Home
Introduction During our investigations, we have come across more and more VMware ESXi hypervisors.
**Summary:**
Hello team, I decided to do some further testing, and I came across another endpoint that can be used to reveal user emails.
### Steps To Reproduce
1. Create a demo in your account https://hackerone.com/teams/new/sandbox
2. Create a token with the report manager role on https://hackerone.com/organizations/demo/settings/api_tokens
3. Copy the user ID of any user that has an...
**Summary:**
Hello team,
It is possible to reveal any user email using the `BountiesHistoryQuery` request.
To demonstrate this, I will make use of both the API and the graphql requests.
### Steps To Reproduce
1. Log in to your account and create a demo
2. Head over to https://hackerone.com/organizations//settings/api_tokens and create a token with the report manager role
3. Head over to...
Summary The Uniview IPC2322LB processes authentication requests allows remote attackers to bypass the authentication process and gain unauthorized access. If this is combined with a CLI escape, the Uniview device’s security can be completely compromised. Credit Yoseop Kim working for SSD Labs Korea Vendor Response The vendor has released an advisory that addresses this issue: … Read More »
Hello,
## Summary
It was identified that ownCloud Infinite Scale (oCIS) is prone to vulnerability that allows access any file without authentication. Prior knowledge of username and filename is needed to access file.
In this instance, vulnerability was result of the default enabled PreSignedURL, which incorrectly checks the expiry date in `OC-Date` and `OC-Expires` variables. If the date has...
Internship Experiences at Doyensec
Welcome to the second and final day of Pwn2Own Vancouver 2024! We saw some amazing research yesterday, including a Tesla exploit and a single exploit hitting both Chrome and Edge. So far, we have paid out $723,500 for the event, and were poised to hit $1,000,000 again. Today looks to be just as exc
March, 2024 Last week, the Bank of England announced the introduction of a new regulatory framework, STAR-FS, to support the financial sector in its cyber resilience operations. Over 4 years...
Welcome to the first day of Pwn2Own Vancouver 2024! We have two amazing days of research planned, including every browser, SharePoint, and Tesla. Well be updating this blog in real time as results become available. We have a full schedule of attempts today, so stay tuned! All times are Pacific Dayl
The androidx.fragment.app.Fragment class available in Android allows creating parts of application UI (so-called fragments). Each fragment has its own layout, lifecycle, and event handlers. Fragments can be built into activities or displayed within other fragments, which lends flexibility and modularity to app design. Android IPC (inter-process communication) allows a third-party app to open activities exported []
Welcome to Pwn2Own Vancouver 2024! This years event promises to be the largest-ever Vancouver event - both in terms of entries and potential prizes. If everything hits, we will end up paying out over $1,300,000 in cash and prizes - including a Tesla Model 3. Weve got two full days of exciting comp
CVE-2024-1212 is an unauthenticated command injection found in Progress Kemp LoadMaster load balancer's administrator web interface by Rhino Security Labs.
Have you ever found an HTTP desync vulnerability that seemed impossible to exploit due to its complicated constraints? In this blogpost we will explore a new exploitation technique that can be used to
Introduction Arbitrary deserialization of untrusted data and Java gadget chains are already covered by the following articles:
In this post, Ill look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. Ill show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device.
Introduction Wi-Fi routers have always been an attractive target for attackers. When taken over, an attacker may gain access to a victims internal network or sensitive data. Additionally, there has been an ongoing trend of attackers continually incorporating new router exploits into their arsenal for use in botnets, such as the Mirai Botnet.
Consumer grade devices are especially attractive to attackers, due to many security flaws in them. Devices with lower security often contain multiple bugs that attackers can exploit easily, rendering them vulnerable targets.
`setuid()` does not affect libuv's internal io_uring operations if initialized before the call to `setuid()`.
This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to `setuid()`.
This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.
In the 250th episode, we have a follow-up discussion to our "Future of Exploit Development" video from 2020. Memory safety and the impacts of modern mitigati...
Posted by Jasika Bawa, Xinghui Lu, Google Chrome Security & Jonathan Li, Alex Wozniak, Google Safe Browsing For more than 15 years, Google...
Introduction
A Look at Software Composition Analysis
Posted by Sarah Jacobus, Vulnerability Rewards Team Last year, we again witnessed the power of community-driven security efforts as resea...
An IDOR issue was discovered in the Request Services feature, where an attacker can gain access to project details of other users by submitting work project requests. Henceforth, an attacker can obtain the details of project submitted to other service providers and submit their own proposals to the victim(owner of the project). We have resolved the issue on priority and paid a bounty to...
Not Found The requested URL was not found on this server. Apache Server at secfault-security.com Port 443
It's been an incredible year for AI. Back in the early 2000s, there were AI posters up all over my local computer science department, and it was all genetic algorithms, genetic programming, and particle swarm optimization as far as you could see. They could figure out if a circle was
During the build phase, not essential for the application's functionality environment variables were accidentally included in the webpack configuration file. This oversight led to their exposure in the final bundle.
The subsequent internal review revealed no evidence of these tokens being used by unauthorized parties.
The camera comes with a USB charging cable and a battery.
Earn $10,000 on bugbounty with this little trick!
An issue was identified in the Content Outline Builder product. Changing a user ID in a GraphQL request could reveal additional information about users of Content Outline builder. The subsequent internal review revealed no evidence of this vulnerability being exploited by unauthorized parties.
An Insecure direct object reference vulnerability was found in Mozilla Monitor which allowed any user to delete secondary email addresses in other users' accounts, using the email address ID. The vulnerability was fixed by ensuring that the delete operation is properly scoped to a particular user.
Page Not Found The page you are looking for doesn't exist or has been moved
Page Not Found The page you are looking for doesn't exist or has been moved
Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 2: discovered vulnerabilities)
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Yazhi Wang of the Trend Micro Research Team detail a recently patched privilege escalation vulnerability in .NET Framework and Visual Studio. This bug was originally discovered by Piotr Bazydo of T
Adam identified a vulnerability that allowed the HTML code injection into payment invoice PDFs. This vulnerability arose from insufficient content sanitization during the interaction between services, where considered trustworthy content from the user service was transferred to the invoice generation system without proper validation.
It's important to note that the PDF generation backend...
Adam discovered a vulnerability related to information disclosure within the Social Media Inbox tool. This tool is designed to enable users to link their social media accounts, oversee content, and engage with their audience. It includes a task tracker feature, which allows users to delegate message management to their colleagues on Semrush. However, it was found that user can assign a message...
Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) - (High)
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS).
The server reads an unbounded number of bytes from a single connection, exploiting the lack of...
This report was submitted during the Ambassador World Cup 2023 finale by the Spain team, who won the competition.
The reporter @jfran_cbit got a critical bounty for this report, plus a bonus for the most impactful report in the AS Watson program.
For 11/11 in 2023, the Watsons Malaysia stores had planned a promotion. The banners and promotional product for the E-commerce website were managed...
Request throttled. Try again in 1 seconds.
Alex Rebert, Software Engineer, Christoph Kern, Principal Engineer, Security Foundations Googles Project Zero reports that memory safety v...
Jenkins server access due to weak password was reported to IBM, analyzed and has been remediated. Thank you to our external researcher.
Vulnerability is exploitable when an attacker convinces a victim to click a malicious link to a page hosting an attacker-controlled site
A stored XSS issue was reported on LinkedIn Article where a malicious JavaScript (JS) payload can be embedded in URL field of iframe. When such article gets published, and accessed on LinkedIn Mobile App, the malicious JS would get executed in victims context. Upon receiving this report, we resolved it on a priority basis and paid the researcher a bounty.
Hi Automattic team,
I have found a 2 flaws that when combined lead to DOM XSS on every website that is using Jetpack with the [Likes](https://jetpack.com/support/likes/) feature enabled.
The 2 flaws are respectively:
- A DOM XSS vulnerability on https://widgets.wp.com/sharing-buttons-preview/
- The Jetpack plugin creates a postMessage listener allowing messages from the "widgets.wp.com"...
Request throttled. Try again in 1 seconds.