+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-10-15 (/Thread-HackerOne-Disclosed-Reports-2025-10-15)
HackerOne disclosed reports - 2025-10-15 - hashXploiter - 10-16-2025
resolved
Path Traversal Vulnerability in Nextcloud Tables Enables Arbitrary File Exfiltration of Any Files Supported by PhpSpreadsheet Library
Bug reported by was disclosed at October 16, 2025, 6:52 am | Path Traversal
A path traversal vulnerability was discovered in Nextcloud Tables. This vulnerability allowed the exfiltration of any files supported by the PhpSpreadsheet library.
resolved
OneAgent Unprivileged NTLM User Coercion
Bug reported by RemiEC was disclosed at October 15, 2025, 8:01 am | Improper Privilege Management
resolved
SameSite restrictions are lifted, and SameSite:Strict cookie are being sent.
Bug reported by mingi was disclosed at October 15, 2025, 5:41 am | Improper Certificate Validation
A vulnerability was discovered where SameSite=Strict cookies were being sent during cross-site navigations, even though they should have been restricted under the SameSite policy. This was caused by the absence of the Sec-Fetch-Site: cross-site header, which is normally used to prevent such bypasses and protect against CSRF attacks. The issue was reported to have been observed in Brave browser version 1.80.120 during a window operation.