Hacking8 安全信息流
当前节点:hackone
时间节点
2020-09-25 22:50:56hackone最新公开漏洞
Unauthenticated HTML Injection Stored - ContactUs form
影响厂商:concrete5(https://hackerone.com/concrete5) 
未经身份验证的HTML注入已存储-与我们联系表格
2020-09-25 22:50:55hackone最新公开漏洞
Cross Site Scripting (XSS) Stored - Private messaging
影响厂商:concrete5(https://hackerone.com/concrete5) 
跨站点脚本(XSS)存储-私人消息传递
2020-09-25 04:49:43hackone最新公开漏洞
Reflected XSS on www.hackerone.com via Wistia embed code
影响厂商:HackerOne(https://hackerone.com/security) 
通过Wistia嵌入代码在www.hackerone.com上反映了XSS
2020-09-25 03:53:16hackone最新公开漏洞
[snekserve] Stored XSS via filenames HTML formatted
影响厂商:Node.js third-party modules(https://hackerone.com/nodejs-ecosystem) 
[snekserve]通过HTML格式的文件名存储XSS
2020-09-25 03:53:15hackone最新公开漏洞
[commit-msg] RCE via insecure command formatting
影响厂商:Node.js third-party modules(https://hackerone.com/nodejs-ecosystem) 
[commit-msg] RCE通过不安全的命令格式
2020-09-25 03:53:15hackone最新公开漏洞
[gity] RCE via insecure command formatting
影响厂商:Node.js third-party modules(https://hackerone.com/nodejs-ecosystem) 
[gity] RCE通过不安全的命令格式
2020-09-25 03:53:15hackone最新公开漏洞
[http_server] Path Traversal allowing to read any files on the server
影响厂商:Node.js third-party modules(https://hackerone.com/nodejs-ecosystem) 
[http_server]路径遍历允许读取服务器上的任何文件
2020-09-25 03:53:14hackone最新公开漏洞
Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506
影响厂商:Twitter(https://hackerone.com/twitter) 
由于配置和CVE-2020-6506,Twitter应用程序中的Android WebViews容易受到UXSS的攻击
2020-09-25 03:53:14hackone最新公开漏洞
[hnzserver] Path Traversal allowing to read any files on the server
影响厂商:Node.js third-party modules(https://hackerone.com/nodejs-ecosystem) 
[hnzserver]路径遍历允许读取服务器上的任何文件
2020-09-25 00:46:36hackone最新公开漏洞
[git-lib] RCE via insecure command formatting
影响厂商:Node.js third-party modules(https://hackerone.com/nodejs-ecosystem) 
[git-lib] RCE通过不安全的命令格式
2020-09-25 00:20:31hackone最新公开漏洞
Bypassing Business ID/VAT # validation during registration to create accounts with duplicate Business ID/VAT
影响厂商:Visma Public(https://hackerone.com/visma) 
在注册过程中绕过Business ID / VAT#验证,以创建具有重复的Business ID / VAT的帐户
2020-09-24 12:49:02hackone最新公开漏洞
bypass the [OKTA] login redirect can lead to disclosing limited-information about the sub-domain at [ shiptsec.com ]
影响厂商:Shipt 奖励:200.0USD 危险等级:low
绕过[OKTA]登录重定向可能会导致在[shiptsec.com]上披露有关子域的有限信息
2020-09-24 12:49:02hackone最新公开漏洞
property-expr - Prototype pollution
影响厂商:Node.js third-party modules(https://hackerone.com/nodejs-ecosystem) 
property-expr-原型污染
2020-09-23 05:55:48hackone最新公开漏洞
China - IDOR on Reservation Staging/Non Production Site - https://reservation.stg.starbucks.com.cn
影响厂商:Starbucks(https://hackerone.com/starbucks) 
中国-预订分期/非生产站点上的IDOR-https://reservation.stg.starbucks.com.cn
2020-09-23 03:50:38hackone最新公开漏洞
Stored-Xss at connect.topcoder.com/projects/ affected on project chat members
影响厂商:Topcoder(https://hackerone.com/topcoder) 
在项目聊天成员中受影响的connect.topcoder.com/projects/上存储的Xss
2020-09-23 03:50:38hackone最新公开漏洞
Public and secret api key leaked via Solana BBP github repo
影响厂商:Solana BBP(https://hackerone.com/solana-bbp) 
通过Solana BBP github repo泄露的公共和秘密api密钥
2020-09-23 03:50:38hackone最新公开漏洞
[steam client] Opening a specific steam:// url overwrites files at an arbitrary location
影响厂商:Valve(https://hackerone.com/valve) 
[steam客户端]打开特定的steam://网址会覆盖任意位置的文件
2020-09-23 01:45:10hackone最新公开漏洞
[Half-Life 1] Malformed map name leads to memory corruption and code execution
影响厂商:Valve(https://hackerone.com/valve) 
[半条命1]格式错误的地图名称会导致内存损坏和代码执行
2020-09-23 01:08:49hackone最新公开漏洞
"Basic user" which can only access a limited subset of the platform can access certain pages which are restricted to the user by the account owner.
影响厂商:New Relic(https://hackerone.com/newrelic) 
只能访问平台的有限子集的“基本用户”可以访问帐户所有者所限制的某些页面。
2020-09-23 00:29:08hackone最新公开漏洞
DOM Based XSS at docs.8x8.com
影响厂商:8x8(https://hackerone.com/8x8) 
docs.8x8.com上的基于DOM的XSS
2020-09-21 23:53:39hackone最新公开漏洞
Reflected Xss
影响厂商:U.S. Dept Of Defense(https://hackerone.com/deptofdefense) 
反射的Xss
2020-09-21 23:09:01hackone最新公开漏洞
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion
影响厂商:U.S. Dept Of Defense(https://hackerone.com/deptofdefense) 
CVE-2020-3187-未经身份验证的任意文件删除
2020-09-21 23:09:01hackone最新公开漏洞
Sensitive information about a ??????
影响厂商:U.S. Dept Of Defense(https://hackerone.com/deptofdefense) 
关于??????的敏感信息
2020-09-21 17:31:24hackone最新公开漏洞
Buffer over read from `smtp_command_parse_parameters`
影响厂商:Open-Xchange(https://hackerone.com/open-xchange) 
缓冲从`smtp_command_parse_parameters`中读取的内容
2020-09-19 10:53:02hackone最新公开漏洞
Stored XSS in collabora via user name
影响厂商:Nextcloud(https://hackerone.com/nextcloud) 
通过用户名将XSS存储在collabora中
2020-09-18 23:56:03hackone最新公开漏洞
Broken twitter link hijacking at https://games.mail.ru/pc/search/
影响厂商:Mail.ru(https://hackerone.com/mailru) 
在https://games.mail.ru/pc/search/处发生的Twitter链接劫持中断
2020-09-18 23:56:02hackone最新公开漏洞
Log files Leaked In mcsblog.ru
影响厂商:Mail.ru(https://hackerone.com/mailru) 
mcsblog.ru中泄漏的日志文件
2020-09-18 21:48:51hackone最新公开漏洞
[@knutkirkhorn/free-space] - Command Injection through Lack of Sanitization
影响厂商:Node.js third-party modules(https://hackerone.com/nodejs-ecosystem) 
[@ knutkirkhorn / free-space]-通过缺乏消毒的命令注入
2020-09-18 06:46:25hackone最新公开漏洞
email spoofing
影响厂商:Solana BBP(https://hackerone.com/solana-bbp) 
电子邮件欺骗
2020-09-18 03:58:34hackone最新公开漏洞
Java : add MongoDB injection sinks
影响厂商:GitHub Security Lab(https://hackerone.com/github-security-lab) 
Java:添加MongoDB注入接收器
2020-09-18 00:27:15hackone最新公开漏洞
Self XSS
影响厂商:Shopify(https://hackerone.com/shopify) 
自我XSS
2020-09-17 19:57:13hackone最新公开漏洞
IDOR - User is able to download charts/dashboards from cross accounts
影响厂商:New Relic(https://hackerone.com/newrelic) 
IDOR-用户能够从交叉账户下载图表/仪表盘
2020-09-16 23:22:35hackone最新公开漏洞
Clear text storage of proxy parameters and passwords
影响厂商:Nextcloud(https://hackerone.com/nextcloud) 
代理参数和密码的明文存储
2020-09-16 17:47:55hackone最新公开漏洞
Possible denial of service when entering a loooong password
影响厂商:Nextcloud(https://hackerone.com/nextcloud) 
输入长期密码时可能会拒绝服务
2020-09-16 13:28:05hackone最新公开漏洞
[authmagic-timerange-stateless-core] Improper Authentication
影响厂商:Node.js third-party modules(https://hackerone.com/nodejs-ecosystem) 
[authmagic-timerange-stateless-core]身份验证不正确
2020-09-16 05:00:16hackone最新公开漏洞
xss triggered in "myshopify.com/admin/product"
影响厂商:Shopify(https://hackerone.com/shopify) 
在“ myshopify.com/admin/product”中触发了xss
2020-09-15 23:16:32hackone最新公开漏洞
Cache Poisoning via uppercase letters in invalid path
影响厂商:InnoGames(https://hackerone.com/innogames) 
通过无效路径中的大写字母缓存中毒
2020-09-15 22:37:14hackone最新公开漏洞
IDOR in tracking driver logs at city-mobil.ru
影响厂商:Mail.ru(https://hackerone.com/mailru) 
IDOR在city-mobil.ru上跟踪驾驶员日志
2020-09-15 21:51:02hackone最新公开漏洞
Database read through provider misconfiguration
影响厂商:Mail.ru(https://hackerone.com/mailru) 
数据库读取提供程序错误配置
2020-09-15 21:51:00hackone最新公开漏洞
Private files exposed to other apps
影响厂商:Mail.ru(https://hackerone.com/mailru) 
公开给其他应用的私人文件
2020-09-15 21:00:23hackone最新公开漏洞
[icq.im] Reflected XSS via chat invite link
影响厂商:Mail.ru(https://hackerone.com/mailru) 
[icq.im]通过聊天邀请链接反映了XSS
2020-09-15 17:50:36hackone最新公开漏洞
CircleCI token in github repo allows for access to sensitive build information
影响厂商:Shopify(https://hackerone.com/shopify) 
github repo中的CircleCI令牌允许访问敏感的构建信息
2020-09-15 16:03:21hackone最新公开漏洞
Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation
影响厂商:Shopify(https://hackerone.com/shopify) 
your-store.myshopify.com中的电子邮件确认绕过,这导致特权升级
2020-09-15 13:58:04hackone最新公开漏洞
A staff without export customers permissions can still export customers CSV file
影响厂商:Shopify(https://hackerone.com/shopify) 
没有导出客户权限的员工仍可以导出客户CSV文件
2020-09-15 11:07:44hackone最新公开漏洞
staff can able to extend shopify trial period without admin permission
影响厂商:Shopify(https://hackerone.com/shopify) 
工作人员无需管理员许可即可延长shopify试用期
2020-09-15 07:35:07hackone最新公开漏洞
Adding everyone to the repo due to the lack of rate limit
影响厂商:GitLab(https://hackerone.com/gitlab) 
由于缺乏速率限制,将所有人添加到回购中
2020-09-15 05:48:34hackone最新公开漏洞
[h1-2006 2020] Bounty payments are done !
影响厂商:h1-ctf(https://hackerone.com/h1-ctf) 
[h1-2006 2020]赏金已经支付!
2020-09-15 04:46:57hackone最新公开漏洞
XSS within Shopify Email App - Admin
影响厂商:Shopify(https://hackerone.com/shopify) 
Shopify电子邮件应用程序中的XSS-管理员
2020-09-15 04:46:57hackone最新公开漏洞
Staff member with no permission can delete POS staff from account settings
影响厂商:Shopify(https://hackerone.com/shopify) 
没有权限的工作人员可以从帐户设置中删除POS工作人员
2020-09-15 04:46:56hackone最新公开漏洞
Partner's non-verified business email change reflected into Shopify Collaborator Request
影响厂商:Shopify(https://hackerone.com/shopify) 
合作伙伴的未经验证的商业电子邮件更改反映在Shopify协作者请求中
2020-09-15 04:03:45hackone最新公开漏洞
XSS / SELF XSS
影响厂商:Shopify(https://hackerone.com/shopify) 
XSS /自XSS
2020-09-15 04:03:44hackone最新公开漏洞
Admin web sessions remain active after logout of Shopify ID
影响厂商:Shopify(https://hackerone.com/shopify) 
Shopify ID注销后,管理Web会话保持活动状态
2020-09-15 04:03:43hackone最新公开漏洞
Password protection can be removed for newly created development store
影响厂商:Shopify(https://hackerone.com/shopify) 
可以删除新创建的开发商店的密码保护
2020-09-14 19:22:49hackone最新公开漏洞
[flsaba] Stored XSS in the file and directory name when directories listing
影响厂商:Node.js third-party modules(https://hackerone.com/nodejs-ecosystem) 
[flsaba]目录列出时,将XSS存储在文件和目录名称中
2020-09-14 19:22:49hackone最新公开漏洞
[objtools] Prototype pollution
影响厂商:Node.js third-party modules(https://hackerone.com/nodejs-ecosystem) 
[objtools]原型污染
2020-09-14 19:22:48hackone最新公开漏洞
[keyd] Prototype pollution
影响厂商:Node.js third-party modules(https://hackerone.com/nodejs-ecosystem) 
[关键]原型污染