关键字【Ruby on Rails】的搜索结果共783记录

公开时间 奖金 作者 标题 厂商 漏洞类型
2019-02-03 $20000.0 yashrs Confidential data of users and limited metadata of programs and reports accessible via GraphQL HackerOne Information Disclosure
2019-02-03 $ yoyobabaji Open redirect vulnerability in index.php HackerOne Open Redirect
2019-01-30 $500.0 rijalrojan Disclosure of h1 challenges name through the calendar HackerOne Information Disclosure
2019-01-30 $500.0 kunal94 Response program can display "eligble for bounty" in scope area in program policy HackerOne Business Logic Errors
2019-01-23 $ joaomatosf Remote Code Execution (RCE) in a Sony WebSystem Sony Deserialization of Untrusted Data
2019-01-23 $ joaomatosf Remote Code Execution (RCE) in a Sony Pictures WebSystem Sony Deserialization of Untrusted Data
2019-01-11 $ jobert Embedded submission form UUIDs can be enumerated through GraphQL node interface, exposing sensitive program details HackerOne Insecure Direct Object Reference (IDOR)
2019-01-08 $ linkks Source Code Disclosure Urban Dictionary Information Disclosure
2019-01-07 $500.0 khoiasd Response program can create bounty table HackerOne Business Logic Errors
2019-01-04 $500.0 mga_bobo User login page doesn't implement any form of rate limiting HackerOne Brute Force
2019-01-03 $100.0 csanuragjain Malicious callback url can be set while creating application in identity Inflection Business Logic Errors
2019-01-03 $500.0 haxta4ok00 Submitting report through Embedded Submission form gives user indefinite access to a profile HackerOne Business Logic Errors
2019-01-02 $ thefrog @wearehackerone.com is vulnerable to namespace attacks due to hackerone.com not being RFC2142 compliant. HackerOne Business Logic Errors
2018-12-31 $1000.0 nmalkin Unpacker improperly validates symlinks, allowing gems writes to arbitrary locations RubyGems Path Traversal
2018-12-27 $ rosa ActiveStorage service's signed URLs can be hijacked via AppCache+Cookie stuffing trick when using GCS or DiskService Ruby on Rails Information Disclosure