目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
11
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:nextcloud
File access control rules not enforced on image files
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2018-3762
Low
2018-06-15
Disclosed Version of PORTS SSH|HTTP|SSL
Nextcloud Information Disclosure (CWE-200)
Low
2018-06-14
Banner Grabbing - Apache Server Version Disclousure
Nextcloud Information Disclosure (CWE-200)
Unknown
2018-05-17
Banner Grabbing - Apache Server Version Disclosure
Nextcloud Information Disclosure (CWE-200)
Unknown
2018-05-17
Information Exposure Through Directory Listing
Nextcloud Information Exposure Through Directory Listing (CWE-548)
None
2018-05-17
Possible RCE
Nextcloud Command Injection - Generic (CWE-77)
Unknown
2018-03-08
Email Notification should be get while changing password on apps.nextcloud.com
Nextcloud
Unknown
2018-02-28
Registered users can change app password permissions for any user
Nextcloud Insecure Direct Object Reference (IDOR) (CWE-639)CVE-2017-0936
Low
2018-02-08
WordPress < 4.8.2 vulnerable to multiple attacks
Nextcloud Violation of Secure Design Principles (CWE-657)
Low
2017-09-27
IDOR unsubscribe Anyone from NextClouds Newsletters by knowing their Email
Nextcloud Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2017-09-16
Wordpress Vulnerable to Potential Unauthorized Password Reset
Nextcloud CVE-2017-8295
Low
2017-08-15
https://xmpp.nextcloud.com///;@www.google.com allows open redirect
Nextcloud Open Redirect (CWE-601)
Unknown
2017-08-13
Directory Listing In Subdomain Of nextcloud.com
Nextcloud Information Exposure Through Directory Listing (CWE-548)
Low
2017-07-14
ci.nextcloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2015-5477
High
2017-06-08
DOM XSS vulnerability in search dialogue (NC-SA-2017-007)
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2017-0890
Low
2017-06-07
Stored XSS in Gallery application (NC-SA-2017-010)
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2017-0893
Low
2017-06-06
Share tokens for public calendars disclosed (NC-SA-2017-011)
Nextcloud Information Exposure Through Directory Listing (CWE-548)CVE-2017-0894
Medium
2017-06-06
Missing Rate Limiting protection leading to mass triggering of e-mails
Nextcloud Violation of Secure Design Principles (CWE-657)
Medium
2017-06-05
Dav sharing permissions issue
Nextcloud Privilege Escalation (CAPEC-233)
Medium
2017-05-20
Clickjacking In https://demo.nextcloud.com
Nextcloud UI Redressing (Clickjacking) (CAPEC-103)
Critical
2017-05-20
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895