[Video] Proof of Concept: CVE-2018-2894 Oracle WebLogic RCE
A recent vulnerability was sent in to Crowdsource affecting Oracle WebLogic Server. The vulnerability is an unauthenticated remote code execution (RCE) that is easily exploited.…
Category: Mix
Vulnerability Disclosure is Now Mandatory for Federal Agencies – Here’s How to Make it Happen
Federal agencies exist to protect and support the nation and its citizens. Despite their elaborate processes to reduce cyber risk, many American agencies lack modern…
Detectify security updates for 15 November
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from…
H1-2010 FAQ’s | HackerOne
Important Links: RegistrationThe Paranoids Event OverviewThe Paranoids Event Insights Contact h1-2010@hackerone.com for any questions! We are so excited to have you participate in h1-2010! Live Hacking Events…
Detectify security updates for 29 November
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from…
Introducing the 4th Annual Hacker-Powered Security Report
This is a time of unprecedented challenges. We face never-before- seen threats in the digital and physical worlds. If this past year has taught us…
A security overview of Content Management Systems
Any developer would probably agree Content Management Systems (CMS) make it easier for web development teams and marketing to work together. However CMS assets like blog.company.com…
AT&T Celebrates $1 Million Awarded to Hackers in One Year
AT&T Communications recently celebrated its first anniversary on HackerOne, passing $1 million in payouts to more than 850 researchers worldwide. The HackerOne program is a…
[PoC Video] jQuery-File-Upload: A tale of three vulnerabilities
TL;DR Three vulnerabilities in the second most starred Javascript repository on Github which two of them are remote code execution and the third makes it…
HackerOne Integrates with ServiceNow to Streamline Vulnerability Lifecycle Management
We’re excited to announce our integration with ServiceNow Incident Management. This integration allows customers to escalate vulnerability reports with ServiceNow incidents and synchronize any updates…
Detectify security updates for 13 December
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from…
Bug Bytes #198 – Hackers go to RSA/BSides and CPanel gets pwned
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps…