Vulnerabilities tagged "bounty"

The gist here is that One-Time-Password brute-force prevention was based on IPs, so using IP rotation could get around that.

Reddit had an issue in associating transactions and order information.If you initiated a coin purchase for say $1.99, the order will be created and the order ID can be obtained...

Only the phone number parameter was being validated.So an attacker could maliciously modify the country code...

Had a JWT, and noticed functionality to invite a user to a group and then change their privileges, these privileges were reflected in the JWT scopes.Though modification of this edit user request additional scopes that were not displayed could be added, such as the `company:operations` and `company:support` scopes...

Root cause here is an XSS in the "My Flow" feature resulting in client-side code execution.

Three more OAuth flow vulnerabilities

These are five issues that enabled file writes outside of the expected directory when NPM was unpacking an archive using the `node-tar` library.

Three bugs relating to insecurely configured CloudKit containers, the big one being the accidental deletion of all Apple Shortcuts, but also the ability to delete records on Apple News, and modify data used on the iCrowd+ website.

There are four vulnerabilities in Azure's Open Management Infrastructure (OMI), one allowing an unauthenticated attacker on the internet to execute code as root, the other three allowing local users of any level to execute code as root.

This is effectively a replay attack.Join a channel you can comment in, place a comment and capture that POST request...