hackone 节点

当前节点:hackone

时间	节点
2021-09-21 07:17:46	hackone最新公开漏洞	ihsinme: Add query for CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) Ihsinme: 为 CWE-758添加对未定义、未指定或实现定义行为的依赖的查询
2021-09-21 07:17:46	hackone最新公开漏洞	New experimental query: Clipboard-based XSS 影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) 新的实验查询: 基于剪贴板的 XSS
2021-09-20 23:17:46	hackone最新公开漏洞	Hacker can bypass minimum bounty amount restrictions in "invitation preferences" setting via UpdateInvitationPreferencesMutation GraphQL operation 影响厂商:HackerOne(https://hackerone.com/security) 通过 UpdateInvitationPreferencesMutation GraphQL 操作，黑客可以绕过“邀请偏好”设置中的最小赏金数量限制
2021-09-20 01:17:47	hackone最新公开漏洞	Text injection or content spoofing on forbiden page 影响厂商:XVIDEOS 奖励:100.0USD 危险等级:low 文本注入或内容欺骗的禁止页面
2021-09-18 07:37:14	hackone最新公开漏洞	Subdomain Takeover due to ████████ NS records at us-east4.37signals.com 影响厂商:Basecamp 奖励:750.0USD 危险等级:medium 由于美国 us-east4.37signals.com 公司的风险投资公司的记录而被董事会收购的次域名
2021-09-18 07:37:14	hackone最新公开漏洞	Subdomain Takeover due to NS records at us-east4.37signals.com 影响厂商:Basecamp(https://hackerone.com/basecamp) 由于 us-east4.37signals.com 的 NS 记录而导致的子域名接管
2021-09-17 16:11:32	hackone最新公开漏洞	Subdomain takeover of fr1.vpn.zomans.com 影响厂商:Zomato 奖励:350.0USD 危险等级:medium 子域名收购 fr1.vpn.zomans.com
2021-09-17 14:11:32	hackone最新公开漏洞	Account takeover due to misconfiguration 影响厂商:Mattermost 奖励: 危险等级:low 由于配置错误而接管帐户
2021-09-17 08:11:30	hackone最新公开漏洞	SSRF to AWS file read 影响厂商:Topcoder(https://hackerone.com/topcoder) 读取 SSRF 到 AWS 文件
2021-09-17 02:11:30	hackone最新公开漏洞	Session Fixiation allow attacker to create new evil workspace without being logged in [ Insecure Session management ] 影响厂商:Courier(https://hackerone.com/trycourier) Session Fixiation 允许攻击者创建新的邪恶工作区，而不需要登录[不安全的 Session 管理]
2021-09-17 02:11:30	hackone最新公开漏洞	[3] Bypassing IP Based Rate Limit Blocking leads to rate limit bypass in Courier Login Panel 影响厂商:Courier(https://hackerone.com/trycourier) [3]绕过基于 IP 的速率限制阻塞导致速递登录面板的速率限制绕过
2021-09-16 06:43:54	hackone最新公开漏洞	Bypassing Rate limit for forgot password by using different ip addresses 影响厂商:Zivver 奖励: 危险等级:low 使用不同的 ip 地址绕过忘记密码的速率限制
2021-09-15 22:43:55	hackone最新公开漏洞	Stored XSS in main page of a project caused by arbitrary script payload in group "Default initial branch name" 影响厂商:GitLab 奖励:3000.0USD 危险等级:high 由于组“ Default initial branch name”中的任意脚本有效负载导致的项目主页中存储的 XSS
2021-09-15 22:43:55	hackone最新公开漏洞	CVE-2021-22945: UAF and double-free in MQTT sending 影响厂商:curl(https://hackerone.com/curl) CVE-2021-22945: UAF 和 MQTT 发送的双免费
2021-09-15 22:43:55	hackone最新公开漏洞	Use of a Broken or Risky Cryptographic Algorithm 影响厂商:Revive Adserver 奖励: 危险等级:medium 破碎或冒险加密算法的使用
2021-09-15 12:43:45	hackone最新公开漏洞	Webview address bar spoofing in LINE client for iOS 影响厂商:LINE 奖励: 危险等级:low 针对 iOS 的 LINE 客户端的 Webview 地址栏欺骗
2021-09-15 08:46:47	hackone最新公开漏洞	[Java] CWE-079: Query to detect XSS with JavaServer Faces (JSF) 影响厂商:GitHub Security Lab 奖励:1800.0USD 危险等级:medium [ Java ] CWE-079: 使用 JavaServer Faces 查询检测 XSS (JSF)
2021-09-15 06:37:18	hackone最新公开漏洞	CSRF in Account Deletion feature (https://www.flickr.com/account/delete) 影响厂商:Flickr 奖励: 危险等级:high 帐户删除功能中的 CSRF https://www.flickr.com/Account/delete
2021-09-15 06:37:18	hackone最新公开漏洞	[Java]: Add XXE sinks 影响厂商:GitHub Security Lab 奖励: 危险等级:medium [ Java ] : 添加 XXE 接收器
2021-09-14 04:37:10	hackone最新公开漏洞	Buffer overrun in Steam SILK voice decoder 影响厂商:Valve 奖励:7500.0USD 危险等级:critical 蒸汽式 SILK 语音解码器中的缓冲区溢出
2021-09-13 22:37:19	hackone最新公开漏洞	No Rate Limit On Regenerate Password on Portswigger 影响厂商:PortSwigger Web Security(https://hackerone.com/portswigger) Portswigger 重新生成密码时没有速率限制
2021-09-13 15:40:51	hackone最新公开漏洞	Privilege Escalation leading to post in channel without having privilege 影响厂商:Mattermost 奖励: 危险等级:low 在没有特权的情况下发布权限提升
2021-09-12 18:42:35	hackone最新公开漏洞	Unix time unlock_time values have dangerous validation rules enabling a number of exploits 影响厂商:Monero 奖励: 危险等级:high Unix 时间解锁时间值具有危险的验证规则，允许许多漏洞利用
2021-09-12 18:42:35	hackone最新公开漏洞	Hardware Wallets Do Not Check Unlock TIme 影响厂商:Monero 奖励: 危险等级:medium 硬件钱包不检查解锁时间
2021-09-11 07:00:16	hackone最新公开漏洞	Create free Shopify application credits. 影响厂商:Shopify 奖励:2900.0USD 危险等级:medium 创建免费的 Shopify 应用学分。
2021-09-11 03:00:16	hackone最新公开漏洞	Built-in TLS module unexpectedly treats "rejectUnauthorized: undefined" as "rejectUnauthorized: false", disabling all certificate validation 影响厂商:Node.js(https://hackerone.com/nodejs) 内置的 TLS 模块意外地将“ rejectUnauthorized: undefined”视为“ rejectUnauthorized: false”，禁用所有证书验证
2021-09-11 03:00:16	hackone最新公开漏洞	Improper handling of untypical characters in domain names 影响厂商:Node.js(https://hackerone.com/nodejs) 域名中不典型字符的处理不当
2021-09-11 01:00:17	hackone最新公开漏洞	[play.mtn.co.za] Application level DoS via xmlrpc.php 影响厂商:MTN Group(https://hackerone.com/mtn_group) [ play.mtn.co.za ]通过 xmlrpc.php 实现应用程序级 DoS
2021-09-10 17:00:16	hackone最新公开漏洞	Stored XSS on top.mail.ru 影响厂商:Mail.ru(https://hackerone.com/mailru) 在 top.mail.ru 上存储 XSS
2021-09-10 05:20:33	hackone最新公开漏洞	Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179 影响厂商:U.S. Dept Of Defense 奖励: 危险等级:medium 通过 https://███████/jira//secure/querycomponent 公开敏感数据! Default.jspa-CVE-2020-14179
2021-09-10 05:20:33	hackone最新公开漏洞	SQL injection located in `` in POST param `` 影响厂商:U.S. Dept Of Defense(https://hackerone.com/deptofdefense) SQL 注入位于“ in POST param”中
2021-09-10 05:20:33	hackone最新公开漏洞	System Error Reveals SQL Information 影响厂商:U.S. Dept Of Defense(https://hackerone.com/deptofdefense) 系统错误显示 SQL 信息
2021-09-10 05:20:33	hackone最新公开漏洞	Sensitive data exposure via https:///jira//secure/QueryComponent!Default.jspa - CVE-2020-14179 影响厂商:U.S. Dept Of Defense(https://hackerone.com/deptofdefense) 通过 https:///jira//secure/querycomponent 公开敏感数据! Default.jspa-CVE-2020-14179
2021-09-10 05:20:33	hackone最新公开漏洞	XSS due to CVE-2020-3580 [] 影响厂商:U.S. Dept Of Defense(https://hackerone.com/deptofdefense) 由于 CVE-2020-3580造成的 XSS []
2021-09-10 05:20:33	hackone最新公开漏洞	XSS due to CVE-2020-3580 [] 影响厂商:U.S. Dept Of Defense(https://hackerone.com/deptofdefense) 由于 CVE-2020-3580造成的 XSS []
2021-09-10 05:20:33	hackone最新公开漏洞	Subdomain takeover of 影响厂商:U.S. Dept Of Defense(https://hackerone.com/deptofdefense) 接管子域名
2021-09-10 03:20:29	hackone最新公开漏洞	link.avito.ru - Bypass of restrictions on external links. 影响厂商:Avito(https://hackerone.com/avito) 对外部链接的限制绕过。
2021-09-09 21:20:33	hackone最新公开漏洞	SQL injection [futexpert.mtngbissau.com] 影响厂商:MTN Group(https://hackerone.com/mtn_group) 注入[ futexpert.mtngbissau.com ]
2021-09-09 21:20:33	hackone最新公开漏洞	blind sql on [selfcare.mtn.com.af] 影响厂商:MTN Group(https://hackerone.com/mtn_group) [ selfcare.mtn.com.af ]上的盲 sql
2021-09-09 21:20:33	hackone最新公开漏洞	RCE Apache Struts2 remote command execution (S2-045) on [wifi-partner.mtn.com.gh] 影响厂商:MTN Group 奖励: 危险等级:high RCE Apache Struts2远程命令执行(S2-045)在[ wifi-partner.mtn.com.gh ]
2021-09-09 09:18:52	hackone最新公开漏洞	Economic Harm through Twitter's Cropping Algorithm 影响厂商:Twitter Algorithmic Bias(https://hackerone.com/twitter-algorithmic-bias) Twitter 裁剪算法的经济危害
2021-09-09 09:18:52	hackone最新公开漏洞	Underrepresentation Bias through Twitter's Cropping Algorithm #2: Favoring Animals over Black People 影响厂商:Twitter Algorithmic Bias(https://hackerone.com/twitter-algorithmic-bias) 推特的裁剪算法 # 2: 偏爱动物胜过黑人
2021-09-09 09:18:52	hackone最新公开漏洞	Underrepresentation Bias through Twitter's Cropping Algorithm 影响厂商:Twitter Algorithmic Bias(https://hackerone.com/twitter-algorithmic-bias) Twitter 裁剪算法的代表性偏差
2021-09-09 05:18:48	hackone最新公开漏洞	DNS Miconfiguration Leads to Subdomain Takeover - max1.liveplan.com 影响厂商:Palo Alto Software 奖励: 危险等级:high 域名解析导致子域名接管 max1.liveplan.com
2021-09-09 03:18:48	hackone最新公开漏洞	DNS Miconfiguration Leads to Subdomain Takeover - max1.liveplan.com 影响厂商:Palo Alto Software(https://hackerone.com/palo_alto_software) 域名解析导致子域名接管 max1.liveplan.com
2021-09-09 03:18:48	hackone最新公开漏洞	[185.30.178.57:8080] - Vulnerable to Jetleak 影响厂商:Mail.ru(https://hackerone.com/mailru) 易受喷气泄漏影响
2021-09-08 23:18:50	hackone最新公开漏洞	Information disclosure -> 2fa bypass -> POST exploitation 影响厂商:Algolia 奖励: 危险等级:medium 信息披露-> 2fa 旁路-> POST 开发
2021-09-08 19:18:50	hackone最新公开漏洞	SQL injection on jd.mail.ru 影响厂商:Mail.ru(https://hackerone.com/mailru) 在 jd.mail.ru 上进行 SQL 注入
2021-09-08 19:18:50	hackone最新公开漏洞	Access to alerta.khanacademy.org leak sensitive data 影响厂商:Khan Academy 奖励: 危险等级:critical 访问美国 alerta.khanacademy.org 安全局泄露敏感数据
2021-09-08 03:20:13	hackone最新公开漏洞	Subdomain Takeover on 1c-start.tochka.com pointing to unbouncepages 影响厂商:QIWI 奖励:50.0USD 危险等级:high
2021-09-07 21:18:45	hackone最新公开漏洞	HTML injection leads to reflected XSS 影响厂商:Zomato 奖励:150.0USD 危险等级:low HTML 注入导致反射的 XSS
2021-09-07 21:18:45	hackone最新公开漏洞	HTML Injection @ /[restaurant]/order endpoint. 影响厂商:Zomato 奖励:150.0USD 危险等级:low HTML 注入@/[ restaurant ]/订单端点。
2021-09-07 19:18:43	hackone最新公开漏洞	Path Traversal in dict-fs and no-check Escape Character in oauth2-jwt 影响厂商:Open-Xchange 奖励:982.0USD 危险等级:medium Oauth2-jwt 中 dict-fs 和不检查转义字符的路径遍历
2021-09-07 19:18:43	hackone最新公开漏洞	subdomain takeover disney.samokat.ru 影响厂商:Mail.ru(https://hackerone.com/mailru) 子域名收购 disney.samokat.ru
2021-09-07 03:18:36	hackone最新公开漏洞	Bootstrap library is vulnerable 影响厂商:Sifchain(https://hackerone.com/sifchain) 引导程序库是脆弱的
2021-09-06 23:18:48	hackone最新公开漏洞	Social Oauth Disconnect CSRF at znakcup.ru 影响厂商:Mail.ru(https://hackerone.com/mailru) 在 znakcup.ru 断开 CSRF