Vulnerabilities tagged "bounty"

[Nextcloud] Bypass the protection lock in andoid app

Simple bypass of the (optional) password lock screen by force-killing the application a few times.The exact cause of this is unclear, I have seen something previously where it was a "feature" because the developers thought it was crashing on that point so disabled it to let the user continue to use the application...

[Stripe] CSRF token validation system is disabled

The title says it all, CSRF protection was disabled for a period of time on Stripe's Dashboard.As the most sensitive actions required reentering the user's password or solving a captcha the damage was limited but you could still change various account settings...

[GitLab] Arbitrary file read via the bulk imports UploadsPipeline

The bulk import API when importing a group would, if the group had any uploads, download the `uploads.tar.gz` and extract it including any symlinks. When the extracted files are later listed, viewing any of the symlinked files will result in the symlink being followed and arbitrary files being read from outside the upload directory.