANGEROUS XSS STORED inside emails
- https://hackerone.com/reports/116764 | vk.com/login.php
- https://hackerone.com/reports/116773 | Type Confusion Vulnerability - SOAP / make_http_soap_request()
- https://hackerone.com/reports/116798 | Private Program Disclosure in /:handle/settings/allow_report_submission.json endpoint
- https://hackerone.com/reports/116937 | Chat History CSV Export Excel Injection Vulnerability
- https://hackerone.com/reports/116951 | Increase number of bugs by sending duplicate of your own valid report
- https://hackerone.com/reports/116973 | No Valid SPF Records.
- https://hackerone.com/reports/117068 | XSS @ love.uber.com
- https://hackerone.com/reports/117080 | Multiple Vulnerabilities (Including SQLi) in love.uber.com
- https://hackerone.com/reports/117097 | Email Forgery through Mandrillapp SPF
- https://hackerone.com/reports/117142 | limit HTTP methods on other domains
- https://hackerone.com/reports/117149 | SPF/DKIM/DMARC for grtp.co
- https://hackerone.com/reports/117159 | SPF/DKIM/DMARC for aspen.io
- https://hackerone.com/reports/117187 | Prevent content spoofing on /~username/emails/verify.html
- https://hackerone.com/reports/117190 | Reflected XSS on Uber.com careers
- https://hackerone.com/reports/117325 | DMARC is misconfigured for grtp.co
- https://hackerone.com/reports/117330 | stop serving grtp.co over HTTP
- https://hackerone.com/reports/117449 | XSS in Draft Orders in Timeline i SHOPIFY Admin Site!
- https://hackerone.com/reports/117458 | strengthen Diffie-Hellman (DH) key exchange parameters in grtp.co
- https://hackerone.com/reports/117480 | Stored XSS via Angular Expression injection on developer.zendesk.com
- https://hackerone.com/reports/117651 | Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes
- https://hackerone.com/reports/117739 | limit number of images in statement
- https://hackerone.com/reports/117902 | Дорк
- https://hackerone.com/reports/118066 | Content Spoofing in mango.qiwi.com
- https://hackerone.com/reports/118582 | CSV Injection at the CSV export feature
- https://hackerone.com/reports/118631 | XSSI (Cross Site Script Inclusion)
- https://hackerone.com/reports/118688 | File name and folder enumeration.
- https://hackerone.com/reports/118718 | User with Read-Only permissions can manually public disclosure the report
- https://hackerone.com/reports/118855 | CVE-2016-0799 memory issues in BIO_*printf functions
- https://hackerone.com/reports/118925 | API Key added for one Indices works for all other indices too.
- https://hackerone.com/reports/118965 | Distinguish EP+Private vs Private programs in HackerOne
- https://hackerone.com/reports/119022 | Tweet Deck XSS- Persistent- Group DM name
- https://hackerone.com/reports/119166 | Able to view others' gifts on /gift/share URL, giftId is predictable, and easy to manipulate
- https://hackerone.com/reports/119220 | Sub-Domain Takeover
- https://hackerone.com/reports/119221 | User with Read-Only permissions can edit the Internal comment Activities on Bug Reports After Revoke the team access permissions
- https://hackerone.com/reports/119236 | Open Redirection on Uber.com
- https://hackerone.com/reports/119250 | xss in the all widgets of shopifyapps.com
- https://hackerone.com/reports/119317 | Read-Only user can execute arbitraty shell commands on AirOS
- https://hackerone.com/reports/119471 | DOMXSS in Tweetdeck
- https://hackerone.com/reports/119652 | Adobe Flash Player ASnative(101,10) Memory Corruption Vulnerability
- https://hackerone.com/reports/119653 | Adobe Flash Player ASnative(900,1).call(MovieClip) Use-After-Free Vulnerability
- https://hackerone.com/reports/119655 | Adobe Flash Player ASnative(900,1).call(TextField) Use-After-Free Vulnerability
- https://hackerone.com/reports/119657 | Adobe Flash Player Race Condition Vulnerability
- https://hackerone.com/reports/119873 | BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
- https://hackerone.com/reports/120026 | don't serve hidden files from Nginx
- https://hackerone.com/reports/121461 | Subdomain takeover due to unclaimed Amazon S3 bucket on a2.bime.io
- https://hackerone.com/reports/121469 | Broken Authentication on Badoo
- https://hackerone.com/reports/121489 | CRLF injection in https://verkkopalvelu.lahitapiola.fi/
- https://hackerone.com/reports/121696 | Bypass two-factor authentication
- https://hackerone.com/reports/121827 | Account Takeover
- https://hackerone.com/reports/121863 | Buffer overflow in HTTP url parsing functions
- https://hackerone.com/reports/121940 | Shell Injection via Web Management Console (dl-fw.cgi)
- https://hackerone.com/reports/122050 | Mapbox API Access Token with No Scope Can Read Styles
- https://hackerone.com/reports/122113 | OpenSSH / dropbearSSHd xauth command injection
- https://hackerone.com/reports/122254 | Adobe Flash Player TextField Use-After-Free Vulnerability
- https://hackerone.com/reports/122256 | Adobe Flash Player Uninitialised Memory Corruption
- https://hackerone.com/reports/122849 | Stored XSS in https://checkout.shopify.com/
- https://hackerone.com/reports/123027 | Edit Auto Response Messages
- https://hackerone.com/reports/123119 | Use after free with assign by ref to overloaded objects
- https://hackerone.com/reports/123125 | XSS on hardware.shopify.com
- https://hackerone.com/reports/123339 | CSRF allows attacker to delete item from customer's "Postilaatikko"
- https://hackerone.com/reports/123615 | SECURITY: Referencing previous Reports attachment_IDs on new Reports via Draft_Sync DELETES Attachments
- https://hackerone.com/reports/123742 | suppress version in Server header on gratipay.com or grtp.co
- https://hackerone.com/reports/123849 | Cookie Does Not Contain The "secure" Attribute
- https://hackerone.com/reports/123897 | auto-logout after 20 minutes
- https://hackerone.com/reports/124100 | Shopify GitHub Login and Password exposed all private source code might be available.
- https://hackerone.com/reports/124223 | CSV Injection via the CSV export feature
- https://hackerone.com/reports/124277 | XSS via React element spoofing
- https://hackerone.com/reports/124429 | Stored XSS via "Free Shipping" option (Discounts)
- https://hackerone.com/reports/124611 | Disclosure of private programs that have an "external" page on HackerOne
- https://hackerone.com/reports/124737 | Multiple Heap Overflows in php_raw_url_encode/php_url_encode
- https://hackerone.com/reports/124845 | Bypassed password authentication before enabling OTP verification
- https://hackerone.com/reports/124889 | Websites opened from reports can change url of report page
- https://hackerone.com/reports/124976 | Hijacking user session by forcing the use of invalid HTTPs Certificate on images.gratipay.com
- https://hackerone.com/reports/125000 | Open Redirect in m.uber.com
- https://hackerone.com/reports/125027 | Reflected XSS on developer.uber.com via Angular template injection
- https://hackerone.com/reports/125112 | XSS in getrush.uber.com
- https://hackerone.com/reports/125200 | Lack of rate limiting on get.uber.com leads to enumeration of promotion codes and estimation of a lower bound on the number of Uber drivers
- https://hackerone.com/reports/125250 | Avoiding Surge Pricing
- https://hackerone.com/reports/125498 | Dom Based Xss
- https://hackerone.com/reports/125505 | Possibility to brute force invite codes in riders.uber.com
- https://hackerone.com/reports/125587 | Hogging up all the resources on hackerone.com
- https://hackerone.com/reports/125791 | Reflected XSS via Unvalidated / Open Redirect in uber.com
- https://hackerone.com/reports/125849 | XSS found on Snapchat website
- https://hackerone.com/reports/125980 | uber.com may RCE by Flask Jinja2 Template Injection
- https://hackerone.com/reports/126010 | prevent content spoofing on /~username/emails/verify.html
- https://hackerone.com/reports/126099 | Stored XSS in drive.uber.com WordPress admin panel
- https://hackerone.com/reports/126109 | CSV Injection in business.uber.com
- https://hackerone.com/reports/126197 | XSS In archive.uber.com Due to Mime Sniffing in IE
- https://hackerone.com/reports/126203 | CBC "cut and paste" attack may cause Open Redirect(even XSS)
- https://hackerone.com/reports/126209 | Posting modified information in 'Investment section' will cause unintended information change in verkkopalvelu.tapiola.fi
- https://hackerone.com/reports/126416 | Integer Overflow in php_raw_url_encode
- https://hackerone.com/reports/126522 | Incorrect param parsing in Digits web authentication
- https://hackerone.com/reports/126539 | XSS on https://app.shopify.com/
- https://hackerone.com/reports/126652 | potential remote code execution with phar archive
- https://hackerone.com/reports/126797 | Use-after-free during XML transformations (MFSA-2016-27)
- https://hackerone.com/reports/126906 | Stored XSS in archive.uber.com Due to Injection of Javascript:alert(0)
- https://hackerone.com/reports/127077 | www.lahitapiola.fi DOM XSS by choosing regional company
- https://hackerone.com/reports/127154 | XSS using javascript:alert(8007)
- https://hackerone.com/reports/127212 | php_snmp_error() Format String Vulnerability
- https://hackerone.com/reports/127242 | Negative size parameter (-1) in memcpy mbfl_strcut
- https://hackerone.com/reports/127620 | New hacktivity view discloses report IDs of non-public reports
- https://hackerone.com/reports/127703 | [CRITICAL] Full account takeover using CSRF
- https://hackerone.com/reports/127844 | Web Authentication Endpoint Credentials Brute-Force Vulnerability
- https://hackerone.com/reports/127918 | Easy spam with USE My PHONE Feature
- https://hackerone.com/reports/127948 | Stored XSS on newsroom.uber.com admin panel / Stream WordPress plugin
- https://hackerone.com/reports/127995 | Limit email address length
- https://hackerone.com/reports/128088 | AWS S3 bucket writeable for authenticated aws users
- https://hackerone.com/reports/128114 | Administrator access to a Django Administration Panel on *.sc-corp.net via bruteforced credentials
- https://hackerone.com/reports/128121 | fix bug in username restriction
- https://hackerone.com/reports/128169 | BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
- https://hackerone.com/reports/128750 | Read-Only user can execute arbitraty shell commands on AirOS
- https://hackerone.com/reports/128777 | No rate-limit in Two factor Authentication leads to bypass using bruteforce attack
- https://hackerone.com/reports/128856 | Send email asynchronously
- https://hackerone.com/reports/129001 | Cookie-based client-side denial-of-service to all of the Lähitapiola domains
- https://hackerone.com/reports/129091 | CPU utilization 99% on visiting wordpress site url & open redirect found
- https://hackerone.com/reports/129381 | niche s3 buckets are readable/writeable/deleteable by authorized AWS users
- https://hackerone.com/reports/129436 | xss in DM group name in twitter
- https://hackerone.com/reports/129771 | Python 2.7 strop.replace Integer Overflow
- https://hackerone.com/reports/129773 | Previous attachments can be referenced when creating a new report
- https://hackerone.com/reports/129862 | Stored XSS on [your_zendesk].zendesk.com in Facebook Channel
- https://hackerone.com/reports/129873 | Bypassing Digits origin validation which leads to account takeover
- https://hackerone.com/reports/130889 | Reflected XSS in scores.ubnt.com
- https://hackerone.com/reports/131065 | bring grtp.co up to A grade on SSLLabs
- https://hackerone.com/reports/131082 | Open Redirector via (apps/files_pdfviewer) for un-authenticated users.
- https://hackerone.com/reports/131108 | Akismet Several CSRF vulnerabilities
- https://hackerone.com/reports/131202 | [Critical] - Steal OAuth Tokens
- https://hackerone.com/reports/131450 | Stored XSS in developer.uber.com
- https://hackerone.com/reports/132104 | Stored XSS on team.slack.com using new Markdown editor of posts inside the Editing mode and using javascript-URIs
- https://hackerone.com/reports/132602 | Stored XSS at Udemy
- https://hackerone.com/reports/133963 | XSS on www.wordpress.com
- https://hackerone.com/reports/134061 | Reflected XSS via Livefyre Media Wall in newsroom.uber.com
- https://hackerone.com/reports/134321 | RCE on facebooksearch.algolia.com
- https://hackerone.com/reports/134388 | Content Spoofing or Text Injection (404 error page injection on yrityspalvelu)
- https://hackerone.com/reports/134434 | XSS In /zuora/ functionality
- https://hackerone.com/reports/134546 | WordPress Flash XSS in flashmediaelement.swf
- https://hackerone.com/reports/134738 | WordPress SOME bug in plupload.flash.swf leading to RCE
- https://hackerone.com/reports/134757 | staff memeber can install apps even if have limitied access
- https://hackerone.com/reports/134880 | ASN.1 BIO excessive memory allocation (CVE-2016-2109)
- https://hackerone.com/reports/135072 | RCE in profile picture upload
- https://hackerone.com/reports/135152 | Integer overflow in ZipArchive::getFrom*
- https://hackerone.com/reports/135217 | Reflected cross-site scripting (XSS) on api.tiles.mapbox.com
- https://hackerone.com/reports/135288 | Multiple vulnerabilities in a WordPress plugin at drive.uber.com
- https://hackerone.com/reports/135291 | Out-of-bounds reads in zif_grapheme_stripos with negative offset
- https://hackerone.com/reports/135293 | bcpowmod accepts negative scale and corrupts one definition
- https://hackerone.com/reports/135294 | xml_parse_into_struct segmentation fault
- https://hackerone.com/reports/135756 | View all deleted comments and rating of any app .
- https://hackerone.com/reports/135797 | Session Fixation
- https://hackerone.com/reports/135944 | EVP_EncodeUpdate overflow (CVE-2016-2105)
- https://hackerone.com/reports/135945 | EVP_EncryptUpdate overflow (CVE-2016-2106)
- https://hackerone.com/reports/135946 | EBCDIC overread (CVE-2016-2176)
- https://hackerone.com/reports/136169 | OneLogin authentication bypass on WordPress sites
- https://hackerone.com/reports/136221 | Denial of service in account statistics endpoint
- https://hackerone.com/reports/136454 | User credentials leak and arbitrary local file read/leak due to same-origin-policy violation
- https://hackerone.com/reports/136481 | CSRF on Vimeo via cross site flashing leading to info disclosure and private videos go public
- https://hackerone.com/reports/136582 | OAuth 2 Authorization Bypass via CSRF and Cross Site Flashing
- https://hackerone.com/reports/136600 | Reflected XSS in Backend search
- https://hackerone.com/reports/136720 | don't leak server version of grtp.co in error pages
- https://hackerone.com/reports/136850 | Images and Subtitles Leakage from private videos
- https://hackerone.com/reports/136986 | Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- https://hackerone.com/reports/137487 | Amazon Bucket Accessible (http://inpref.s3.amazonaws.com/)
- https://hackerone.com/reports/137502 | All Vimeo Private videos disclosure via Authorization Bypass
- https://hackerone.com/reports/137956 | SQL Injection
- https://hackerone.com/reports/138025 | Heap corruption via memarea.c
- https://hackerone.com/reports/138075 | [stored xss, pornhub.com] stream post function
- https://hackerone.com/reports/138179 | Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
- https://hackerone.com/reports/138181 | Bleichenbacher oracle in SSLv2 (CVE-2016-0704)
- https://hackerone.com/reports/138243 | [IDOR] Deleting other users comment
- https://hackerone.com/reports/138244 | Missing access control exposing detailed information on all users
- https://hackerone.com/reports/138516 | Adobe Flash Player ContentFactory class Memory Corruption Vulnerability
- https://hackerone.com/reports/138517 | Adobe Flash Player Metadata class Memory Corruption Vulnerability
- https://hackerone.com/reports/138518 | Adobe Flash Player OpportunityGenerator class Memory Corruption Vulnerability
- https://hackerone.com/reports/138869 | OneLogin authentication bypass on WordPress sites via XMLRPC
- https://hackerone.com/reports/139004 | Persistent XSS at verkkopalvelu.tapiola.fi using spoofed React element and React v.0.13.3
- https://hackerone.com/reports/139192 | Ability to collect users' ids that have visited a specific web page with malicious code
- https://hackerone.com/reports/139245 | WordPress core stored XSS via attachment file name
- https://hackerone.com/reports/139398 | Read-Only user can execute arbitraty shell commands on AirOS
- https://hackerone.com/reports/139626 | Passphrase credential lock bypass
- https://hackerone.com/reports/139879 | Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability
- https://hackerone.com/reports/140432 | configure a redirect URI for Facebook OAuth
- https://hackerone.com/reports/140447 | Open Redirect on slack.com
- https://hackerone.com/reports/140548 | [upload-X.my.mail.ru] /uploadphoto Insecure Direct Object References
- https://hackerone.com/reports/140616 | www.starbucks.co.uk Reflected XSS via utm_source parameter
- https://hackerone.com/reports/140705 | [my.mail.ru] HTML injection в пи�ьмах от [email protected]
- https://hackerone.com/reports/140865 | Integer Overflow in php_html_entities()
- https://hackerone.com/reports/141065 | Security Issue : CSRF Token Design Flaw
- https://hackerone.com/reports/141125 | Ngnix Server version disclosure
- https://hackerone.com/reports/141174 | node.drchrono.com - Information Disclosure and Windows Host Exposed
- https://hackerone.com/reports/141197 | get_icu_value_internal out-of-bounds read
- https://hackerone.com/reports/141198 | Template stored XSS
- https://hackerone.com/reports/141202 | imagescale out-of-bounds read
- https://hackerone.com/reports/141212 | Integer underflow / arbitrary null write in fread/gzread
- https://hackerone.com/reports/141240 | Angular injection in the profile name of onpatient
- https://hackerone.com/reports/141244 | XSS in zendesk.com/product/
- https://hackerone.com/reports/141344 | [CRITICAL] CSRF leading to account take over
- https://hackerone.com/reports/141463 | Stored XSS via AngularJS Injection
- https://hackerone.com/reports/141541 | User with no permissions can access full wdcalendar feed
- https://hackerone.com/reports/141629 | Able to remove the admin access of my program
- https://hackerone.com/reports/141700 | Bypass GlassWire's monitoring of Hosts file
- https://hackerone.com/reports/141734 | Bypassing Password Reset
- https://hackerone.com/reports/141839 | Multiple vulnerabilities related to PCRE functions (already fixed)
- https://hackerone.com/reports/142084 | Stored XSS in unifi.ubnt.com
- https://hackerone.com/reports/142096 | [Screenhero] Subdomain takeover
- https://hackerone.com/reports/142101 | User with no permissions can create, edit, delete favorite prescriptions /erx/
- https://hackerone.com/reports/142135 | XSS в upload.php
- https://hackerone.com/reports/142472 | CVE-2016-2177 Undefined pointer arithmetic in SSL code
- https://hackerone.com/reports/142549 | Information Disclosure through .DS_Store in ██████████
- https://hackerone.com/reports/142709 | Fetching external resources through svg images
- https://hackerone.com/reports/142773 | 16 instances where return value of OpenSSL i2d_RSAPublicKey is discarded -- might lead to use of uninitialized memory
- https://hackerone.com/reports/142940 | Bug Report
- https://hackerone.com/reports/142946 | xss vulnerability in http://ubermovement.com/community/daniel
- https://hackerone.com/reports/143022 | Heap corruption via Python 2.7.11 IOBase readline()
- https://hackerone.com/reports/143064 | Information Disclosure
- https://hackerone.com/reports/143139 | upgrade Aspen on inside.gratipay.com to pick up CR injection fix
- https://hackerone.com/reports/143220 | XSS on www.mapbox.com/authorize
- https://hackerone.com/reports/143234 | Integer Overflow in _gd2GetHeader() resulting in heap overflow
- https://hackerone.com/reports/143240 | XSS on www.mapbox.com/authorize/ because of open redirect at /core/oauth/auth
- https://hackerone.com/reports/143669 | Получение оригинала �крытого изображени�
- https://hackerone.com/reports/143717 | Change any Uber user's password through /rt/users/passwordless-signup - Account Takeover (critical)
- https://hackerone.com/reports/143903 | File upload over private IM channel
- https://hackerone.com/reports/143935 | [sms-be-vip.twitter.com] vulnerable to Jetleak
- https://hackerone.com/reports/143966 | Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714)
- https://hackerone.com/reports/143975 | Homograph attack in escalate report
- https://hackerone.com/reports/144000 | Authorization Bypass in Delivery Chat Logs
- https://hackerone.com/reports/144129 | Old titles are not hidden in reports with limited disclosure
- https://hackerone.com/reports/144482 | StringIO strio_getline() can divulge arbitrary memory
- https://hackerone.com/reports/144616 | Brute-Forcing invite codes in partners.uber.com
- https://hackerone.com/reports/144674 | [townwars.mail.ru] Time-Based SQL Injection
- https://hackerone.com/reports/144782 | CVE-2016-0772 - python: smtplib StartTLS stripping attack
- https://hackerone.com/reports/145086 | Stored XSS in SupportFlow Ticket Subject
- https://hackerone.com/reports/145091 | Stored XSS from ticket messages in admin table in SupportFlow
- https://hackerone.com/reports/145128 | [account-global.ubnt.com] CRLF Injection
- https://hackerone.com/reports/145150 | Bulk UUID enumeration via invite codes
- https://hackerone.com/reports/145224 | Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry
- https://hackerone.com/reports/145265 | Adobe Flash Player ShimContentFactory class Memory Corruption Vulnerability
- https://hackerone.com/reports/145266 | Adobe Flash Player ShimContentFactory.retrieveResolvers Memory Corruption Vulnerability
- https://hackerone.com/reports/145267 | Adobe Flash Player ShimContentResolver.configure Memory Corruption Vulnerability
- https://hackerone.com/reports/145269 | Adobe Flash Player ShimOpportunityGenerator class Memory Corruption Vulnerability
- https://hackerone.com/reports/145271 | Adobe Flash Player ShimContentResolver(resolverType=0) class Memory Corruption Vulnerability
- https://hackerone.com/reports/145272 | Adobe Flash Player ShimContentResolver(resolverType=1) class Memory Corruption Vulnerability
- https://hackerone.com/reports/145278 | xss in https://www.uber.com
- https://hackerone.com/reports/145355 | Stored XSS on Share-popup of a directory's Gallery-view
- https://hackerone.com/reports/145452 | Share owner has no possibility to list all existing derived shares
- https://hackerone.com/reports/145463 | Nextcloud server software: Content Spoofing
- https://hackerone.com/reports/145467 | Downloading password protected / restricted videos
- https://hackerone.com/reports/145629 | 2-factor authentication bypass
- https://hackerone.com/reports/145950 | Uploading files to a folder where invited user don't have any EDIT privilege
- https://hackerone.com/reports/146180 | Integer Overflow in SplFileObject::fread
- https://hackerone.com/reports/146182 | Integer Overflow/Heap Overflow in json_encode()/json_decode()
- https://hackerone.com/reports/146183 | Integer Overflow in nl2br()
- https://hackerone.com/reports/146184 | Integer Overflow in addcslashes()/addslashes()
- https://hackerone.com/reports/146185 | Integer Overflow in Length of String-typed ZVAL
- https://hackerone.com/reports/146200 | _php_mb_regex_ereg_replace_exec - double free
- https://hackerone.com/reports/146202 | Invalid free in phar_extract_file()
- https://hackerone.com/reports/146233 | Use After Free Vulnerability in PHP's GC algorithm and unserialize
- https://hackerone.com/reports/146235 | ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
- https://hackerone.com/reports/146255 | Double Free Corruption in wddx.c (extension)
- https://hackerone.com/reports/146278 | Log pollution can lead to HTML Injection.
- https://hackerone.com/reports/146336 | XSS vulnerable parameter in a location hash
- https://hackerone.com/reports/146360 | Heap Overflow Due To Integer Overflow
- https://hackerone.com/reports/146707 | Mixed Active Scripting Issue on https://www.lahitapiola.fi
- https://hackerone.com/reports/146845 | Race Conditions in Popular reports feature.
- https://hackerone.com/reports/146910 | RC4 cipher suites detected
- https://hackerone.com/reports/146911 | The POODLE attack (SSLv3 supported)
- https://hackerone.com/reports/146936 | CVE-2015-8874 Stack overflow with imagefilltoborder
- https://hackerone.com/reports/146940 | pass2_no_dither out-of-bounds access
- https://hackerone.com/reports/146944 | NULL Pointer Dereference at _gdScaleVert
- https://hackerone.com/reports/147125 | Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
- https://hackerone.com/reports/147369 | User can start call in a channel of an unpaid account
- https://hackerone.com/reports/147544 | Generate new Test token
- https://hackerone.com/reports/147577 | Application error message
- https://hackerone.com/reports/147776 | Change contents of the careers iframe in https://corp.badoo.com/jobs
- https://hackerone.com/reports/148050 | Know undisclosed Bounty Amount when Bounty Statistics are enabled.
- https://hackerone.com/reports/148151 | SMB User Authentication Bypass and Persistence
- https://hackerone.com/reports/148467 | Паблики: Модератор паблика может удал�ть добавленные редакторами материалы � таймером на публикаци�.
- https://hackerone.com/reports/148609 | Register multiple users using one invitation (race condition)
- https://hackerone.com/reports/148741 | Stored Cross-Site-Scripting in CMS Airship's authors profiles
- https://hackerone.com/reports/148751 | Stored XSS in comments
- https://hackerone.com/reports/148764 | [idor] Unauthorized Read access to all the private posts(Including Photos,Videos,Gifs)
- https://hackerone.com/reports/148770 | Subdomain takeover at api.legalrobot.com due to non-used domain in Modulus.io.
- https://hackerone.com/reports/148777 | Microsoft IIS tilde directory enumeration
- https://hackerone.com/reports/148848 | "a stored xss issue in share post menu"
- https://hackerone.com/reports/148853 | Stored XSS using SVG
- https://hackerone.com/reports/148865 | HTML in Diffusion not escaped in certain circumstances
- https://hackerone.com/reports/148963 | Application error message
- https://hackerone.com/reports/149011 | a stored xss issue in https://files.slack.com
- https://hackerone.com/reports/149154 | Stored xss
- https://hackerone.com/reports/149287 | Reflected Xss in AirMax [Nanostation Loco M2]
- https://hackerone.com/reports/149571 | Stored XSS in wis.pr
- https://hackerone.com/reports/149798 | Content (Text) Injection at NextCloud Server 9.0.52 - via http://custom_nextcloud_url/remote.php/dav/files/
- https://hackerone.com/reports/149855 | Reflected XSS in m.imgur.com
- https://hackerone.com/reports/149907 | Urgent: attacker can access every data source on Bime
- https://hackerone.com/reports/149914 | Attacker can access graphic representation of every query
- https://hackerone.com/reports/150083 | Cross Site Scripting(XSS) on IRCCloud Badges Page (using Parameter Pollution)
- https://hackerone.com/reports/150156 | SQL Injection on sctrack.email.uber.com.cn
- https://hackerone.com/reports/150179 | Html Injection and Possible XSS in sms-be-vip.twitter.com
- https://hackerone.com/reports/150374 | https://windsor.shopify.com/ takeover
- https://hackerone.com/reports/150626 | Heap Buffer Overflow
- https://hackerone.com/reports/150905 | Information disclosure through directory listing at http://dockerhost01.maximum.nl:8080
- https://hackerone.com/reports/150976 | Flash “local-with-filesystem� Bypass in navigateToURL
- https://hackerone.com/reports/151034 | Xss on billing
- https://hackerone.com/reports/151039 | Adobe Flash Player TimedEvent.parent Memory Corruption Vulnerability
- https://hackerone.com/reports/151040 | Adobe Flash Player ShimAdPolicySelector(adPolicySelectorType=0) class Memory Corruption
- https://hackerone.com/reports/151043 | Adobe Flash Player PSDK Class Use After Free Vulnerability
- https://hackerone.com/reports/151058 | Stealing livechat token and using it to chat as the user - user information disclosure
- https://hackerone.com/reports/151117 | [bbPress] Stored XSS in any forum post.
- https://hackerone.com/reports/151459 | Creating Post on a restricted channel
- https://hackerone.com/reports/151465 | Get organization info base on uuid
- https://hackerone.com/reports/151470 | [IODR] Get business trip via organization id
- https://hackerone.com/reports/151475 | ownCloud 2.2.2.6192 DLL Hijacking Vulnerability
- https://hackerone.com/reports/151516 | CSV Injection at Camptix Event Ticketing
- https://hackerone.com/reports/151868 | No Rate Limit In Inviting Similar Contact Multiple Times
- https://hackerone.com/reports/152013 | CSRF in 'set.php' via age causes stored XSS on 'get.php' - http://www.rockstargames.com/php/videoplayer_cache/get.php'
- https://hackerone.com/reports/152067 | Stored XSS on developer.uber.com via admin account compromise
- https://hackerone.com/reports/152231 | Out of bound read in exif_process_IFD_in_MAKERNOTE
- https://hackerone.com/reports/152232 | NULL Pointer Dereference in exif_process_user_comment
- https://hackerone.com/reports/152266 | Use After Free Vulnerability in SNMP with GC and unserialize()
- https://hackerone.com/reports/152267 | Use After Free in unserialize() with Unexpected Session Deserialization
- https://hackerone.com/reports/152278 | Stack-based buffer overflow vulnerability in php_stream_zip_opener
- https://hackerone.com/reports/152280 | Stack-based buffer overflow vulnerability in virtual_file_ex
- https://hackerone.com/reports/152281 | Use After Free/Double Free in Garbage Collection
- https://hackerone.com/reports/152398 | In correct casting from size_t to int lead to heap overflow in mcrypt_generic
- https://hackerone.com/reports/152399 | php curl ext size_t overflow lead to heap corruption
- https://hackerone.com/reports/152400 | php mcrypt ext - In correct casting from size_t to int lead to heap overflow in mdecrypt_generic
- https://hackerone.com/reports/152407 | Missing Access Control(IDOR) To Know LinkedAccounts
- https://hackerone.com/reports/152416 | Lazy Load stored XSS
- https://hackerone.com/reports/152569 | Cross-Site Request Forgery (CSRF)
- https://hackerone.com/reports/152577 | Content Injection at First & Last Name Parameters that could Lead Fraud Issue
- https://hackerone.com/reports/152584 | S3 bucket takeover due to proxy.harvestfiles.com
- https://hackerone.com/reports/152586 | CSRF token fixation in Sign in with Google
- https://hackerone.com/reports/152591 | Stored XSS on invoice, executing on any subdomain
- https://hackerone.com/reports/152669 | Users enumeration is possible through cycling through recurring[client_id] argument value.
- https://hackerone.com/reports/152692 | Persistent Cross-Site Scripting in WooCommerce WordPress plugin
- https://hackerone.com/reports/152696 | Leak of all project names and all user names , even across applications
- https://hackerone.com/reports/152772 | Inadequate error handling in bzread()
- https://hackerone.com/reports/152782 | locale_accept_from_http out-of-bounds access
- https://hackerone.com/reports/152784 | imagegif/output out-of-bounds access
- https://hackerone.com/reports/152929 | Project Disclosure of all Harvest Instances
- https://hackerone.com/reports/152958 | Multiple XSS in Camptix Event Ticketing Plugin
- https://hackerone.com/reports/153093 | WordPress core - Denial of Service via Cross Site Request Forgery
- https://hackerone.com/reports/153618 | Reflected XSS via #tags= while using a callback in newswire http://www.rockstargames.com/newswire
- https://hackerone.com/reports/153666 | csp bypass + xss
- https://hackerone.com/reports/153776 | gdImageTrueColorToPaletteBody allows arbitrary write/read access
- https://hackerone.com/reports/153863 | heap-buffer-overflow (write) simplestring_addn simplestring.c
- https://hackerone.com/reports/153905 | IDOR - Disable sharing
- https://hackerone.com/reports/154096 | Blind OOB XXE At "http://ubermovement.com/"
- https://hackerone.com/reports/154369 | Unauthorized access to Zookeeper on http://locutus-zk3.ec2.shopify.com:2181
- https://hackerone.com/reports/154400 | Opportunity to set arbitrary cookies
- https://hackerone.com/reports/154405 | Read access to hidden orders,products,customers etc. by limited access Staff member through reference page in Comments (Information disclosure )
- https://hackerone.com/reports/154410 | Delete/modify your own comment after limited access(IDOR)
- https://hackerone.com/reports/154425 | Subdomain takeover on http://fastly.sc-cdn.net/
- https://hackerone.com/reports/154827 | More content spoofing through dir param in the files app
- https://hackerone.com/reports/154963 | Stealing User emails by clickjacking cards.twitter.com/xxx/xxx
- https://hackerone.com/reports/155222 | (BYPASS) Open Redirect after login at http://ecommerce.shopify.com
- https://hackerone.com/reports/155223 | Use After Free Vulnerability in array_walk()/array_walk_recursive()
- https://hackerone.com/reports/155618 | Watch any Password Video without password
- https://hackerone.com/reports/155657 | Arbitrary Code Injection in ownCloud’s Windows Client
- https://hackerone.com/reports/155704 | Staff member can delete Private Apps
- https://hackerone.com/reports/155774 | CSRF - Add optional two factor mobile number
- https://hackerone.com/reports/156258 | OX (Guard): Stored Cross-Site Scripting via Incoming Email
- https://hackerone.com/reports/156347 | Stored XSS triggered by json key during UI generation
- https://hackerone.com/reports/156373 | Stored xss
- https://hackerone.com/reports/156387 | Stored XSS from Display Settings triggered on Save and viewing realtime search demo
- https://hackerone.com/reports/156520 | Unauthorized team members can leak information and see all API calls through /1/admin/* endpoints, even after they have been removed.
- https://hackerone.com/reports/156542 | Avoid "resend verification email" confusion
- https://hackerone.com/reports/156948 | Repeated mediation requests and multiple emails possible on a report.
- https://hackerone.com/reports/157412 | Querying private posts and changing post meta
- https://hackerone.com/reports/157699 | Disclosure of external users invited to a specific report
- https://hackerone.com/reports/157876 | (FULL PATH DISCLOSURE) Unknown MySQL server host 'shardm-reader.chi2.shopify.io'
- https://hackerone.com/reports/157956 | CSRF To change Email Notification Settings
- https://hackerone.com/reports/157958 | Stored XSS
- https://hackerone.com/reports/157993 | Cross-Site Request Forgery (CSRF)
- https://hackerone.com/reports/157996 | Race Condition in Redeeming Coupons
- https://hackerone.com/reports/158002 | Missing rel=noreferrer tag allows link in list to change url of currently open tab
- https://hackerone.com/reports/158016 | Server side request forgery on image upload for lists
- https://hackerone.com/reports/158019 | Host Header Injection/Redirection in: https://www.instacart.com/
- https://hackerone.com/reports/158021 | Image Upload Path Disclosure
- https://hackerone.com/reports/158118 | Access to Splunk at https://apt.ec2.shopify.com:8089
- https://hackerone.com/reports/158148 | reverb.twitter.com redirects to vulnerable reverb.guru
- https://hackerone.com/reports/158157 | shopper login_code's can be brute forced
- https://hackerone.com/reports/158186 | Non-secure requests are not automatically upgraded to HTTPS
- https://hackerone.com/reports/158434 | (BYPASS) Open redirect and XSS in supporthiring.shopify.com
- https://hackerone.com/reports/158484 | [scores.ubnt.com] DOM based XSS at form.html
- https://hackerone.com/reports/158554 | Hyperlink Injection in Friend Invitation Emails
- https://hackerone.com/reports/158853 | OX Guard: DOM Based Cross-Site Scripting
- https://hackerone.com/reports/158979 | PM with can Set up email for invoices and estimates (Access control Issue)
- https://hackerone.com/reports/159156 | Hacker.One Subdomain Takeover
- https://hackerone.com/reports/159387 | PM can delete the company logo image (Vertical Privilege Escalation )
- https://hackerone.com/reports/159391 | Record payment for any invoice by PM (Access control Issue)
- https://hackerone.com/reports/159393 | PM can delete payment of any invoice in company (Access control Issue)
- https://hackerone.com/reports/159395 | Unauthorized access to all the actions of invoices by PM (Access control Issues)
- https://hackerone.com/reports/159399 | Unauthorized read access to Invoices by PM (Access control Issues)
- https://hackerone.com/reports/159460 | Stored XSS(Cross Site Scripting) In Slack App Name
- https://hackerone.com/reports/159498 | Blind Stored XSS Against Lahitapiola Employees - Session and Information leakage
- https://hackerone.com/reports/159512 | Requesting Mediation possible on reports that are too old for mediation
- https://hackerone.com/reports/159522 | Open redirect using checkout_url
- https://hackerone.com/reports/159526 | Information leakage of private program
- https://hackerone.com/reports/159686 | integer overflow in the _csv module's join_append_data function
- https://hackerone.com/reports/159687 | integer overflow in binascii.b2a_qp
- https://hackerone.com/reports/159690 | stack buffer overflows in the curses module
- https://hackerone.com/reports/159693 | Py_DECREF on a non-owned object in the _sre module
- https://hackerone.com/reports/159696 | Two vulnerabilities in the ssl module
- https://hackerone.com/reports/159820 | Issues with uploading list images
- https://hackerone.com/reports/159878 | [render.bitstrips.com] Stored XSS via an incorrect avatar property value
- https://hackerone.com/reports/159943 | Create an Unexpected Object and Don't Invoke __wakeup() in During Deserialization
- https://hackerone.com/reports/159946 | PHP Session Data Injection Vulnerability
- https://hackerone.com/reports/159948 | Use After Free Vulnerability in unserialize()
- https://hackerone.com/reports/159953 | integer overflow in curl_escape caused heap corruption
- https://hackerone.com/reports/159954 | integer overflow in base64_decode caused heap corruption
- https://hackerone.com/reports/159955 | integer overflow in bzdecompress caused heap corruption
- https://hackerone.com/reports/159958 | Integer overflow lead to heap corruption in sql_regcase
- https://hackerone.com/reports/159959 | integer overflow in quoted_printable_encode caused heap corruption
- https://hackerone.com/reports/159960 | integer overflow in urlencode caused heap corruption
- https://hackerone.com/reports/159961 | integer overflow in php_uuencode caused heap corruption
- https://hackerone.com/reports/159988 | Heap Overflow due to integer overflows
- https://hackerone.com/reports/159992 | memory allocator fails to realloc small block to large one
- https://hackerone.com/reports/160047 | [apps.shopify.com] Open Redirect
- https://hackerone.com/reports/160109 | Brute force login and bypass locked account restrictions via iOS app
- https://hackerone.com/reports/160294 | Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128)
- https://hackerone.com/reports/160295 | Heap overflow in curl_escape
- https://hackerone.com/reports/160520 | Bypass fix in https://hackerone.com/reports/151516 report.
- https://hackerone.com/reports/160981 | Extracting private info of estimates.
- https://hackerone.com/reports/161189 | select_colors write out-of-bounds
- https://hackerone.com/reports/161193 | imagegammacorrect allows arbitrary write access
- https://hackerone.com/reports/161198 | wddx_deserialize null dereference with invalid xml
- https://hackerone.com/reports/161200 | wddx_deserialize allows illegal memory access
- https://hackerone.com/reports/161216 | wddx_deserialize null dereference
- https://hackerone.com/reports/161217 | wddx_deserialize null dereference in php_wddx_pop_element
- https://hackerone.com/reports/161301 | READ .svg files by changing .svg into .png extension
- https://hackerone.com/reports/161485 | Non-secure requests to www.lahitapiola.fi are not automatically upgraded to HTTPS
- https://hackerone.com/reports/161710 | Possible to steal any protected files on Android
- https://hackerone.com/reports/162822 | Fetch private list metadata and any user's personal name
- https://hackerone.com/reports/162955 | Code Injection in Slack's Windows Desktop Client leads to Privilege Escalation
- https://hackerone.com/reports/163067 | Stealing users password (Limited Scenario)
- https://hackerone.com/reports/163087 | use of uninitialized variables in operator.methodcaller
- https://hackerone.com/reports/163307 | WordPress Authentication Denial of Service
- https://hackerone.com/reports/163459 | potential memory corruption in or/buffers.c (particularly on 32 bit)
- https://hackerone.com/reports/163464 | User Information sent to client through websockets
- https://hackerone.com/reports/163467 | User Information leak allows user to bypass email verification.
- https://hackerone.com/reports/163476 | Information Disclosure in AWS S3 Bucket
- https://hackerone.com/reports/163491 | CORS (Cross-Origin Resource Sharing)
- https://hackerone.com/reports/163676 | Legal | Application is Missing CSP(Content Security Policy) Header
- https://hackerone.com/reports/164027 | Reflected Self-XSS Vulnerability in the Comment section of Files Information
- https://hackerone.com/reports/164137 | Possible content spoofing due to missing error page
- https://hackerone.com/reports/164152 | [ibank.qiwi.ru] XSS via Request-URI
- https://hackerone.com/reports/164224 | Urgent: Server side template injection via Smarty template allows for RCE
- https://hackerone.com/reports/164515 | Project Manager can approve pending reports(Access control Issue)
- https://hackerone.com/reports/164546 | CSRF bypass on Submit Time sheet for Approval
- https://hackerone.com/reports/164578 | Reflected XSS in www.lahitapiola.fi (/cs/Satellite) using Oracle WebCenter -page
- https://hackerone.com/reports/164581 | Oracle WebCenter Sites Support Tools available and Information disclosure (/cs/Satellite)
- https://hackerone.com/reports/164649 | [Studio.twitter.com] See someone else pics
- https://hackerone.com/reports/164656 | [contact-sys.com] XSS via Request-URI
- https://hackerone.com/reports/164662 | [wallet.rapida.ru] XSS Cookie flashcookie
- https://hackerone.com/reports/164674 | CSV Injection in Camptix
- https://hackerone.com/reports/164684 | [lk.contact-sys.com] SQL Injection reset_password FP_LK_USER_LOGIN
- https://hackerone.com/reports/164704 | [contact-sys.com] XSS /ajax/transfer/status trn param
-
https://hackerone.com/reports/164739 | SQL Injection on
/cs/Satellite
path - https://hackerone.com/reports/164821 | OX Guard: DOM Based Cross-Site Scripting (#2)
- https://hackerone.com/reports/164833 | Hyperlink Injection in Friend Invitation Emails
- https://hackerone.com/reports/164916 | Same origin policy bypass on e.mail.ru via Cross-Site Flashing
- https://hackerone.com/reports/164933 | [lk.contact-sys.com] LKlang Path Traversal
- https://hackerone.com/reports/164945 | [contact-sys.com] SQL Injection████ limit param
- https://hackerone.com/reports/165046 | Open redirect allows changing iframe content in *.myshopify.com/admin/themes//editor
- https://hackerone.com/reports/165102 | urllib HTTP header injection CVE-2016-5699
- https://hackerone.com/reports/165131 | Seemingly sensitive information at /api/v2/zones
- https://hackerone.com/reports/165154 | Additional information for CVE-2016-5699
- https://hackerone.com/reports/165219 | [id.rapida.ru] Full Path Disclosure
- https://hackerone.com/reports/165229 | Nextcloud 10.0 privilege escalation issue - Normal user can mask external storage shared by admin
- https://hackerone.com/reports/165275 | OX (Guard): Stored Cross-Site Scripting via Email Attachment
- https://hackerone.com/reports/165324 | XSS on expenses attachments
- https://hackerone.com/reports/165570 | Race Condition in account survey
- https://hackerone.com/reports/165686 | Reflected XSS in Gallery App
- https://hackerone.com/reports/165727 | Rate-limit bypass
- https://hackerone.com/reports/165862 | Invoices can be added to any retainers - even closs-platform
- https://hackerone.com/reports/165930 | PHP info page disclosure on http://www.day.dk/
- https://hackerone.com/reports/166080 | null pointer dereference in set_conversion_mode due uncheck _ctypes_conversion_errors
- https://hackerone.com/reports/166265 | Verification of E-Mail address possible on https://biz.yelp.com/login and https://biz.yelp.com/forgot
- https://hackerone.com/reports/166629 | Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
- https://hackerone.com/reports/166634 | SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
- https://hackerone.com/reports/166661 | Arbitrary heap overread in strscan on 32 bit Ruby, patch included
- https://hackerone.com/reports/166682 | Denial of Service through set_preference.json
- https://hackerone.com/reports/166709 | Self-XSS via location cookie city field when getting suggestions for a new location
- https://hackerone.com/reports/166826 | Potential Subdomain Takeover Possible
- https://hackerone.com/reports/166871 | Instance of Apache Vulnerable to Several Issues
- https://hackerone.com/reports/166887 | Unsanitized Location Name in POS Channel can lead to XSS in Orders Timeline
- https://hackerone.com/reports/166942 | leaking Digits OAuth authorization to third party websites
- https://hackerone.com/reports/167075 | XSS in SHOPIFY: Unsanitized Supplier Name can lead to XSS in Transfers Timeline
- https://hackerone.com/reports/167489 | Bybass The Closing of the account and logged again to your account
- https://hackerone.com/reports/167688 | msilib.OpenDatabase Type Confusion
- https://hackerone.com/reports/167731 | Make victim buy in attacker's account without any idea - http://www.booztlet.com/
- https://hackerone.com/reports/167846 | Deleted Post and Administrative Function Access in eCommerce Forum
- https://hackerone.com/reports/167888 | Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF
- https://hackerone.com/reports/167895 | Out of bound when verify signature of zip phar in phar_parse_zipfile
- https://hackerone.com/reports/167896 | Out of bound when verify signature of tar phar in phar_parse_tarfile
- https://hackerone.com/reports/167901 | integer overflow in pg_escape_string caused heap corruption
- https://hackerone.com/reports/167902 | integer overflow in php_ldap_do_escape caused heap corruption
- https://hackerone.com/reports/167903 | integer overflow in str_pad caused heap corruption
- https://hackerone.com/reports/167904 | heap overflow in substr_replace
- https://hackerone.com/reports/167905 | integer overflow in pg_escape_bytea caused heap corruption
- https://hackerone.com/reports/167906 | integer overflow in imap_binary caused heap corruption
- https://hackerone.com/reports/167907 | integer overflow in preg_quote caused heap corruption
- https://hackerone.com/reports/167908 | integer overflow in fgets cause heap corruption
- https://hackerone.com/reports/167909 | integer overflow in recode_string caused heap corruption
- https://hackerone.com/reports/167910 | memory corruption in wordwrap function
- https://hackerone.com/reports/167911 | integer overflow in fgetcsv caused heap corruption
- https://hackerone.com/reports/167921 | integer overflow in xml_utf8_encode
- https://hackerone.com/reports/167931 | Memory Corruption in During Deserialized-object Destruction
- https://hackerone.com/reports/167977 | Missing type check when unserializing SplArray
- https://hackerone.com/reports/168027 | gzdecode does NOT check output string size which leads to an overflow
- https://hackerone.com/reports/168028 | gzuncompress does NOT check output string size which leads to an overflow
- https://hackerone.com/reports/168029 | ldap_escape could produce string larger than 2Gb
- https://hackerone.com/reports/168116 | Insufficient validation on Digits bridge
- https://hackerone.com/reports/168458 | Stored XSS in https://productreviews.shopifyapps.com/proxy/v4/reviews/product
- https://hackerone.com/reports/168476 | Incoming email hijacking on sc-cdn.net
- https://hackerone.com/reports/168485 | Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE
- https://hackerone.com/reports/168538 | Twitter iOS fails to validate server certificate and sends oauth token
- https://hackerone.com/reports/169699 | CSRF in the "Add restaurant picture" function
- https://hackerone.com/reports/169759 | Open redirect in bulk edit
- https://hackerone.com/reports/170138 | SEH buffer overflow msgfmt_format_message
- https://hackerone.com/reports/170144 | wddx_deserialize use-after-free
- https://hackerone.com/reports/170161 | Password reset token not expiring
- https://hackerone.com/reports/170260 | imap_rfc822_parse_headers GS Violation
- https://hackerone.com/reports/170310 | Bypass rate limiting on /users/password (possibly site-wide rate limit bypass?)
- https://hackerone.com/reports/170548 | Ruby OpenSSL Library - IV Reuse in GCM Mode
- https://hackerone.com/reports/170618 | CVE-2016-7418 PHP Out-Of-Bounds Read in php_wddx_push_element
- https://hackerone.com/reports/170619 | PHP Integer Overflow in gdImageWebpCtx
- https://hackerone.com/reports/170894 | Facebook and twitter page claimed of maximum.com [important]
- https://hackerone.com/reports/171205 | No rate limit for Referral Program
- https://hackerone.com/reports/172115 | Multiple use after frees in obj2ast_* methods
- https://hackerone.com/reports/172137 | Authentication bypass on sso.ubnt.com via subdomain takeover of ping.ubnt.com
- https://hackerone.com/reports/172227 | Stored XSS in photo comment functionality
- https://hackerone.com/reports/172289 | HackerOne Integrations Design Issue
- https://hackerone.com/reports/172403 | Python 2.7 32-bit JSON encoding heap corruption
- https://hackerone.com/reports/172411 | Heap overflow caused by type confusion vulnerability in merge_param()
- https://hackerone.com/reports/172545 | IDOR - Ability to view unlisted products
- https://hackerone.com/reports/172549 | Possible Blind Writing to S3 Bucket
- https://hackerone.com/reports/172562 | LZMADecompressor.decompress Use After Free
- https://hackerone.com/reports/172574 | Follow Button XSS
- https://hackerone.com/reports/172595 | Reflected XSS in LTContactFormReceiver (/cs/Satellite)
- https://hackerone.com/reports/172698 | Subdomain take over signup.websummit
- https://hackerone.com/reports/172711 | Content Spoofing in udemy
- https://hackerone.com/reports/172733 | Add signature to transactions without any permission
- https://hackerone.com/reports/172780 | out of date disqus shortname usage in the web app source code
- https://hackerone.com/reports/172837 | password less login token expiration issue
- https://hackerone.com/reports/172843 | DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request
- https://hackerone.com/reports/172933 | IDNs displayed in unicode in messages/about/talk sections (Homograph Attack)
- https://hackerone.com/reports/173043 | Bypassing "You've requested your data the maximum number of times today." + "Please Verify an email address with snapchat to continue"
- https://hackerone.com/reports/173681 | [CRITICAL]-Taking over entire subdomain of romit.io
- https://hackerone.com/reports/173811 | Git available containing passwords.
- https://hackerone.com/reports/173969 | Full access to any list
- https://hackerone.com/reports/174069 | Buffer overflow in HTTP parse_hostinfo(), parse_userinfo() and parse_scheme()
- https://hackerone.com/reports/174328 | CSRF in github integration
- https://hackerone.com/reports/174474 | Cookie Injection at 'harvestapp.com'
- https://hackerone.com/reports/174632 | Information disclosure in mmap module - python 2.7.12
- https://hackerone.com/reports/174645 | Existence of Folder path by guessing the path through response
- https://hackerone.com/reports/174668 | No rate-limit in SERVER_SECURITY_CHECK
- https://hackerone.com/reports/174721 | View liked twits of private account via publish.twitter.com
- https://hackerone.com/reports/174871 | Linking Invoice to uninvited project.
- https://hackerone.com/reports/174882 | Requesting Show CheckIn Alert for Non Friend User
- https://hackerone.com/reports/175070 | Subdomain takeover on rider.uber.com due to non-existent distribution on Cloudfront
- https://hackerone.com/reports/175091 | chain.setstate Type Confusion
- https://hackerone.com/reports/175168 | [ecommerce.shopify.com] Invalidated redirection
- https://hackerone.com/reports/175260 | missing NULL check in dom_document_save_html
- https://hackerone.com/reports/175262 | NULL pointer dereference in SimpleXMLElement::asXML()
- https://hackerone.com/reports/175263 | crash in openssl_random_pseudo_bytes function
- https://hackerone.com/reports/175264 | heap overflow in php_ereg_replace function
- https://hackerone.com/reports/175286 | Homograph attack
- https://hackerone.com/reports/175310 | Write out-of-bounds at number_format
- https://hackerone.com/reports/175311 | memcpy negative size parameter in php_resolve_path
- https://hackerone.com/reports/175312 | memcpy negative parameter _bc_new_num_ex
- https://hackerone.com/reports/175315 | Illegal write access through Locale methods
- https://hackerone.com/reports/175316 | stack-buffer-overflow through "ResourceBundle" methods
- https://hackerone.com/reports/175320 | 2 Directory Listing on ledger.brave.com & vault-staging.brave.com
- https://hackerone.com/reports/175403 | [website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html
- https://hackerone.com/reports/175490 | Able to Login deactivated staff account in shopify app mobile
- https://hackerone.com/reports/175529 | URI Obfuscation
- https://hackerone.com/reports/175587 | Stack Buffer Overflow in GD dynamicGetbuf
- https://hackerone.com/reports/175779 | Address Bar Spoofing - Already resolved - Retroactive report
- https://hackerone.com/reports/175958 | [iOS/Android] Address Bar Spoofing Vulnerability
- https://hackerone.com/reports/175979 | Access to local file system using javascript
- https://hackerone.com/reports/175982 | Use-after-free in unserialize()
- https://hackerone.com/reports/176065 | [Android] HTML Injection in BatterySaveArticleRenderer WebView
- https://hackerone.com/reports/176066 | Denial of service attack on Brave Browser.
- https://hackerone.com/reports/176197 | Denial of service attack(window object) on brave browser
- https://hackerone.com/reports/176226 | CachingIterator null dereference when convert to string
- https://hackerone.com/reports/176279 | Heap overflow in mysqlnd related to BIT fields (CVE-2016-7412)
- https://hackerone.com/reports/176308 | Wordpress.com REST API oauth bypass via Cross Site Flashing
- https://hackerone.com/reports/176754 | Cross-site scripting (reflected)
- https://hackerone.com/reports/176899 | Editing a project (LIMITED)
- https://hackerone.com/reports/176929 | [ios] Address bar spoofing in Brave for iOS
- https://hackerone.com/reports/176979 | Authentication Issue
- https://hackerone.com/reports/177472 | CSRF: add item to victim's cart automatically (starbucks.com - updatecart)
- https://hackerone.com/reports/177508 | Reflected XSS by exploiting CSRF vulnerability on teavana.com wishlist comment module. (wishlist-comments)
- https://hackerone.com/reports/177624 | Unvalidated redirect on team.badoo.com
- https://hackerone.com/reports/177635 | CSRF vulnerability in saving payment card on store.starbucks.com (COBilling -AddCreditCard)
- https://hackerone.com/reports/177639 | CSRF exploit | Adding/Editing comment of wishlist items (teavana.com - Wishlist-Comments)
- https://hackerone.com/reports/177757 | Stored XSS in Restoring Archived Tasks
- https://hackerone.com/reports/178049 | Ра�крытие балан�а на //kopilka.qiwi.com
- https://hackerone.com/reports/178094 | php_snmp_parse_oid integer overflow in memory allocation
- https://hackerone.com/reports/178144 | imagecropauto out-of-bounds access
- https://hackerone.com/reports/178184 | SSRF in https://cards-dev.twitter.com/validator
- https://hackerone.com/reports/178284 | [vitrina.contact-sys.com] Full Path Disclosure
- https://hackerone.com/reports/178293 | Misconfiguration in Two Factor Authorisation
- https://hackerone.com/reports/178506 | Access private list metadata
- https://hackerone.com/reports/178567 | Arbitrary modification value "session" (Cookie) in badoo.com
- https://hackerone.com/reports/178742 | Leave inaccessible messaging system with a message (https://us1.badoo.com)
- https://hackerone.com/reports/178831 | CSRF on signup endpoint (auto-api.yelp.com)
- https://hackerone.com/reports/179164 | Stored XSS in community.ubnt.com
- https://hackerone.com/reports/179328 | Open Redirect (verkkopalvelu.lahitapiola.fi)
- https://hackerone.com/reports/179426 | Reflected XSS on blockchain.info
- https://hackerone.com/reports/179559 | Stored XSS in Template Documents
- https://hackerone.com/reports/179568 | Tab nabbing via window.opener
- https://hackerone.com/reports/179695 | XSS via unicode characters in upload filename
- https://hackerone.com/reports/179751 | SQL Injection on /webApp/omatalousuk (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/179763 | Suspicious browser fingerprinting(?) scripts on http://www.lahitapiola.fi/ redirector
- https://hackerone.com/reports/180037 | Selecting encryption for email with drive attachment overrides the drive email password
- https://hackerone.com/reports/180109 | crash in gzcompress and 3 other compress functions
- https://hackerone.com/reports/180110 | crash in implode() function
- https://hackerone.com/reports/180111 | crash in bzcompress function
- https://hackerone.com/reports/180112 | iconv() function missing string length check
- https://hackerone.com/reports/180113 | crash in get_icu_value_internal function
- https://hackerone.com/reports/180115 | crash in locale_get_keywords() when keyword value in locale string too long
- https://hackerone.com/reports/180116 | another crash in locale_get_keywords function
- https://hackerone.com/reports/180253 | Reflected Cross-Site Scripting due to vulnerable Flash component (Flashmediaelement.swf)
- https://hackerone.com/reports/180434 | cURL / libcURL - CVE-2016-8624 invalid URL parsing with '#'
- https://hackerone.com/reports/180538 | X.509 certificate validation fails on international vanity domains
- https://hackerone.com/reports/180562 | Memory corruption in _php_math_number_format_ex()
- https://hackerone.com/reports/180563 | Heap overflow due to integer overflow in bzdecompress() function
- https://hackerone.com/reports/180572 | Memory corruption due to missing check size in _php_math_number_format_ex()
- https://hackerone.com/reports/180582 | Heap overflow due to integer overflow in php_escape_html_entities_ex() function
- https://hackerone.com/reports/180584 | Heap overflow due to integer overflow in pg_escape_string() function
- https://hackerone.com/reports/180588 | Invalid memory access in zend_strtod() function
- https://hackerone.com/reports/180589 | crash in simplestring_addn function
- https://hackerone.com/reports/180590 | Invalid memory access in spl_filesystem_dir_open function
- https://hackerone.com/reports/180591 | Invalid memory access in php_basename function
- https://hackerone.com/reports/180592 | Invalid memory access in spl_filesystem_info_set_filename function
- https://hackerone.com/reports/180695 | ruby DoS https://www.mruby.science
- https://hackerone.com/reports/180814 | crash in locale_compose() function
- https://hackerone.com/reports/180908 | NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
- https://hackerone.com/reports/180909 | Use-after-free in ArrayObject Deserialization
- https://hackerone.com/reports/180977 | Exception cause SIGABRT
- https://hackerone.com/reports/181073 | malloc negative size parameter
- https://hackerone.com/reports/181088 | Window.opener bug at www.coinbase.com
- https://hackerone.com/reports/181210 | Incorrect detection of onion URLs
- https://hackerone.com/reports/181225 | Missing rel=noopener noreferrer in target=_blank links (Phishing attack)
- https://hackerone.com/reports/181232 | Denial of Service in mruby due to null pointer dereference
- https://hackerone.com/reports/181319 | Memory disclosure in mruby String#lines method
- https://hackerone.com/reports/181321 | Use after free vulnerability in mruby Array#to_h causing DOS possible RCE
- https://hackerone.com/reports/181558 | [DOS] denial of service using code snippet on brave browser
- https://hackerone.com/reports/181594 | Error Page Content Spoofing or Text Injection (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/181642 | libtiff 4.0.6 heap bufer overflow / out of bounds read (CVE-2016-9273)
- https://hackerone.com/reports/181665 | Subdomain Takeover (moderator.ubnt.com)
- https://hackerone.com/reports/181677 | NULL pointer dereference when parsing ternary operators
- https://hackerone.com/reports/181685 | Range#initialize_copy null pointer dereference
- https://hackerone.com/reports/181686 | [DOS] Browser hangs on loading the code snippet
- https://hackerone.com/reports/181695 | Undefined method_missing null pointer dereference
- https://hackerone.com/reports/181748 | [IDOR][translate.twitter.com] Opportunity to change any comment at the forum
- https://hackerone.com/reports/181768 | Poodle attack SSLv3 Support (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/181803 | SQL Injection /webApp/oma_conf ctx parameter (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/181810 | HTML Injection in email /webApp/lahti (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/181826 | SQL Injection /webApp/sijoitustalous_peruutus locId parameter (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/181828 | Segfault in mruby, mruby_engine and the parent MRI Ruby due to null pointer dereference
- https://hackerone.com/reports/181842 | Multiple Reflected XSS /webApp/lahti (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/181871 | DoS: type confusion in mrb_no_method_error
- https://hackerone.com/reports/181874 | SIGSEGV when invalid argument on remove_method
- https://hackerone.com/reports/181879 | Struct type confusion RCE
- https://hackerone.com/reports/181893 | TOCTTOU bug in mrb_str_setbyte leading the memory corruption
- https://hackerone.com/reports/181910 | Range constructor type confusion DoS
- https://hackerone.com/reports/182027 | SIGSEV on mrb_ary_splice
- https://hackerone.com/reports/182104 | Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at https://jenkins101.udemy.com
- https://hackerone.com/reports/182140 | libtiff 4.0.6 segfault / read outside of buffer (CVE-2016-9297)
- https://hackerone.com/reports/182160 | XSS in IE11 on portswigger.net via Flash
- https://hackerone.com/reports/182169 | Type confusion in FutureIter_throw() which may potentially lead to an arbitrary code execution
- https://hackerone.com/reports/182265 | Option method enabled (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/182274 | Null pointer dereference due to TOCTTOU bug in mrb_time_initialize
- https://hackerone.com/reports/182358 | Partial disclosure of report activity through new "Export as .zip" feature
- https://hackerone.com/reports/182420 | Illegal write/read access caused by gdImageAALine overflow
- https://hackerone.com/reports/182467 | Email Spoofing
- https://hackerone.com/reports/182474 | Use After Free in PHP7 unserialize()
- https://hackerone.com/reports/182484 | Broken handling of maximum number of method call arguments leads to segfault
- https://hackerone.com/reports/182670 | Email link poisoning / Host header attack
- https://hackerone.com/reports/183231 | SIGSEGV on mruby mrb_str_modify() (Invalid memory access)
- https://hackerone.com/reports/183239 | SIGSEGV on mruby's mark_tbl() (Invalid memory access)
- https://hackerone.com/reports/183356 | Segfault and/or potential unwanted (byte)code execution with "break" and "||=" inside a loop
- https://hackerone.com/reports/183405 | Null target_class DoS
- https://hackerone.com/reports/183425 | Segmentation fault when a Ruby method is invoked by a C method via Object#send
- https://hackerone.com/reports/183548 | SMTP configuration vulnerability viestinta.lahitapiola.fi
- https://hackerone.com/reports/183568 | [Buddypress] Arbitrary File Deletion through bp_avatar_set
- https://hackerone.com/reports/183796 | XSS and open redirect in verkkopalvelu.lahitapiola.fi
- https://hackerone.com/reports/184452 | Disclosure of IBM Websphere page
- https://hackerone.com/reports/184661 | mruby-time: Crash host with uninitialized Time obj
- https://hackerone.com/reports/184698 | Eavesdropping on private Slack calls
- https://hackerone.com/reports/184712 | Denial of service due to invalid memory access in mrb_ary_concat
- https://hackerone.com/reports/184715 | Read after free in mrb_vm_exec with OP_ARYCAT reading R(B)
- https://hackerone.com/reports/184857 | Crash: calling Proc::initialize_copy with a Proc instance where initialize never ran leads to a crash
- https://hackerone.com/reports/185041 | Type confusion in mrb_exc_set leading to memory corruption
- https://hackerone.com/reports/185051 | Type confusion in wrap_decimal leading to memory corruption
- https://hackerone.com/reports/185387 | Null pointer dereference regression in parse.y
- https://hackerone.com/reports/185775 | Crash: Initialize Decimal with itself triggers an assertion
- https://hackerone.com/reports/185794 | Crash: mrb_any_to_s can't handle NilClass, Symbol and Fixnum
- https://hackerone.com/reports/185826 | XSS in my.shopify.com in widget
- https://hackerone.com/reports/185833 | Incomplete or No Cache-control and Pragma HTTP Header Set
- https://hackerone.com/reports/185862 | Twitter for android is exposing user's location to any installed android app
- https://hackerone.com/reports/185899 | Invalid memory write caused by incorrect upper bound in array_copy
- https://hackerone.com/reports/185907 | unchecked unserialize usage in WordPress-Functionality-Plugin-Skeleton/functionality-plugin-skeleton.php
- https://hackerone.com/reports/185909 | unchecked unserialize usages in audit-trail-extension/audit-trail-extension.php
- https://hackerone.com/reports/185914 | constant cache_page_secret in regolith
- https://hackerone.com/reports/185957 | Crash: A call to Symbol.new leads to a crash when inspecting the resulting object
- https://hackerone.com/reports/186230 | Internal attachments can be exported via "Export as .zip" feature
- https://hackerone.com/reports/186352 | Fetching binaries (for software installation) over HTTP without verification (RCE as ROOT by MITM)
- https://hackerone.com/reports/186462 | Stored XSS at 'Buy Button' page
- https://hackerone.com/reports/186554 | Stored XSS in Adress Book (starbucks.com/account/profile)
- https://hackerone.com/reports/186723 | Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory
- https://hackerone.com/reports/186766 | Subdomain takeover on happymondays.starbucks.com due to non-used AWS S3 DNS record
- https://hackerone.com/reports/187305 | Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox
- https://hackerone.com/reports/187410 | Store XSS
- https://hackerone.com/reports/187520 | Wordpress 4.7 - CSRF -> HTTP SSRF any private ip:port and basic-auth
- https://hackerone.com/reports/187536 | Null pointer derefence due to bug in codegen with negation without using value
- https://hackerone.com/reports/187542 | Brave Browser unexpectedly allows to send arbitrary IPC messages
- https://hackerone.com/reports/187714 | Vine - overwrite account associated with email via android application
- https://hackerone.com/reports/188086 | Sending arbitrary IPC messages via overriding Function.prototype.apply
- https://hackerone.com/reports/188102 | 3 heap corruptions in PHP
- https://hackerone.com/reports/188185 | Dom Based Xss DIV.innerHTML parameters store.starbucks*
- https://hackerone.com/reports/188313 | Segmentation fault due to bad memory access in kh_get_mt
- https://hackerone.com/reports/188326 | Buffer overflow in mrb_time_asctime
- https://hackerone.com/reports/188661 | Invalid read when wddx decodes empty boolean element
- https://hackerone.com/reports/188719 | Information Disclosure in /skills call
- https://hackerone.com/reports/188972 | Persistent XSS in www.starbucks.com
- https://hackerone.com/reports/189378 | Unauthenticated Stored XSS on .myshopify.com via checkout page
- https://hackerone.com/reports/189633 | Certain inputs cause tight C-level recursion leading to process stack overflow
- https://hackerone.com/reports/189726 | Websites opened from reports can change url of report page
- https://hackerone.com/reports/189768 | [controlsyou.quora.com] 429 Too Many Requests Error-Page XSS
- https://hackerone.com/reports/189793 | [Android] XSS via start ContentActivity
-
https://hackerone.com/reports/190133 | Segfault when passing invalid values to
values_at
- https://hackerone.com/reports/190188 | Open Redirect bypass and cookie leakage on www.lahitapiola.com
- https://hackerone.com/reports/190798 | Reflected XSS on teavana.com (Locale-Change)
- https://hackerone.com/reports/190863 | imagefilltoborder stackoverflow on truecolor images
- https://hackerone.com/reports/190933 | Invalid parameter in memcpy function trough openssl_pbkdf2
- https://hackerone.com/reports/190951 | XSS on manually entering Postal codes
- https://hackerone.com/reports/191095 | Reflected XSS on sankarikoulutus (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/191146 | SQL Injection in lapsuudenturva (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/191323 | Sub Domain Takeover at mk.prd.vine.co
-
https://hackerone.com/reports/191328 | Invalid memory access in
mrb_str_format
- https://hackerone.com/reports/191380 | CRLF and XSS stored on ton.twitter.com
- https://hackerone.com/reports/191387 | Reflected XSS and Open Redirect in several parameters (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/191601 | SQL Injection on /webApp/sijoitustalousuk email-parameter + potential lack of CSRF Token (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/191689 | Incorrect code generation when result of NODE_NEGATE is not used
- https://hackerone.com/reports/191890 | DOM Based XSS in Discourse Search
- https://hackerone.com/reports/191909 | XSS Vulnerability on Image link parser
- https://hackerone.com/reports/191938 | SIGSEGV on mruby mrb_get_args()
- https://hackerone.com/reports/191994 | SIGSEGV mrb_obj_freeze() Manipulating Register RAX and RSI
- https://hackerone.com/reports/192127 | Buffer underflow in sprintf
- https://hackerone.com/reports/192131 | CSRF Attack on (m.badoo.com)deleting account and erasing imported contacts
- https://hackerone.com/reports/192140 | XSS on postal codes
- https://hackerone.com/reports/192210 | Stored XSS in blog comments through Shopify API
- https://hackerone.com/reports/192223 | XSS vulnerability on Audio and Video parsers
- https://hackerone.com/reports/192235 | Integer Overflow in mrb_ary_set
- https://hackerone.com/reports/192318 | mrb_vformat() heap overflow could lead to code execution
- https://hackerone.com/reports/192362 | Heap Overflow in mrb_arb_splice
- https://hackerone.com/reports/192388 | Unauthorised read Access to Expense Receipt of any user in the company(Vertical Privilege escalation)
- https://hackerone.com/reports/192485 | SIGSEGV on mrb_vm_exec() Null Deref
- https://hackerone.com/reports/192532 | SIGABRT, SIGSEGV mspace_free() and mrb_default_allocf()
- https://hackerone.com/reports/192578 | kh_get_n2s() stack overrun
- https://hackerone.com/reports/192665 | heap-buffer-overflow on mruby
- https://hackerone.com/reports/192734 | SIGSEGV Null Pointer mrb_str_concat()
- https://hackerone.com/reports/192896 | Memory disclosure in timegm
- https://hackerone.com/reports/193056 | Subdomain Takeover at http://gameday.websummit.net
- https://hackerone.com/reports/193075 | SIGSEGV - mrb_check_intern_str() - NullPointer
- https://hackerone.com/reports/193077 | mrb_str_modify try to write to memory not marked for writing
- https://hackerone.com/reports/193081 | Null pointer dereference in mrb_str_prepend
- https://hackerone.com/reports/193143 | Use After Free in str_replace
- https://hackerone.com/reports/193314 | SMTP user enumeration via mail.zendesk.com
-
https://hackerone.com/reports/193517 | attempting double-free using the mruby compiler
mrbc
- https://hackerone.com/reports/193719 | Double free of filename after codegen error
- https://hackerone.com/reports/193724 | SIGSEGV - kh_resize_iv - Null Deref
- https://hackerone.com/reports/193773 | SIGABRT - mrb_default_allocf
- https://hackerone.com/reports/194017 | Open redirect - user interaction needed (verkkopalvelu.lahitapiola.fi/e2/..) - based on #179328
- https://hackerone.com/reports/194329 | No session logout after changing password & alsoandroid sessions not shown in sessions list so they can be deleted
- https://hackerone.com/reports/194351 | Able to download arbitrary PHP files at yelpblog.com
- https://hackerone.com/reports/194574 | IDOR - Folder names disclosure inside a domain, regardless of user
- https://hackerone.com/reports/194721 | Verification of email addresses possible through https://www.yelp.com/signup/facebook
- https://hackerone.com/reports/194761 | OpenSSL Padding Oracle Attack (CVE-2016-2107) on viestinta.lahitapiola.fi
- https://hackerone.com/reports/194790 | IDOR - Downloading all attachements if having access to a shared link
- https://hackerone.com/reports/194832 | Authentication Bypass on monitoring server
- https://hackerone.com/reports/194884 | Heap use-after-free during range creation
- https://hackerone.com/reports/194906 | Heap overflow due to off-by-one when expanding stack
- https://hackerone.com/reports/195045 | Set Cookie Via SVG
- https://hackerone.com/reports/195156 | CSRF in all API endpoints when authenticated using HTTP Authentication
- https://hackerone.com/reports/195350 | Subdomain takeover on podcasts.slack-core.com
- https://hackerone.com/reports/195580 | Crash (DoS) when parsing a hostile TIFF
- https://hackerone.com/reports/195586 | Memory corruption when parsing a hostile PHAR archive
- https://hackerone.com/reports/195688 | NULL Pointer Dereference while unserialize php object
- https://hackerone.com/reports/195842 | Segmentation fault - mrb_gc_mark
- https://hackerone.com/reports/195950 | Use of uninitialized memory in unserialize()
- https://hackerone.com/reports/196221 | XSS in instacart.com/store/partner_recipe
- https://hackerone.com/reports/196222 | RTLO char allowed in chat
- https://hackerone.com/reports/196380 | SIGSEGV in mrb_vm_exec
- https://hackerone.com/reports/196386 | SIGSEGV - mrb_vm_exec - vm.c in line:1272
- https://hackerone.com/reports/196458 | apps.shopify.com - CSRF token leakage through Google Analytics
- https://hackerone.com/reports/196498 | Segmentation fault on program counter
- https://hackerone.com/reports/196624 | dom xss in https://www.slackatwork.com
- https://hackerone.com/reports/196655 | Disclose any user's private email through API
- https://hackerone.com/reports/196846 | Open redirect / Reflected XSS payload in root that affects all your sites (store.starbucks.* / shop.starbucks.* / teavana.com)
- https://hackerone.com/reports/197443 | XSS in topics because of bandcamp preview engine vulnerability
- https://hackerone.com/reports/197693 | SIGSEGV - mrb_vm_exec - line:1681
- https://hackerone.com/reports/197694 | SIGSEGV - mrb_obj_extend - line:413
- https://hackerone.com/reports/197719 | Still heap overflow in mrb_ary_splice
- https://hackerone.com/reports/197723 | Null pointer dereference in mrb_str_modify
- https://hackerone.com/reports/197789 | [insideok.ru] Database Dump
- https://hackerone.com/reports/197902 | Stored XSS in topics because of whitelisted_generic engine vulnerability
- https://hackerone.com/reports/197914 | Stored XSS in posts because of absence of oembed variables values escaping
- https://hackerone.com/reports/197916 | Crash in print_backtrace
- https://hackerone.com/reports/198249 | [XSS/3dsecure.qiwi.com] 3DSecure XSS
- https://hackerone.com/reports/198251 | [XSS/pay.qiwi.com] Pay SubDomain Hard-Use XSS
- https://hackerone.com/reports/198452 | SIGABRT - mrb_realloc_simple - gc.c - line:201
- https://hackerone.com/reports/198622 | Clickjacking Periscope.tv on Chrome
- https://hackerone.com/reports/198723 | Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization
- https://hackerone.com/reports/198732 | Use After Free in unserialize()
- https://hackerone.com/reports/198733 | Type Confusion in Object Deserialization
- https://hackerone.com/reports/198734 | GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability]
- https://hackerone.com/reports/198969 | IDOR - Deleting other user's reminders just by id
- https://hackerone.com/reports/199281 | IDOR - Leaking other user's folder names from /appsuite/api/import?action=ICA
- https://hackerone.com/reports/199321 | IDOR - Deleting other user's signature via /appsuite/api/snippet?action=update (although an error is thrown)
- https://hackerone.com/reports/199764 | Aborted - proc.c - line:143
- https://hackerone.com/reports/199779 | Google Analytics could be used as CSP bypass for data exfiltration on hackerone.com
- https://hackerone.com/reports/199804 | Persistent XSS on ForecastApp
- https://hackerone.com/reports/200387 | Incorrect code generation with redo inside NODE_RESCUE.
- https://hackerone.com/reports/200487 | Incomplete HTML sanitization + Session id leaking + private information disclosure
- https://hackerone.com/reports/200576 | Logic flaw enables restricted account to access account license key
- https://hackerone.com/reports/200753 | [nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html
- https://hackerone.com/reports/200818 | SQL Injection /webApp/cancel_iltakoulu regId parameter (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/200821 | heap-use-after-free /home/operac/testafl/mruby/mrubylast/mruby/src/gc.c
- https://hackerone.com/reports/200826 | [github.algolia.com] DOM Based XSS github-btn.html
- https://hackerone.com/reports/200909 | Out of bounds memory read in unserialize()
- https://hackerone.com/reports/201137 | Reflected XSS on iltakoulu_varkaus (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/201314 | Enumeration in unsubscribe -function of /omatalousuk (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/201346 | CVE-2017-3730: Bad (EC)DHE parameters cause a client crash
- https://hackerone.com/reports/201529 | Can upload files without authentication on AirFibre 3.2
- https://hackerone.com/reports/201723 | Single user DOS on selectedLanguage -cookie (yrityspalvelu.lahitapiola.fi)
- https://hackerone.com/reports/201796 | cloudup Subdomain Takeover That resolves to Desk.com ( CNAME cloudup.desk.com )
- https://hackerone.com/reports/201897 | Recursion causing uninitialized memory reads leading to a segfault
- https://hackerone.com/reports/201901 | Test Page available with Server details on /r/test (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/201905 | SIGSEGV - vm.c - line:1214
- https://hackerone.com/reports/201984 | Wordpress directories/files visible to internet
- https://hackerone.com/reports/202177 | Login with Google Not Authenticated on iOS App
- https://hackerone.com/reports/202354 | Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/
- https://hackerone.com/reports/202362 | Null pointer dereference in mrb_random_initialize
- https://hackerone.com/reports/202425 | Two-factor authentication bypass on Grab Android App
- https://hackerone.com/reports/202499 | User with only Viewing Privilege can send message to Room
- https://hackerone.com/reports/202501 | Restricted user is able to delete filter sets of admin users in https://infrastructure.newrelic.com/accounts/{{ACC#}}/settings/filterSets
- https://hackerone.com/reports/202582 | Denial of service (segfault) due to null pointer dereference in mrb_obj_instance_eval
- https://hackerone.com/reports/202584 | Denial of service (segfault) due to null pointer dereference in mrb_vm_exec
- https://hackerone.com/reports/202767 | Subdomain takeover at info.hacker.one
- https://hackerone.com/reports/202960 | CVE-2017-5204: The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print()
- https://hackerone.com/reports/202965 | CVE-2017-5341 The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print()
- https://hackerone.com/reports/202967 | CVE-2017-5484 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print()
- https://hackerone.com/reports/202968 | CVE-2017-5342 In tcpdump before 4.9.0 a bug in multiple protocol parsers could cause a buffer overflow in print-ether.c:ether_print()
- https://hackerone.com/reports/202969 | CVE-2017-5482 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print().
- https://hackerone.com/reports/203002 | Incorrect GC behavior in xxlimited could lead to use-after-free
- https://hackerone.com/reports/203042 | Find whether a video has been favourited or not, for any user [via YouPorn Mobile API]
- https://hackerone.com/reports/203513 | SIGSEGV - mrb_vm_exec - line:1312
- https://hackerone.com/reports/203515 | Wordpress 4.7.2 - Two XSS in Media Upload when file too large.
- https://hackerone.com/reports/203595 | forgot to add the patch
- https://hackerone.com/reports/203673 | AirFibre products vulnerable to HTTP Header injection
- https://hackerone.com/reports/203726 | Open Redirect in .greenhouse.io
- https://hackerone.com/reports/204047 | Segmentation fault while printing backtrace
- https://hackerone.com/reports/204208 | High server resource usage on captcha (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/204421 | Heap buffer oveflow with many arguments
- https://hackerone.com/reports/204513 | Infrastructure - Photon - SSRF
- https://hackerone.com/reports/204628 | segafult in mruby's sprintf - mrb_str_format
-
https://hackerone.com/reports/204774 | A crash when an exception is caught in a caller and the receiver returned from
ensure
- https://hackerone.com/reports/204802 | pam-ussh may be tricked into using another logged in user's ssh-agent
- https://hackerone.com/reports/204984 | IDOR - Accessing other user's attachements via PUT /appsuite/api/files?action=saveAs
- https://hackerone.com/reports/205000 | Authorization bypass using login by phone option+horizontal escalation possible on Grab Android App
- https://hackerone.com/reports/205284 | SIGABRT - method_missing - mark_context_stack
- https://hackerone.com/reports/205481 | Wordpress unzip_file path traversal
- https://hackerone.com/reports/205884 | Interger overflow in str_substr leading to read/write out of bound memory
- https://hackerone.com/reports/205953 | CSRF - Adding unlimited number of saved items via GET request
- https://hackerone.com/reports/206109 | mruby heap use-after-free
- https://hackerone.com/reports/206227 | Remote Code Execution on Git.imgur-dev.com
- https://hackerone.com/reports/206319 | Persistent CSRF in /GiftCert-AddToBasket prevents purchases on eCommerce sites
- https://hackerone.com/reports/206650 | Broken Authentication - Security token gets captured via man in the middle attack
- https://hackerone.com/reports/206653 | Captcha bypass for the most important function - At en.instagram-brand.com
- https://hackerone.com/reports/206894 | SSRF at iris.lystit.com
- https://hackerone.com/reports/207042 | Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP
- https://hackerone.com/reports/207053 | Writable RubyCi Amazon s3 bucket
- https://hackerone.com/reports/207266 | Information leakage via CSV when content is valid JavaScript
- https://hackerone.com/reports/207321 | Controlled address leak due to type confusion - ASLR bypass
- https://hackerone.com/reports/207576 | Subdomain takeover on s3.shopify.com
- https://hackerone.com/reports/207710 | Heap use-after-free in mrb_vm_exec
- https://hackerone.com/reports/207983 | read outside of buffer (heap buffer overflow) in S_regmatch - regexec.c:6057
- https://hackerone.com/reports/208237 | Brute force unsubscription on /webApp/unsub_sb (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/208363 | Memory corrouption in mrb_gc_mark
- https://hackerone.com/reports/208480 | Site configured improperly at subdomain of lyst.co.uk
- https://hackerone.com/reports/208526 | Null pointer dereference in mark_context_stack
- https://hackerone.com/reports/208622 | Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web script via p parameter.
- https://hackerone.com/reports/208719 | Subdomain Takeover at Landing.udemy.com
- https://hackerone.com/reports/208734 | CSRF @ configuration
- https://hackerone.com/reports/209004 | Subdomain takeover #2 at info.hacker.one
- https://hackerone.com/reports/209008 | Authentication Bypass - Chaining two vulnerabilities leads to account takeover at en.instagram-brand.com
- https://hackerone.com/reports/209223 | Open S3 Bucket WriteAble To Any Aws User
- https://hackerone.com/reports/209251 | public report - Reproducible - Writable RubyCi Amazon s3 bucket[207053]
- https://hackerone.com/reports/209352 | Cross Domain leakage of sensitive information - Leading to Account Takeover at Instagram Brand
- https://hackerone.com/reports/209368 | [wallet.rapida.ru] Mass SMS flood
- https://hackerone.com/reports/209398 | HTML Injection in email from http://www.lahitapiola.fi/henkilo/sivut/tonttutesti
- https://hackerone.com/reports/209449 | Heap buffer overflow with long array assignment
- https://hackerone.com/reports/209736 | DOM XSS on teavana.com via "pr_zip_location" parameter
- https://hackerone.com/reports/209765 | Heap buffer overflow in mruby value_move
- https://hackerone.com/reports/209917 | javascript: and mailto: links are allowed in JIRA integration settings
- https://hackerone.com/reports/209937 | SIGSEGV - mark_context_stack
- https://hackerone.com/reports/209949 | Arbitrary heap exposure in JSON.generate
- https://hackerone.com/reports/210190 | Transitioning a Private Program to Public Does Not Clear Previously Private Updates to Hackers
- https://hackerone.com/reports/210331 | SSLv3 POODLE Vulnerability
- https://hackerone.com/reports/210354 | RTLO character in file names
- https://hackerone.com/reports/210429 | mrb_vm_exec - null ptr dereference
- https://hackerone.com/reports/210572 | Full path Disclosure in Rockstargames.com██████████
- https://hackerone.com/reports/210779 | [Urgent] Invalidating OAuth2 Bearer token makes TweetDeck unavailable
- https://hackerone.com/reports/210875 | use of unsafe host header leads to open redirect
- https://hackerone.com/reports/210908 | XSS on 3rd party service Localtapiola is using
- https://hackerone.com/reports/211149 | Inadequate/dangerous jQuery behavior
- https://hackerone.com/reports/211418 | Source Code Disclosure (CGI)
- https://hackerone.com/reports/211477 | Stealing users' facebook access tokens - kitcrm.com
- https://hackerone.com/reports/212067 | An “algobot�-s GitHub access token was leaked
- https://hackerone.com/reports/212074 | SIGSEGV - mrb_yield_with_class
- https://hackerone.com/reports/212107 | Null pointer dereference in mrb_class
- https://hackerone.com/reports/212239 | sprintf gem - format string combined attack
- https://hackerone.com/reports/212241 | sprintf combined format string attack
- https://hackerone.com/reports/212456 | SIGSEGV - kh_get_n2s - in /src/symbol.c:37
- https://hackerone.com/reports/212508 | Single User DOS on SelectedLocale -cookie (verkkopalvelu.tapiola.fi)
-
https://hackerone.com/reports/212696 | RCE by command line argument injection to
gm convert
in/edit/process?a=crop
- https://hackerone.com/reports/212721 | IE 11 Self-XSS on Jira Integration Preview Base Link
- https://hackerone.com/reports/212882 | SIGABRT in only mirb
- https://hackerone.com/reports/213255 | SIGSEGV in str_buf_cat
- https://hackerone.com/reports/213261 | Use-after-free leading to an invalid pointer dereference
- https://hackerone.com/reports/213418 | User able to access company details in yrityspalvelu without proper permissions
- https://hackerone.com/reports/213437 | Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516 Invalid Curve attack
- https://hackerone.com/reports/213558 | Arbitrary Local-File Read from Admin - Restore From Backup due to Symlinks
- https://hackerone.com/reports/213779 | SIGSEGV - mrb_obj_value
- https://hackerone.com/reports/213942 | Differential "Show Raw File" feature exposes generated files to unauthorised users
- https://hackerone.com/reports/214000 | SIGABRT - mirb and mruby
- https://hackerone.com/reports/214001 | File access controls incorrectly enforced for files shared via QuickLink - Unshared files can be accessed
- https://hackerone.com/reports/214022 | Admin Command Injection via username in user_archive ExportCsvFile
- https://hackerone.com/reports/214044 | Stored XSS in [shop].myshopify.com/admin/orders/[id]
- https://hackerone.com/reports/214087 | Clickjacking Vulnerability found on Yelp
- https://hackerone.com/reports/214571 | Login form on non-HTTPS page
- https://hackerone.com/reports/214576 | SIGABRT - mirb - Double Free
- https://hackerone.com/reports/214581 | Stored passive XSS at scheduled posts (kitcrm.com)
- https://hackerone.com/reports/214681 | Null pointer dereference in ary_concat
- https://hackerone.com/reports/214845 | SIGSEGV in mrb_vm_exec
- https://hackerone.com/reports/215044 | [iOS] URL can be replaceState by blob URL in iOS Brave
- https://hackerone.com/reports/215381 | CSRF on Periscope Web OAuth authorization endpoint
- https://hackerone.com/reports/215447 | SIGSEGV in mrb_class
- https://hackerone.com/reports/215625 | A HackerOne employee's GitHub personal access token exposed in Travis CI build logs
- https://hackerone.com/reports/215854 | Garbage collector crash
- https://hackerone.com/reports/215891 | Null pointer dereference in mrb_class
- https://hackerone.com/reports/215967 | SIGABRT in mrb_debug_info_append_file
- https://hackerone.com/reports/216151 | Use-after-free in _asyncio_Future_remove_done_callback
- https://hackerone.com/reports/216615 | Crash in ary_concat()
- https://hackerone.com/reports/216700 | heap use-after-free in mrb_vm_exec()
- https://hackerone.com/reports/216725 | SIGABRT - in free
- https://hackerone.com/reports/216746 | Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks.
- https://hackerone.com/reports/216812 | Reflected XSS in error pages (NC-SA-2017-008)
- https://hackerone.com/reports/216840 | OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
- https://hackerone.com/reports/217007 | Stored XSS in e.mail.ru (payload affect multiple users)
- https://hackerone.com/reports/217083 | SIGSEGV in mrb_str_inum
- https://hackerone.com/reports/217097 | SIGSEGV in mrb_vm_exec
- https://hackerone.com/reports/217358 | Subdomain takeover #3 at info.hacker.one
- https://hackerone.com/reports/217555 | Possible to unsubscribe from activities using CSRF @ mijn.werkenbijdefensie.nl
- https://hackerone.com/reports/217558 | Possible to view and takeover other user's education and courses @ mijn.werkenbijdefensie.nl
- https://hackerone.com/reports/217610 | kh_put_iv SEGFAULT - mruby 1.2.0
-
https://hackerone.com/reports/217745 | XSS in
$shop$ .myshopify.com/admin/ via "Button Objects" in malicious app -
https://hackerone.com/reports/217790 | XSS in
$shop$ .myshopify.com/admin/ via twine template injection in "Shopify.API.Modal.input" method when using a malicious app - https://hackerone.com/reports/218088 | Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier
- https://hackerone.com/reports/218226 | Stored XSS in comments on https://www.starbucks.co.uk/blog/*
- https://hackerone.com/reports/218233 | Null pointer dereference in OP_ENTER
- https://hackerone.com/reports/218287 | In App purchase Hack
- https://hackerone.com/reports/218451 | [Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME
- https://hackerone.com/reports/218465 | [staging-engineering.gnip.com] Publicly accessible GIT directory
- https://hackerone.com/reports/218567 | SIGSEGV in array_copy - array.c:71
- https://hackerone.com/reports/218570 | Invalid pointer dereference in OP_ENTER
- https://hackerone.com/reports/218680 | [buy.coinbase.com]Content Injection
- https://hackerone.com/reports/218803 | SIGABRT in sym_validate_len - symbol.c:44
- https://hackerone.com/reports/219170 | XSS
- https://hackerone.com/reports/219192 | Resend invitation to members by Read only user(Privilege Escalation)
- https://hackerone.com/reports/219197 | [██████████.gnip.com] .htpasswd disclosure
- https://hackerone.com/reports/219205 | Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com
- https://hackerone.com/reports/219215 | Client can redirect payment, causing payment discrepancy between Harvest and PayPal
- https://hackerone.com/reports/219607 | Dovecot authentication is vulnerable to timing attacks.
- https://hackerone.com/reports/219821 | XSS
- https://hackerone.com/reports/219870 | mirb only: stack-buffer-overflow (OOB write) in main()
- https://hackerone.com/reports/220002 | Subdomain takeover #4 at info.hacker.one
- https://hackerone.com/reports/220009 | Lack of input sanitization in Marketo form leads to execution of HTML in lead emails
- https://hackerone.com/reports/220385 | Delete All Data of Any User
- https://hackerone.com/reports/220494 | [GitHub Extension] Unsanitised HTML leading to XSS on GitHub.com
- https://hackerone.com/reports/220615 | Expired SSL certificate
- https://hackerone.com/reports/220737 | Tabnabbing via Window.Opener @Mavenlink
- https://hackerone.com/reports/220864 | Unauthorized access to attachments details of Private Calendar appointments (Access control issue)
- https://hackerone.com/reports/220874 | Critical : View/Edit access to private appointments of calendar folder by read only user (Vertical privilege escalation)
- https://hackerone.com/reports/220903 | Authenticated Cross-site Scripting in Template Name
- https://hackerone.com/reports/221251 | heap-buffer-overflow (read outside of buffer) in mrb_vm_exec()
- https://hackerone.com/reports/221328 | HTTP 401 response injection on "amp.twimg.com/amplify-web-player/prod/source.html" through "image_src" parameter
- https://hackerone.com/reports/221558 | Private Grab Messages on Android App can be accessed and cached by Search Engines
- https://hackerone.com/reports/221785 | OOB write in MDC2_Update() (CVE-2016-6303)
- https://hackerone.com/reports/221787 | Malformed SHA512 ticket DoS (CVE-2016-6302)
- https://hackerone.com/reports/221788 | OOB write in BN_bn2dec() (CVE-2016-2182)
- https://hackerone.com/reports/221789 | OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
- https://hackerone.com/reports/221790 | Certificate message OOB reads (CVE-2016-6306)
- https://hackerone.com/reports/221791 | Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
- https://hackerone.com/reports/221792 | Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
- https://hackerone.com/reports/221893 | XSS in the search bar of mercantile.wordpress.org
- https://hackerone.com/reports/222020 | Mercurial can be tricked into granting authorized users access to the Python debugger
- https://hackerone.com/reports/222040 | Reflected XSS at https://da.wordpress.org/themes/?s= via "s=" parameter
- https://hackerone.com/reports/222224 | Stored but [SELF] XSS in mercantile.wordpress.org
- https://hackerone.com/reports/222252 | Дубликат: https://hackerone.com/reports/219171 (до�туп к аккаунту, через �бро� парол�)
- https://hackerone.com/reports/222294 | heap-use-after-free in mrb_vm_exec - vm.c:1247
- https://hackerone.com/reports/222692 | plugins.trac.wordpress.org likely vulnerable to Cross Site Tracing (xst), TRACE HTTP method should be disabled
- https://hackerone.com/reports/222870 | IRC-Bot exposes information
- https://hackerone.com/reports/223203 | SVG Server Side Request Forgery (SSRF)
- https://hackerone.com/reports/223363 | Escape sequence injection vulnerability in WEBrick BasicAuth
- https://hackerone.com/reports/223625 | Subdomain Takeover (and Stored XSS) via Trailing Dot at https://coding-exercises.udemy.com
- https://hackerone.com/reports/223906 | Dropbox Paper - Markdown XSS
- https://hackerone.com/reports/225243 | phone number exposure for riders/drivers given email/uuid
- https://hackerone.com/reports/225831 | Extract Billing admin email address using random team id
- https://hackerone.com/reports/225897 | Throttling Bypass - ws1.dashlane.com
- https://hackerone.com/reports/226191 | Android MailRu Email: Thirdparty can access private data files with small user interaction
- https://hackerone.com/reports/226199 | Changing Victim's JIRA Integration Settings Through Multiple Bugs
- https://hackerone.com/reports/226200 | OP_SCALL in LHS of a OP_ASGN resulting in arbitrary memory write
- https://hackerone.com/reports/226203 | Cross-site-Scripting
- https://hackerone.com/reports/226335 | Escape sequence injection in "summary" field
- https://hackerone.com/reports/226418 | HackerOne reports escalation to JIRA is CSRF vulnerable
- https://hackerone.com/reports/226428 | Reflected XSS in .myshopify.com through theme preview
- https://hackerone.com/reports/226783 | HTML Injection on airlink.ubnt.com
- https://hackerone.com/reports/226960 | [platform.harvestapp.com] Reflected XSS in Error Message via URL parameters
- https://hackerone.com/reports/227181 | Xss в https://e.mail.ru/
- https://hackerone.com/reports/227486 | XSS on https://www.starbucks.co.uk (can lead to credit card theft) (/shop/paymentmethod)
- https://hackerone.com/reports/227522 | IDOR in editing courses
- https://hackerone.com/reports/227663 | [https://www.dashlane.com] Test Panel Disclosure
- https://hackerone.com/reports/227762 | Heap Overflow in fiber_switch triggered from Fiber.transfer
- https://hackerone.com/reports/227809 | XSS at in instacart.com/store/partner_recipe
- https://hackerone.com/reports/227833 | Reverse Tab-nabbing at www.instacart.com/store/partner_recipe?recipe_url=
- https://hackerone.com/reports/228006 | Cross-site Scripting (XSS) on [maximum.nl]
- https://hackerone.com/reports/228112 | Directory Disclose,Email Disclose Zendmail vulnerability
- https://hackerone.com/reports/228377 | SSRF in upload IMG through URL
- https://hackerone.com/reports/228399 | Any authenticated user can download full list of users, including email
- https://hackerone.com/reports/228531 | Xss в https://e.mail.ru/
- https://hackerone.com/reports/228648 | WannaCrypt “Killswitch�
- https://hackerone.com/reports/229498 | Host header injection/redirection via newsletter signup
- https://hackerone.com/reports/229619 | Ability to verify any email address you don't own - accounts.shopify.com
- https://hackerone.com/reports/229622 | Directory traversal at https://nightly.ubnt.com
- https://hackerone.com/reports/230232 | Stored self-XSS in mercantile.wordpress.org checkout
- https://hackerone.com/reports/230234 | [mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection
- https://hackerone.com/reports/230435 | DOM Based XSS In mercantile.wordpress.org
- https://hackerone.com/reports/231053 | XSS on any Shopify shop via abuse of the HTML5 structured clone algorithm in postMessage listener on "/:id/digital_wallets/dialog"
- https://hackerone.com/reports/231917 | Shared file link - password protection bypass under certain conditions
- https://hackerone.com/reports/232150 | heap-buffer-overflow (READ of size 11) in Perl 5.25.x
-
https://hackerone.com/reports/232174 | XSS on
$shop$ .myshopify.com/admin/ and partners.shopify.com via whitelist bypass in SVG icon for sales channel applications - https://hackerone.com/reports/232347 | [FG-VD-17-063] NextCloud Insufficient Attack Protection Vulnerability Notification
- https://hackerone.com/reports/232432 | Universal Cross-Site Scripting in Keybase Chrome extension
- https://hackerone.com/reports/232463 | Possible sweet32 lahitapiola.fi
- https://hackerone.com/reports/232653 | CSRF. Удаление адре�ной книги, добавление контактов
- https://hackerone.com/reports/233099 | CSRF in Report Lost or Stolen Page https://www.starbucks.com/account/card
- https://hackerone.com/reports/233440 | heap-buffer-overflow (READ of size 61) in Perl_re_intuit_start()
- https://hackerone.com/reports/235200 | Cross-origin resource sharing misconfig | steal user information
- https://hackerone.com/reports/235866 | Cross-site Scripting (XSS) in /updates-pro/archive/
- https://hackerone.com/reports/236552 | Unauthenticated RCE in Vaultpress
- https://hackerone.com/reports/237184 | Session fixation in password protected public download.
- https://hackerone.com/reports/237357 | CRLF Injection at vpn.bitstrips.com
- https://hackerone.com/reports/237381 | SSRF and local file disclosure in https://wordpress.com/media/videos/ via FFmpeg HLS processing
- https://hackerone.com/reports/237915 | PHP mbstring / Oniguruma multiple remote heap/stack corruptions
- https://hackerone.com/reports/238260 | Uninstalling Slack for Windows (64-bit), then reinstalling keeps you logged in without authentication
- https://hackerone.com/reports/239359 | Timing attack woocommerce, simplify commerce gateway
- https://hackerone.com/reports/239503 | Open Redirect & Information Disclosure [mijn.werkenbijdefensie.nl]
- https://hackerone.com/reports/240083 | Updating payout preference to CurrencyCloud doesn't notify user via email
- https://hackerone.com/reports/240821 | Ability To Takeover any account by Emaill.
- https://hackerone.com/reports/240886 | Multiple File Manipulation bugs in WP Super Cache
- https://hackerone.com/reports/241008 | Stored XSS in *.myshopify.com
- https://hackerone.com/reports/241202 | Unsafe arithmetic in PyString_DecodeEscape
- https://hackerone.com/reports/241323 | woocommerce - prevent_caching() bug / bypass
- https://hackerone.com/reports/241610 | ap_find_token() Buffer Overread
- https://hackerone.com/reports/241619 | DOM-based XSS in store.starbucks.co.uk on IE 11
- https://hackerone.com/reports/242314 | Open redirect on https://werkenbijdefensie.nl/
- https://hackerone.com/reports/242354 | Null pointer dereference with send/method_missing
- https://hackerone.com/reports/242727 | Android content provider exposes password-protected share password hashes
- https://hackerone.com/reports/242765 | Any user with invite capabilities can take-over any account on Discourse
- https://hackerone.com/reports/243058 | XSS bypass Script execute,Read any file,execute any javascript code--UXSS
- https://hackerone.com/reports/243094 | Paragonie Airship Admin CSRF on Extensions Pages
- https://hackerone.com/reports/243156 | Installing a crafted gem package may create or overwrite files
- https://hackerone.com/reports/243943 | IDOR [partners.shopify.com] - User with ONLY Manage apps permission is able to get shops info and staff names from inside the shop
- https://hackerone.com/reports/244504 | Possible SOP bypass in www.starbucks.com due to insecure crossdomain.xml
- https://hackerone.com/reports/244904 | Use after free in mruby-mpdecimal
- https://hackerone.com/reports/245172 | Double Stored Cross-Site scripting in the admin panel
- https://hackerone.com/reports/245228 | Object Injection in Woocommerce / Handle PDT Responses from PayPal
-
https://hackerone.com/reports/245296 | Persistent XSS on keybase.io via "payload" field in
/user/sigchain_signature.toffee
template - https://hackerone.com/reports/245833 | The user, who was deleted from Github Organization, still can access all functions of federalist, in case he didn't do logout
- https://hackerone.com/reports/245872 | [IDOR] The authenticated user can restart website build or view build logs on any another Federalist account
- https://hackerone.com/reports/245956 | Use-after-free in PHP7's unserialize()
- https://hackerone.com/reports/246794 | XSS on "widgets.shopifyapps.com" via "stripping" attribute and "shop" parameter
- https://hackerone.com/reports/246801 | Captcha Bypass in Coinbase SignUp Form
- https://hackerone.com/reports/246803 | [spectacles.com] Bypassing quantity limit in orders
- https://hackerone.com/reports/246897 | Open Redirect
- https://hackerone.com/reports/247246 | Dom based xss affecting all pages from https://www.grab.com/.
- https://hackerone.com/reports/247628 | Reading redacted data via hackbot's answers
- https://hackerone.com/reports/247680 | SSRF in imgur video GIF conversion
- https://hackerone.com/reports/248560 | [parcel.grab.com] DOM XSS at /assets/bower_components/lodash/perf/
- https://hackerone.com/reports/248599 | Information disclosure same issue #176002
- https://hackerone.com/reports/248601 | PHP INI Parsing Stack Buffer Overflow Vulnerability
- https://hackerone.com/reports/248609 | PHP OpenSSL zif_openssl_seal() heap overflow (wild memcpy)
- https://hackerone.com/reports/248659 | PHP WDDX Deserialization Heap OOB Read in timelib_meridian()
- https://hackerone.com/reports/248668 | XXE on sms-be-vip.twitter.com in SXMP Processor
- https://hackerone.com/reports/248693 | Git repository found
- https://hackerone.com/reports/249131 | Ability to create own account UUID leads to stored XSS
- https://hackerone.com/reports/249234 | Posting to Twitter CSRF on php/post_twitter_authenticate.php
- https://hackerone.com/reports/249319 | Race condition on the Federalist API endpoints can lead to the Denial of Service attack
- https://hackerone.com/reports/249798 | Intercom chat session information persists after logout
- https://hackerone.com/reports/250386 | CSRF Проверить �вл�ет�� ли пользователь админом группы.
- https://hackerone.com/reports/250688 | The Federalsit session cookie (federalist.sid) is not properly invalidated - backdoor access to the account is possible
- https://hackerone.com/reports/250729 | Content Security Policy not applied to error pages at multiple HackerOne endpoints
- https://hackerone.com/reports/250837 | Stored xss via template injection
- https://hackerone.com/reports/251224 | Blind stored xss [parcel.grab.com] > name parameter
- https://hackerone.com/reports/251572 | Length extension attack leading to HTML injection
- https://hackerone.com/reports/251918 | Flash CSRF: Update Ad Frequency %: [cp-ng.pinion.gg]
- https://hackerone.com/reports/252580 | Scrollbar Width permits detecting browser platform
- https://hackerone.com/reports/252908 | Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486)
- https://hackerone.com/reports/253313 | XSS Vulnerability in WooCommerce Product Vendors plugin
- https://hackerone.com/reports/253429 | Linux TBB SFTP URI allows local IP disclosure
- https://hackerone.com/reports/253934 | Password reset token issue
- https://hackerone.com/reports/254269 | Persistent XSS found on bin.pinion.gg due to outdated FlowPlayer SWF file with Remote File Inclusion vulnerability.
- https://hackerone.com/reports/254285 | Gain access to random information via group chat "about" property
- https://hackerone.com/reports/254588 | Removed staff members who had "Manage shops" permission can still create development stores
- https://hackerone.com/reports/255021 | Profile shows incorrect account creation date
- https://hackerone.com/reports/255100 | No error or notification on Reset password page
- https://hackerone.com/reports/255474 | Profile fields validation bypass
- https://hackerone.com/reports/255651 | Unauthorized update of merchants' information via /php/merchant_details.php
- https://hackerone.com/reports/255668 | Weak Password
- https://hackerone.com/reports/255685 | [New Relic Infrastructure] Restricted User can still integrate with AWS via forced browsing (plus, a few other bugs)
- https://hackerone.com/reports/255978 | Non-Cloudflare IPs allowed to access origin servers
- https://hackerone.com/reports/255991 | URL Spoof / Brave Shield Bypass
- https://hackerone.com/reports/256647 | Simple CSS line-height identifies platform
- https://hackerone.com/reports/257305 | [www.boozt.com] - Authentication bypass
- https://hackerone.com/reports/257335 | ssh: unprivileged users may hijack due to backdated ssh version open port found(███.unikrn.com)
- https://hackerone.com/reports/257942 | languagechange event fires simultaneously on all tabs
- https://hackerone.com/reports/258084 | Access to all files of remote user through shared file
- https://hackerone.com/reports/258198 | The Custom Emoji Page has a Reflected XSS
- https://hackerone.com/reports/258201 | Overwrite Drafts of Everyone
- https://hackerone.com/reports/258237 | [et.mail.ru] ssrf 2
- https://hackerone.com/reports/258260 | Accessing Private Files Shared in message of other users
- https://hackerone.com/reports/258318 | filin.mail.ru user's e-mail address disclosure
- https://hackerone.com/reports/258460 | [Quora Android] Possible to steal arbitrary files from mobile device
- https://hackerone.com/reports/258578 | application/x-brave-tab should not be readable.
- https://hackerone.com/reports/258585 | OS username disclosure
- https://hackerone.com/reports/258710 | Download attribute allows downloading local files
- https://hackerone.com/reports/258876 | XSS when clicking "Share to Twitter" at quora.com/widgets/embed_iframe?path=...
-
https://hackerone.com/reports/259100 | XSS through
__e2e_action_id
delivered by JSONP - https://hackerone.com/reports/259390 | Use-after-free in XML::LibXML::Node::replaceChild
- https://hackerone.com/reports/259400 | Issues with Forgot password Error Handling
- https://hackerone.com/reports/259415 | Lengthy manual entry of 2FA secret
- https://hackerone.com/reports/259416 | Incorrect email content when disabling 2FA
- https://hackerone.com/reports/259742 | Incorrect error message
- https://hackerone.com/reports/260005 | RCE via ssh:// URIs in multiple VCS
- https://hackerone.com/reports/260278 | TabNabbing issue (due to taget=_blank)
- https://hackerone.com/reports/260420 | [dev-nightly.ubnt.com] Local File Reading
- https://hackerone.com/reports/260632 | Improper validation of parameters while creating issues
- https://hackerone.com/reports/260662 | No length limit in invite_code can cause server degradation
- https://hackerone.com/reports/260697 | CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception)
- https://hackerone.com/reports/260744 | [dev.twitter.com] XSS and Open Redirect
- https://hackerone.com/reports/260755 | https://secure.gravatar.com
- https://hackerone.com/reports/260938 | Homograph IDNs displayed in Description
- https://hackerone.com/reports/261221 | Participation of expired account holders in Projects can occure financial loss to Mavenlink
- https://hackerone.com/reports/261335 | Heap Use After Free Read in unserialize()
- https://hackerone.com/reports/261336 | Out of Bounds Memory Read in unserialize()
- https://hackerone.com/reports/261338 | Heap Use After Free in unserialize()
- https://hackerone.com/reports/261592 | Open Redirection Found in users.whisper.sh
- https://hackerone.com/reports/261734 | Индек�аци� почты/логинов пользователей
- https://hackerone.com/reports/262004 | HTML injection in email in unikrn.com
- https://hackerone.com/reports/262230 | Tinymce 2.4.0
- https://hackerone.com/reports/262649 | Information disclosure (system username) in the x-amz-meta-s3cmd-attrs response header on federation.data.gov
- https://hackerone.com/reports/262830 | Rate-limit protection get executed in the last stage of the registration process, allowing enumeration of existing account.
- https://hackerone.com/reports/263010 | Improper validation at Phone verification (possible cost increase + SMS SPAM attack)
- https://hackerone.com/reports/263109 | Buddypress 2.9.1 - Exceeding the maximum upload size - XSS leading to potential RCE.
- https://hackerone.com/reports/263226 | HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute
- https://hackerone.com/reports/263684 | [qiwi.com] XSS on payment form
- https://hackerone.com/reports/263760 | Opportunity to obtain private tweets through search widget preview caches
- https://hackerone.com/reports/263876 | Stored XSS Deleting Menu Links in the Shopify Admin
- https://hackerone.com/reports/264177 | XSS when replying / forwarding to a malicious email on iOS
- https://hackerone.com/reports/264494 | Subdomain Takeover at creatorforum.roblox.com
- https://hackerone.com/reports/264832 | xss filter bypass [polldaddy]
- https://hackerone.com/reports/265050 | Blind SSRF in emblem editor (2)
- https://hackerone.com/reports/265528 | Reflected XSS on the data.gov (WAF bypass+ Chrome XSS Auditor bypass+ works in all browsers)
- https://hackerone.com/reports/265740 | [Cross Domain Referrer Leakage] Password Reset Token Leaking to Third party Sites.
- https://hackerone.com/reports/265775 | Password reset token issue
- https://hackerone.com/reports/267177 | stored xss in invited team member via email parameter
- https://hackerone.com/reports/267570 | Stored XSS through Facebook Page Connection
- https://hackerone.com/reports/267636 | [NR Synthetics] (IDOR) Ability to see full name associated with other New Relic accounts through workaround of #255894
- https://hackerone.com/reports/267783 | Stored XSS and html injection in biz.mail.ru
- https://hackerone.com/reports/268228 | A manager of a determinate group of users still might have access to any user account from any group that he doesn't administrate anymore.
- https://hackerone.com/reports/268245 | XSS in biz.mail.ru/error
- https://hackerone.com/reports/268382 | Nginx misconfiguration leading to direct PHP source code download
- https://hackerone.com/reports/268541 | [Synthetics/Infrastructure/everything] Individual account permissions are not properly managed and inherited on sub accounts
- https://hackerone.com/reports/268803 | CVE-2017-12985: The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in ip6_print()
- https://hackerone.com/reports/268804 | CVE-2017-12986 The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
- https://hackerone.com/reports/268805 | CVE-2017-13008 The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
- https://hackerone.com/reports/268806 | CVE-2017-13009 The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print().
- https://hackerone.com/reports/268807 | CVE-2017-13010 The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
- https://hackerone.com/reports/268808 | CVE-2017-13038 The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
- https://hackerone.com/reports/268888 | Sensitive Information Disclosure https://cards-dev.twitter.com
- https://hackerone.com/reports/268984 | Homograph Attack Bypass [ Tested on Linux & Windows ]
- https://hackerone.com/reports/269230 | Emails of invited collaborators are disclosed in full in payload for report participants
- https://hackerone.com/reports/269279 | SQL injection in partner id field on https://www.teavana.com (Sign-up form)
- https://hackerone.com/reports/269349 | XSS on https://account.mail.ru/login via postMessage
- https://hackerone.com/reports/269458 | XSS в пи�ьме, в теле пи�ьма.
- https://hackerone.com/reports/269568 | Optionsbleed / CVE-2017-9798
- https://hackerone.com/reports/270060 | Reflected Swf XSS In ( plugins.svn.wordpress.org )
- https://hackerone.com/reports/270072 | Unpacker improperly validates symlinks, allowing gems writes to arbitrary locations
- https://hackerone.com/reports/270993 | resolved bugs in a program are public despite the program settings
- https://hackerone.com/reports/271007 | [app.simplenote.com] Stored XSS via Markdown SVG filter bypass
- https://hackerone.com/reports/271176 | Bypassing one-time checkout router page (revealing payment information)
- https://hackerone.com/reports/271324 | Homograph fix Bypass
- https://hackerone.com/reports/271330 | Format string implementation vulnerability, resulting in code execution
- https://hackerone.com/reports/271506 | Banned researcher gets email updates on a private program.
- https://hackerone.com/reports/271533 | Bruteforcing password reset tokens, could lead to account takeover
- https://hackerone.com/reports/271765 | Stored XSS in partners dashboard
- https://hackerone.com/reports/272095 | SSRF/XSPA in labs.data.gov/dashboard/validate
- https://hackerone.com/reports/272497 | Perl $ENV Key Stack Buffer Overflow
- https://hackerone.com/reports/272588 | CSRF in Raffles Ticket Purchasing
- https://hackerone.com/reports/272839 | Weak Session ID Implementation - No Session change on Password change
- https://hackerone.com/reports/273099 | User with removed manage shops permissions is still able to make changes to a shop
- https://hackerone.com/reports/273557 | ability to install paid themes for free
- https://hackerone.com/reports/273805 | Improper access control lead To delete anyone comment
- https://hackerone.com/reports/273946 | www.drivegrab.com SQL injection
- https://hackerone.com/reports/273998 | CSRF token does not valided during blog comment
- https://hackerone.com/reports/274541 | Invited user to a Author profile can remove the owner of that Author
- https://hackerone.com/reports/274844 | Stored XSS when you read eamils. <style>
- https://hackerone.com/reports/274868 | Xss on community.imgur.com
- https://hackerone.com/reports/274990 | Remote code execution on rubygems.org
- https://hackerone.com/reports/275186 | Get all instacart emails - missing rate limit on /accounts/register
- https://hackerone.com/reports/275269 | Gem signature forgery
- https://hackerone.com/reports/275386 | Stored XSS Using Media
- https://hackerone.com/reports/275515 | Stored XSS in dev-ucrm-billing-demo.ubnt.com In Client Custom Attribute
- https://hackerone.com/reports/275518 | Blind XSS in Mobpub Marketplace Admin Production | Sentry via demand.mopub.com (User-Agent)
- https://hackerone.com/reports/275714 | Subdomain takeover on developer.openapi.starbucks.com
- https://hackerone.com/reports/277163 | XSS в теле пи�ьма, в блочных �тил�х.
- https://hackerone.com/reports/277502 | [BuddyPress 2.9.1] Open Redirect via "wp_http_referer" parameter on "bp-profile-edit" endpoint
- https://hackerone.com/reports/277525 | Formula injection via CSV exports in WordCamp Talks plugin
- https://hackerone.com/reports/277534 | Timing Attack in Google Authenticator - Per User Prompt
- https://hackerone.com/reports/278095 | Invalid Host detection at https://hackerone.com/redirect
- https://hackerone.com/reports/278191 | Listing of Amazon S3 Bucket accessible to any amazon authenticated user (metrics.pscp.tv)
- https://hackerone.com/reports/279932 | Users Unable to login using Gmail/Facebook on https://boozt-stage1.booztx.com/login
- https://hackerone.com/reports/280748 | High server resource usage on captcha (viestinta.lahitapiola.fi)
- https://hackerone.com/reports/280912 | apache access.log leakage via long request on https://rapida.ru/
- https://hackerone.com/reports/282176 | Unauthenticated hidden groups disclosure via Ajax groups search
- https://hackerone.com/reports/282748 | Detecting Tor Browser UI Language
- https://hackerone.com/reports/283058 | [IRCCloud Android] Opening arbitrary URLs/XSS in SAMLAuthActivity
- https://hackerone.com/reports/283063 | [IRCCloud Android] XSS in ImageViewerActivity
- https://hackerone.com/reports/283460 | Open Redirect Protection Bypass
- https://hackerone.com/reports/283644 | Out-Of-Bounds Read in timelib_meridian()
- https://hackerone.com/reports/284346 | Download attachments with traversal path into any sdcard directory (incomplete fix 106097)
- https://hackerone.com/reports/285432 | IDOR - setAttribute action of user object in API
- https://hackerone.com/reports/286667 | Self-XSS in password reset functionality
- https://hackerone.com/reports/286740 | Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse
- https://hackerone.com/reports/287789 | IDOR to view User Order Information
- https://hackerone.com/reports/287837 | 217.147.95.145 NFS Exposed with Zeus Server configs
- https://hackerone.com/reports/288219 | Open Redirection while saving User account Settings
- https://hackerone.com/reports/288704 | Command injection on Phabricator instance with an evil hg branch name
- https://hackerone.com/reports/288955 | [IRCCloud Android] Theft of arbitrary files leading to token leakage
- https://hackerone.com/reports/288966 | POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204)
- https://hackerone.com/reports/288993 | SSL_peek() hang on empty record (CVE-2016-6305)
- https://hackerone.com/reports/289246 | Following links are vulnerable to clickjacking
- https://hackerone.com/reports/289568 | Program profile metrics endpoint contains mean time to triage, even when turned off
- https://hackerone.com/reports/289823 | Improper markup sanitization.
- https://hackerone.com/reports/291057 | MySQL username and password leaked in developer.valvesoftware.com via source code dislosure
- https://hackerone.com/reports/291522 | XSS on account.mail.ru/login
- https://hackerone.com/reports/291539 | [Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron
- https://hackerone.com/reports/291683 | Crafted frame injection leading to form-based UI redressing.
- https://hackerone.com/reports/291750 | Link filter protection bypass
- https://hackerone.com/reports/291764 | SQL Injection found in NextCloud Android App Content Provider
- https://hackerone.com/reports/292457 | Reflected XSS in www.dota2.com
- https://hackerone.com/reports/292463 | Exposed authentication (/cs/Satellite)
- https://hackerone.com/reports/292636 | session_id is not being validated at email invitation endpoint
- https://hackerone.com/reports/292797 | ActionController::Parameters .each returns an unsafe hash
- https://hackerone.com/reports/293016 | CSRF log victim into the attacker account
- https://hackerone.com/reports/293105 | XSS в личных �ообщени�х
- https://hackerone.com/reports/293299 | Validation message in Bounty award endpoint can be used to determine program balances
- https://hackerone.com/reports/293490 | [www.zomato.com] Leaking Email Addresses of merchants via reset password feature
- https://hackerone.com/reports/293689 | Query parameter reordering causes redirect page to render unsafe URL
- https://hackerone.com/reports/293743 | [public-api.wordpress.com] Stored XSS via Crafted Developer App Description
- https://hackerone.com/reports/293845 | [IDOR] Deleting other people's tasks
- https://hackerone.com/reports/293847 | SSRF in /appsuite/api/autoconfig
- https://hackerone.com/reports/294147 | Mercurial git subrepo lead to arbritary command injection
- https://hackerone.com/reports/294201 | subdomain takeover at news-static.semrush.com
- https://hackerone.com/reports/294232 | Adding external participants to unaccessible appointments
- https://hackerone.com/reports/294462 | NET::Ftp allows command injection in filenames
- https://hackerone.com/reports/294505 | Cross-site scripting in "Contact customer" form
- https://hackerone.com/reports/294867 | Improper Host Detection During Team Up on tweetdeck.twitter.com
- https://hackerone.com/reports/295276 | heap-use-after-free in OP_RESCUE
- https://hackerone.com/reports/295330 | code.wordpress.net subdomain Takeover
- https://hackerone.com/reports/295380 | heap-buffer-overflow in OP_R_BREAK
- https://hackerone.com/reports/295540 | [XSS] Portal Widget Mail
- https://hackerone.com/reports/295680 | Invalid read leading to a segfault
- https://hackerone.com/reports/295841 | Blind SQL injection in Hall of Fap
- https://hackerone.com/reports/296045 | SSRF in VCARD photo upload functionality
- https://hackerone.com/reports/296198 | SEGV on ary_concat
- https://hackerone.com/reports/297181 | Common response suggestion is sent to Google Analytics when user accepts duplicate comment Genius suggestion
- https://hackerone.com/reports/297203 | Reflected XSS using Header Injection
- https://hackerone.com/reports/297339 | PHPMYADMIN Setup is accessible without authentication on https://lml.lahitapiola.fi/
- https://hackerone.com/reports/297359 | No Rate Limit in email leads to huge Mass mailings
- https://hackerone.com/reports/297383 | mruby heredoc notation
- https://hackerone.com/reports/297478 | SQL injection in https://labs.data.gov/dashboard/datagov/csv_to_json via User-agent
- https://hackerone.com/reports/297547 | Improper markup sanitisation in Simplenote Android application.
- https://hackerone.com/reports/297751 | Registered users can change app password permissions for any user
- https://hackerone.com/reports/297803 | [crm.unikrn.com] Open Redirect
- https://hackerone.com/reports/297968 | Persistent DOM-based XSS in https://help.twitter.com via localStorage
- https://hackerone.com/reports/298176 | SQL injection in MilestoneFinder order method
- https://hackerone.com/reports/298246 | controlled buffer under-read in pack_unpack_internal()
- https://hackerone.com/reports/298265 | HTTP Parameter Pollution using semicolons in iframe element at hackerone.com/careers allows loading external Greenhouse forms
- https://hackerone.com/reports/298873 | Command injection by overwriting authorized_keys file through GitLab import
- https://hackerone.com/reports/299009 | Single Sing On - Clickjacking
- https://hackerone.com/reports/299130 | SSRF - RSS feed, blacklist bypass (IP Formatting)
- https://hackerone.com/reports/299135 | SSRF - RSS feed, blacklist bypass (301 re-direct)
- https://hackerone.com/reports/299403 | Domain spoofing in redirect page using RTLO
- https://hackerone.com/reports/299424 | Bypass Filter and get Stored Xss
- https://hackerone.com/reports/299466 | [XSS] Mail <style> v2.0
- https://hackerone.com/reports/299473 | Evaluating Ruby code by injecting Rescue job on the system_hook_push queue through web hook
- https://hackerone.com/reports/299552 | Information disclosure on https://paycard.rapida.ru
- https://hackerone.com/reports/299728 | Markdown parsing issue enables insertion of malicious tags and event handlers
- https://hackerone.com/reports/299835 | Link poisoning on https://secure.login.gov/ login page
- https://hackerone.com/reports/300099 | [www.zomato.com] Privilege Escalation - Control reviews - /████dashboard_handler.php
- https://hackerone.com/reports/300179 | User uploaded portfolio files can be accessed by any user even after deleted
- https://hackerone.com/reports/300181 | Torrent Viewer extension web service available on all interfaces
- https://hackerone.com/reports/300270 | Stored XSS in learnboost.com via the lesson[goals] parameter.
- https://hackerone.com/reports/300305 | Ability to bypass partner email confirmation to take over any store given an employee email
- https://hackerone.com/reports/300391 | The parameter in the POST query allows to control size of returned page which in turn can lead to the potential DOS attack
- https://hackerone.com/reports/300454 | [www.zomato.com] Privilege Escalation - /php/restaurant_menus_handler.php
- https://hackerone.com/reports/300812 | Stored XSS in www.learnboost.com via ZIP codes.
- https://hackerone.com/reports/300879 | User to Admin privilege escalation in Infrastructure Conditions - /v2/accounts/1835740/alerts/conditions
- https://hackerone.com/reports/300881 | Account members can re-add themselve after has been deleted by administrator
- https://hackerone.com/reports/301137 | GitHub import allows user to create child group under existing namespace
- https://hackerone.com/reports/301432 | GitLab CI runner can read and poison cache of all other projects
- https://hackerone.com/reports/301458 | Remote Code Execution in Wordpress Desktop
- https://hackerone.com/reports/301526 | Invitation token leaks to https://bat.bing.com
- https://hackerone.com/reports/301680 | Reflected XSS Vulnerability in https://www.lahitapiola.fi/cs/Satellite
- https://hackerone.com/reports/301718 | https://fundl.qiwi.com CSRF на подтверждении sms
- https://hackerone.com/reports/301862 | Path traversal leading to limited CSRF on GET requests on two endpoints
- https://hackerone.com/reports/301919 | CSRF Add user templates
- https://hackerone.com/reports/302253 | �чень же�тка� XSS в личных �ообщени�х m.ok.ru
- https://hackerone.com/reports/302298 | Unintentional file creation caused at Tempfile with directory traversal
-
https://hackerone.com/reports/302338 | The possibility that unintended file operation may be performed because some methods of
Dir
do not check NULL characters. - https://hackerone.com/reports/302485 | IDOR allow to extract all registered email
- https://hackerone.com/reports/302651 | Leak of Platform Authentication credentials via Repeater
- https://hackerone.com/reports/302885 | ImageMagick GIF coder vulnerability leading to memory disclosure
- https://hackerone.com/reports/302997 | Unix domain socket and a path containing a null character
- https://hackerone.com/reports/303061 | RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi)
- https://hackerone.com/reports/303378 | SSRF - Blacklist bypass for mail account addition
- https://hackerone.com/reports/303522 | Zomato.com Reflected Cross Site Scripting
- https://hackerone.com/reports/303632 | Fastify denial-of-service vulnerability with large JSON payloads
- https://hackerone.com/reports/303730 | Defacement of catalog.data.gov via web cache poisoning to stored DOMXSS
- https://hackerone.com/reports/303744 | Arbitrary local system file read on open-xchange server
- https://hackerone.com/reports/304098 | [XSS/CSRF] filter content-type bypass in Files
- https://hackerone.com/reports/304240 | Unrestricted access to Eureka server on ██████
- https://hackerone.com/reports/304386 | Unrestricted access to https://██████.█████myteksi.net/
- https://hackerone.com/reports/304679 | XSS ( Работа � пи�ьмами )
- https://hackerone.com/reports/304708 | Information exposure via error pages (www.lahitapiola.fi Tomcat)
- https://hackerone.com/reports/305082 | Query string parameter modifications returned in page
- https://hackerone.com/reports/305128 | ClickJacking on IMPORTANT Functions of Yelp
- https://hackerone.com/reports/305237 | Malicious file upload (secure.lahitapiola.fi)
- https://hackerone.com/reports/305972 | Potential infinite loop in gdImageCreateFromGifCtx!
- https://hackerone.com/reports/305973 | Inappropriately parsing HTTP response leads to PHP segment fault!
- https://hackerone.com/reports/305974 | Inappropriate URL parsing may cause security risk!
- https://hackerone.com/reports/305978 | Urllib connects to a wrong host
- https://hackerone.com/reports/306414 | Window.opener protection Bypass
- https://hackerone.com/reports/307670 | Difference in query string parameter processing between Hacker News and Keybase Chrome extension spawns chat to incorrect user
- https://hackerone.com/reports/307672 | Keybase extension hostname-validation regular expression issue.
- https://hackerone.com/reports/307675 | Claiming ownership of GitHub handles via forked GitHub gists.
- https://hackerone.com/reports/308489 | wpjobmanager - unserialize of user input
- https://hackerone.com/reports/308610 | Read Access to all comments on unauthorized forums' discussions! IDOR!
- https://hackerone.com/reports/309058 | Open Redirect on the nl.wordpress.net
- https://hackerone.com/reports/310105 | Disclosure of 152 cookie names via crafted input
- https://hackerone.com/reports/310185 | Removing a user from a private group doesn't remove him from group's project, if his project's role was changed
- https://hackerone.com/reports/310280 | [Informational] Possible SQL Injection in inc/ajax-actions-frontend.php
- https://hackerone.com/reports/310946 | The request tells the number of private programs, the new system of authorization /invite/token
- https://hackerone.com/reports/311326 | ms5 debug page exposing internal info (internal IPs, headers)
- https://hackerone.com/reports/311330 | Open Redirect
- https://hackerone.com/reports/311639 | Reflected XSS on https://www.zomato.com
- https://hackerone.com/reports/311776 | Securemail server used to internal spam and resource exhaustion
- https://hackerone.com/reports/312118 | Using GitLab to monitor and hijack domains in mass quantity.
- https://hackerone.com/reports/312543 | XXE in Site Audit function exposing file and directory contents
- https://hackerone.com/reports/312548 | XSS via Cookie in e.mail.ru
- https://hackerone.com/reports/312647 | Gaining access to private topics using quoting feature
- https://hackerone.com/reports/313050 | IDOR in treat subscriptions
- https://hackerone.com/reports/313250 | Xss was found by exploiting the URL markdown on http://store.steampowered.com
- https://hackerone.com/reports/314126 | Blind XSS - Report review - Admin panel
- https://hackerone.com/reports/314204 | [XSS] Style/Event Filter Bypass v3.0
- https://hackerone.com/reports/314518 | Reflected XSS+CSRF on secure.lahitapiola.fi
- https://hackerone.com/reports/314808 | Full account takeover
- https://hackerone.com/reports/314814 | [oauth token leak] at oauth.semrush.com
- https://hackerone.com/reports/315205 | Debug information disclosure on oauth-redirector.services.greenhouse.io
- https://hackerone.com/reports/315837 | blind XXE in autodiscover parser
- https://hackerone.com/reports/316319 | XSS on redirection page( Bypassed)
- https://hackerone.com/reports/316713 | Ad Builder Display Ads Path Traversal
- https://hackerone.com/reports/316810 | Can read features from any user
- https://hackerone.com/reports/317005 | Subdomain Takeover due to unclaimed domain pointing to AWS
- https://hackerone.com/reports/317243 | Window.opener fix bypass
- https://hackerone.com/reports/317321 | Delete directory using symlink when decompressing tar
- https://hackerone.com/reports/317476 | Account Takeover in Periscope TV
- https://hackerone.com/reports/317711 | twofactor_auth bypassable if provider fails to load
- https://hackerone.com/reports/317931 | Bypassing Homograph Attack Using /@ [ Tested On Windows ]
- https://hackerone.com/reports/318068 | SSH server compatible with several vulnerable cryptographic algorithms
- https://hackerone.com/reports/318099 | Registration enabled on ███grab.com
- https://hackerone.com/reports/318399 | Program profile_metrics.json contains time to triage for deptofdefense even it's turned off
- https://hackerone.com/reports/318571 | Imformation Disclosure on id.rapida.ru
- https://hackerone.com/reports/318603 | Sitemap causing strain on your Lahitapiola.fi server
- https://hackerone.com/reports/318751 | Access to Private Photos of Apps in App section(IDOR)
- https://hackerone.com/reports/320200 | [NR Alerts/Synthetics?] User with no Synthetics permissions can view synthetic monitor details through /internal_api/ endpoint
- https://hackerone.com/reports/320222 | memory corruption while parsing HTTP response
- https://hackerone.com/reports/320355 | myshopify.com domain takeover
- https://hackerone.com/reports/320376 | Open Redirection in index.php page
- https://hackerone.com/reports/320679 | [growth.grab.com] Reflected XSS via Base64-encoded "q" param on "my.html" Valentine's microsite
- https://hackerone.com/reports/320689 | [NR Synthetics] Restricted user can view synthetics monitors and user permissions through .json endpoint at /permissions/securablemetadata/{GROUP ID}
- https://hackerone.com/reports/321029 | HTML Injection inside Slack promotional emails
- https://hackerone.com/reports/321249 | Forum Users Information Disclosure
- https://hackerone.com/reports/321410 | A user can create an event in a group without being in it http://littleguy.vanillastaging.com/
- https://hackerone.com/reports/321420 | xss reflected in littleguy.vanillastaging.com
- https://hackerone.com/reports/321444 | Fix bypass of different processing of usernames on Hackernews
- https://hackerone.com/reports/321725 | A user can comment in private discussions without having permission to access the discussion
- https://hackerone.com/reports/321938 | [www.zomato.com] Getting a complimentary dessert [Zomato Treats] on ordering a Meal at no cost
- https://hackerone.com/reports/321980 | [XSS/CSRF] filter content-type bypass in Files v2.0
- https://hackerone.com/reports/322661 | Replace other user files in Inbox messages
- https://hackerone.com/reports/322935 | Exim off-by-one RCE vulnerability
- https://hackerone.com/reports/323005 | CSRF leads to a stored self xss
- https://hackerone.com/reports/323975 | CSRF in Inviting users
- https://hackerone.com/reports/324005 | Server-Side Request Forgery on SAML Application - Import via URL
- https://hackerone.com/reports/324006 | SaaS admin can modify/delete/get user information.
- https://hackerone.com/reports/324136 | XSS *.myshopify.com/collections/vendors?q=
- https://hackerone.com/reports/324423 | Reflected XSS (myynti.lahitapiolarahoitus.fi)
- https://hackerone.com/reports/324442 | Reflected XSS on bbe_open_htmleditor_popup.php of BBE Theme via "value"-GET-parameter
- https://hackerone.com/reports/325040 | xmlrpc.php FILE IS enable it will used for bruteforce attack and denial of service
- https://hackerone.com/reports/325336 | Subdomain takeover on svcgatewayus.starbucks.com
- https://hackerone.com/reports/325510 | Stored-XSS with user interaction on [sandbox.open-xchange.com] via inserted link in mail
- https://hackerone.com/reports/326434 | Able to Select Every Poll Option[http://tedwebers-famous-loudspeakers.vanillacommunities.com]
- https://hackerone.com/reports/326639 | DoS through cache poisoning using invalid HTTP parameters
- https://hackerone.com/reports/327088 | Extra program metrics disclosed via /PROGRAM_NAME json response
- https://hackerone.com/reports/327200 | disclosure of email by sending a message.
-
https://hackerone.com/reports/327512 | Potential command injection in
Shell#[]
andShell#test
- https://hackerone.com/reports/327671 | Error Page Content Spoofing or Text Injection
- https://hackerone.com/reports/327674 | Invitation reminder emails contain insecure links
- https://hackerone.com/reports/328337 | IDOR widget.support.my.com
- https://hackerone.com/reports/328486 | [Zomato Android/iOS] Theft of user session
- https://hackerone.com/reports/329209 | Making further registrations difficult on Vanilla forum
- https://hackerone.com/reports/329791 | Internal IP Address Disclosure at https://www.lahitapiolarahoitus.fi/wp-json/wp/v2/pages
- https://hackerone.com/reports/329798 | h1-202 leaderboard photo discloses local wifi password
- https://hackerone.com/reports/329862 | Stored xss in shop name @ lp.reverb.com
- https://hackerone.com/reports/329957 | Tracking of users on third-party websites using the Twitter cookie, due to a flaw in authenticating image requests
- https://hackerone.com/reports/330008 | [dev.twitter.com] XSS and Open Redirect Protection Bypass
- https://hackerone.com/reports/330135 | S3 bucket unnecessarily discloses permissions
- https://hackerone.com/reports/330716 | F5 BIG-IP Cookie Remote Information Disclosure
- https://hackerone.com/reports/331223 | Order notifications being sent for a deactivated staff account
- https://hackerone.com/reports/331302 | Improper protection of FileContentProvider
- https://hackerone.com/reports/331489 | Extremly simple way to bypass Nextcloud-Client PIN/Fingerprint lock
- https://hackerone.com/reports/331691 | Email Forwarding invitations for Drafts are not marked as accepted, allowing multiple users to join a program after disabling Email Forwarding
- https://hackerone.com/reports/331975 | [XSS] Pasting bootstrap in mail compose
- https://hackerone.com/reports/332381 | Internal API endpoint discloses full account name of email address associated with unconfirmed user
- https://hackerone.com/reports/332632 | (Possible) staff account takeover via reset token bruteforce at helpdesk.bistudio.com
- https://hackerone.com/reports/333008 | Persistent XSS in https://sandbox.reverb.com/item/
- https://hackerone.com/reports/333419 | TURN server allows TCP and UDP proxying to internal network, localhost and meta-data services
- https://hackerone.com/reports/333507 | Stored XSS in "post last edited" option
- https://hackerone.com/reports/333767 | IDOR to view other user folder name
- https://hackerone.com/reports/334139 | CSRF Trial 14 days express subscription
- https://hackerone.com/reports/334143 | [NR Synthetics] Restricted User can add/modify alert conditions on monitors without any synthetics privileges
- https://hackerone.com/reports/334205 | Harvesting all private invites using leave program fast-tracked invitation and security@ email forwarding feature
- https://hackerone.com/reports/334253 | CSRF at [Apply to this program] that lead to submit your request automatic with out any validations
- https://hackerone.com/reports/334488 | Blind XXE via Powerpoint files
- https://hackerone.com/reports/334709 | Cache poisoning using NULL bytes and long URLs
- https://hackerone.com/reports/335123 | Invalid Phabricator API token revealed through error message when escalating a report
- https://hackerone.com/reports/335177 | DoS of www.lahitapiolarahoitus.fi via CVE-2018-6389 exploitation
- https://hackerone.com/reports/335330 | Subdomain Takeover to Authentication bypass
- https://hackerone.com/reports/335341 | Disclosure of Users Information via Wordpress API (?rest_route)
- https://hackerone.com/reports/335427 | WordPress username enumeration (/author)
- https://hackerone.com/reports/335481 | [Zomato's Blog] POST based XSS on https://www.zomato.com/blog/wp-admin/admin-ajax.php?td_theme_name=Newspaper&v=8.2
- https://hackerone.com/reports/335607 | [XSS] select/onchange in TinyMCE via set body
- https://hackerone.com/reports/335735 | Reflected XSS of bbe-child-starter Theme via "value"-GET-parameter
- https://hackerone.com/reports/335779 | User Information Disclosure via Json response
- https://hackerone.com/reports/335990 | Flash-based XSS on mediaelement-flash-audio-ogg.swf of www.lahitapiolarahoitus.fi
- https://hackerone.com/reports/336131 | Potential to abuse pricing errors in saved carts
- https://hackerone.com/reports/337488 | [XSS] Forgot password link
- https://hackerone.com/reports/337680 | burp does not validate the common name of the presented collaborator server certificate
- https://hackerone.com/reports/337986 | CVE-2018-6797: A crafted regular expression can cause a heap buffer write overflow in Perl 5 giving a remote attacker control over bytes written
- https://hackerone.com/reports/339137 | XSS при добавлении в чат пользовател�
- https://hackerone.com/reports/339237 | [web.icq.com] Stored XSS in link when sending message
- https://hackerone.com/reports/339352 | CSRF logs the victim into attacker's account
- https://hackerone.com/reports/339483 | "Bad Protocols Validation" Bypass in "wp_kses_bad_protocol_once" using HTML-encoding without trailing semicolons
- https://hackerone.com/reports/340926 | [XSS] Parameter Theme
- https://hackerone.com/reports/341876 | SSRF in Exchange leads to ROOT access in all instances
- https://hackerone.com/reports/341884 | api.icq.com / возможно�ть при�оединить�� к л�бому чату (даже закрытому).
- https://hackerone.com/reports/341908 | XSS via Direct Message deeplinks
- https://hackerone.com/reports/341925 | invalid handling of redirect_uri at o2.mail.ru/jsapi/button
- https://hackerone.com/reports/342610 | [XSS] Style/Event Filter Bypass v4.0
- https://hackerone.com/reports/342693 | Password reset token leakage via referer
- https://hackerone.com/reports/342976 | Referer in /servlet/TestServlet
- https://hackerone.com/reports/342978 | Team object in GraphQL disclosed total number of whitelisted hackers
- https://hackerone.com/reports/343464 | Team object in GraphQL discloses team group names and permissions
- https://hackerone.com/reports/343752 | lootdog.io XSS
- https://hackerone.com/reports/344035 | Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
- https://hackerone.com/reports/344049 | XSS touch.mail.ru compose Body
- https://hackerone.com/reports/344112 | XSS account.mail.ru in state JSON script
- https://hackerone.com/reports/344145 | [www.zomato.com] IDOR - Gold Subscription Details, Able to view "Membership ID" and "Validity Details" of other Users
- https://hackerone.com/reports/344228 | Stored xss в пере�ланном �ообщении.
- https://hackerone.com/reports/344309 | Adding a new user discloses their full name in the "Users" section of NR Alerts notification channels page
- https://hackerone.com/reports/344468 | User is able to access and create private synthetics locations without upgrading (regression of #276157)
- https://hackerone.com/reports/345152 | Publicly Accessible Datadog link
- https://hackerone.com/reports/346219 | XSS e.mail.ru fixSpecialSymbols
- https://hackerone.com/reports/347282 | Linux kernel: CVE-2017-6074: DCCP double-free vulnerability
- https://hackerone.com/reports/347296 | Docker Registry HTTP API v2 exposed in HTTP without authentication leads to docker images dumping and poisoning
- https://hackerone.com/reports/347439 | [synthetics.newrelic.com] SMTP header injection leads to (mass) arbitrary email sending
- https://hackerone.com/reports/347665 | Permissions leaks the full name of other NR accounts - Regression of #267636
- https://hackerone.com/reports/347693 | Program metrics disclosed response_efficiency_percentage via /program_name json response despite the team decided not to show on their profile
- https://hackerone.com/reports/347748 | Improper session handling on web browsers
-
https://hackerone.com/reports/348076 | Stored XSS in Brower
name
field reflected in two pages - https://hackerone.com/reports/348443 | Snippet JS template allows attacker to read a user's private snippets
- https://hackerone.com/reports/349291 | IDOR via internal_api "users" endpoint
- https://hackerone.com/reports/350847 | Bypass of request line length limit to DoS via cache poisoning
- https://hackerone.com/reports/351014 | Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution
- https://hackerone.com/reports/351016 | Malformed Skybox .TGA in Half-Life (GoldSRC) leads to Access Violation
- https://hackerone.com/reports/351106 | resetreportedcount & updatetags doesn't verify appid param
- https://hackerone.com/reports/351171 | Stored XXS @ https://steamcommunity.com/search/users/#text= via Profile Name
- https://hackerone.com/reports/351275 | DOM Based XSS charting_library
- https://hackerone.com/reports/351361 | Administrator can create user without entering high security mode
- https://hackerone.com/reports/351376 | XSS in main search, use class tag to imitate Reverb.com core functionality, create false login window
- https://hackerone.com/reports/351519 | Improper access check by Kit leads to controlling attributes of store & getting analytics by deleted Store member via dual messenger A/C
- https://hackerone.com/reports/351555 | Disclosure of all uploads to Cloudinary via hardcoded api secret in Android app
- https://hackerone.com/reports/352869 | Subdomain Takeover Via Insecure CloudFront Distribution cdn.grab.com
- https://hackerone.com/reports/353293 | XSS in buying and selling pages, can created spoofed content (false login message)
- https://hackerone.com/reports/353310 | People who interviewed for HackerOne security analyst position can be enumerated and their personal email address may be exposed
- https://hackerone.com/reports/353784 | Vanilla SQL Injection Vulnerability
- https://hackerone.com/reports/354650 | [CVE-2018-6913] heap-buffer-overflow in S_pack_rec
- https://hackerone.com/reports/355773 | XSS on support.wordcamp.org in ajax-quote.php
- https://hackerone.com/reports/355859 | CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse.
- https://hackerone.com/reports/356047 | Wordpress Users Disclosure (/wp-json/wp/v2/users/)
- https://hackerone.com/reports/356566 | HackerOne support disclosing report state without checking user identity
- https://hackerone.com/reports/356586 | [XSS] content_disposition=inline in files
- https://hackerone.com/reports/357485 | Hacktivity of a private program visible to banned user if he gets invited to a program by hackbot
- https://hackerone.com/reports/357665 | DoS in Brave browser for iOS
- https://hackerone.com/reports/357929 | Items bought for free due to lacks of quantity controls
- https://hackerone.com/reports/358007 | Compromising the user ID
- https://hackerone.com/reports/358049 | RCE via Print function [Simplenote 1.1.3 - Desktop app]
- https://hackerone.com/reports/358339 | File access control rules not enforced on image files
- https://hackerone.com/reports/358570 | A SQL injection vulnerability in Vanilla
- https://hackerone.com/reports/360171 | Multiple Bugs in api.data.gov/signup endpoint leads to send custom messages to Anyone
- https://hackerone.com/reports/360191 | [account.mail.ru] XSS на �транице удалени� аккаунта через backUrl
- https://hackerone.com/reports/360787 | [account.mail.ru] XSS на �транице во��тановлени� парол�
- https://hackerone.com/reports/360811 | Information Leak - Github - JMS Information
- https://hackerone.com/reports/361287 | DOMXSS in redirect param
- https://hackerone.com/reports/361793 | [SSRF] PDF documentconverterws
- https://hackerone.com/reports/361938 | [XSS] RSS Feed Widget
- https://hackerone.com/reports/361951 | Exploiting JSONP callback on /username/charts.json endpoint leads to information disclosure despite user's privacy settings
- https://hackerone.com/reports/361957 | Unsanitized input in email field
- https://hackerone.com/reports/361960 | Insufficient validation of sides/modifiers quantity
- https://hackerone.com/reports/362129 | XSS https://health.mail.ru/my/ через внешнее им� аккаунта
- https://hackerone.com/reports/363636 | DoS through PeerExplorer
- https://hackerone.com/reports/363971 | Insecure Infrastructure Integrations YML Loading leads to Windows Privilege Escalation
- https://hackerone.com/reports/364843 | OLO Total price manipulation using negative quantities
- https://hackerone.com/reports/364964 | Client DoS due to large DH parameter (CVE-2018-0732)
- https://hackerone.com/reports/365093 | XSS https://agent.postamat.tech/ в профиле + ди�клоз �екретной информации
- https://hackerone.com/reports/365271 | Remote code execution on Basecamp.com
- https://hackerone.com/reports/365504 | Comment restriction in subsection "Workshop" of domain "steamcommunity.com" can be bypassed using IDOR
- https://hackerone.com/reports/365853 | Subdomain Takeover - https://competition.shopify.com/
- https://hackerone.com/reports/367581 | Basic auth details is still work on report ( 351555 )
- https://hackerone.com/reports/367966 | FileUpload Plugin: CSRF (delete all attached files)
- https://hackerone.com/reports/368119 | [engineering.udemy.com] - Subdomain Takeover (ghost.io)
- https://hackerone.com/reports/369086 | URL spoofing in Brave for macOS
- https://hackerone.com/reports/369185 | Unsafe handling of protocol handlers
- https://hackerone.com/reports/369218 | Navigation to restricted origins via "Open in new tab"
- https://hackerone.com/reports/369451 | SSRF in CI after first run
- https://hackerone.com/reports/370094 | Вывод значений переменных Nginx в теле �траницы
- https://hackerone.com/reports/370777 | [affiliates.udemy.com] Wordpress user admin information discloure
- https://hackerone.com/reports/371135 | CVE-2018-12882: heap-use-after-free in PHP 7.2 through 7.2.6, possible 7.2.7
- https://hackerone.com/reports/373721 | URL spoofing using protocol handlers
- https://hackerone.com/reports/374106 | Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass
- https://hackerone.com/reports/374737 | Blind SSRF on errors.hackerone.net due to Sentry misconfiguration
- https://hackerone.com/reports/374907 | Root user disclosure in data.gov domain though x-amz-meta-s3cmd-attrs header
- https://hackerone.com/reports/374919 | Content spoofing and potential Cross-Site Scripting vulnerability on www.hackerone.com
- https://hackerone.com/reports/374969 | Navigation to protocol handler URL from the opened page displayed as a request from this page.
- https://hackerone.com/reports/375259 | Cross-origin page stays focused before/after downloading + uninformative modal window for download
-
https://hackerone.com/reports/375329 | Local files reading using
link[rel="import"]
- https://hackerone.com/reports/375352 | Post Based XSS On Upload Via CK Editor [semrush.com]
- https://hackerone.com/reports/378122 | HackerOne customer submitted sensitive link to VirusTotal, exposing confidential information
-
https://hackerone.com/reports/378805 | Navigation to
chrome-extension://
origin (internal pages) from the web - https://hackerone.com/reports/380045 | Stored XSS in the guide's GameplayVersion (www.dota2.com)
- https://hackerone.com/reports/380102 | Missing memory corruption protection on Windows release built
- https://hackerone.com/reports/380158 | svcardproxydevus.starbucks.com Subdomain take over
- https://hackerone.com/reports/380317 | Team object exposes amount of participants in a private program to non-invited users
- https://hackerone.com/reports/380354 | Reflected XSS through multiple inputs in the issue collector on Jira
- https://hackerone.com/reports/380413 | Restricted user can bypass permissions restriction to create NR Alert policies
- https://hackerone.com/reports/380873 | Prototype pollution attack (lodash / constructor.prototype)
- https://hackerone.com/reports/381129 | SSRF in api.slack.com, using slash commands and bypassing the protections.
- https://hackerone.com/reports/381192 | Preview bar: Incomplete message origin validation results in XSS
- https://hackerone.com/reports/381237 | CSRF | Ban or unban users in broadcast's chat
- https://hackerone.com/reports/381356 | Client-Side Race Condition using Marketo, allows sending user to data-protocol in Safari when form without onSuccess is submitted on www.hackerone.com
- https://hackerone.com/reports/382625 | Stored XSS in '' Section and WAF Bypass
- https://hackerone.com/reports/383564 | Subdomain takeover on svcgatewaydevus.starbucks.com and svcgatewayloadus.starbucks.com
- https://hackerone.com/reports/384101 | Go.imgur.com can be used to phish for account information
- https://hackerone.com/reports/384112 | xss - reflected
- https://hackerone.com/reports/384214 | heap-buffer-overflow (READ of size 48) in exif_read_data()
- https://hackerone.com/reports/384477 | Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c
- https://hackerone.com/reports/384569 | Bypassing the Trusted Link Alert System
- https://hackerone.com/reports/384719 | linkinfo - openbasedir bypass on Windows PHP
- https://hackerone.com/reports/384782 | User Information Disclosure via the REST API - /?_method=GET
- https://hackerone.com/reports/384839 | DoS for HTTP/2 connections by crafted requests (CVE-2018-1333)
- https://hackerone.com/reports/384905 | F5 BigIP Backend Cookie Disclosure
- https://hackerone.com/reports/384962 | jsConnect Plugin: Takeover of existing account
- https://hackerone.com/reports/385145 | Homograph attack on redirect URL (https://chaturbate.com/external_link/?url)
- https://hackerone.com/reports/385239 | Add non-existent room moderator
- https://hackerone.com/reports/385372 | Homograph attack on redirect URL
- https://hackerone.com/reports/385381 | Rate limit missing at room login
- https://hackerone.com/reports/385407 | store xss in calendar via upload filename
- https://hackerone.com/reports/386112 | [allhiphop.vanillacommunities.com] XSS Request-URI
- https://hackerone.com/reports/386116 | CSV Injection with the CSV export feature
- https://hackerone.com/reports/386292 | Bypass of the SSRF protection in Event Subscriptions parameter.
- https://hackerone.com/reports/386334 | CSS Injection on /embed/ via bgcolor parameter leaks user's CSRF token and allows for XSS
- https://hackerone.com/reports/386340 | Reflected XSS on ssl-ccstatic.highwebmedia.com via player.swf
- https://hackerone.com/reports/386556 | [NR Alerts] Internal API exposes Synthetics monitor details to a restricted user without view monitor permissions
- https://hackerone.com/reports/386596 | Email Not Completely Deleted after Deleting an account
- https://hackerone.com/reports/386735 | Login form on non-HTTPS page on http://stream.highwebmedia.com/auth/login/
- https://hackerone.com/reports/386997 | Private program policy page still accessible after user left the program
- https://hackerone.com/reports/387007 | [idp.fr.cloud.gov] Open Redirect
- https://hackerone.com/reports/387250 | OpenSSL::X509::Name Equality Check Does Not Work, Patch included
- https://hackerone.com/reports/387279 | App messaging can be hijacked by third-party websites
- https://hackerone.com/reports/387544 | Admin bar: Incomplete message origin validation results in XSS
- https://hackerone.com/reports/388506 | Stored XSS in Email attachment file name
- https://hackerone.com/reports/388622 | Subdomain takeover on wfmnarptpc.starbucks.com
- https://hackerone.com/reports/388743 | [NR Insights] Data app permissions setting does not fully prevent other users from modifying/changing changing data related to your data app
-
https://hackerone.com/reports/389076 |
open-url
command allows opening unlimited number of tabs pointing to arbitrary URLs -
https://hackerone.com/reports/389108 | Handling of
tracking
command allows making arbitrary blind requests with user's cookies from Grammarly Extension's origin - https://hackerone.com/reports/389454 | Backup Source Code Detected
- https://hackerone.com/reports/389592 | [theacademy.upserve.com] Reflected XSS Query-String
- https://hackerone.com/reports/389600 | TeamProfile exposes partially sensitive information through GraphQL
-
https://hackerone.com/reports/390013 | Local files reading from the web using
brave://
-
https://hackerone.com/reports/390362 | Local files reading from the "file://" origin through
brave://
- https://hackerone.com/reports/390429 | Reflected XSS on help.steampowered.com
- https://hackerone.com/reports/391385 | Unauthorized Use of Victim Credit Card
- https://hackerone.com/reports/391390 | Stored XSS on activity
- https://hackerone.com/reports/392728 | Possibility to freeze/crash the host system of all Slack Desktop users easily
- https://hackerone.com/reports/394016 | Web Cache Deception Attack (XSS)
- https://hackerone.com/reports/394253 | Validation bypass for queries generated for PostgreSQL
-
https://hackerone.com/reports/395729 |
socket
command allows sending data over WebSockets to arbitrary origins from Grammarly Extension -
https://hackerone.com/reports/395737 |
chrome://brave
available for navigation in Release build [-> RCE] + navigation tochrome://*
using tab_helper ["Open in new tab"] - https://hackerone.com/reports/396370 | XSS: Group search terms
- https://hackerone.com/reports/396467 | Github Token Leaked publicly for https://github.sc-corp.net
- https://hackerone.com/reports/396493 | Reflected DOM XSS on www.starbucks.co.uk
- https://hackerone.com/reports/396954 | Attacker can add arbitrary data to the blockchain without paying gas
- https://hackerone.com/reports/397031 | Disclosure of top 10 vulnerability types for programs that haven't enabled the Insights feature
- https://hackerone.com/reports/397088 | Stored XSS on buy button
- https://hackerone.com/reports/397130 | Unauthenticated access to Zendesk tickets through athena-flex-production.shopifycloud.com Okta bypass
- https://hackerone.com/reports/397478 | Privilege Escalation via Keybase Helper
- https://hackerone.com/reports/397483 | [NR Infrastructure] Restricted user can update integration provider account name via integrations API
- https://hackerone.com/reports/397508 | Web cache deception attack - expose token information
- https://hackerone.com/reports/397527 | Leaking sensitive information on Github lead full access to all Grab Slack channels
- https://hackerone.com/reports/397545 | Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection
- https://hackerone.com/reports/398054 | DOM Based XSS in www.hackerone.com via PostMessage
- https://hackerone.com/reports/398316 | CSRF combined with IDOR within Document Converter exposes files
- https://hackerone.com/reports/398797 | DVR default username and password
- https://hackerone.com/reports/398799 | Unauthenticated blind SSRF in OAuth Jira authorization controller
- https://hackerone.com/reports/399174 | Access MoPub Reports Data even after Company removed you from their MoPub Account.
- https://hackerone.com/reports/399382 | XSS in e.mail.ru
- https://hackerone.com/reports/400982 | Open redirect in securegatewayaccess.com / secure.chaturbate.com via prejoin_data parameter
- https://hackerone.com/reports/401483 | [chaturbate.com] - CSRF Vulnerability on image upload
- https://hackerone.com/reports/402362 | RCE due to ImageTragick v2
- https://hackerone.com/reports/402410 | Ра�шифровка в�ех типов шифрованных ID
- https://hackerone.com/reports/402473 | Arbitrary File Download as Shopmanager
- https://hackerone.com/reports/402753 | Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors
- https://hackerone.com/reports/403039 | WooCommerce Blacklist in 'map_meta_cap' leads to Privilege Escalation of Shopmanagers
- https://hackerone.com/reports/403083 | Authenticated Code Execution through Phar deserialization in CSV Importer as Shop manager in WooCommerce
- https://hackerone.com/reports/403402 | Public Jenkins instance with /script enabled
- https://hackerone.com/reports/403417 | Remote Code Execution on www.semrush.com/my_reports on Logo upload
- https://hackerone.com/reports/403602 | Attachments may be hijacked via AppCache+CookieBombing trick (bc3_production_blobs bucket)
- https://hackerone.com/reports/403783 | [www.zomato.com] Tampering with Order Quantity and paying less amount then actual amount, leads to business loss
- https://hackerone.com/reports/404797 | IDOR to delete images from other stores
- https://hackerone.com/reports/405342 | Clickjacking at ylands.com
- https://hackerone.com/reports/406289 | Stored XSS on Broken Themes via filename
- https://hackerone.com/reports/406614 | Resource Consumption DOS on Edgemax v1.10.6
- https://hackerone.com/reports/406704 | XSS @ store.steampowered.com via agecheck path name
- https://hackerone.com/reports/407355 | Subdomain Takeover on demo.greenhouse.io pointing to unbouncepages
- https://hackerone.com/reports/407552 | Vanilla Forums Gdn_Format unserialize() Remote Code Execution Vulnerability
- https://hackerone.com/reports/409370 | Denial of service via cache poisoning
- https://hackerone.com/reports/409395 | Bypass of GitLab CI runner slash fix in YAML validation
- https://hackerone.com/reports/409512 | mod_userdir CRLF injection (CVE-2016-4975)
-
https://hackerone.com/reports/409518 | "More on Wikipedia" link disclose "Referrer" and leak
window.opener
reference for arbitrary websites - https://hackerone.com/reports/409701 | SSRF in hatchful.shopify.com
- https://hackerone.com/reports/409850 | XSS in steam react chat client
- https://hackerone.com/reports/409973 | Some store settings/data are accessible to "No Access" permission users on GraphQL LiveView operation
- https://hackerone.com/reports/409986 | Improper handling of Chunked data request in sapi_apache2.c leads to Reflected XSS
- https://hackerone.com/reports/410015 | Discrepancy in hacker profile report count may reveal existence of a private program by publishing a report
- https://hackerone.com/reports/410212 | Vanilla Forums Xenforo password splitHash Unserialize Remote Code Execution Vulnerability
- https://hackerone.com/reports/410237 | Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability
- https://hackerone.com/reports/410451 | User login page doesn't implement any form of rate limiting
- https://hackerone.com/reports/410882 | Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability (critical)
- https://hackerone.com/reports/411075 | Abusing "Report as abuse" functionality to delete any user's post.
- https://hackerone.com/reports/411140 | Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability
- https://hackerone.com/reports/411329 | code injection, steam chat client
- https://hackerone.com/reports/411337 | Forget password link not expiring after email change.
- https://hackerone.com/reports/411519 | DNS SRV lookup of file:// sources enables local hijacking of gems
- https://hackerone.com/reports/411679 | View Failed Approval and Pending videos other users
- https://hackerone.com/reports/411690 | Stored xss in address field in billing activity at https://shop.aaf.com/Order/step1/index.cfm
- https://hackerone.com/reports/411723 | Open redirection at https://chaturbate.com/auth/login/
- https://hackerone.com/reports/411822 | Password protected rooms total number of viewers disclosure to unauthorized members
- https://hackerone.com/reports/411865 | Blind SSRF at https://chaturbate.com/notifications/update_push/
- https://hackerone.com/reports/411930 | User with privilege to maintain External Programs can update certain churned HackerOne programs
- https://hackerone.com/reports/412526 | No rate limit in stats api token endpoint
- https://hackerone.com/reports/412988 | Hacker can request mediation for published reports
- https://hackerone.com/reports/413426 | Open redirect on chaturbate.com (tipping/purchase_success)
- https://hackerone.com/reports/413442 | [chatws25.stream.highwebmedia.com] - Reflected XSS in c parameter
- https://hackerone.com/reports/413505 | No rate limit in affiliate statsapi endpoint
- https://hackerone.com/reports/413759 | Race condition at create new Location
- https://hackerone.com/reports/413828 | Persistent XSS via Signatures
- https://hackerone.com/reports/415139 | Reflected xss on theacademy.upserve.com
- https://hackerone.com/reports/415178 | chrome://brave can still be navigated to, leading to RCE
- https://hackerone.com/reports/415238 | [Admin Panel] CSRF to resume/pause runner
- https://hackerone.com/reports/415258 | RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context
- https://hackerone.com/reports/415272 | Linux Desktop application slack executable does not use pie / no ASLR
- https://hackerone.com/reports/415398 | Chaturbate "/chat_ignore_list/" endpoint does not check for Account status: Disabled before adding Ignore via POST
- https://hackerone.com/reports/415484 | Stored xss
- https://hackerone.com/reports/415622 | PII disclosure -- Past team members & their email ID(personal email) can be viewed by Staff member with no permissions on Partner Dashboard
- https://hackerone.com/reports/415967 | chrome://brave navigation from web
- https://hackerone.com/reports/416040 | Field Day With Protocol Handlers
- https://hackerone.com/reports/416682 | CSRF on change video thumbnail at https://chaturbate.com
- https://hackerone.com/reports/416906 | Missing Rate Limitation at /apps/upload_app/
- https://hackerone.com/reports/416978 | H1514 CSRF in Domain transfer allows adding your domain to other user's account
- https://hackerone.com/reports/416983 | H1514 Removed Staff members who had "Apps" permission can still modify flow app connections
- https://hackerone.com/reports/417170 | Using GraphQL, STAFF with NO explicit permissions on Store can retrieve Shopify Payments Balance.
- https://hackerone.com/reports/417382 | Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session
- https://hackerone.com/reports/417839 | H1514 Lack of access control on edit packing slip template
- https://hackerone.com/reports/418145 | No rate limiting in changing room subject.
- https://hackerone.com/reports/418151 | No rate limiting in starting up a bot.
- https://hackerone.com/reports/418254 | Unrestricted POST request size on roomlogin endpoint
- https://hackerone.com/reports/418474 | Disclosing a private program in an external link if program is paused
- https://hackerone.com/reports/418767 | Hacker can bypass 2FA requirement and reporter blacklist through embedded submission form
- https://hackerone.com/reports/418823 | Reflected XSS on developers.zomato.com
- https://hackerone.com/reports/419875 | [NR Alerts/Synthetics] IDOR through /policies.json with Synthetics exposes full name of other NR users
- https://hackerone.com/reports/419883 | H1514 [beerify.shopifycloud.com] GraphQL discloses internal beer consumption
- https://hackerone.com/reports/420115 | Crash in mrb_ary_push
- https://hackerone.com/reports/420459 | H1514 Stored XSS in Return Magic App portal content
- https://hackerone.com/reports/421009 | H1514 Deanonymizing Exchange Marketplace private listings
- https://hackerone.com/reports/421859 | H1514 [*.(my)shopify.com] - Viewing Password Protected Content
- https://hackerone.com/reports/422043 | H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing
- https://hackerone.com/reports/422279 | H1514 Simple phishing using auto-created modal with weak URL-pattern check in incontext_app_link
- https://hackerone.com/reports/422331 | attacker can book unlimited tickets in free at https://aaf.com/checkout/order-received/21237/?key=wc_order_5bbef48fa35b2
- https://hackerone.com/reports/422698 | Update Chat Allowed By Option ( without age verification )
-
https://hackerone.com/reports/422707 | Reflected XSS on
$Any$ .myshopify.com/admin - https://hackerone.com/reports/422944 | H1514 Remote Code Execution on kitcrm using bulk customer update of Priority Products
- https://hackerone.com/reports/423022 | Account takeover at https://try.discourse.org due to no CSRF protection in connecting Yahoo account
- https://hackerone.com/reports/423073 | Improper UUID validation results in bypass of #419896
- https://hackerone.com/reports/423136 | H1514 Session Fixation on multiple shopify-built apps on *.shopifycloud.com and *.shopifyapps.com
- https://hackerone.com/reports/423198 | H1514 Ability to Edit Packaging Slip Templates and View Product & Shipping Information by a low privileged staff in a Sandbox Store
- https://hackerone.com/reports/423218 | H1514 DOM XSS on checkout.shopify.com via postMessage handler on /:id/sandbox/google_maps
- https://hackerone.com/reports/423388 | H1514 Get access to non public information by pivoting with graphql queries
- https://hackerone.com/reports/423454 | H1514 Stored XSS on Wholesale sales channel allows cross-organization data leakage
- https://hackerone.com/reports/423467 | H1514 Ability to MiTM Shopify PoS Session to Takeover Communications
- https://hackerone.com/reports/423496 | H1514 Bypass Wholesale account signup restrictions
- https://hackerone.com/reports/423506 | H1514 Extract information about other sites (new sites) through Affiliate/Referral pages
- https://hackerone.com/reports/423541 | H1514 Server Side Template Injection in Return Magic email templates?
- https://hackerone.com/reports/423546 | H1514 Wholesale customer without checkout permission can complete purchases
- https://hackerone.com/reports/424447 | Integer overflow leading to buffer overflow
- https://hackerone.com/reports/424669 | Subdomain Takeover Via unclaimed Heroku Instance tim-exclusive.shopify.com
- https://hackerone.com/reports/425048 | Stored XSS on chaturbate.com (wish list)
- https://hackerone.com/reports/425200 | XSS [flow] - on www.paypal.com/paypalme/my/landing (requires user interaction)
- https://hackerone.com/reports/425314 | API request signature can be reused with other parameters/data than the original in certain cases
- https://hackerone.com/reports/425719 | Disclosure of Github Issues
- https://hackerone.com/reports/426165 | [www.zomato.com] CORS Misconfiguration, could lead to disclosure of sensitive information
- https://hackerone.com/reports/426547 | Missing Rate Limitation at /photo_videos/photoset/create
- https://hackerone.com/reports/426944 | Linux privilege escalation via trusted $PATH in keybase-redirector
- https://hackerone.com/reports/427502 | Proper verification is not done before sending invitations to researchers for certain private programs with rules e.g. "Participants must be US-based"
- https://hackerone.com/reports/427835 | Server-Side request forgery in New-Subscription feature of the calendar app
- https://hackerone.com/reports/428010 | Talk / spreed: Disclosure of Room names and participants for password protected rooms
- https://hackerone.com/reports/428660 | Gallery: No feedback for invalid password
- https://hackerone.com/reports/429026 | Race condition in performing retest allows duplicated payments
- https://hackerone.com/reports/429298 | Stored XSS in chat topic due to insecure emoticon parsing on any message type
- https://hackerone.com/reports/429617 | Reverse Proxy misroute leading to steal X-Shopify-Access-Token header
- https://hackerone.com/reports/429679 | POST-based XSS on apps.shopify.com
- https://hackerone.com/reports/430463 | Keybase client: downloaded executables lack "com.apple.quarantine" meta-attribute [macOS]
- https://hackerone.com/reports/430854 | Kaspersky Password Manager allows websites to access user's address data
- https://hackerone.com/reports/431561 | Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS
-
https://hackerone.com/reports/431633 | Order Creation Webhooks can be edited/deleted by STAFF with
Settings
only permission - https://hackerone.com/reports/434116 | Exposing voting results on the Slowvote application without actually voting
- https://hackerone.com/reports/434715 | No session expiry after log-out and session id exposed in URL
- https://hackerone.com/reports/434763 | Incorrect details on OAuth permissions screen allows DMs to be read without permission
- https://hackerone.com/reports/435457 | Ability to login to the Nexus Repo Manager from https://nexus.imgur.com/
- https://hackerone.com/reports/435618 | Kaspersky Password Manager is vulnerable to HTML injection in the browser action pop-up via user name
- https://hackerone.com/reports/435648 | TOTP Key is shorter than RFC 4226 recommended minimum
- https://hackerone.com/reports/436928 | RCE as Admin defeats WordPress hardening and file permissions
- https://hackerone.com/reports/437142 | Instant open redirect on Live preview WEB Ide opening
- https://hackerone.com/reports/437800 | Passive mixed content issues on the site https://*.fanduel.com
- https://hackerone.com/reports/438240 | Reflected Cross site Scripting (XSS) on www.starbucks.com
- https://hackerone.com/reports/439729 | Add and Access to Labels of any Private Projects/Groups of Gitlab(IDOR)
- https://hackerone.com/reports/439828 | Event privacy level does not work in Thunderbird
- https://hackerone.com/reports/439912 | Stored XSS on demo app link
- https://hackerone.com/reports/440749 | [Mail.Ru Android] Typo in permission name allows to write contacts without user knowledge
- https://hackerone.com/reports/442843 | Notifications sent due to "Transfer report" functionality may be sent to users who are no longer authorized to see the report
- https://hackerone.com/reports/446238 | EXIF metadata not stripped from JPG group logos
- https://hackerone.com/reports/446271 | CRLF injection
- https://hackerone.com/reports/446585 | Exfiltrate and mutate repository and project data through injected templated service
- https://hackerone.com/reports/446593 | GitLab's GitHub integration is vulnerable to SSRF vulnerability
- https://hackerone.com/reports/447494 | Share recipient can modify a share's expiration date
- https://hackerone.com/reports/447975 | Upgrade menu exposes the mobile application token meant to only be visible to administrators
- https://hackerone.com/reports/448078 | A user can request a report to be retested even though the program has not been verified by HackerOne
- https://hackerone.com/reports/449351 | IE only: stored Cross-Site Scripting (XSS) vulnerability through Program Asset identifier
- https://hackerone.com/reports/449482 | Command injection in Pathname
- https://hackerone.com/reports/449617 | Null character at fnmatch
- https://hackerone.com/reports/452959 | A user can bypass approval step in Hacker Publishing feature, allowing them to publish reports immediately
- https://hackerone.com/reports/452973 | Inline banner on Report page discloses whether organization runs a private program
- https://hackerone.com/reports/454949 | Race Condition in Flag Submission
- https://hackerone.com/reports/455858 | [p2p.qiwi.com] nginx alias traversal
-
https://hackerone.com/reports/456333 | [auth2.zomato.com] Reflected XSS at
oauth2/fallbacks/error
| ORY Hydra an OAuth 2.0 and OpenID Connect Provider - https://hackerone.com/reports/456727 | null pointer dereference in imap_mail
- https://hackerone.com/reports/458842 | Malformed save files (.sav) allow to write files with arbitrary extensions and content in GoldSrc-based games.
- https://hackerone.com/reports/459286 | protocol & Ports are not shown in third-party site redirect warning page
- https://hackerone.com/reports/459443 | [NR Insights] IDOR - Modify the filter settings for any NR Insights dashboard through internal_api endpoint
- https://hackerone.com/reports/460428 | The impossibility of inclusion of the trial (BROWSER)
- https://hackerone.com/reports/460815 | Milestones leaked via search API
- https://hackerone.com/reports/460911 | [FG-VD-18-165] Wordpress Cross-Site Scripting Vulnerability Notification II
- https://hackerone.com/reports/460920 | Response program can create bounty table
- https://hackerone.com/reports/461272 | [www.zomato.com] Blind XSS in one of the admin dashboard
- https://hackerone.com/reports/461308 | Remote attacker can impersonate Social users via ActivityPub API
- https://hackerone.com/reports/462321 | Ability to view monitor names of other NR accounts through internal API (v3) via "monitor_id" parameter
- https://hackerone.com/reports/462503 | Claiming package names in GitLab's automatic package referencer.
- https://hackerone.com/reports/463828 | Submitting report through Embedded Submission form gives user indefinite access to a profile
- https://hackerone.com/reports/463915 | URL Advisor component in KIS products family is vulnerable to Universal XSS
- https://hackerone.com/reports/464426 | account takeover https://idea.qiwi.com/
- https://hackerone.com/reports/469372 | Web protection component in Anti-Virus products family uses predictable links for certificate warnings
- https://hackerone.com/reports/469803 | Open redirect at https://inventory.upserve.com/http://google.com/
- https://hackerone.com/reports/470003 | Privilege Escalation via Keybase Helper (incomplete security fix)
- https://hackerone.com/reports/470067 | DoS on the Issue page by exploiting Mermaid.
- https://hackerone.com/reports/470206 | Reflected XSS in *.myshopify.com/account/register
- https://hackerone.com/reports/470398 | Local privilege escalation bug using Keybase redirector on macOS
- https://hackerone.com/reports/470519 | Kaspersky Protection extension for Google Chrome is vulnerable to abuse its features
- https://hackerone.com/reports/470520 | RCE on Steam Client via buffer overflow in Server Info
- https://hackerone.com/reports/470544 | Unauthorized command execution in Web protection component of Anti-Virus products family
- https://hackerone.com/reports/470547 | Unauthorized command execution in Web protection component of Anti-Virus products family [IE]
- https://hackerone.com/reports/470553 | Unauthorized command execution in Web protection component of Anti-Virus products family [FF, Chrome]
- https://hackerone.com/reports/470637 | User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files
- https://hackerone.com/reports/471265 | unuse domain still in using at wechat by Starbucks East China
- https://hackerone.com/reports/471739 | macOS privilege escalation via keybase install
- https://hackerone.com/reports/472013 | Changing email address on Twitter for Android unsets "Protect your Tweets"
- https://hackerone.com/reports/472026 | The auto login link does not expire on changing email id
- https://hackerone.com/reports/472651 | Private key "tron" leaked via Travis CI Log
- https://hackerone.com/reports/473252 | Privilege Escalation through Keybase Installer via Helper
-
https://hackerone.com/reports/473888 | RCE which may occur due to
ActiveSupport::MessageVerifier
orActiveSupport::MessageEncryptor
(especially Active storage) - https://hackerone.com/reports/473950 | XSS on Desktop Client
- https://hackerone.com/reports/474262 | XSS due to incomplete JS escaping
- https://hackerone.com/reports/474656 | Cross-site Scripting (XSS) on HackerOne careers page
- https://hackerone.com/reports/475499 | heap buffer overflow in phar_detect_phar_fname_ext
- https://hackerone.com/reports/475660 | Response program can display "eligible for bounty" in scope area in program policy
- https://hackerone.com/reports/476168 | Heap overflow in utf32be_mbc_to_code
- https://hackerone.com/reports/476178 | Negative size parameter in mb_split
- https://hackerone.com/reports/476179 | Buffer over-write in finfo_open with malformed magic file.
- https://hackerone.com/reports/476958 | IDOR allows accounts to view full name of other accounts based on email through share notes feature
- https://hackerone.com/reports/477073 | ZeroMQ libzmq remote code execution
- https://hackerone.com/reports/477222 | Last build status and coverage leaked to unauthorized users
- https://hackerone.com/reports/477344 | Heap Buffer Overflow (READ: 4) in phar_parse_pharfile
- https://hackerone.com/reports/477896 | Use after free and out of bounds read in xmlrpc_decode()
- https://hackerone.com/reports/477897 | buffer overread in base64 code of the xmlrpc module
- https://hackerone.com/reports/478367 | efree() on uninitialized Heap data in imagescale leads to use-after-free
- https://hackerone.com/reports/478368 | imagecolormatch Out Of Bounds Write on Heap
- https://hackerone.com/reports/478957 | Stored XSS/HTML injection in autocomplete suggestions for sharing
- https://hackerone.com/reports/479135 | GET request to accounts.json on support site leaks the root account license key and the browser license key to a restricted user
- https://hackerone.com/reports/479139 | Bypass of #447975 - view mobile application token though "Application Information" sidebar on Installation page
- https://hackerone.com/reports/480778 | Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) could lead to memory leak
- https://hackerone.com/reports/480883 | Stack overflow in XML Parsing
- https://hackerone.com/reports/480928 | Username restriction bypass with SSL client authentication
- https://hackerone.com/reports/480984 | Stack overflow affecting "ext" field on stylers.xml configuration file
- https://hackerone.com/reports/481335 | Security check failure or stack buffer overrun (crash)
- https://hackerone.com/reports/481360 | Stored XSS in vanilla
- https://hackerone.com/reports/481472 | URL link spoofing
- https://hackerone.com/reports/481532 | heap-use-after-free (READ of size 8) in main()
- https://hackerone.com/reports/482200 | puttygen: heap-buffer-overflow in mp_get_decimal()
- https://hackerone.com/reports/483572 | [FG-VD-19-009] Intel(R) Trace Analyzer and Collector 2019 Memory Corruption Vulnerability Notification
- https://hackerone.com/reports/484398 | Buffer overflow in libavi_plugin memmove() call
- https://hackerone.com/reports/484434 | Stored XSS on imgur profile
- https://hackerone.com/reports/484615 | Unsanitized user photo paths allow local file read
-
https://hackerone.com/reports/484664 | ICQ for macOS: lack of
com.apple.quarantine
meta-attribute on downloaded files leads to GateKeeper/Quarantine bypass for downloaded executables - https://hackerone.com/reports/484930 | puttygen: 160MB memory leak while trying to extract openssh public key from crafted key file
- https://hackerone.com/reports/485407 | From nobody to somebody
- https://hackerone.com/reports/485748 | Stored XSS on reports.
- https://hackerone.com/reports/486629 | Improper validation allows user to unlock Zomato Gold multiple times at the same restaurant within one day
- https://hackerone.com/reports/487008 | Arbitrary file read via ffmpeg HLS parser at https://www.flickr.com/photos/upload
- https://hackerone.com/reports/487081 | Stored XSS in Private Message component (BuddyPress)
- https://hackerone.com/reports/488643 | Disclosure of h1 challenges name through the calendar
- https://hackerone.com/reports/488923 | No Rate Limit on CrowdSignal Polls when Adding Comment
- https://hackerone.com/reports/488985 | Race condition in claiming program credentials
- https://hackerone.com/reports/489102 | VLC 4.0.0 - Stack Buffer Overflow (SEH)
- https://hackerone.com/reports/489146 | Confidential data of users and limited metadata of programs and reports accessible via GraphQL
- https://hackerone.com/reports/489284 | Access to Employee calendar disclosing internal presentation and meetings
- https://hackerone.com/reports/490782 | Mssing Authorization on Private Message replies (BuddyPress)
- https://hackerone.com/reports/490946 | Bypassing lock protection
- https://hackerone.com/reports/490960 | macOS privilege escalation
- https://hackerone.com/reports/491023 | XSS Reflected on my_report
- https://hackerone.com/reports/491473 | Protected tweets exposure through the URL
- https://hackerone.com/reports/491753 | DMARC RECORD MISSING
- https://hackerone.com/reports/492512 | [bower] Arbitrary File Write through improper validation of symlinks while package extraction
- https://hackerone.com/reports/492841 | Web cache poisoning attack leads to user information and more
- https://hackerone.com/reports/493324 | Privilege escalation from any user (including external) to gitlab admin when admin impersonates you
- https://hackerone.com/reports/494979 | Insufficient sanitizing can lead to arbitrary commands execution
- https://hackerone.com/reports/495382 | No SearchEngine sanatizing can lead to command injection
- https://hackerone.com/reports/495495 | CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host
- https://hackerone.com/reports/495497 | Know whether private project name exists or not within a group using link comments
- https://hackerone.com/reports/495508 | Assertion `len == 1' failed, process aborted while streaming ouput from remote server
- https://hackerone.com/reports/495515 | Reflected XSS: Taxonomy Converter via tax parameter
- https://hackerone.com/reports/495525 | XSSI: Quick Navigation Interface - leak of private page/post titles
- https://hackerone.com/reports/495583 | [FG-VD-19-022] Wordpress WooCommerce Cross-Site Scripting Vulnerability Notification
- https://hackerone.com/reports/495793 | Malformed .MDL triggers an Access Violation on GoldSRC (hl.exe)
- https://hackerone.com/reports/496113 | Crash
- https://hackerone.com/reports/496285 | Ubuntu Linux privilege escalation (dirty_sock)
- https://hackerone.com/reports/496375 | Reflected XSS in https://www.starbucks.co.jp/store/search/
- https://hackerone.com/reports/496405 | Stored XSS in vanilla
- https://hackerone.com/reports/496973 | Persistent XSS via e-mail when creating merge requests
- https://hackerone.com/reports/497047 | Blocked user Git access through CI/CD token
- https://hackerone.com/reports/497255 | A stack buffer overflow in BabyGrid.cpp can lead to program crashes via a malicious localization file
- https://hackerone.com/reports/497312 | Command injection by setting a custom search engine
- https://hackerone.com/reports/497724 | Stored XSS in Post Preview as Contributor
- https://hackerone.com/reports/498052 | Password theft login.newrelic.com via Request Smuggling
- https://hackerone.com/reports/498964 | Full access to internal Gitlab instances at redash.gitlab.com, dashboards.gitlab.com, prometheus.gitlab.com
- https://hackerone.com/reports/499030 | DOM Based XSS in www.hackerone.com via PostMessage (bypass of #398054)
- https://hackerone.com/reports/499348 | Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect
- https://hackerone.com/reports/500348 | URL filter bypass in Enterprise Grid
- https://hackerone.com/reports/500436 | DOM based CSS Injection on grammarly.com
- https://hackerone.com/reports/500515 | XXE at ecjobs.starbucks.com.cn/retail/hxpublic_v6/hxdynamicpage6.aspx
- https://hackerone.com/reports/500686 | url that twitter mobile site can not load
- https://hackerone.com/reports/501672 | Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints
- https://hackerone.com/reports/502593 | Attacker is able to access commit title and team member comments which are supposed to be private
- https://hackerone.com/reports/502816 | Access Violation Reading in libfaad_plugin
- https://hackerone.com/reports/503208 | Access Violation Reading EXPLOITABLE_0228
- https://hackerone.com/reports/503283 | Real Time Error Logs Through Debug Information
- https://hackerone.com/reports/503298 | Multiple XSS on account settings that can hijack any users in the company.
- https://hackerone.com/reports/503300 | █████████ on CRM server without authorization
- https://hackerone.com/reports/503804 | Path Disclosure Vulnerability http://crm.******.com
- https://hackerone.com/reports/503821 | Assertion `col >= 0 && col < line->cols' failed, process aborted while streaming ouput from remote server
- https://hackerone.com/reports/504751 | Open Redirect
- https://hackerone.com/reports/504759 | Uploading large avatar images cause excessive CPU usage
- https://hackerone.com/reports/504761 | phar_tar_writeheaders_int() buffer overflow
- https://hackerone.com/reports/504782 | CSRF at adding new role (user-management.service.newrelic.com)
- https://hackerone.com/reports/504951 | Malformed playlist.txt in GoldSrc games leads to Access Violation & arbitrary code execution
- https://hackerone.com/reports/505007 | [Twitter Open Source] Releases were & are built/executed/tested/released in the context of insecure/untrusted code
- https://hackerone.com/reports/505173 | Malformed map detailed texture files in GoldSrc games lead to Remote Code Execution
- https://hackerone.com/reports/505278 | DOS in stream filters
- https://hackerone.com/reports/505424 | Twitter ID exposure via error-based side-channel attack
- https://hackerone.com/reports/506040 | ChaCha20-Poly1305 with long nonces
- https://hackerone.com/reports/506161 | Build fetches jars over HTTP
- https://hackerone.com/reports/506646 | Webshell via File Upload on ecjobs.starbucks.com.cn
- https://hackerone.com/reports/507012 | bypass Claudflare access crm.mautic.com
- https://hackerone.com/reports/507097 | Open AWS S3 bucket leaks all Images uploaded to Zomato chat
- https://hackerone.com/reports/507132 | Stored XSS in notes (charts) because of insecure chart data JSON generation
- https://hackerone.com/reports/507139 | DOM based XSS in the WooCommerce plugin
- https://hackerone.com/reports/507172 | Able to bypass "Device credentials" Lock
- https://hackerone.com/reports/507525 | DoS attacks utilizing camo.stream.highwebmedia.com
- https://hackerone.com/reports/507957 | Stored XSS on www.starbucks.com.sg/careers/career-center/career-landing-*
- https://hackerone.com/reports/508184 | Persistent XSS in Note objects
- https://hackerone.com/reports/508459 | SSRF in webhooks leads to AWS private keys disclosure
- https://hackerone.com/reports/508490 | Nextcloud domain and name of every user leaked to lookup server
- https://hackerone.com/reports/508493 | Group admins can remove arbitrary data from "data" directory (including admin data)
- https://hackerone.com/reports/509574 | Invited team member can disclosure slack channels
- https://hackerone.com/reports/509924 | JSON serialization of any Project model results in all Runner tokens being exposed through Quick Actions
- https://hackerone.com/reports/509930 | Potential unprivileged Stored XSS through wp_targeted_link_rel
- https://hackerone.com/reports/510025 | Invalid Read on exif_process_SOFn
- https://hackerone.com/reports/510336 | Uninitialized read in exif_process_IFD_in_TIFF
- https://hackerone.com/reports/510887 | [CVE-2018-18312] regcomp: heap-buffer-overflow write / reg_node overrun
- https://hackerone.com/reports/510888 | [CVE-2018-18313] regcomp: heap-buffer-overflow read in S_grok_bslash_N
- https://hackerone.com/reports/511044 | [www.zomato.com] Availing Zomato Gold membership for free by tampering plan id(s)
- https://hackerone.com/reports/511381 | All functions that allow users to specify color code are vulnerable to ReDoS
- https://hackerone.com/reports/511440 | credentials leakage in public lead to view dev websites
- https://hackerone.com/reports/512102 | CSRF at acknowledging an incident
- https://hackerone.com/reports/513154 | Unchecked weapon id in WeaponList message parser on client leads to RCE
- https://hackerone.com/reports/514224 | SSRF in Search.gov via ?url= parameter
- https://hackerone.com/reports/514451 | Deprecated Hacker101 coursework repository mentions Heroku App that is susceptible to takeover
- https://hackerone.com/reports/514897 | Possible to enumerate Addresses of users using AddressId and guessing the delivery_subzone
- https://hackerone.com/reports/515484 | [Reflected XSS] In Request URL
- https://hackerone.com/reports/515574 | Unclaimed Github Repository Takeover on https://www.data.gov/labs
- https://hackerone.com/reports/516237 | Uninitialized read in exif_process_IFD_in_MAKERNOTE
- https://hackerone.com/reports/518669 | SQLi allow query restriction bypass on exposed FileContentProvider
- https://hackerone.com/reports/519059 | Protected Tweets setting overridden by Android app
- https://hackerone.com/reports/519220 | File writing by Directory traversal at actionpack-page_caching and RCE by it
- https://hackerone.com/reports/519367 | Attacker can read password from log data
- https://hackerone.com/reports/520518 | Full name of other accounts exposed through NR API Explorer (another workaround of #476958)
- https://hackerone.com/reports/520630 | (Prerelease UI) Stored XSS via role name in JSON chart
- https://hackerone.com/reports/520717 | Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE
- https://hackerone.com/reports/520903 | Apache HTTP [2.4.17-2.4.38] Local Root Privilege Escalation
- https://hackerone.com/reports/526265 | DOM XSS on app.starbucks.com via ReturnUrl
- https://hackerone.com/reports/526325 | Stored XSS in Wiki pages
- https://hackerone.com/reports/526570 | Bypassing push rules via MRs created by Email
- https://hackerone.com/reports/527042 | CVE-2019-0196: mod_http2 with scoreboard Use-After-Free (Read)
-
https://hackerone.com/reports/528940 | STAFF member with NO Explicit permissions can view
ActivityFeed
via GraphQL - https://hackerone.com/reports/530458 | Stored XSS in Rich editor via Embed datetime
- https://hackerone.com/reports/530464 | Stored XSS in Profile Comments
- https://hackerone.com/reports/530499 | WooCommerce: Persistent XSS via customer address (state/county)
- https://hackerone.com/reports/530511 | Stored XSS at APM applications listing
- https://hackerone.com/reports/530853 | Stored XSS in embedded posts containing images
- https://hackerone.com/reports/530871 | Stored XSS firing if the error occurs when trying to delete the APM app
- https://hackerone.com/reports/530881 | Hidden Stored XSS in nested post embeds
- https://hackerone.com/reports/530974 | Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
- https://hackerone.com/reports/531032 | Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack
- https://hackerone.com/reports/531042 | Reflected XSS in https://www.starbucks.com/account/create/redeem/MCP131XSR via xtl_amount, xtl_coupon_code, xtl_amount_type parameters
- https://hackerone.com/reports/532667 | Server Side JavaScript Code Injection
- https://hackerone.com/reports/534450 | Account takeover through the combination of cookie manipulation and XSS
- https://hackerone.com/reports/534541 | Combination of content provider allows private data disclosure
- https://hackerone.com/reports/534554 | Unpublished Product Images can be disclosed
- https://hackerone.com/reports/534711 | Stored XSS at APM apps labels autocomplete dropdown (apps listing)
- https://hackerone.com/reports/534794 | Importing GitLab project archives can replace uploads of other users
- https://hackerone.com/reports/534908 | CSRF at https://chatstory.pixiv.net/imported
- https://hackerone.com/reports/535827 | Buffer overflow in yywarning_s
- https://hackerone.com/reports/536669 | "Test target" of the "HTTP target" extension can unintentionally send username and password in the Authorization header
- https://hackerone.com/reports/536853 | Unreleased CTF Levels are Revealed on /group/user/ID1?user=USERID endpoint
- https://hackerone.com/reports/537550 | Memory corruption in imap-parser.c
- https://hackerone.com/reports/538008 | Add users to groups who have restricted group invites
- https://hackerone.com/reports/540301 | Wordpress VIP leaks email of the test a/c
- https://hackerone.com/reports/540711 | Access Projects And create projects in gitlab pre production server
- https://hackerone.com/reports/541020 | GetGlobalAchievementPercentagesForApp is missing the same release checks as GetSchemaForGame
- https://hackerone.com/reports/541169 | GitLab::UrlBlocker validation bypass leading to full Server Side Request Forgery
- https://hackerone.com/reports/541606 | [Privilege Escalation] Shopify Admin -- Permission from Settings to Customer
- https://hackerone.com/reports/541862 | Open redirect protection (https://www.pixiv.net/jump.php) is broken for novels
- https://hackerone.com/reports/542180 | Malformed NAV file leads to buffer overflow and code execution in Left4Dead2.exe
- https://hackerone.com/reports/544329 | IDOR and statistics leakage in Orders
- https://hackerone.com/reports/544928 | Privilege Escalation From user to SYSTEM via unauthenticated command execution
- https://hackerone.com/reports/546644 | Two heap use-after-free errors in IMAP operations
- https://hackerone.com/reports/547630 | An integer overflow found in /lib/urlapi.c
- https://hackerone.com/reports/549040 | Clientside resource Exhausting by exploiting gitlab math rendering
- https://hackerone.com/reports/549084 | Stored XSS firing at transaction map (applicationName field)
- https://hackerone.com/reports/549364 | Account recovery text message is sending a wrong domain to users.
- https://hackerone.com/reports/549831 | External Storage - WebDAV - New user has access to storage from deleted user (same user-ID)
- https://hackerone.com/reports/550696 | Heap Buffer Overflow at lib/tftp.c
- https://hackerone.com/reports/550937 | Insufficient DKIM record with RSA 512-bit key used on WordPress.com
- https://hackerone.com/reports/557154 | DoS attack via comment on Issue
- https://hackerone.com/reports/563268 | Spoofing the redirect process using RTLO
- https://hackerone.com/reports/564196 | help.shopify.com Cross Site Scripting
- https://hackerone.com/reports/565736 | View HackerOne challenge scope before challenge begins
- https://hackerone.com/reports/565883 | Bypass Email Verification -- Able to Access Internal Gitlab Services that use Login with Gitlab and Perform Check on email domain
- https://hackerone.com/reports/566400 | Stored XSS firing at the "Add chart to note" popup
- https://hackerone.com/reports/567468 | Stored XSS at APM key transactions list
- https://hackerone.com/reports/568832 | No rate limit on app.crowdsignal.com (Finish quiz)
- https://hackerone.com/reports/574639 | Reports Modal in app.mopub.com Disclose by any user
- https://hackerone.com/reports/574962 | Verify any unused email address
- https://hackerone.com/reports/575562 | Blind Stored XSS on iOS App due to Unsanitized Webview
- https://hackerone.com/reports/576288 | Testnet address being sent in cleartext as http://rinkeby.chain.link/ is missing SSL certificate
- https://hackerone.com/reports/576532 | DOM XSS via Shopify.API.remoteRedirect
- https://hackerone.com/reports/577920 | login csrf in analytics.mopub.com
- https://hackerone.com/reports/578119 | Privilege escalation due to insecure use of logrotate
- https://hackerone.com/reports/582349 | Last pipeline status for MR leaked
- https://hackerone.com/reports/583819 | cookie injection allow dos attack to periscope.tv
- https://hackerone.com/reports/583987 | Periscope android app deeplink leads to CSRF in follow action
- https://hackerone.com/reports/587829 | CSTI at Plugin page leading to active stored XSS (Publisher name)
- https://hackerone.com/reports/587854 | Local files could be overwritten in GitLab, leading to remote command execution
- https://hackerone.com/reports/587910 | Password not checked when disabling 2FA on HackerOne
- https://hackerone.com/reports/588562 | Memory Leak in OCUtil.dll library in Desktop client can lead to DoS
- https://hackerone.com/reports/590020 | CRLF Injection in urllib
- https://hackerone.com/reports/590319 | Linux client is vulnerable to directory traversal when downloading files
- https://hackerone.com/reports/591295 | Potential pre-auth RCE on Twitter VPN
- https://hackerone.com/reports/591302 | Denial of service to WP-JSON API by cache poisoning the CORS allow origin header
- https://hackerone.com/reports/591432 | Twitter Periscope Clickjacking Vulnerability
- https://hackerone.com/reports/591786 | XSS on services.shopify.com
- https://hackerone.com/reports/592090 | IDOR in sending support email upon Verifying user business domain
- https://hackerone.com/reports/592316 | Stored XSS on byddypress Plug-in via groups name
- https://hackerone.com/reports/592803 | Gaining unlimited bonus points on websites with WooCommerce Points and Rewards
- https://hackerone.com/reports/592885 | multiple vulnerabilities on your mautic server
- https://hackerone.com/reports/593229 | Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow
- https://hackerone.com/reports/593712 | Web cache deception attack on https://open.vanillaforums.com/messages/all
- https://hackerone.com/reports/593893 | CSRF in generating developer api_key
- https://hackerone.com/reports/602527 | Urgent! Stored XSS at plugin's violations leading to account takeover
- https://hackerone.com/reports/602767 | DOM XSS via Shopify.API.Modal.initialize
- https://hackerone.com/reports/603764 | DOM Based XSS via postMessage at https://inventory.upserve.com/login/
- https://hackerone.com/reports/604534 | Race Condition leads to undeletable group member
- https://hackerone.com/reports/604560 | �бход коми��ии на переводы
- https://hackerone.com/reports/605608 | [information disclosure] Validate existence of a private project.
- https://hackerone.com/reports/605720 | Team member with Program permission only can escalate to Admin permission
- https://hackerone.com/reports/605845 | Stored admin-to-owner XSS at infrastructure alerts runbook URL leading to account takeover by malicious admin
-
https://hackerone.com/reports/605915 | Reflected XSS / Markup Injection in
index.php/svg/core/logo/logo
parametercolor
- https://hackerone.com/reports/608577 | Windows Privilege Escalation: Malicious OpenSSL Engine
- https://hackerone.com/reports/608656 | Disabled account can still use GraphQL endpoint
- https://hackerone.com/reports/612231 | Github Token Leaked publicly for https://github.com/mopub
- https://hackerone.com/reports/614355 | GraphQL query "namespace" leaks data
- https://hackerone.com/reports/614947 | Site-wide clickjacking at IE11
- https://hackerone.com/reports/615840 | Blind Stored XSS In "Report a Problem" on www.data.gov/issue/
- https://hackerone.com/reports/617896 | Bypass Email Verification using Salesforce -- Reproducible in gitlab.com
- https://hackerone.com/reports/618031 | Stored XSS in Discounts section
- https://hackerone.com/reports/619484 | User with read-only access to a share can gain write access to sub-folders in the share
-
https://hackerone.com/reports/621308 | NULL pointer dereference in
mrb_check_frozen
- https://hackerone.com/reports/622170 | Arbitrary code execution in desktop client via OpenSSL config
- https://hackerone.com/reports/623588 | Uninitialized read in gdImageCreateFromXbm
- https://hackerone.com/reports/625546 | Open Redirection leads to redirect Users to malicious website
- https://hackerone.com/reports/626082 | Stored XSS via "my recent queries" selector in NRQL dashboard builder
- https://hackerone.com/reports/629087 | No Valid SPF Records.
- https://hackerone.com/reports/629745 | Reflected cross-site scripting on multiple Starbucks assets.
- https://hackerone.com/reports/629892 | Lack of CSRF header validation at https://g-mail.grammarly.com/profile
- https://hackerone.com/reports/630462 | Heap overflow happen when receiving short length key from ssh server using ssh protocol 1
- https://hackerone.com/reports/631227 | Some HTML Tags are Getting Executed in com.nextcloud.client
- https://hackerone.com/reports/631956 | Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message
- https://hackerone.com/reports/632017 | Self-Stored XSS - Chained with login/logout CSRF
- https://hackerone.com/reports/632101 | Server Side Request Forgery mitigation bypass
- https://hackerone.com/reports/633001 | Private System Note Disclosure using GraphQL
- https://hackerone.com/reports/633231 | pre-auth Stored XSS in comments via javascript: url when administrator edits user supplied comment
- https://hackerone.com/reports/633245 | Delete permission can be added on reshare
- https://hackerone.com/reports/633266 | Code injection in macOS Desktop Client
-
https://hackerone.com/reports/633607 | Invalid read in
str_replace_partial
- https://hackerone.com/reports/634488 | Broken Authentication and Session Management Flaw After Change Password and Logout
- https://hackerone.com/reports/634692 | Stored XSS Via NRQL chartbuilder JSON view
- https://hackerone.com/reports/635597 | Wrong Interpretation of URL encoded characters, showing different punny code leads to redirection on different domain
- https://hackerone.com/reports/636560 | Project Milestones Disclosed Via Groups When the Victim disabled milestones access in project settings
- https://hackerone.com/reports/637194 | Bypass of biometrics security functionality is possible in Android application (com.shopify.mobile)
- https://hackerone.com/reports/638401 | Private Key exposed in Travis Log can Compromise all the test servers.
- https://hackerone.com/reports/638685 | Restricted user can add and delete tags of APM key transactions
- https://hackerone.com/reports/640488 | Total bounties paid amount is disclosed because of redesign of the Program Profiles
- https://hackerone.com/reports/642281 | Stored XSS in https://app.mopub.com
- https://hackerone.com/reports/642515 | User can delete data in shared folders he's not autorized to access
- https://hackerone.com/reports/643274 | Viral Direct Message Clickjacking via link truncation leading to capture of both Google credentials & installation of malicious 3rd party Twitter App
- https://hackerone.com/reports/643622 | SSRF In Get Video Contents
- https://hackerone.com/reports/643882 | Developper's websites are easily accessibles leading to massive information disclosure
- https://hackerone.com/reports/643908 | Stored XSS Vulnerability
- https://hackerone.com/reports/645264 | Program Email Nofication settings ignored when being added as an external contributor
- https://hackerone.com/reports/646505 | ██████ DOM XSS via Shopify.API.remoteRedirect
- https://hackerone.com/reports/647130 | Stored XSS in "Create Groups"
- https://hackerone.com/reports/649533 | Enable 2FA without verifying the email
- https://hackerone.com/reports/651518 | OS Command Injection via egrep in Rake::FileList
- https://hackerone.com/reports/653125 | Git flag injection leading to file overwrite and potential remote code execution
- https://hackerone.com/reports/654198 | Manipulate hacker profile and private program hacktivity to expose your name as researchers who is actively submitting reports with resolve status
- https://hackerone.com/reports/658013 | Git flag injection - local file overwrite to remote code execution
- https://hackerone.com/reports/659419 | Reflected XSS on https://make.wordpress.org via 'channel' parameter
- https://hackerone.com/reports/661051 | Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file
- https://hackerone.com/reports/661722 | WEBrick::HTTPAuth::DigestAuth authentication is vulnerable to regular expression denial of service (ReDoS)
- https://hackerone.com/reports/661751 | Subdomain takeover of d02-1-ag.productioncontroller.starbucks.com
- https://hackerone.com/reports/661978 | IDOR bug to See hidden slowvote of any user even when you dont have access right
- https://hackerone.com/reports/662083 | Inject page in admin panel via Shopify.API.pushState
- https://hackerone.com/reports/662204 | Persistent XSS via filename in projects
- https://hackerone.com/reports/662218 | Talk - Leak of password-protected room name via already existent resource addition
- https://hackerone.com/reports/662287 | Cross-site Scripting (XSS) - Stored in RDoc wiki pages
- https://hackerone.com/reports/663729 | [Brave browser] WebTorrent has DNS rebinding vulnerability
- https://hackerone.com/reports/664038 | protected Tweet settings overwritten by other settings
- https://hackerone.com/reports/665330 | Out of Bounds Memory Read in php_jpg_get16
- https://hackerone.com/reports/665398 | Subdomain takeover of datacafe-cert.starbucks.com
- https://hackerone.com/reports/665651 | Stealing Users OAuth Tokens through redirect_uri parameter
- https://hackerone.com/reports/665722 | “email� MFA mode allows bypassing MFA from victim’s device when the device trust is not expired
- https://hackerone.com/reports/665798 | Earn free DAI interest (inflation) through instant CDP+DSR in one tx
- https://hackerone.com/reports/666632 | Delete direct message history without access the proper conversation_id
- https://hackerone.com/reports/666722 | Email enumeration at SignUp page
- https://hackerone.com/reports/667188 | Stored Self XSS on https://app.crowdsignal.com (in Photo Insert App) + Stored XSS on https://your-subdomain.survey.fm
- https://hackerone.com/reports/667408 | Head pipeline leaked to unauthorized users via blocking merge request feature
- https://hackerone.com/reports/667739 | Previously created sessions continue being valid after MFA activation
- https://hackerone.com/reports/667770 | Stored XSS at APM transaction map (transactionName field)
- https://hackerone.com/reports/668439 | IDOR leading to downloading of any attachment
- https://hackerone.com/reports/669438 | [Bypass #645264] Report title disclosure despite the program settings for email notification is set to "No Content"
- https://hackerone.com/reports/669776 | Disclosure of Program email Title Report when being removed as contributor. Bypass for Report #645264
- https://hackerone.com/reports/670572 | Uncontrolled Resource Consumption in any Markdown field using Mermaid
- https://hackerone.com/reports/672245 | Use After Free in GC with Certain Destructors
- https://hackerone.com/reports/672487 | Business Logic Flaw - A non premium user can change/update retailers to get cashback on all the retailers associated with Curve
- https://hackerone.com/reports/672623 | Username and Access Token Disclousure
-
https://hackerone.com/reports/672664 | Steal collateral during
end
process, by earning DSR interest afterflow
. - https://hackerone.com/reports/673724 | Circle email-members have still access to a shared folder/file after they are removed from the circle
- https://hackerone.com/reports/674195 | Stealing data from customers.gitlab.com without user interaction
- https://hackerone.com/reports/674426 | XSS For Profile Name
- https://hackerone.com/reports/674540 | mod_remoteip stack buffer overflow and NULL pointer dereference
- https://hackerone.com/reports/674757 | Total Paid Bounty Paid can be disclose
- https://hackerone.com/reports/674774 | AppLovin API Key hardcoded in a Github repo
- https://hackerone.com/reports/674866 | Conversation API Leaks Details Of UnAuthorized Conversations
- https://hackerone.com/reports/675578 | Out of Bounds Memory Read in exif_scan_thumbnail
- https://hackerone.com/reports/675580 | Out of Bounds Memory Read in exif_process_user_comment
- https://hackerone.com/reports/676581 | Use Github pack with Coda employee github account (search code of Coda's private repositories)
- https://hackerone.com/reports/676976 | Container scanning and Dependency scanning report leaked to unauthorized users
- https://hackerone.com/reports/677557 | mod_http2, memory corruption on early pushes (CVE-2019-10081)
- https://hackerone.com/reports/679907 | Malformed string sent through FireServer leads to server freezing/hanging
- https://hackerone.com/reports/679969 | CSS Injection to disable app & potential message exfil
- https://hackerone.com/reports/680240 | Stored XSS at Synthetics private locations (planted through location label or description)
- https://hackerone.com/reports/680415 | mod_http2, read-after-free in h2 connection shutdown (CVE-2019-10082)
- https://hackerone.com/reports/682442 | Git flag injection - Search API with scope 'blobs'
- https://hackerone.com/reports/682774 | Arbitrary file creation with semi-controlled content (leads to DoS, EoP and others) at Steam Windows Client
- https://hackerone.com/reports/683298 | XSS and Open Redirect on MoPub Login
- https://hackerone.com/reports/683318 | Windows builds with insecure path defaults (CVE-2019-1552)
- https://hackerone.com/reports/683792 | XSS through chat messages
-
https://hackerone.com/reports/684092 | Steal ALL collateral during liquidation by exploiting lack of validation in
flip.kick
- https://hackerone.com/reports/684099 | Periscope-all Firebase database takeover
-
https://hackerone.com/reports/684152 | Steal all MKR from
flap
during liquidation by exploiting lack of validation inflap.kick
- https://hackerone.com/reports/684603 | Heap buffer overflow in TFTP when using small blksize
- https://hackerone.com/reports/685007 | Password Reset Link not expiring after changing the email Leads To Account Takeover
- https://hackerone.com/reports/685552 | XSS in desktop client via invalid server address on login form
- https://hackerone.com/reports/685909 | Searching from Hacktivity returns hits for words in limited disclosure reports that are not visible
- https://hackerone.com/reports/686823 | krb5: double-free in read_data() after realloc() fail
- https://hackerone.com/reports/687908 | Found Origin IP's Lead To Access To [ Grafana Instance , PgHero Instance [ Can SQL Injection ]
- https://hackerone.com/reports/689245 | SSRF In plantuml (on plantuml.pre.gitlab.com)
- https://hackerone.com/reports/689314 | Project Template functionality can be used to copy private project data, such as repository, confidential issues, snippets, and merge requests
- https://hackerone.com/reports/689997 | Disclosure of Email title report in quick award paypout email (no content mode)
- https://hackerone.com/reports/690536 | Passive stored XSS at Synthetics job result page (View resource)
- https://hackerone.com/reports/691611 | XSS while logging using Google
- https://hackerone.com/reports/692040 | PHP 7.3.3: Heap-use-after-free (READ of size 8) in match_at()
- https://hackerone.com/reports/692252 | Group search leaks private MRs, code, commits
- https://hackerone.com/reports/692352 | XSS on https://app.mopub.com/reports/custom/add/ [new-d1]
- https://hackerone.com/reports/692603 | Privilege escalation in workers container
- https://hackerone.com/reports/694181 | Worker container escape lead to arbitrary file reading in host machine
- https://hackerone.com/reports/694604 | HTTP Request Smuggling on vpn.lob.com
- https://hackerone.com/reports/696266 | "Bounties paid in the last 90 days" discloses the undisclosed bounty amount in program statistics
- https://hackerone.com/reports/697055 | Worker container escape lead to arbitrary file reading in host machine [again]
- https://hackerone.com/reports/697512 | Information Disclosure through Sentry Instance ███████
- https://hackerone.com/reports/697959 | Only the file extensions are checked, not the MIME types as configured
- https://hackerone.com/reports/698416 | Host Header Injection
- https://hackerone.com/reports/698708 | Bypass report #416983 - Removed Staff members who had "Apps" permission can still modify flow app connections
- https://hackerone.com/reports/700051 | Misconfigured s3 Bucket exposure
- https://hackerone.com/reports/700831 | Unauthenticated read and write access to ALL endpoints of a store is possible for removed staff members who had "Apps" permission
- https://hackerone.com/reports/700833 | Race condition на покупке призов за баллы
- https://hackerone.com/reports/701901 | 2FA doesn't work in "https://insider.razer.com"
- https://hackerone.com/reports/702981 | DOM XSS at https://www.thx.com in IE/Edge browser
- https://hackerone.com/reports/702987 | No redirect_uri in the db for web-internal clientKey leads to one-click DoS on gitter.im
- https://hackerone.com/reports/703058 | Insecure redirect rule results in bypassing ban redirect on certain pages
- https://hackerone.com/reports/703759 | SSO through odnoklassniki uses http rather than https
- https://hackerone.com/reports/703894 | View the Starred Projects in a Private Profile
- https://hackerone.com/reports/704266 | DOM XSS at www.forescout.com in Microsoft Edge and IE Browser
- https://hackerone.com/reports/705420 | A reflected XSS in python/Lib/DocXMLRPCServer.py
- https://hackerone.com/reports/706533 | Stored XSS at Mobile (Versions tab)
- https://hackerone.com/reports/706934 | Variant of CVE-2013-0269 (Denial of Service and Unsafe Object Creation Vulnerability in JSON)
- https://hackerone.com/reports/707406 | Team object in GraphQL disclosed of private programs via the industry
-
https://hackerone.com/reports/707433 | Disclosure of
payment_transactions
for programs via GraphQL query - https://hackerone.com/reports/707720 | Stored XSS vulnerability in comments on *.wordpress.com
- https://hackerone.com/reports/708013 | StoreFront API allows for a brute force attack on customer login by not timing out ALL attempts
- https://hackerone.com/reports/708589 | Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF
- https://hackerone.com/reports/708820 | Group search with Elastic search enable leaks unrelated data
- https://hackerone.com/reports/708917 | Rate Limit Misconfiguration on tumblr login .
- https://hackerone.com/reports/709336 | Reflective Cross-site Scripting via Newsletter Form
- https://hackerone.com/reports/709883 | Cross-account stored XSS at embedded charts
- https://hackerone.com/reports/710006 | Elasticsearch leaks data through the notes scope
- https://hackerone.com/reports/710535 | Cross-account stored XSS at notes (through "swf" note parameter)
- https://hackerone.com/reports/712065 | Prototype pollution attack (lodash)
- https://hackerone.com/reports/712979 | Creating malformed URLs via new line character in-between two URLs leads to misrepresented hyperlinks in Tweets/DMs
- https://hackerone.com/reports/713006 | Keybase client (Windows 10): Write files anywhere in userland using relative path in "download attachement" feature
- https://hackerone.com/reports/713285 | http request smuggling in pscp.tv and periscope.tv
- https://hackerone.com/reports/713407 | ActiveStorage throws exception when using whitespace as filename, may lead to denial of service of multiple pages
-
https://hackerone.com/reports/715192 | Private program disclosure via
vpn_suspended
GraphQL query - https://hackerone.com/reports/716292 | JumpCloud API Key leaked via Open Github Repository.
- https://hackerone.com/reports/716761 | WAF bypass via double encoded non standard ASCII chars permitted a reflected XSS on response page not found pages - (629745 bypass)
- https://hackerone.com/reports/716976 | Open redirect in semrush.com
- https://hackerone.com/reports/719426 | File-drop content is visible through the gallery app
- https://hackerone.com/reports/720306 | Docker image with FPM is vulnerable to CVE-2019-11043
- https://hackerone.com/reports/722327 | CVE-2019-11043: a buffer underflow in fpm_main.c can lead to RCE in php-fpm
- https://hackerone.com/reports/723060 | Reflected XSS at https://pay.gold.razer.com escalated to account takeover
- https://hackerone.com/reports/723118 | [IDOR] API endpoint leaking sensitive user information
- https://hackerone.com/reports/723175 | De-anonymization Attack: Cross Site Information Leakage
- https://hackerone.com/reports/723707 | Code injection in https://www.semrush.com
- https://hackerone.com/reports/724217 | tcpdump: CVE-2018-14879 - buffer overflow in tcpdump.c:get_next_file()
- https://hackerone.com/reports/724243 | Tcpdump before 4.9.3 has a buffer over-read in print-802_11.c (CVE-2018-16227)
- https://hackerone.com/reports/724253 | Tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option() (CVE-2018-16229)
- https://hackerone.com/reports/724944 | latest_activity_id and latest_activity_at may disclose information about internal activities to unauthorized users
- https://hackerone.com/reports/725307 | Unchecked URL in attachment datasource
- https://hackerone.com/reports/725569 | [IDOR] Attacker user can Approve/Decline AFK on the behalf of other users
- https://hackerone.com/reports/726117 | SMB access smuggling via FILE URL on Windows
- https://hackerone.com/reports/726773 | HTTP Request Smuggling on https://labs.data.gov
- https://hackerone.com/reports/727870 | [www.yoti.com] Wordpress user admin information discloure
- https://hackerone.com/reports/728664 | Cache poisoning DoS to various TTS assets
- https://hackerone.com/reports/729040 | Shopify's SF and LA offices Dashboard Information disclosed via Public Gist
- https://hackerone.com/reports/729424 | Stored XSS in private message
- https://hackerone.com/reports/730779 | HTTP header values do not have trailing OWS trimmed
- https://hackerone.com/reports/731878 | An implementation flaw in Mail.ru can be exploited for DKIM signature spoofing and email spoofing
- https://hackerone.com/reports/732415 | The authenticity_token can be reversed and used to forge valid per_form_csrf_tokens for arbitrary routes
- https://hackerone.com/reports/733248 | Stored XSS in wordpress.com
- https://hackerone.com/reports/735748 | HTTP request smuggling using malformed Transfer-Encoding header
- https://hackerone.com/reports/736800 | IP address can be leaked on Image preview in ICQ for Android chat
- https://hackerone.com/reports/736867 | SSRF protection bypass
- https://hackerone.com/reports/737140 | Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies
- https://hackerone.com/reports/737161 | SSRF - URL Attachments - 725307 bypass
- https://hackerone.com/reports/737163 | SSRF - Image Sources in HTML Snippets - 727234 bypass
- https://hackerone.com/reports/737315 | 'X-Forwarded-Host' key used in input without sanitation - possible cache poisoning
- https://hackerone.com/reports/738015 | SSRF - Office Documents - Image URL
- https://hackerone.com/reports/738072 | XSS on product comments in transfers
- https://hackerone.com/reports/743545 | Bruteforce password recovery code
- https://hackerone.com/reports/744692 | The login of Hotor Not is Vulnerable to bruteforce.
- https://hackerone.com/reports/745276 | Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd
- https://hackerone.com/reports/745324 | Account takeover via leaked session cookie
- https://hackerone.com/reports/745495 | Unauthenticated users can access all food.grammarly.io user's data
- https://hackerone.com/reports/745953 | Camo Image Proxy Bypass with CSS Escape Sequences
- https://hackerone.com/reports/746000 | Subdomain Takeover Via via Dangling NS records on Amazon Route 53 http://api.e2e-kops-aws-canary.test-cncf-aws.canary.k8s.io
- https://hackerone.com/reports/746733 | Remotely trigger an assertion on a TLS server with a malformed certificate string
- https://hackerone.com/reports/746786 | Disclosure of locally served nerdpacks due to nr-local.net CORS policy misconfiguration
- https://hackerone.com/reports/748375 | Transferring a public group to a private group doesn't remove code from the Elastichsearch API search result
- https://hackerone.com/reports/751577 | IDOR allow access to payments data of any user
- https://hackerone.com/reports/751604 | No Rate Limit On Forgot Password Page Of NordVPN
- https://hackerone.com/reports/751699 | NR-wide cross account access through misconfigured CORS-policy of multiple endpoints
- https://hackerone.com/reports/751729 | THX Tuneup Survey feedback disclosure via Google cached content for apps.thx.com
- https://hackerone.com/reports/751876 | Version problem in wordpress leads to the many vulnearability
- https://hackerone.com/reports/752010 | DoS of https://nordvpn.com/ via CVE-2018-6389 exploitation
- https://hackerone.com/reports/752073 | xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)
- https://hackerone.com/reports/753399 | Open redirect
- https://hackerone.com/reports/753491 | DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389
- https://hackerone.com/reports/753602 | Staging Rabbitmq instance is exposed to the internet with default credentials
- https://hackerone.com/reports/753725 | Disclosure of User Information
- https://hackerone.com/reports/753868 | Insecure Storage and Overly Permissive API Keys in Android App
- https://hackerone.com/reports/753939 | HTTP SMUGGLING EXPOSED HMAC/DOS
- https://hackerone.com/reports/755679 | Timeline Editor Self-XSS (Previous Fix #738072 Incomplete)
- https://hackerone.com/reports/756149 | Blind SSRF on debug.nordvpn.com due to misconfigured sentry instance
- https://hackerone.com/reports/756182 | Potential leak of server side software at repogohi.nordvpn.com
- https://hackerone.com/reports/756729 | Stored XSS in Shopify Chat
- https://hackerone.com/reports/757957 | Restricted user can manage the NerdGraph entities' tags
- https://hackerone.com/reports/758002 | Markdown parsing issue enables insertion of malicious tags
- https://hackerone.com/reports/759247 | Race Condition allows to redeem multiple times gift cards which leads to free "money"
- https://hackerone.com/reports/759454 | Helpdesk Takeover at dmc.datastax.com
- https://hackerone.com/reports/761218 | Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET
- https://hackerone.com/reports/761219 | CodeQL query to detect pages with validationRequest disabled
- https://hackerone.com/reports/761220 | CodeQL query to detect insecure MaxLengthRequest values in ASP.NET applications
- https://hackerone.com/reports/761222 | Netty HTTP Response Splitting (CRLF Injection) due to disabled header validation
- https://hackerone.com/reports/761480 | User password left in memory in plain text after GUI launch
- https://hackerone.com/reports/761726 | SOP bypass using browser cache
- https://hackerone.com/reports/761975 | Keychain data persistence may lead to account takeover
- https://hackerone.com/reports/762271 | Guest users can change the confidentiality attribute on those issues that have been assigned to them
- https://hackerone.com/reports/763994 | Disclose Any Store products, Files, Purchase Orders Via Email through Shopify Stocky APP
- https://hackerone.com/reports/764243 | API - Amazon S3 bucket misconfiguration
- https://hackerone.com/reports/764434 | profile-picture name parameter with large value lead to DoS for other users and programs on the platform
- https://hackerone.com/reports/765355 | Modify account details by exploiting clickjacking vulnerability on refer.wordpress.com
- https://hackerone.com/reports/765955 | Clickjacking at join.nordvpn.com
- https://hackerone.com/reports/766145 | Restricted user can remove NerdStorage documents/collections scoped to ACCOUNT or ENTITY
- https://hackerone.com/reports/766578 | Absence of Token expiry leads to Unauthorized login Access
- https://hackerone.com/reports/766633 | XSS reflected on [https://www.pixiv.net]
- https://hackerone.com/reports/767348 | Java (Maven): Use of insecure protocol to download/upload artifacts
- https://hackerone.com/reports/767458 | User input validation can lead to DOS
- https://hackerone.com/reports/768110 | Race condition (TOCTOU) in NordVPN can result in local privilege escalation
- https://hackerone.com/reports/768677 | lack of input validation that can lead Denial of Service (DOS)
- https://hackerone.com/reports/769058 | CORS misconfiguration which leads to the disclosure of certain data concerning the user.
-
https://hackerone.com/reports/770209 | Unauthorized user can obtain
report_sources
attribute through Team GraphQL object - https://hackerone.com/reports/770349 | Reflected XSS in twitterflightschool.com
- https://hackerone.com/reports/770504 | Bypass Password Authentication for updating email and phone number - Security Vulnerability
- https://hackerone.com/reports/771666 | Stealing Zomato X-Access-Token: in Bulk using HTTP Request Smuggling on api.zomato.com
- https://hackerone.com/reports/771694 | An attacker can buy marketplace articles for lower prices as it allows for negative quantity values leading to business loss
- https://hackerone.com/reports/772886 | Password Reset Link Works Multiple Times
- https://hackerone.com/reports/774050 | No rate limiting for confirmation email lead to email flooding
- https://hackerone.com/reports/774896 | Kubelet resource exhaustion attack via metric label cardinality explosion from unauthenticated requests
- https://hackerone.com/reports/776017 | Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service.
- https://hackerone.com/reports/776449 | Restricted user can update Apdex target for applications by leveraging the GraphQL mutation
- https://hackerone.com/reports/776634 | [H1-415 2020] CTF Writeup
- https://hackerone.com/reports/777942 | Unrestricted access to any "connected pack" on docs
- https://hackerone.com/reports/777984 | Denial of Service with Cookie Bomb
- https://hackerone.com/reports/778803 | Compromise of auth via subset/superset namespace names.
- https://hackerone.com/reports/778834 | OOB read in php_strip_tags_ex
- https://hackerone.com/reports/779442 | Subdomain takeover of storybook.lystit.com
- https://hackerone.com/reports/780632 | Html Injection and Possible XSS in main nordvpn.com domain
- https://hackerone.com/reports/781325 | Out-of-bounds Read in php_strip_tags_ex
- https://hackerone.com/reports/781673 | Accepting error message on twitter sends you to attacker site
- https://hackerone.com/reports/781880 | CodeQL query to detect weak (duplicated) encryption keys for ASP.NET Telerik Upload
- https://hackerone.com/reports/782703 | Account owner/admin can't actually delete personal users' API keys
- https://hackerone.com/reports/783258 | 2-factor authentication can be disabled when logged in without confirming account password
- https://hackerone.com/reports/783356 | The password limit is not set, [DoS].
- https://hackerone.com/reports/783688 | Ability to buy PRO subscriptions by arbitrary reduced prices
- https://hackerone.com/reports/783708 | IDOR in semrush academy
- https://hackerone.com/reports/783877 | Remote Code Execution in Slack desktop apps + bonus
- https://hackerone.com/reports/784186 | napi_get_value_string_X allow various kinds of memory corruption
- https://hackerone.com/reports/784676 | iOS app crashed by specially crafted direct message reactions
- https://hackerone.com/reports/784714 | Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation
- https://hackerone.com/reports/785120 | CodeQL query for finding CSRF vulnerabilities in Spring applications
- https://hackerone.com/reports/785243 | Twitter Source Label allow 'mongolian vowel separator' U+180E (app name)
- https://hackerone.com/reports/785785 | [Web ICQ Client] XSS-inj in polls
- https://hackerone.com/reports/786044 | [windows10.hi-tech.mail.ru] Blind SQL Injection
- https://hackerone.com/reports/786301 | Stored XSS in Name of Team Member Invitation
- https://hackerone.com/reports/786745 | [API] ICQ user's avatar can be manipulated remotely
- https://hackerone.com/reports/786822 | [Web ICQ Client] XSS у�звимо�ть в имени пользовател�
- https://hackerone.com/reports/787113 | CodeQL query for finding LDAP Injection (CWE-90) vulnerabilities in Java
- https://hackerone.com/reports/788257 | "Secure View" aka "Hide Download" can be bypassed easily
- https://hackerone.com/reports/788691 | XSS - Guard - Insufficient escaping of User-IDs from PGP Keys
- https://hackerone.com/reports/789260 | Past payments using the Direct Debit method keep subscriptions active even if payments fail
- https://hackerone.com/reports/789579 | ActiveStorage direct upload fails to sign content-length header for S3 service
- https://hackerone.com/reports/790005 | 3igames.mail.ru SQL Injection
- https://hackerone.com/reports/790786 | Members from parent group keep their access level on a subgroup transfer and are invisible
- https://hackerone.com/reports/790854 | NO username used in authenthication to www.mopub.com leading to direct password submission which has unlimited submission rate.
- https://hackerone.com/reports/790876 | Dynamic reflection class
- https://hackerone.com/reports/791775 | Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO
- https://hackerone.com/reports/792295 | On Singing up with a Phone number , The 4 digit OTP does not expires for a long time leading to an easy attack and make a verified account easilty
- https://hackerone.com/reports/792927 | Email address of any user can be queried on Report Invitation GraphQL type when username is known
- https://hackerone.com/reports/792953 | SSRF - Guard - Unchecked HKP servers
- https://hackerone.com/reports/792960 | SSRF - Guard - Unchecked WKS servers
- https://hackerone.com/reports/792998 | 404-response contains debug-information with all headers
- https://hackerone.com/reports/796808 | [Part II] Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation
- https://hackerone.com/reports/796956 | Able to Takeover Merchants Accounts Even They Have Already Setup SSO, After Bypassing the Email Confirmation
- https://hackerone.com/reports/797159 | PHP builded for Windows with TS support does not resolve relalative paths with drive letter correctly
- https://hackerone.com/reports/797685 | IDOR in marketing calendar tool
- https://hackerone.com/reports/798301 | FileZilla 3.46.3 - 'Scale factor' Buffer Overflow
- https://hackerone.com/reports/798599 | xss stored
- https://hackerone.com/reports/798686 | x-request-id header reflected in server response without sanitization
- https://hackerone.com/reports/798742 | open redirect in eb9f.pivcac.prod.login.gov
- https://hackerone.com/reports/798744 | Null Pointer Dereference in PHP Session Upload Progress
- https://hackerone.com/reports/799072 | Slowloris, body parsing
- https://hackerone.com/reports/800109 | An invite-only's program submission state is accessible to users no longer part of the program
- https://hackerone.com/reports/800140 | Malformed HTTP/2 SETTINGS frame leads to reachable assert
- https://hackerone.com/reports/801230 | CodeQL query for finding ReDoS and Regex Injection vulnerabilities in Java
- https://hackerone.com/reports/802011 | Grafana Improper authorization
- https://hackerone.com/reports/803141 | Unauthorized User Can Delete Any User Account
- https://hackerone.com/reports/805010 | PHP link() silently truncates after a null byte on Windows
- https://hackerone.com/reports/805013 | DirectoryIterator class silently truncates after a null byte
- https://hackerone.com/reports/805073 | Periscope iOS app CSRF in follow action due to deeplink
- https://hackerone.com/reports/806571 | Stored XSS in blob viewer
- https://hackerone.com/reports/806577 | Arbitrary Set-Cookie via "?coupon=" due to semi-colon not encoded
- https://hackerone.com/reports/807440 | Java (Maven): Actually fix the use of insecure protocol to download/upload artifacts
- https://hackerone.com/reports/807448 | Customer private program can disclose email any users through invited via username
- https://hackerone.com/reports/807924 | CSRF on connecting Paypal as Payment Provider
- https://hackerone.com/reports/808287 | Unrestricted file upload on the image of contacts
- https://hackerone.com/reports/808762 | Exposed Slinky Instance Admin Panel
- https://hackerone.com/reports/809248 | SSRF into Shared Runner, by replacing dockerd with malicious server in Executor
- https://hackerone.com/reports/809816 | Organization Takeover
- https://hackerone.com/reports/810320 | Read-only user can delete higher privileged members using open DELETE /api/memberships/ endpoint
- https://hackerone.com/reports/810880 | Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify
- https://hackerone.com/reports/811502 | Node.js: TLS session reuse can lead to hostname verification bypass
- https://hackerone.com/reports/812754 | Denial of Service by requesting to reset a password
- https://hackerone.com/reports/813159 | Cleartext Transmission of Sensitive Information Leads to administrator access
- https://hackerone.com/reports/813421 | Account deletion requests not entirely honoured. Misinformation even after seeking clarification from customer support.
- https://hackerone.com/reports/816086 | Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete"
- https://hackerone.com/reports/816254 | SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution
- https://hackerone.com/reports/816560 | SQL injection on contactws.contact-sys.com in TRateObject.AddForOffice in USER_ID parameter leads to remote code execution
- https://hackerone.com/reports/819088 | character limitation bypass can lead to DoS on Twitter App and 500 Internal Server Error
- https://hackerone.com/reports/819278 | Open S3 Bucket Accessible by any Aws User
- https://hackerone.com/reports/819807 | Missing ownership check on remote wipe endpoint
- https://hackerone.com/reports/819821 | Initial mirror user can be assigned by other user even if the mirror was removed
- https://hackerone.com/reports/819863 | XSS in PDF Viewer
- https://hackerone.com/reports/819930 | Ability to bruteforce mopub account’s password due to lack of rate limitation protection using {ip rotation techniques}
- https://hackerone.com/reports/820146 | PHPUnit is included in groupfolders release package potentially causing RCE
- https://hackerone.com/reports/824689 | Send arbitrary PUT requests when user clicks on a link
- https://hackerone.com/reports/824909 | Subdomain Takeover uptime
- https://hackerone.com/reports/824925 | XPath Injection query in java
- https://hackerone.com/reports/824926 | CWE-094 ScriptEngine in java
- https://hackerone.com/reports/826026 | Use-After-Free In IPV6_2292PKTOPTIONS leading To Arbitrary Kernel R/W Primitives
- https://hackerone.com/reports/826176 | program_analytics_benchmarks query shows information not visible in public
- https://hackerone.com/reports/826361 | SSRF on project import via the remote_attachment_url on a Note
- https://hackerone.com/reports/827051 | Use after free in smtp_server_connection_handle_command
- https://hackerone.com/reports/827052 | Arbitrary file read via the UploadsRewriter when moving and issue
- https://hackerone.com/reports/827484 | Missing rate limit for current password field (Password Change) Account Takeover
- https://hackerone.com/reports/827729 | Null pointer dereference in SMTP server function smtp_string_parse
- https://hackerone.com/reports/827816 | Missing server side controls when editing the board’s sharing permissions per user
- https://hackerone.com/reports/831290 | Null pointer dereference in SMTP server function smtp_command_parse_data_with_size
- https://hackerone.com/reports/831962 | XSS on Issue reference numbers
- https://hackerone.com/reports/832227 | Buffer over-reads in i_stream_zlib_read
- https://hackerone.com/reports/832858 | SSRF via 3d.cs.money/pasteLinkToImage
- https://hackerone.com/reports/833080 | Tricking the "Create snippet" feature into displaying the wrong filetype can lead to RCE on Slack users
- https://hackerone.com/reports/833782 | Allow authenticated users can edit, trash,and add new in BuddyPress Emails function
- https://hackerone.com/reports/833856 | DoS for GCSArtifact.RealAll
- https://hackerone.com/reports/834366 | Login CSRF vulnerability on hackerone.com
- https://hackerone.com/reports/835005 | Organization Takeover via invitation API
- https://hackerone.com/reports/836036 | Multiple buffer over reads in mbox_from_parse
- https://hackerone.com/reports/836045 | Buffer overread in parse_angle_addr called from message_address_parse_path
- https://hackerone.com/reports/836187 | CSRF in Profile Fields allows deleting any field in BuddyPress
- https://hackerone.com/reports/836649 | Stored XSS in markdown when redacting references
- https://hackerone.com/reports/837018 | Privilege Escalation in BuddyPress core allows Moderate to Administrator
- https://hackerone.com/reports/837256 | Improper Access Control in Buddypress core allows reply,delete any user's activity
- https://hackerone.com/reports/837729 | Session works after logout from Shopify account and password of online store is displayed
- https://hackerone.com/reports/838127 | mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full (CVE-2020-7065)
- https://hackerone.com/reports/838685 | Use of uninitialized value in ftp_getrc_msg method of mod_proxy_ftp.c
- https://hackerone.com/reports/838855 | [www.zomato.com] Blind SQL Injection in /php/geto2banner
- https://hackerone.com/reports/840598 | Possible denial of service when entering a loooong password
- https://hackerone.com/reports/840759 | Reflected XSS on www.hackerone.com and resources.hackerone.com
- https://hackerone.com/reports/843421 | Hyperlink Injection on Email Invitation
- https://hackerone.com/reports/844327 | Java/CWE-036: Calling openStream on URLs created from remote source can lead to file disclosure
- https://hackerone.com/reports/844428 | [www.zomato.com] Abusing LocalParams (city) to Inject SOLR query
- https://hackerone.com/reports/845677 | Sourcemaps and Unminified Source Code Exposed on Pages
- https://hackerone.com/reports/845729 | CPP: Out of order Linux permission dropping without checking return codes
- https://hackerone.com/reports/846338 | Reflected XSS on https://www.glassdoor.com/employers/sem-dual-lp/
- https://hackerone.com/reports/848625 | None permission staff member can identify installed application and products attached to it
- https://hackerone.com/reports/850022 | CSRF on launchpad.37signals.com OAuth2 authorization endpoint
- https://hackerone.com/reports/850114 | SSRF in notifications.server configuration
-
https://hackerone.com/reports/850447 | gitlab-workhorse bypass in Gitlab::Middleware::Multipart allowing files in
allowed_paths
to be read - https://hackerone.com/reports/851807 | Code injection possible with malformed Nextcloud Talk chat commands
- https://hackerone.com/reports/852103 | Out-of-Bound Read in urldecode() [CVE-2020-7067]
- https://hackerone.com/reports/852316 | Go/CWE-643: XPath Injection Query in Go
- https://hackerone.com/reports/852349 | CPP: Out of order Linux permission dropping without checking return codes
- https://hackerone.com/reports/852841 | Reduced purmations on encryption
- https://hackerone.com/reports/853130 | IDOR on stocky application-Low Stock-Varient-Settings-Columns
- https://hackerone.com/reports/853355 | Unauthorized access to private project security dashboard
- https://hackerone.com/reports/854299 | Self XSS in Timeline
- https://hackerone.com/reports/854424 | æš´åŠ›ç ´è§£ç”¨æˆ·å¯†ç �没有速ç�‡æ�§åˆ¶
- https://hackerone.com/reports/854439 | Initial websocket support for Javascript (SockJS)
- https://hackerone.com/reports/854793 | No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org
-
https://hackerone.com/reports/855276 | Injection of
http.<url>.*
git config settings leading to SSRF - https://hackerone.com/reports/855618 | Account takeover intercepting magic link for Arrive app
- https://hackerone.com/reports/856554 | Stored XSS on the job page
- https://hackerone.com/reports/856836 | Stored XSS on PyPi simple API endpoint
- https://hackerone.com/reports/858650 | CRLF injection on www.starbucks.com
- https://hackerone.com/reports/858671 | Insufficient Type Check on GraphQL leading to Maintainer delete repository
- https://hackerone.com/reports/858854 | Recursor accepts unsigned, empty NXDOMAINs in secure zones
- https://hackerone.com/reports/858915 | CircleCI token in github repo allows for access to sensitive build information
- https://hackerone.com/reports/859333 | Stored XSS in group issue list
- https://hackerone.com/reports/860197 | A staff without export customers permissions can still export customers CSV file
- https://hackerone.com/reports/860348 | Staff member with no permission can delete POS staff from account settings
- https://hackerone.com/reports/861170 | Attacker with an Old account might still be able to DoS ctf.hacker101.com by sending a Crafted request
- https://hackerone.com/reports/861521 | Cookie injection leads to complete DoS over whole domain *.mackeeper.com. Injection point accountstage.mackeeper.com/
-
https://hackerone.com/reports/861940 | OAuth
redirect_uri
bypass using IDN homograph attack resulting in user's access token leakage - https://hackerone.com/reports/863551 | Subdomain takeover of resources.hackerone.com
- https://hackerone.com/reports/863553 | SSRF protection bypass in /appsuite/api/oxodocumentfilter addfile action
- https://hackerone.com/reports/863979 | Compromise of node can lead to compromise of pods on other nodes
- https://hackerone.com/reports/864701 | Prototype Pollution lodash 4.17.15
- https://hackerone.com/reports/865115 | unpermitted user can change the device name of admin account
- https://hackerone.com/reports/865195 | reading the stack data of the imap process
- https://hackerone.com/reports/865652 | Blind SSRF in /appsuite/api/oxodocumentfilter&action=addfile
- https://hackerone.com/reports/866271 | Lack of Input sanitization leads to database Character encoding configuration Disclosure
- https://hackerone.com/reports/866597 | Pre-auth buffer over-read in Dovecot NTLM implementation
- https://hackerone.com/reports/866605 | Pre-auth Denial-of-Service in Dovecot RPA implementation
- https://hackerone.com/reports/867052 | Access Control: Inject tasks into other users decks
- https://hackerone.com/reports/867249 | The hacker has access to the administrative part of the management reports in publish report
- https://hackerone.com/reports/867513 | Takeover an account that doesn't have a Shopify ID and more
- https://hackerone.com/reports/867577 | Unauthenticated request smuggling on launchpad.37signals.com
- https://hackerone.com/reports/867699 | Node disk DOS by writing to container /etc/hosts
- https://hackerone.com/reports/867952 | HTTP request Smuggling
- https://hackerone.com/reports/868615 | Inject page in admin panel via Shopify.API.pushState with protocol invalid
- https://hackerone.com/reports/868834 | Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests
- https://hackerone.com/reports/869831 | XSS within Shopify Email App - Admin
- https://hackerone.com/reports/869888 | Path Traversal in App Proxy
- https://hackerone.com/reports/870001 | access permission is not revoked even if the email has been deleted or changed on the partner account -partners.shopify-
- https://hackerone.com/reports/871142 | Disclosure of the name of a program that has a private part with an external link
- https://hackerone.com/reports/871749 | Unauthorized access to metadata of undisclosed reports that were retested
- https://hackerone.com/reports/872094 | CodeQL query to detect SSRF in Python
- https://hackerone.com/reports/874574 | Partner's non-verified business email change reflected into Shopify Collaborator Request
- https://hackerone.com/reports/874778 | Partial password leak over DNS on HTTP redirect
- https://hackerone.com/reports/878779 | Full Read SSRF on Gitlab's Internal Grafana
- https://hackerone.com/reports/880089 | Smartsheet employees email disclosure through enpoint after login.
- https://hackerone.com/reports/880099 | Unrestricted file upload leads to Stored XSS
- https://hackerone.com/reports/880187 | Near to Infinite loop when changing Group's name that has API token as Team Member
- https://hackerone.com/reports/880863 | Todos are not redacted when membership changes - Access to (confidential) issues and merge requests
- https://hackerone.com/reports/881115 | Cross-Site Scripting (XSS) on www.starbucks.com | .co.uk login pages
- https://hackerone.com/reports/881855 | Arbitrary change of blog's background image via CSRF
- https://hackerone.com/reports/881918 | Authenticated Stored Cross-site Scripting in bbPress
- https://hackerone.com/reports/882412 | OrderListInitial leaks order details
- https://hackerone.com/reports/882546 | DOM-Based XSS in tumblr.com
- https://hackerone.com/reports/882848 | Possibilty to purchase Ultimate - 1 Year (EDU or OSS)
- https://hackerone.com/reports/882923 | DoS for client-go jsonpath func
- https://hackerone.com/reports/883867 | Inject page in admin panel via Shopify.API.pushState [New Payload]
- https://hackerone.com/reports/884159 | Ability to generate shipping labels in another store orders
- https://hackerone.com/reports/885539 | Private list members disclosure via GraphQL
- https://hackerone.com/reports/886287 | Java: CWE-532 sensitive info logging
- https://hackerone.com/reports/887462 | curl overwrite local file with -J
- https://hackerone.com/reports/887879 | xss stored in https://your store.myshopify.com/admin/
- https://hackerone.com/reports/888666 | Add check for disabled HTTPOnly setting in Tomcat
- https://hackerone.com/reports/888729 | Read-Only user can delete users
- https://hackerone.com/reports/888930 | SAML Response Reuse on hackerone.com/users/saml/auth
- https://hackerone.com/reports/888986 | [CVE-2020-10543] Buffer overflow caused by a crafted regular expression
- https://hackerone.com/reports/889243 | Re-Sharing allows increase of privileges
- https://hackerone.com/reports/890747 | PIN OK attack
- https://hackerone.com/reports/890793 | Panic: Input stream data unexpectedly has references
- https://hackerone.com/reports/890798 | Panic in file smtp-address.c: line 684 (smtp_address_write): assertion failed: (smtp_char_is_qpair(*p))
-
https://hackerone.com/reports/891069 | null dereference in
sieve_address_do_validate
(or redundant null check) -
https://hackerone.com/reports/891080 | Null pointer deference in call to
mail_get_flags
- https://hackerone.com/reports/891265 | gagliardetto: Query to detect incorrect conversion between numeric types
- https://hackerone.com/reports/891266 | CodeQL query to detect open Spring Boot actuator endpoints
- https://hackerone.com/reports/891267 | CPP: Missing/incomplete TLS server certificate hostname validation
- https://hackerone.com/reports/891268 | [Java] CWE-939 - Address improper URL authorization
- https://hackerone.com/reports/892289 | self-xss with ClickJacking can leads to account takeover in Firefox
- https://hackerone.com/reports/892465 | CodeQL query to detect JNDI injections
- https://hackerone.com/reports/892466 | Golang : Add Email Content Injection query
- https://hackerone.com/reports/892615 | [www.werkenbijbakertilly.nl] Denial of service due to incorrect server return can result in total denial of service.
- https://hackerone.com/reports/892904 | Ability to link a Google account to another staff account/store owner that isn't linked yet
- https://hackerone.com/reports/894446 | Null dereference in mcht_relational_validate ext-relational-common.c:136
- https://hackerone.com/reports/894569 | An attacker can run pipeline jobs as arbitrary user
- https://hackerone.com/reports/894870 | CodeQL query for MVEL injections
- https://hackerone.com/reports/894871 | CodeQL query for unsafe TLS versions
- https://hackerone.com/reports/894872 | CodeQL query to detect Server-Side Template Injections (JavaScript)
- https://hackerone.com/reports/894876 | XSS through image upload of contacts using svg file
- https://hackerone.com/reports/894915 | XSS on opening a malicious OpenOffice text document
- https://hackerone.com/reports/894918 | XSS on opening malicious OpenOffice presentation document
- https://hackerone.com/reports/894919 | XSS on opening malicious OpenOffice presentation document
- https://hackerone.com/reports/895696 | Blind SSRF on https://labs.data.gov/dashboard/Campaign/json_status/ Endpoint
- https://hackerone.com/reports/895972 | Limited LFI
- https://hackerone.com/reports/896298 | CodeQL query for SpEL injections
- https://hackerone.com/reports/896299 | Java: CWE-297 Insecure JavaMail SSL configuration
- https://hackerone.com/reports/896522 | Reflected XSS when renaming a file with a vulnerable name which results in an error
- https://hackerone.com/reports/897385 | 2FA bypass by sending blank code
-
https://hackerone.com/reports/898693 | Out of memory with combination of
test_config_set
andtest_config_reload
- https://hackerone.com/reports/898841 | Password reset link not expired at Stocky App
-
https://hackerone.com/reports/900548 | Buffer over read from
smtp_command_parse_parameters
- https://hackerone.com/reports/901775 | Get analytics token using only apps permission
- https://hackerone.com/reports/902733 | Sensitive Info Leak - An Attacker Can Retrieve All the Users Mobile Numbers at https://website-api.production.curve.app/api/waitlist/us
- https://hackerone.com/reports/902970 | [Java]: CWE-523 Insecure HSTS configuration
- https://hackerone.com/reports/903521 | Fastify uses allErrors: true ajv configuration by default which is susceptible to DoS
- https://hackerone.com/reports/903740 | Denial of Service | twitter.com & mobile.twitter.com
- https://hackerone.com/reports/904059 | Open Redirect (6.0.0 < rails < 6.0.3.2)
- https://hackerone.com/reports/905015 | Long filenames cause OOM and temp files are not cleaned
- https://hackerone.com/reports/905607 | [cs.money] Open Redirect Leads to Account Takeover
- https://hackerone.com/reports/905816 | No Rate Limit when accessing "Password protection" enabled surveys leads to bypassing passwords via "pd-pass_surveyid" cookie
- https://hackerone.com/reports/906201 | XSS / SELF XSS
- https://hackerone.com/reports/906433 | Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506
- https://hackerone.com/reports/906907 | IDOR with Geolocation data not stripped from images
- https://hackerone.com/reports/908162 | Acronis True Image Local Privilege Escalation via insecure folder permissions
-
https://hackerone.com/reports/908894 | Null dereference or redundant null check in
mail_crypt_load_global_private_key
for plugin mail-crypt - https://hackerone.com/reports/909374 | Java : CWE-548 - J2EE server directory listing enabled
- https://hackerone.com/reports/909375 | Golang : Add MongoDb NoSQL injection sinks
- https://hackerone.com/reports/909863 | Low privileged user can create high privileged user's KITCRM authorization token and can read and write message to KIT
- https://hackerone.com/reports/910300 | Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation
- https://hackerone.com/reports/911857 | increased privileges on staff account
- https://hackerone.com/reports/915110 | No Email Checking at Invitation Confirmation Link leads to Account Takeover without User Interaction at CrowdSignal
- https://hackerone.com/reports/915114 | IDOR when editing users leads to Account Takeover without User Interaction at CrowdSignal
- https://hackerone.com/reports/915127 | IDOR when moving contents at CrowdSignal
- https://hackerone.com/reports/915133 | IDOR at 'media_code' when addings media to questions
- https://hackerone.com/reports/915140 | Users can bypass page restrictions via Export feature at "Share" feature in CrowdSignal
- https://hackerone.com/reports/915756 | [tumblr.com] 69< Firefox Only XSS Reflected
- https://hackerone.com/reports/915940 | Script Editor preview token still working with uninstalled application, even for unpublished script
- https://hackerone.com/reports/916704 | Access control missing while viewing the attachments in the "All boards"
- https://hackerone.com/reports/917250 | Stored XSS on recruit.innogames.de
- https://hackerone.com/reports/917453 | CodeQL query for disabled revocation checking
- https://hackerone.com/reports/917454 | Java: CWE-273 Unsafe certificate trust
- https://hackerone.com/reports/917455 | CodeQL query to detect OGNL injections
- https://hackerone.com/reports/917456 | [Java] CWE-295 - Incorrect Hostname Verification - MitM
- https://hackerone.com/reports/917875 | STAFF "No-Permissions" on the Store can retrieve the details Order via exchangeReceiptSend
- https://hackerone.com/reports/919175 | HTTP request smuggling on Basecamp 2 allows web cache poisoning
- https://hackerone.com/reports/920005 | Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media
- https://hackerone.com/reports/920285 | [javascript] CWE-020: CodeQL query to detect missing origin validation in cross-origin communication via postMessage
- https://hackerone.com/reports/920357 | Captcha checker "pd-captcha_form_SURVEYID" cookie is accepting any value
- https://hackerone.com/reports/921286 | Denial of Service [Chrome]
- https://hackerone.com/reports/921704 | Denial-of- service By Cache Poisoning The Cross-Origin Resource Sharing Misconfiguration Allow Origin Header
- https://hackerone.com/reports/921709 | Clickjacking on donation page
- https://hackerone.com/reports/922456 | Ability to bypass email verification for OAuth grants results in accounts takeovers on 3rd parties
- https://hackerone.com/reports/922597 | HTTP Request Smuggling due to CR-to-Hyphen conversion
- https://hackerone.com/reports/926221 | Improper use of "path" parameter can be used to trick testers into leaking their Front-End PoC
- https://hackerone.com/reports/927567 | Ability to publish a paid theme without purchasing it.
-
https://hackerone.com/reports/927661 | Ability to manipulate price with a max threshold of
<1 Rupee
in support rider parameter - https://hackerone.com/reports/928255 | Ability To Delete User(s) Account Without User Interaction
- https://hackerone.com/reports/929288 | Java: CWE-939 - Address improper URL authorization
- https://hackerone.com/reports/942859 | Stored XSS in Post title (PoC)
- https://hackerone.com/reports/944359 | Python : Add query to detect Server Side Template Injection
- https://hackerone.com/reports/944735 | Arbitrary DLL injection in mmsminisrv (Acronis Managed Machine Service Mini)
- https://hackerone.com/reports/945122 | Arbitrary file creation via symlink attack on syncagentsrv (Acronis Sync Agent Service)
- https://hackerone.com/reports/945990 | Safe Redirect Bypass
- https://hackerone.com/reports/946053 | Stored XSS in my staff name fired in another your internal panel
- https://hackerone.com/reports/946409 | RCE on build server via misconfigured pip install
- https://hackerone.com/reports/946728 | SafeParamsHelper::safe_params is not so safe
- https://hackerone.com/reports/947728 | staff can able to extend shopify trial period without admin permission
- https://hackerone.com/reports/947790 | Reflected XSS on a Atavist theme
- https://hackerone.com/reports/948876 | Connect-only connections can use the wrong connection
- https://hackerone.com/reports/948929 | Blind Stored XSS Via Staff Name
- https://hackerone.com/reports/949382 | DOM-Based XSS in tumblr.com
-
https://hackerone.com/reports/949513 | XSS by file (Active Storage
Proxying
) - https://hackerone.com/reports/949823 | XSS DI BIODATA
- https://hackerone.com/reports/950190 | Store-XSS in error message of build-dependencies
- https://hackerone.com/reports/950299 | Use after free vulnerability in phar_parse_zipfile
- https://hackerone.com/reports/950845 | Reflected XSS at /category/ on a Atavis theme
- https://hackerone.com/reports/950881 | IDOR when editing email leads to Account Takeover on Atavist
- https://hackerone.com/reports/951230 | Can buy Atavist Magazine subscription for free
- https://hackerone.com/reports/951292 | Site-wide CSRF at Atavist
- https://hackerone.com/reports/952035 | Admin web sessions remain active after logout of Shopify ID
- https://hackerone.com/reports/952771 | CVE-2019-11250 remains in effect.
- https://hackerone.com/reports/953083 | Ability to publish a paid theme without purchasing it.
- https://hackerone.com/reports/953219 | SMTP interaction theft via MITM
- https://hackerone.com/reports/953579 | [api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS
-
https://hackerone.com/reports/955016 | GitLab-Runner on Windows
DOCKER_AUTH_CONFIG
container host Command Injection - https://hackerone.com/reports/955286 | Graphql: Sorting the reports by jira_status field resulted to different value
- https://hackerone.com/reports/956295 | LDAP injection vulnerability in Java
- https://hackerone.com/reports/956296 | Golang : Improvements to Golang SSRF query
- https://hackerone.com/reports/956967 | Java: CWE-798 - Hardcoded AWS credentials
- https://hackerone.com/reports/957829 | Sending thousands of notifications with single request
- https://hackerone.com/reports/957874 | Adding your account to victim's app via deeplink
- https://hackerone.com/reports/958374 | Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted
- https://hackerone.com/reports/960244 | Insufficient Type Check leading to Developer ability to delete Project, Repository, Group, ...
- https://hackerone.com/reports/961757 | Twitter Media Studio Source Information Disclosure With Analyst Role
- https://hackerone.com/reports/961841 | Recently added 'Country' field doesn't send email notification when changed
- https://hackerone.com/reports/961929 | Ability to see password protected content by bypassing the password page of shopify preview URL for new development stores (as of August 17, 2020)
- https://hackerone.com/reports/962462 | Unauthorized user is able to access schedule pipeline variables and values
- https://hackerone.com/reports/962604 | Revoked User can still view the Merge Request created by him via API
- https://hackerone.com/reports/962895 | Stocky App Administrator can create a backdoor admin account by using an existing POS User
- https://hackerone.com/reports/963774 | Premium Email Address Check Bypass - Hey
- https://hackerone.com/reports/963815 | Java: CWE-522 Insecure basic authentication
- https://hackerone.com/reports/963816 | [javascript] CWE-117: CodeQL query to detect Log Injection
- https://hackerone.com/reports/965267 | Potential HTTP Request Smuggling in ruby webrick
- https://hackerone.com/reports/965510 | Password protection can be removed for newly created development store
-
https://hackerone.com/reports/965782 | Failed assert in
mail_index_transaction_lookup
-
https://hackerone.com/reports/965790 | Assert failed in
edit_mail_istream_read
-
https://hackerone.com/reports/965881 | Null dereference in
cmd_denotify_operation_execute
-
https://hackerone.com/reports/965914 |
fs.realpath.native
on darwin may cause buffer overflow - https://hackerone.com/reports/966383 | secret leaks in vsphere cloud controller manager log
- https://hackerone.com/reports/966494 | True Image 2021 - LPE via XPC service communication
- https://hackerone.com/reports/966834 | Incomplete fix for CVE-2020-12673 : Specially crafted NTML message leads to buffer over read
-
https://hackerone.com/reports/967457 | Buffer overread off by one in
rpa_read_buffer
, incomplete fix for CVE-2020-12674 - https://hackerone.com/reports/968690 | DOM based XSS in store.acronis.com//purl-corporate-standard-IT [cfg parameter]
- https://hackerone.com/reports/970157 | Bypass Password Authentication to Update the Password
- https://hackerone.com/reports/970760 | Pixel Flood Attack leads to Application level DoS
- https://hackerone.com/reports/972355 | Able to leak private email of any user given his/her username via graphql
- https://hackerone.com/reports/972561 | kubeadm logs tokens before deleting them
- https://hackerone.com/reports/972601 | Open Redirect at https://oauth.secure.pixiv.net
- https://hackerone.com/reports/974222 | IDOR leads to Edit Anyone's Blogs / Websites
- https://hackerone.com/reports/974271 | Stored XSS on https://app.crowdsignal.com/surveys/[Survey-Id]/question - Bypass
- https://hackerone.com/reports/974368 | CodeQL query to detect XSLT injections
- https://hackerone.com/reports/974369 | Query to find TLS configurations supporting hardcoded insecure versions of the protocol and cipher suites
- https://hackerone.com/reports/974370 | [CATENACYBER]: [CPP] CWE-476 Null Pointer Dereference : Another query to either missing or redundant NULL check
- https://hackerone.com/reports/974892 | Race Condition of Transfer data Credits to Organization Leads to Add Extra free Data Credits to the Organization
- https://hackerone.com/reports/975047 | User sensitive information disclosure
- https://hackerone.com/reports/975827 | Permanent DoS with one click.
- https://hackerone.com/reports/975983 | Site-wide CSRF on Safari due to CORS misconfiguration (not localhost)
- https://hackerone.com/reports/976657 | Reflected XSS on a Atavist theme at external_import.php
- https://hackerone.com/reports/977851 | Cache poisoning via X-Forwarded-Host in www.shopify.com/partners/blog
- https://hackerone.com/reports/978125 | xss triggered in "myshopify.com/admin/product"
- https://hackerone.com/reports/978143 | Team object in GraphQL disclosed private_comment
- https://hackerone.com/reports/978515 | A specially crafted message sent to the local delivery agent (LMTP) causes the LMTP child process to issue a panic (call i_panic)
- https://hackerone.com/reports/978680 | GET based Open redirect on [streamlabs.com/content-hub/streamlabs-obs/search?query=]
- https://hackerone.com/reports/979110 | Internal Path Disclosure
- https://hackerone.com/reports/980511 | A staff member with no permissions can edit Store Customer Email
- https://hackerone.com/reports/980856 | https://publishers.basicattentiontoken.org/favicon.ico is Vulnerable to CVE-2017-7529
-
https://hackerone.com/reports/981472 | Undocumented
fileCopy
GraphQL API - https://hackerone.com/reports/981796 | Information Disclosure of Garbage Collection Cycle
- https://hackerone.com/reports/981824 | DNS Setup allows sending mail on behalf of other customers
- https://hackerone.com/reports/982291 | HEY.com email stored XSS
- https://hackerone.com/reports/982510 | Self XSS
- https://hackerone.com/reports/983070 | IDOR when creating App on [platform.streamlabs.com/api/v1/store/whitelist] with user_id field
- https://hackerone.com/reports/983867 | Java : add MongoDB injection sinks
- https://hackerone.com/reports/985150 | Privilege Escalation in Point Of Sale Application from POS Manage Staff Role to potentially Store Owner
- https://hackerone.com/reports/986386 | Reflected XSS on www.hackerone.com via Wistia embed code
- https://hackerone.com/reports/988103 | Node.js: use-after-free in TLSWrap
- https://hackerone.com/reports/988272 | stored XSS in hey.com message content
- https://hackerone.com/reports/989415 | Bypass restrict of member subscription to use custom background in https://3d.cs.money without prime subscription
- https://hackerone.com/reports/990838 | Bypass Filter on link of build
- https://hackerone.com/reports/990878 | IDOR in https://3d.cs.money/
- https://hackerone.com/reports/993005 | Server-side denial of service via large payload sent to wiki.cs.money/graphql
- https://hackerone.com/reports/993582 | Application DOS via specially crafted payload on 3d.cs.money
- https://hackerone.com/reports/994504 | authenticity token not verfied leads to change business name
- https://hackerone.com/reports/996899 | LFI to steal /etc/passwd - Bypass filter in the tag via redirect and much more
- https://hackerone.com/reports/997198 | Content Spoofing/Text Injection in https://support.cs.money and JS file not minified and uglyfied which makes it clearly readable
- https://hackerone.com/reports/999765 | Ticket Trick at https://account.acronis.com
- https://hackerone.com/reports/999789 | Getting New Invitations without Leaving Programs
- https://hackerone.com/reports/1000567 | ReDoS at wiki.cs.money graphQL endpoint (AND probably a kind of command injection)
- https://hackerone.com/reports/1001255 | Possible RCE through Windows Custom Protocol on Windows client
- https://hackerone.com/reports/1002188 | Potential HTTP Request Smuggling in nodejs
hackerone-reports's Introduction
hackerone-reports's People
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.