目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
14
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:basecamp
Subdomain Takeover due to ████████ NS records at us-east4.37signals.com
Basecamp Information Disclosure (CWE-200)
Medium
2021-09-17
HTTP Request Smuggling via HTTP/2
Basecamp HTTP Request Smuggling (CWE-444)
Critical
2021-08-27
Domain Takeover [3737signals.com]
Basecamp Phishing (CAPEC-98)
Low
2021-08-13
Login session not expire
Basecamp Insufficient Session Expiration (CWE-613)
Low
2021-08-10
Insecure Bundler configuration fetching internal Gems (okra) from Rubygems.org
Basecamp Command Injection - Generic (CWE-77)
High
2021-08-10
Password reset link not expiring after changing password in settings
Basecamp Improper Authentication - Generic (CWE-287)
Low
2021-08-10
Information Disclosure .htaccess accesible for public
Basecamp
Low
2021-07-18
Error Page Content Spoofing or Text Injection
Basecamp Violation of Secure Design Principles (CWE-657)
Low
2021-07-14
Lack of quarantine macOS attribute(com.apple.quarantine) leads multiple issues including RCE
Basecamp
Medium
2021-04-22
User can upload files even after closing his account
Basecamp Improper Authentication - Generic (CWE-287)
Unknown
2021-03-29
DNS Setup allows sending mail on behalf of other customers
Basecamp Violation of Secure Design Principles (CWE-657)
Medium
2021-02-21
Bypass Tracking Blocker Protection Using Slashes Without Protocol On The Image Source.
Basecamp
Medium
2020-12-17
Information Disclosure of Garbage Collection Cycle 'Again'
Basecamp Information Disclosure (CWE-200)
Low
2020-12-16
Premium Email Address Check Bypass - Hey
Basecamp Business Logic Errors (CWE-840)
Medium
2020-12-15
SSL expired subdomain leads to API swap with main and flagged cookies. Unable to log device ids and certain session tokens.
Basecamp Improper Restriction of Authentication Attempts (CWE-307)
Medium
2020-12-03
Bypass of image rewriting / tracking blocker via srcset
Basecamp Information Disclosure (CWE-200)
Medium
2020-12-03
Remote code execution on Basecamp.com
Basecamp Command Injection - Generic (CWE-77)CVE-2017-8291
Critical
2020-11-26
Attachments may be hijacked via AppCache+CookieBombing trick (bc3_production_blobs bucket)
Basecamp Business Logic Errors (CWE-840)
High
2020-11-26
Remote Code Execution in Basecamp Windows Electron App
Basecamp Code Injection (CWE-94)
High
2020-11-19
a very long name in hey.com can prevent anyone from accessing their contacts and probably can cause denial of service
Basecamp Uncontrolled Resource Consumption (CWE-400)
High
2020-11-10
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895