はてなブックマーク

Basecamp supports uploading SVG pictures as avatars. Apparently, they are converted via an outdated librsvg version at Basecamp's servers. This version contains a vulnerability that allows leakage of the contents of an uninitialized memory block (that is, something is malloced, never initialized, and then used to build the preview image). Since it seems to be performed in the same unix process...

# Intro Since the founding of HackerOne, we have kept a steadfast commitment to disclosing security incidents because we believe that sharing security information far and wide is essential to building a safer internet. HackerOne's culture is to disclose more often, and in more detail than the rest of the industry. This document represents our 431st disclosure to date and we hope it will prove...

# Summary With any in-app redirect - logic/open redirect, HTML or javascript injection it's possible to execute arbitrary code within Slack desktop apps. This report demonstrates a specifically crafted exploit consisting of an HTML injection, security control bypass and a RCE Javascript payload. This exploit was tested as working on the latest Slack for desktop (4.2, 4.3.2) versions...

The Node.js third-party modules Bug Bounty Program enlists the help of the hacker community at HackerOne to make Node.js third-party modules more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited.

Shopify infrastructure is isolated into subsets of infrastructure. @0xacb reported it was possible to gain root access to any container in one particular subset by exploiting a server side request forgery bug in the screenshotting functionality of Shopify Exchange. Within an hour of receiving the report, we disabled the vulnerable service, began auditing applications in all subsets and...

The Node.js Bug Bounty Program enlists the help of the hacker community at HackerOne to make Node.js more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited.

This security page documents any known process for reporting a security vulnerability to Google Play Security Reward Program, often referred to as vulnerability disclosure (ISO 29147), a responsible disclosure policy, or bug bounty program.

The RubyGems Bug Bounty Program enlists the help of the hacker community at HackerOne to make RubyGems more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited.

This issue is a XSS affecting all Shopify stores that can be triggered via `windows.postMessage` from any remote origin. The report demonstrated a clever bypass of the escaping code we had in place to prevent code injection.

The URLs that are used to download the exports can be guessed easily by an attacker. The location of the export file is based on a date, a team ID and a team name: ``` http://s3-us-west-2.amazonaws.com/slack-files2//export//%20Slack%20export%20.zip ``` The information an attacker needs, is the team its name and ID (the date needs to be enumerated). The...

Hi! **Brief** I have discovered a way to issue API calls on behalf of other users. The problem stems from the fact that the API playground at https://developer.vimeo.com/api/playground/me has a very weak CSRF protection. The only thing protecting this resource from CSRF attacks is the demand that the "X-Requested-With: XMLHttpRequest" request header is present on the call. At first...

The Internet Bug Bounty Bug Bounty Program enlists the help of the hacker community at HackerOne to make Internet Bug Bounty more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited.