Hacking, AppSec, and Bug Bounty newsletter
2017-10-19 | Catalonian cyberwar, HR 2180, and Browser security beyond sandboxing
Thursday, October 19
smartlist_add, smartlist_insert (may) cause heap corruption as a result of inadequate checks in smartlist_ensure_capacity [4 upvotes] - $500 bounty for this report to Tor by @guido.
OAuth 2 Authorization Bypass via CSRF and Cross Site Flashing [15 upvotes] - $1,000 bounty for this report to Vimeo by @opnsec.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
HR 2180 includes language for a first ever “cyber warfare policy”
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
"oh, you 3D-printed the 'Save' Icon."