关键字【Hacker Target】的搜索结果共331记录

公开时间 奖金 作者 标题 厂商 漏洞类型
2018-12-12 $ mik317 GitHub users outside of HackerOne organization can create and update Wiki pages of certain public HackerOne repositories HackerOne Phishing
2018-12-11 $500.0 haxta4ok00 Inline banner on Report page discloses whether organization runs a private program HackerOne Information Disclosure
2018-12-05 $2500.0 haxta4ok00 A user can bypass approval step in Hacker Publishing feature, allowing them to publish reports immediately HackerOne Incorrect Authorization
2018-12-04 $500.0 npbhatter17 Notifications sent due to "Transfer report" functionality may be sent to users who are no longer authorized to see the report HackerOne Improper Access Control - Generic
2018-11-30 $500.0 japz Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session HackerOne Insufficient Session Expiration
2018-11-30 $ jobert SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter HackerOne SQL Injection
2018-11-29 $ jobert Attacker can claim credentials for private program that has a published external program HackerOne Information Disclosure
2018-11-27 $500.0 haxta4ok00 Hacker can request mediation for published reports HackerOne Improper Authorization
2018-11-27 $2500.0 madhu_anand IE only: stored Cross-Site Scripting (XSS) vulnerability through Program Asset identifier HackerOne Cross-site Scripting (XSS) - Stored
2018-11-14 $ npbhatter17 Accidental Access to Programs Information via SAML Login HackerOne none
2018-11-08 $ adac95 Self DOM-Based XSS in www.hackerone.com HackerOne Cross-site Scripting (XSS) - DOM
2018-11-07 $500.0 tolo7010 Disclosure of top 10 vulnerability types for programs that haven't enabled the Insights feature HackerOne Information Disclosure
2018-11-07 $2500.0 ateek Proper verification is not done before sending invitations to researchers for certain private programs with rules e.g. "Participants must be US-based" HackerOne Improper Access Control - Generic
2018-10-31 $10000.0 japz Hacker can bypass 2FA requirement and reporter blacklist through embedded submission form HackerOne Improper Authorization
2018-10-25 $7500.0 popeax Improper UUID validation results in bypass of #419896 HackerOne Improper Input Validation