关键字【Ruby on Rails】的搜索结果共761记录

公开时间 奖金 作者 标题 厂商 漏洞类型
2018-12-11 $500.0 haxta4ok00 Inline banner on Report page discloses whether organization runs a private program HackerOne Information Disclosure
2018-12-11 $500.0 plover DNS SRV lookup of file:// sources enables local hijacking of gems RubyGems Path Traversal
2018-12-10 $ mrunal Cross-Domain JavaScript Source File Inclusion RubyGems Cross-site Scripting (XSS) - Generic
2018-12-08 $ claudijd Request Hijacking Vulnerability in RubyGems 2.6.13 and earlier RubyGems Command Injection - Generic
2018-12-08 $ ooooooo_q 65534 times efficient, Brute-force attack for api_key RubyGems none
2018-12-05 $1500.0 bjeanes Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS Ruby on Rails none
2018-12-05 $2500.0 haxta4ok00 A user can bypass approval step in Hacker Publishing feature, allowing them to publish reports immediately HackerOne Incorrect Authorization
2018-12-04 $500.0 npbhatter17 Notifications sent due to "Transfer report" functionality may be sent to users who are no longer authorized to see the report HackerOne Improper Access Control - Generic
2018-11-30 $500.0 japz Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session HackerOne Insufficient Session Expiration
2018-11-30 $ jobert SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter HackerOne SQL Injection
2018-11-29 $ jobert Attacker can claim credentials for private program that has a published external program HackerOne Information Disclosure
2018-11-27 $500.0 haxta4ok00 Hacker can request mediation for published reports HackerOne Improper Authorization
2018-11-27 $2500.0 madhu_anand IE only: stored Cross-Site Scripting (XSS) vulnerability through Program Asset identifier HackerOne Cross-site Scripting (XSS) - Stored
2018-11-19 $1500.0 ooooooo_q Validation bypass for queries generated for PostgreSQL Ruby on Rails none
2018-11-14 $ npbhatter17 Accidental Access to Programs Information via SAML Login HackerOne none