RedPacket Security - InfoSec News & Tutorials

HackerOne Bug Bounty Disclosure: improper-authentication-inside-the-rockstar-games-launcher-which-leads-to-account-takeover-to-some-extend–xshivam

July 14, 2023

Company Name: Rockstar Games Company HackerOne URL: https://hackerone.com/rockstargames Submitted By:0xshivamLink to Submitters Profile:https://hackerone.com/0xshivam Report Title:Improper Authentication inside the Rockstar Games...

HackerOne Bug Bounty Disclosure: server-side-rce-through-directory-traversal-based-arbitrary-file-write-fabianfreyer

July 14, 2023

Company Name: Rocket.Chat Company HackerOne URL: https://hackerone.com/rocket_chat Submitted By:fabianfreyerLink to Submitters Profile:https://hackerone.com/fabianfreyer Report Title:Server-side RCE through directory traversal-based arbitrary file...

HackerOne Bug Bounty Disclosure: rce-via-npm-misconfig-installing-internal-libraries-from-the-public-registry-x-loser

July 14, 2023

Company Name: SHEIN Company HackerOne URL: https://hackerone.com/shein Submitted By:x1337loserLink to Submitters Profile:https://hackerone.com/x1337loser Report Title:RCE via npm misconfig -- installing internal...

HackerOne Bug Bounty Disclosure: xss-r-vcc-na-x-com-ssharmaz

July 14, 2023

Company Name: 8x8 Company HackerOne URL: https://hackerone.com/8x8 Submitted By:ssharmazLink to Submitters Profile:https://hackerone.com/ssharmaz Report Title:xss(r) vcc-na11.8x8.comReport Link:https://hackerone.com/reports/1392733Date Submitted:10 July 2023 A...

HackerOne Bug Bounty Disclosure: actionview-sanitize-helper-bypass-leading-to-xss-using-svg-tag-haqpl

July 14, 2023

Company Name: Ruby on Rails Company HackerOne URL: https://hackerone.com/rails Submitted By:haqplLink to Submitters Profile:https://hackerone.com/haqpl Report Title:ActionView sanitize helper bypass leading...

HackerOne Bug Bounty Disclosure: -m-reports-on-hackerone-celebration-ability-to-bulk-submit-many-reports-nagli

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:nagliLink to Submitters Profile:https://hackerone.com/nagli Report Title:2M Reports on HackerOne Celebration! - Ability...

HackerOne Bug Bounty Disclosure: rate-limit-missing-sign-in-page-dreamer-eh

July 14, 2023

Company Name: Tennessee Valley Authority Company HackerOne URL: https://hackerone.com/tennessee-valley-authority Submitted By:dreamer_ehLink to Submitters Profile:https://hackerone.com/dreamer_eh Report Title:Rate limit missing sign-in pageReport...

HackerOne Bug Bounty Disclosure: asset-inventory-internal-descriptions-are-leaked-in-csv-export-the-arch-angel

July 14, 2023

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:the_arch_angelLink to Submitters Profile:https://hackerone.com/the_arch_angel Report Title:Asset Inventory Internal Descriptions are leaked in...

HackerOne Bug Bounty Disclosure: csrf-protection-bypass-on-tiktok-webcast-endpoints-zerody

July 14, 2023

Company Name: TikTok Company HackerOne URL: https://hackerone.com/tiktok Submitted By:zerodyLink to Submitters Profile:https://hackerone.com/zerody Report Title:CSRF protection bypass on TikTok Webcast EndpointsReport...

HackerOne Bug Bounty Disclosure: cve-apache-airflow-spark-provider-arbitrary-file-read-via-jdbc-sw-rd-ight

July 14, 2023

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:sw0rd1ightLink to Submitters Profile:https://hackerone.com/sw0rd1ight Report Title:CVE-2023-28710 Apache Airflow Spark Provider...

HackerOne Bug Bounty Disclosure: brute-force-protection-allows-to-send-more-requests-than-intended-polapain

July 14, 2023

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:polapain1337Link to Submitters Profile:https://hackerone.com/polapain1337 Report Title:Brute force protection allows to send more...

UNISOC mobile phone chipsets for Android denial of service | CVE-2022-48450

July 14, 2023

NAME__________UNISOC mobile phone chipsets for Android denial of servicePlatforms Affected:Unisoc SC9863A Unisoc SC9832E Unisoc SC7731E Unisoc T610 Unisoc T606 Unisoc...

Quiz Expert plugin for WordPress cross-site request forgery | CVE-2023-36522

July 14, 2023

NAME__________Quiz Expert plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Quiz Expert Plugin for WordPress 1.5.0Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Quiz Expert plugin...

JetBrains YouTrack security bypass | CVE-2023-38068

July 14, 2023

NAME__________JetBrains YouTrack security bypassPlatforms Affected:JetBrains YouTrack 2023.1Risk Level:6.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________JetBrains YouTrack could allow a remote attacker to bypass security restrictions,...

AVG Anti-Spyware code execution | CVE-2023-36167

July 14, 2023

NAME__________AVG Anti-Spyware code executionPlatforms Affected:AVG AVG Anti-Spyware 7.5Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________AVG Anti-Spyware could allow a local authenticated attacker to execute...

Template Debugger plugin for WordPress cross-site request forgery | CVE-2023-35773

July 14, 2023

NAME__________Template Debugger plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Template Debugger Plugin for WordPress 3.1.2Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Template Debugger plugin...

Galleria plugin for WordPress cross-site request forgery | CVE-2023-35780

July 14, 2023

NAME__________Galleria plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Galleria Plugin for WordPress 1.0.3Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Galleria plugin for WordPress is...

WP RSS Images Slider Plugin for Videos plugin for WordPress cross-site request forgery | CVE-2023-36693

July 14, 2023

NAME__________WP RSS Images Slider Plugin for Videos plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress WP RSS Images Plugin for WordPress...

UNISOC mobile phone chipsets for Android information disclosure | CVE-2023-32788

July 14, 2023

NAME__________UNISOC mobile phone chipsets for Android information disclosurePlatforms Affected:Unisoc SC9863A Unisoc SC9832E Unisoc SC7731E Unisoc T610 Unisoc T606 Unisoc T760...

SAP S/4HANA security bypass | CVE-2023-35870

July 14, 2023

NAME__________SAP S/4HANA security bypassPlatforms Affected:SAP S/4HANA 104 SAP S/4HANA 105 SAP S/4HANA 106 SAP S/4HANA 107Risk Level:6.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________SAP S/4HANA...

Juniper Networks Junos OS denial of service | CVE-2023-36848

July 14, 2023

NAME__________Juniper Networks Junos OS denial of servicePlatforms Affected:Juniper Networks Junos OS 19.2 Juniper Networks Junos OS 19.3 Juniper Networks Junos...

JetBrains TeamCity information disclosure | CVE-2023-38064

July 14, 2023

NAME__________JetBrains TeamCity information disclosurePlatforms Affected:JetBrains TeamCity 2023.05Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________JetBrains TeamCity could allow a remote authenticated attacker to obtain sensitive...

SonicWall GMS and Analytics directory traversal | CVE-2023-34135

July 14, 2023

NAME__________SonicWall GMS and Analytics directory traversalPlatforms Affected:SonicWall GMS 9.3.2 SP1 SonicWall Analytics 2.5.0.4 R7Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________SonicWall GMS and Analytics...

SonicWall GMS and Analytics weak security | CVE-2023-34130

July 14, 2023

NAME__________SonicWall GMS and Analytics weak securityPlatforms Affected:SonicWall GMS 9.3.2 SP1 SonicWall Analytics 2.5.0.4 R7Risk Level:5.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________SonicWall GMS and Analytics...

Main Story

Editor’s Picks

Trending Story

Featured Story

You may have missed