Skip to content

Latest commit

 

History

History
73 lines (72 loc) · 9.78 KB

TOPVALVE.md

File metadata and controls

73 lines (72 loc) · 9.78 KB
Raw

Top reports from Valve program at HackerOne:

  1. RCE on Steam Client via buffer overflow in Server Info to Valve - 1251 upvotes, $18000
  2. Getting all the CD keys of any game to Valve - 598 upvotes, $20000
  3. XSS in steam react chat client to Valve - 448 upvotes, $7500
  4. Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message to Valve - 406 upvotes, $9000
  5. Modify in-flight data to payment provider Smart2Pay to Valve - 374 upvotes, $7500
  6. SQL Injection in report_xml.php through countryFilter[] parameter to Valve - 344 upvotes, $25000
  7. Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection to Valve - 317 upvotes, $2000
  8. Malformed NAV file leads to buffer overflow and code execution in Left4Dead2.exe to Valve - 261 upvotes, $10000
  9. Unchecked weapon id in WeaponList message parser on client leads to RCE to Valve - 224 upvotes, $3000
  10. OOB reads in network message handlers leads to RCE to Valve - 203 upvotes, $7500
  11. RCE on CS:GO client using unsanitized entity ID in EntityMsg message to Valve - 197 upvotes, $9000
  12. Buffer overrun in Steam SILK voice decoder to Valve - 177 upvotes, $7500
  13. [Portal 2] Remote Code Execution via voice packets to Valve - 165 upvotes, $5000
  14. [Half-Life 1] Malformed map name leads to memory corruption and code execution to Valve - 162 upvotes, $1500
  15. Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution to Valve - 149 upvotes, $12500
  16. ISteamAssets gives partners control over unrelated community market transactions to Valve - 105 upvotes, $5000
  17. MySQL username and password leaked in developer.valvesoftware.com via source code dislosure to Valve - 105 upvotes, $1000
  18. Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games to Valve - 104 upvotes, $7500
  19. [help.steampowered.com] Account takeover bruteforcing SteamGuard to Valve - 104 upvotes, $2500
  20. Malformed save files (.sav) allow to write files with arbitrary extensions and content in GoldSrc-based games. to Valve - 99 upvotes, $1500
  21. Malformed .MDL triggers an Access Violation on GoldSRC (hl.exe) to Valve - 89 upvotes, $2000
  22. ImageMagick GIF coder vulnerability leading to memory disclosure to Valve - 85 upvotes, $1000
  23. Access to microtransaction sales data for lots of apps from 2014 to present at /valvefinance/sanity/ to Valve - 80 upvotes, $9000
  24. [steam client] Opening a specific steam:// url overwrites files at an arbitrary location to Valve - 78 upvotes, $750
  25. Arbitrary File Write as SYSTEM from unprivileged user to Valve - 70 upvotes, $1250
  26. Malformed playlist.txt in GoldSrc games leads to Access Violation & arbitrary code execution to Valve - 62 upvotes, $1000
  27. CS:GO Server -> Client RCE through OOB access in CSVCMsg_SplitScreen + Info leak in HTTP download to Valve - 60 upvotes, $7500
  28. [Source Engine] Material path truncation leads to Remote Code Execution to Valve - 56 upvotes, $2500
  29. Steam chat - trade offer presentation vulnerability to Valve - 56 upvotes, $750
  30. Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser to Valve - 54 upvotes, $1150
  31. Big Picture web browser leaks login cookies and discloses sensitive information (may lead to account takeover) to Valve - 52 upvotes, $2500
  32. Link filter protection bypass to Valve - 50 upvotes, $750
  33. [CS:GO] Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution to Valve - 46 upvotes, $2500
  34. Arbitrary file creation with semi-controlled content (leads to DoS, EoP and others) at Steam Windows Client to Valve - 41 upvotes, $1250
  35. Stored XXS @ https://steamcommunity.com/search/users/#text= via Profile Name to Valve - 36 upvotes, $750
  36. Stored XSS in the guide's GameplayVersion (www.dota2.com) to Valve - 34 upvotes, $750
  37. Signedness issue in ClassInfo message handler leads to RCE on CS:GO client to Valve - 33 upvotes, $7500
  38. Buffer overflows in demo parsing to Valve - 33 upvotes, $750
  39. Hidden scheduled partner events are propagated to Steam clients in CMsgClientClanState to Valve - 31 upvotes, $750
  40. Xss was found by exploiting the URL markdown on http://store.steampowered.com to Valve - 30 upvotes, $1000
  41. Malformed Skybox .TGA in Half-Life (GoldSRC) leads to Access Violation to Valve - 30 upvotes, $1000
  42. Reflected XSS in www.dota2.com to Valve - 28 upvotes, $350
  43. Malformed map detailed texture files in GoldSrc games lead to Remote Code Execution to Valve - 28 upvotes, $350
  44. LFI in pChart php library to Valve - 27 upvotes, $1000
  45. GoldSrc: Buffer Overflow in DELTA_ParseDelta function leads to RCE to Valve - 25 upvotes, $3000
  46. code injection, steam chat client to Valve - 25 upvotes, $750
  47. [GoldSrc] RCE via malformed BSP file to Valve - 24 upvotes, $450
  48. unlock self-lock by brute force to Valve - 23 upvotes, $900
  49. Read Access to all comments on unauthorized forums' discussions! IDOR! to Valve - 23 upvotes, $500
  50. Deleting other people's comments on ModeratorMessages to Valve - 23 upvotes, $500
  51. [GoldSrc] RCE via 'spk' Console Command to Valve - 23 upvotes, $350
  52. GetReports works for hubs you don't have access to to Valve - 22 upvotes, $750
  53. Malformed BSP in GoldSrc Engine may cause shellcode injection to Valve - 21 upvotes, $1750
  54. GetGlobalAchievementPercentagesForApp is missing the same release checks as GetSchemaForGame to Valve - 21 upvotes, $1650
  55. Unauthorized updates to extended_info properties in /store/ajaxpackagesave to Valve - 20 upvotes, $2500
  56. [CS 1.6] Map cycle abuse allows arbitrary file read/write to Valve - 20 upvotes, $750
  57. Suspended users can bypass UGC upload ban to Valve - 19 upvotes, $500
  58. Privilege Escalation vulnerability in steam's Remote Play feature leads to arbitrary kernel-mode driver installation to Valve - 17 upvotes, $750
  59. resetreportedcount & updatetags doesn't verify appid param to Valve - 16 upvotes, $750
  60. Potential buffer overflow in demoplayer module of GoldSource Engine to Valve - 16 upvotes, $200
  61. Aapp name leakage on economy history page to Valve - 15 upvotes, $500
  62. Malformed .WAV triggers an Access Violation on GoldSRC (hl.exe) to Valve - 14 upvotes, $200
  63. Reflected XSS on help.steampowered.com to Valve - 13 upvotes, $750
  64. ajaxgetachievementsforgame is not guarded for unreleased apps to Valve - 13 upvotes, $750
  65. Comment restriction in subsection "Workshop" of domain "steamcommunity.com" can be bypassed using IDOR to Valve - 13 upvotes, $200
  66. XSS @ store.steampowered.com via agecheck path name to Valve - 12 upvotes, $750
  67. Add apps to packages 0, 61, 62 with /store/ajaxpackagemerge to Valve - 11 upvotes, $2500
  68. Vulnerability in GoldSource Engine allows to upload and run an arbitrary DLL on client to Valve - 11 upvotes, $1000
  69. Unfiltered input allows for XSS in "Playtime Item Grants" fields to Valve - 11 upvotes, $750
  70. [GoldSrc] Remote Code Execution using malicious WAD list in BSP file to Valve - 11 upvotes, $750
  71. CSRF | Ban or unban users in broadcast's chat to Valve - 9 upvotes, $500