RedPacket Security - InfoSec News & Tutorials

HackerOne Bug Bounty Disclosure: an-attacker-can-can-view-any-hacker-email-via-savecollaboratorsmutation-operation-name–xrayan

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:0xrayan1996Link to Submitters Profile:https://hackerone.com/0xrayan1996 Report Title:An attacker can can view any hacker...

HackerOne Bug Bounty Disclosure: indriver-job-admin-approval-bypass-mikejohnson

July 14, 2023

Company Name: inDrive Company HackerOne URL: https://hackerone.com/indrive Submitted By:mikejohnson_1Link to Submitters Profile:https://hackerone.com/mikejohnson_1 Report Title:inDriver Job - Admin Approval BypassReport Link:https://hackerone.com/reports/1861487Date...

HackerOne Bug Bounty Disclosure: metamask-browser-url-and-transaction-origin-spoofing-metamask-wallet-android-metamask-wallet-ios-renekroka

July 14, 2023

Company Name: MetaMask Company HackerOne URL: https://hackerone.com/metamask Submitted By:renekrokaLink to Submitters Profile:https://hackerone.com/renekroka Report Title:MetaMask Browser URL and Transaction Origin Spoofing...

HackerOne Bug Bounty Disclosure: endpoint-disclosing-user-password-team-tsk

July 14, 2023

Company Name: Newegg Company HackerOne URL: https://hackerone.com/newegg Submitted By:team_tskLink to Submitters Profile:https://hackerone.com/team_tsk Report Title:Endpoint disclosing user passwordReport Link:https://hackerone.com/reports/1986731Date Submitted:05 July...

HackerOne Bug Bounty Disclosure: basic-xss-waf-bypasses-mega

July 14, 2023

Company Name: Cloudflare Public Bug Bounty Company HackerOne URL: https://hackerone.com/cloudflare Submitted By:mega7Link to Submitters Profile:https://hackerone.com/mega7 Report Title:Basic XSS Report Link:https://hackerone.com/reports/1615743Date...

HackerOne Bug Bounty Disclosure: arbitrary-file-write-triggered-by-deeplink-abuse-metamask-android-hackerontwowheels

July 14, 2023

Company Name: MetaMask Company HackerOne URL: https://hackerone.com/metamask Submitted By:hackerontwowheelsLink to Submitters Profile:https://hackerone.com/hackerontwowheels Report Title:Arbitrary file write triggered by deeplink abuse...

HackerOne Bug Bounty Disclosure: banned-user-still-able-to-invited-to-reports-as-a-collabrator-and-reset-the-password-light-r

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:light3rLink to Submitters Profile:https://hackerone.com/light3r Report Title:Banned user still able to invited to...

HackerOne Bug Bounty Disclosure: internal-machine-learning-api-endpoint-for-cwe-classification-is-vulnerable-to-path-traversal-jobert

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:jobertLink to Submitters Profile:https://hackerone.com/jobert Report Title:Internal machine learning API endpoint for CWE...

HackerOne Bug Bounty Disclosure: improper-authentication-inside-the-rockstar-games-launcher-which-leads-to-account-takeover-to-some-extend–xshivam

July 14, 2023

Company Name: Rockstar Games Company HackerOne URL: https://hackerone.com/rockstargames Submitted By:0xshivamLink to Submitters Profile:https://hackerone.com/0xshivam Report Title:Improper Authentication inside the Rockstar Games...

HackerOne Bug Bounty Disclosure: server-side-rce-through-directory-traversal-based-arbitrary-file-write-fabianfreyer

July 14, 2023

Company Name: Rocket.Chat Company HackerOne URL: https://hackerone.com/rocket_chat Submitted By:fabianfreyerLink to Submitters Profile:https://hackerone.com/fabianfreyer Report Title:Server-side RCE through directory traversal-based arbitrary file...

HackerOne Bug Bounty Disclosure: rce-via-npm-misconfig-installing-internal-libraries-from-the-public-registry-x-loser

July 14, 2023

Company Name: SHEIN Company HackerOne URL: https://hackerone.com/shein Submitted By:x1337loserLink to Submitters Profile:https://hackerone.com/x1337loser Report Title:RCE via npm misconfig -- installing internal...

HackerOne Bug Bounty Disclosure: xss-r-vcc-na-x-com-ssharmaz

July 14, 2023

Company Name: 8x8 Company HackerOne URL: https://hackerone.com/8x8 Submitted By:ssharmazLink to Submitters Profile:https://hackerone.com/ssharmaz Report Title:xss(r) vcc-na11.8x8.comReport Link:https://hackerone.com/reports/1392733Date Submitted:10 July 2023 A...

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-leading-to-xss-using-svg-tag-haqpl

July 14, 2023

Company Name: Ruby on Rails Company HackerOne URL: https://hackerone.com/rails Submitted By:haqplLink to Submitters Profile:https://hackerone.com/haqpl Report Title:ActionView sanitize helper bypass leading...

HackerOne Bug Bounty Disclosure: -m-reports-on-hackerone-celebration-ability-to-bulk-submit-many-reports-nagli

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:nagliLink to Submitters Profile:https://hackerone.com/nagli Report Title:2M Reports on HackerOne Celebration! - Ability...

HackerOne Bug Bounty Disclosure: rate-limit-missing-sign-in-page-dreamer-eh

July 14, 2023

Company Name: Tennessee Valley Authority Company HackerOne URL: https://hackerone.com/tennessee-valley-authority Submitted By:dreamer_ehLink to Submitters Profile:https://hackerone.com/dreamer_eh Report Title:Rate limit missing sign-in pageReport...

HackerOne Bug Bounty Disclosure: asset-inventory-internal-descriptions-are-leaked-in-csv-export-the-arch-angel

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:the_arch_angelLink to Submitters Profile:https://hackerone.com/the_arch_angel Report Title:Asset Inventory Internal Descriptions are leaked in...

HackerOne Bug Bounty Disclosure: csrf-protection-bypass-on-tiktok-webcast-endpoints-zerody

July 14, 2023

Company Name: TikTok Company HackerOne URL: https://hackerone.com/tiktok Submitted By:zerodyLink to Submitters Profile:https://hackerone.com/zerody Report Title:CSRF protection bypass on TikTok Webcast EndpointsReport...

HackerOne Bug Bounty Disclosure: cve-apache-airflow-spark-provider-arbitrary-file-read-via-jdbc-sw-rd-ight

July 14, 2023

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:sw0rd1ightLink to Submitters Profile:https://hackerone.com/sw0rd1ight Report Title:CVE-2023-28710 Apache Airflow Spark Provider...

HackerOne Bug Bounty Disclosure: brute-force-protection-allows-to-send-more-requests-than-intended-polapain

July 14, 2023

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:polapain1337Link to Submitters Profile:https://hackerone.com/polapain1337 Report Title:Brute force protection allows to send more...

UNISOC mobile phone chipsets for Android denial of service | CVE-2022-48450

July 14, 2023

NAME__________UNISOC mobile phone chipsets for Android denial of servicePlatforms Affected:Unisoc SC9863A Unisoc SC9832E Unisoc SC7731E Unisoc T610 Unisoc T606 Unisoc...

Quiz Expert plugin for WordPress cross-site request forgery | CVE-2023-36522

July 14, 2023

NAME__________Quiz Expert plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Quiz Expert Plugin for WordPress 1.5.0Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Quiz Expert plugin...

JetBrains YouTrack security bypass | CVE-2023-38068

July 14, 2023

NAME__________JetBrains YouTrack security bypassPlatforms Affected:JetBrains YouTrack 2023.1Risk Level:6.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________JetBrains YouTrack could allow a remote attacker to bypass security restrictions,...

AVG Anti-Spyware code execution | CVE-2023-36167

July 14, 2023

NAME__________AVG Anti-Spyware code executionPlatforms Affected:AVG AVG Anti-Spyware 7.5Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________AVG Anti-Spyware could allow a local authenticated attacker to execute...

Template Debugger plugin for WordPress cross-site request forgery | CVE-2023-35773

July 14, 2023

NAME__________Template Debugger plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Template Debugger Plugin for WordPress 3.1.2Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Template Debugger plugin...

Main Story

Editor’s Picks

Trending Story

Featured Story

You may have missed