漏洞赏金情报

数据来源：HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告，按严重程度、漏洞类型或目标项目筛选，关联 CVE 编号。

已披露报告

12,219

关联 CVE

1,854

参与项目数

342

近 7 天新增

7

严重度: All Critical High Medium Low

类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375

项目筛选：owncloud✕

Full Path Disclosure

ownCloud Information Disclosure (CWE-200)CVE-2016-1501

Unknown

2016-01-06

Apache documentation

ownCloud Information Disclosure (CWE-200)

Unknown

2016-01-04

[https://test1.owncloud.com/owncloud6/] Guessable password used for admin user

Unknown

2016-01-02

apps.owncloud.com: Referer protection Bypassed

ownCloud Improper Authentication - Generic (CWE-287)

Unknown

2016-01-02

Apache Range Header Denial of Service Attack (Confirmed PoC)

ownCloud Uncontrolled Resource Consumption (CWE-400)CVE-2011-3192

Unknown

2016-01-01

directory listing in https://demo.owncloud.org/doc/

ownCloud Information Disclosure (CWE-200)

Unknown

2016-01-01

owncloud.com: Content Sniffing not disabled

ownCloud Violation of Secure Design Principles (CWE-657)

Unknown

2015-11-12

RCE in ci.owncloud.com / ci.owncloud.org

ownCloud Code Injection (CWE-94)

Unknown

2015-11-09

apps.owncloud.com: Potential XSS

ownCloud Cross-site Scripting (XSS) - Generic (CWE-79)

Unknown

2015-11-04

apps.owncloud.com: Session Cookie in URL can be captured by hackers

ownCloud Improper Authentication - Generic (CWE-287)

Unknown

2015-10-31

owncloud.com: WP Super Cache plugin is outdated

ownCloud Cross-site Scripting (XSS) - Generic (CWE-79)

Unknown

2015-10-30

owncloud.com: Cross Site Tracing

ownCloud Cross-site Scripting (XSS) - Generic (CWE-79)

Unknown

2015-10-11

owncloud.com: DOM Based XSS

ownCloud Cross-site Scripting (XSS) - Generic (CWE-79)

Unknown

2015-10-11

owncloud.com: PermError SPF Permanent Error: Too many DNS lookups

ownCloud Violation of Secure Design Principles (CWE-657)

Unknown

2015-10-11

owncloud.com: Outdated plugins contains public exploits

ownCloud Violation of Secure Design Principles (CWE-657)

Unknown

2015-10-11

apps.owncloud.com: Mixed Active Scripting Issue

ownCloud Information Disclosure (CWE-200)

Unknown

2015-10-11

apps.owncloud.com: XSS via referrer

ownCloud Cross-site Scripting (XSS) - Generic (CWE-79)

Unknown

2015-10-11

apps.owncloud.com: Stored XSS in profile page

ownCloud Cross-site Scripting (XSS) - Generic (CWE-79)

Unknown

2015-10-11

Webview Vulnerablity [OwnCloudAndroid Application]

ownCloud Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2013-4710

Unknown

2015-10-11

ownCloud Violation of Secure Design Principles (CWE-657)

Unknown

2015-10-11

高频漏洞类型

最活跃项目

项目	报告数	最高赏金
U.S. Dept Of Defense	896	—
Internet Bug Bounty	817	—
HackerOne	609	—
Nextcloud	582	—
Shopify	464	—
curl	439	—
Node.js third-party modules	307	—
GitLab	258	—
X / xAI	250	$2,500
Uber	239	$9,895