InfoSec News & Tutorials
Programme HackerOne Uber Uber Submitted by kxyry kxyry Report [data-07.uberinternal.com] SSRF in Portainer app lead to access to Internal Docker API without Auth Full Report A considerable amount of…
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by nyxsorcerer nyxsorcerer Report Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522) Full Report A considerable amount of time and…
Programme HackerOne Uber Uber Submitted by zhero_ zhero_ Report DOM based XSS via insecure parameter on [ https://uberpay-mock-psp.uber.com ] Full Report A considerable amount of time and effort goes…
Programme HackerOne Uber Uber Submitted by zhero_ zhero_ Report HTML injection via insecure parameter [https://www.ubercarshare.com/] Full Report A considerable amount of time and effort goes into maintaining this website,…
Programme HackerOne Uber Uber Submitted by kxyry kxyry Report [uchat.uberinternals.com] Mattermost doesn't check Origin in Websockets, which leads to the Critical Inforamation Leakage. Full Report A considerable amount of…
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by 4b5f5f4b 4b5f5f4b Report [CPP]Add query to detect bugs like CVE-2017-5123 Full Report A considerable amount of time and effort…
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by porcupineyhairs porcupineyhairs Report [CPP]: Add query for CWE-125 Out-of-bounds Read with different interpretation of the string when use mbtowc Full…
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by sim4n6 sim4n6 Report [Python] Unsafe unpacking using shutil.unpack_archive() query and tests Full Report A considerable amount of time and…
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by ihsinme ihsinme Report C/C++: Command injection via wordexp Full Report A considerable amount of time and effort goes into…
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by porcupineyhairs porcupineyhairs Report Python : Add query to detect PAM authorization bypass Full Report A considerable amount of time…
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by sim4n6 sim4n6 Report [python] TarSlip vulnerability improvements Full Report A considerable amount of time and effort goes into maintaining…
Programme HackerOne pixiv pixiv Submitted by hackit_bharat hackit_bharat Report Stealing Users OAuth authorization code via redirect_uri Full Report A considerable amount of time and effort goes into maintaining this…
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by gregxsunday gregxsunday Report [Go]: Add Beego.Input.RequestBody source to Beego framework Full Report A considerable amount of time and effort…
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by kuzu7shiki kuzu7shiki Report CPP: Pam Authorization Bypass Full Report A considerable amount of time and effort goes into maintaining…
Programme HackerOne curl curl Submitted by kurohiro kurohiro Report CVE-2023-27537: HSTS double-free Full Report A considerable amount of time and effort goes into maintaining this website, creating backend automation…
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by das7pad das7pad Report Potential DoS vulnerability in Django in multipart parser Full Report A considerable amount of time and…
Programme HackerOne Node.js Node.js Submitted by bnoordhuis bnoordhuis Report Insecure loading of ICU data through ICU_DATA environment variable Full Report A considerable amount of time and effort goes into…
Programme HackerOne Node.js Node.js Submitted by goums goums Report Permissions policies can be bypassed via process.mainModule Full Report A considerable amount of time and effort goes into maintaining this…
Programme HackerOne Node.js Node.js Submitted by sno2 sno2 Report Regular Expression Denial of Service in Headers Full Report A considerable amount of time and effort goes into maintaining this…
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by leixiao leixiao Report RCE vulnerability in apache-airflow-providers-apache-sqoop 3.1.0 Full Report A considerable amount of time and effort goes into…
Programme HackerOne HackerOne HackerOne Submitted by mikkocarreon mikkocarreon Report [CVE-2022-44268] Arbitrary Remote Leak via ImageMagick Full Report A considerable amount of time and effort goes into maintaining this website,…
Programme HackerOne Tor Tor Submitted by hazae41 hazae41 Report Snowflake server: Leak of TLS packets from other clients Full Report A considerable amount of time and effort goes into…
Programme HackerOne IOVLabs IOVLabs Submitted by luk-matczak luk-matczak Report Traffic amplification attack via discovery protocol Full Report A considerable amount of time and effort goes into maintaining this website, creating…
Programme HackerOne HackerOne HackerOne Submitted by manish_adz manish_adz Report information disclosure of another company bug on video. Full Report A considerable amount of time and effort goes into maintaining this…