hackone 节点

当前节点:hackone

时间	节点
2021-06-24 07:07:57	hackone最新公开漏洞	Firebase Database Takeover in Zego Sense Android app 影响厂商:Zego 奖励: 危险等级:high 安卓应用程序中的 Firebase 数据库接管
2021-06-24 01:07:56	hackone最新公开漏洞	ccc ctf 影响厂商:h1-ctf(https://hackerone.com/h1-ctf) 我是说，我不知道你在说什么
2021-06-23 21:07:55	hackone最新公开漏洞	Insufficient Session Expiration 影响厂商:Urban Company(https://hackerone.com/urbancompany) 会议结束时间不足
2021-06-23 09:27:19	hackone最新公开漏洞	C++: Support Pqxx connector to search for sql injections to Postgres 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) C + + : 支持 Pqxx 连接器搜索 Postgres 的 sql 注入
2021-06-23 09:27:19	hackone最新公开漏洞	Java: CodeQL query for unsafe RMI deserialization 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) 针对不安全的 RMI 反序列化的 CodeQL 查询
2021-06-23 09:27:19	hackone最新公开漏洞	ihsinme: CPP Add query for CWE-783 Operator Precedence Logic Error When Use Bool Type 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) 当使用 Bool 类型时，CPP 添加 CWE-783算符优先逻辑错误的查询
2021-06-23 09:27:19	hackone最新公开漏洞	[JavaScript]: CWE-1004: Sensitive cookie without HttpOnly 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) [ JavaScript ] : CWE-1004: 没有 HttpOnly 的敏感 cookie
2021-06-23 09:27:19	hackone最新公开漏洞	[GO] CWE-1004: Sensitive cookie without HttpOnly 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) CWE-1004: 没有 HttpOnly 的敏感 cookie
2021-06-23 09:27:19	hackone最新公开漏洞	[Java]: CWE-502 Add UnsafeDeserialization sinks 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) [ Java ] : CWE-502添加 UnsafeDeserialization 汇
2021-06-23 09:27:19	hackone最新公开漏洞	[Java] BeanShell Injection 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) [ Java ] BeanShell 注入
2021-06-23 09:27:19	hackone最新公开漏洞	ihsinme: CPP Add query for CWE-1126: Declaration of Variable with Unnecessarily Wide Scope 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) Ihsinme: CPP 为 CWE-1126添加查询: 不必要地扩大范围的变量声明
2021-06-23 09:27:19	hackone最新公开漏洞	[Java] CWE-295 - Incorrect Hostname Verification - MitM 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) [ Java ] CWE-295- 不正确的主机名验证 -MitM
2021-06-23 09:27:19	hackone最新公开漏洞	[Java]: CWE-730 Regex injection 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) [ Java ] : CWE-730正则表达式注入
2021-06-23 09:27:19	hackone最新公开漏洞	ihsinme:CPP Add query for CWE-415 Double Free 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) Ihsinme: CPP 对 CWE-415 Double Free 的添加查询
2021-06-23 09:27:19	hackone最新公开漏洞	Python: Add support of clickhouse-driver package 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) Python: 添加对 clickhouse-driver 包的支持
2021-06-23 09:27:19	hackone最新公开漏洞	[JAVA]: CWE-347 - Improper Verification of Cryptographic Signature : Potential for Auth Bypass 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) [ JAVA ] : CWE-347- 密码签名的错误验证: 授权绕过的可能性
2021-06-23 09:27:19	hackone最新公开漏洞	[Python] CWE-090: LDAP Injection 影响厂商:GitHub Security Lab 奖励:4500.0USD 危险等级:high [ Python ] CWE-090: LDAP 注入
2021-06-23 09:27:19	hackone最新公开漏洞	[GO]: CWE-326: Insufficient key size 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) CWE-326: 键大小不足
2021-06-23 03:27:06	hackone最新公开漏洞	SQL injection on admin.acronis.host development web service 影响厂商:Acronis 奖励: 危险等级:high 基于 admin.acronis.host 开发 web 服务的 SQL 注入
2021-06-23 03:27:06	hackone最新公开漏洞	Reflected XSS on my.acronis.com 影响厂商:Acronis 奖励:50.0USD 危险等级:low 反映在 myacron..com 上的 XSS
2021-06-23 01:27:07	hackone最新公开漏洞	Local File Disclosure /Delete On [us-az-vpn.acronis.com] 影响厂商:Acronis 奖励: 危险等级:medium 本地文件泄露/删除 us-az-vpn.acronis.com
2021-06-22 22:39:02	hackone最新公开漏洞	Reflected XSS on cz.acronis.com/dekujeme-za-odber-novinek-produktu-disk-director with ability to creating an admin user in WordPress 影响厂商:Acronis(https://hackerone.com/acronis) 反映在 cz.acronis.com/dekujeme-za-odber-novinek-produktu-disk-director 上的 XSS，有能力在 WordPress 中创建一个管理员用户
2021-06-22 22:39:02	hackone最新公开漏洞	[com.icq.mobile.client] , 影响厂商:Mail.ru(https://hackerone.com/mailru) [ com.icq.mobile.client ] ,
2021-06-22 22:39:02	hackone最新公开漏洞	[mcs.mail.ru] (sqs.mcs.mail.ru) 影响厂商:Mail.ru(https://hackerone.com/mailru) [ mcs.mail.ru ](sqs.mcs.mail.ru)
2021-06-22 20:38:59	hackone最新公开漏洞	CSRF + XSS leads to ATO 影响厂商:Mail.ru(https://hackerone.com/mailru) CSRF + XSS 导致 ATO
2021-06-22 20:38:59	hackone最新公开漏洞	internal path disclosure via error message 影响厂商:Mail.ru(https://hackerone.com/mailru) 通过错误信息泄露内部路径
2021-06-22 18:38:59	hackone最新公开漏洞	HackerOne’s 100K CTF Writeup 影响厂商:h1-ctf 奖励: 危险等级:critical 100K CTF Writeup
2021-06-22 06:38:56	hackone最新公开漏洞	HackerOnes 100K CTF Writeup 影响厂商:h1-ctf(https://hackerone.com/h1-ctf) 100K CTF Writeup
2021-06-22 06:38:56	hackone最新公开漏洞	CCC H1 June 2021 CTF Writeup 影响厂商:h1-ctf 奖励: 危险等级:critical 2021年6月1日
2021-06-22 06:38:56	hackone最新公开漏洞	100K CTF's Writeup 影响厂商:h1-ctf 奖励: 危险等级:critical 100K CTF’s Writeup
2021-06-22 06:38:56	hackone最新公开漏洞	Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation 影响厂商:Sifchain(https://hackerone.com/sifchain) 2019-8331跨网站脚本可能在 https://sifchain.finance//进行
2021-06-22 04:38:53	hackone最新公开漏洞	A malicious user can upload a malicious script through managesieve and trigger its execution in order to consume almost 100% of CPU (LMTP). 影响厂商:Open-Xchange 奖励: 危险等级:medium 恶意用户可以通过管理层上传恶意脚本并触发其执行，以消耗几乎100% 的 CPU (LMTP)。
2021-06-22 02:38:57	hackone最新公开漏洞	A malicious user can upload a malicious script through managesieve and trigger its execution in order to consume almost 100% of CPU (LMTP). 影响厂商:Open-Xchange(https://hackerone.com/open-xchange) 恶意用户可以通过管理层上传恶意脚本并触发其执行，以消耗几乎100% 的 CPU (LMTP)。
2021-06-22 02:38:57	hackone最新公开漏洞	one delegate can add another delegate and delete other delegates, exposing all confidential inbox messages 影响厂商:Zivver 奖励: 危险等级:high 一个委托可以添加另一个委托并删除其他委托，从而公开所有机密的收件箱邮件
2021-06-22 00:39:57	hackone最新公开漏洞	No rate Limit on Add new Translation Project 影响厂商:Weblate 奖励: 危险等级:None 添加新的翻译项目时没有费率限制
2021-06-21 22:53:20	hackone最新公开漏洞	Command Injection via STARTTLS in SMTP 影响厂商:Open-Xchange(https://hackerone.com/open-xchange) 在 SMTP 中通过 STARTTLS 命令注入
2021-06-21 20:53:21	hackone最新公开漏洞	Remote Code Execution through "Files_antivirus" plugin 影响厂商:ownCloud 奖励: 危险等级:medium 通过“ Files _ antivirus”插件远程执行代码
2021-06-21 18:53:21	hackone最新公开漏洞	Broken Link on Urban Company's Vulnerability Submission Form 影响厂商:Urban Company 奖励:50.0USD 危险等级:low 城市公司脆弱性提交表的断链
2021-06-21 12:53:20	hackone最新公开漏洞	Private ip leaking through response 影响厂商:Urban Company(https://hackerone.com/urbancompany) 通过响应泄漏私有 ip
2021-06-19 05:32:33	hackone最新公开漏洞	Second-order SOQL injection through email and campaign name parameter in Salesforce lead submission 影响厂商:HackerOne 奖励: 危险等级:low 通过电子邮件和 Salesforce 主导提交的活动名称参数进行二阶 SOQL 注入
2021-06-19 03:32:34	hackone最新公开漏洞	Subdomain Takeover – jet.acronis.com pointing to unclaimed Webflow services 影响厂商:Acronis 奖励: 危险等级:low Subdomain Takeover-jet.acronis. com 指向无人认领的 Webflow 服务
2021-06-19 03:32:34	hackone最新公开漏洞	Subdomain Takeover – www.jet.acronis.com pointing to unclaimed Webflow services 影响厂商:Acronis 奖励: 危险等级:low 子域名接管-指向无人认领的 Webflow 服务的 www.jet.acronis.com
2021-06-19 03:32:34	hackone最新公开漏洞	Subdomain Takeover jet.acronis.com pointing to unclaimed Webflow services 影响厂商:Acronis(https://hackerone.com/acronis) Subdomain Takeover jet.acronis. com 指向无人认领的 Webflow 服务
2021-06-19 03:32:34	hackone最新公开漏洞	Subdomain Takeover www.jet.acronis.com pointing to unclaimed Webflow services 影响厂商:Acronis(https://hackerone.com/acronis) 指向无人认领的 Webflow 服务的子域收购 www.jet.acronis.com
2021-06-19 01:32:33	hackone最新公开漏洞	Adam and the Deadly Injections 影响厂商:h1-ctf 奖励: 危险等级:critical 亚当和致命的注射
2021-06-19 01:32:33	hackone最新公开漏洞	Clickjacking misconfiguration bug 影响厂商:Sifchain(https://hackerone.com/sifchain) 点击劫持错误配置错误
2021-06-18 13:32:29	hackone最新公开漏洞	ccc.h1ctf.com CTF 影响厂商:h1-ctf(https://hackerone.com/h1-ctf) 1ctf.com CTF
2021-06-18 13:32:29	hackone最新公开漏洞	Adam and the Deadly Injections 影响厂商:h1-ctf(https://hackerone.com/h1-ctf) 亚当和致命的注射
2021-06-18 07:32:27	hackone最新公开漏洞	H1-CTF 100k Solution - Congratz on the 100k Rep todayisnew 影响厂商:h1-ctf(https://hackerone.com/h1-ctf) H1-CTF 100k 解决方案——祝贺今天的100k 代表是新的
2021-06-18 07:32:27	hackone最新公开漏洞	[100K-ctf] Multiple vulnerabilities leading to compromise of Pinger instance. 影响厂商:h1-ctf(https://hackerone.com/h1-ctf) [100K-ctf ]导致 Pinger 实例泄露的多个漏洞。
2021-06-18 07:32:27	hackone最新公开漏洞	TikTok Session Donation CSRF via QR code login 影响厂商:TikTok(https://hackerone.com/tiktok) 通过二维码登录的捐赠 CSRF
2021-06-17 23:32:28	hackone最新公开漏洞	HackerOne making payments in USDC (Coinbase stable coin) 影响厂商:HackerOne 奖励: 危险等级:none HackerOne 在 USDC (硬币稳定币)进行支付
2021-06-17 21:32:25	hackone最新公开漏洞	Malicious apps can crash Nextcloud Android client by sending malformed intents 影响厂商:Nextcloud(https://hackerone.com/nextcloud) 恶意应用程序可以通过发送格式不正确的意图来破坏 Nextcloud Android 客户端
2021-06-17 19:32:24	hackone最新公开漏洞	Web cache poisoning at www.acronis.com 影响厂商:Acronis(https://hackerone.com/acronis) 网页缓存中毒在 www.acronis. com
2021-06-17 15:32:24	hackone最新公开漏洞	Brave Browser Tor Window leaks user's real IP to the external DNS server 影响厂商:Brave Software 奖励:1000.0USD 危险等级:high 勇敢的 Tor 窗口将用户的真实 IP 泄露给外部 DNS 服务器
2021-06-17 11:32:23	hackone最新公开漏洞	XSS on https://partners.acronis.com/ 影响厂商:Acronis 奖励: 危险等级:low Https://partners.acronis.com/的 XSS