Public Phabricator bug reports.

Team Bounty Title
Phabricator - Credential gets exposed
Phabricator - Hyper Link Injection In email and Space Characters Allowed at Password Field.
Phabricator $300 IRC-Bot exposes information
Phabricator - The special code in editor has no Authority control and can lead to Information Disclosure
Phabricator - The mailbox verification API interface is unlimited and can be used as a mailbox bomb
Phabricator - Autoclose can close any task regardless of policies/spaces
Phabricator - An unsafe design practice in the Passphrase may result in Secret being accidentally changed.
Phabricator $750 Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks.
Phabricator $600 Differential "Show Raw File" feature exposes generated files to unauthorised users
Phabricator - Restricted file access when it exists in old versions of task or wiki document
Phabricator - Enumerating emails through "Forgot Password" form
Phabricator $300 User with only Viewing Privilege can send message to Room
Phabricator $300 Fetching binaries (for software installation) over HTTP without verification (RCE as ROOT by MITM)
Phabricator - link reset problem
Phabricator - Error page Text Injection.
Phabricator $600 HTML in Diffusion not escaped in certain circumstances
Phabricator - Full path disclosure
Phabricator - No authentication required to add an email address.
Phabricator $300 Passphrase credential lock bypass
Phabricator $300 Extended policy checks are buggy
Phabricator - libphutil: removing bytes from a PhutilRope does not work as intended
Phabricator $300 Information leakage through Graphviz blocks
Phabricator $450 Multiple so called 'type juggling' attacks. Most notably PhabricatorUser::validateCSRFToken() is 'bypassable' in certain cases.
Phabricator - Dashboard panel embedded onto itself causes a denial of service
Phabricator $300 SSRF vulnerability (access to metadata server on EC2 and OpenStack)
Phabricator $300 XSS with Time-of-Day Format
Phabricator - Server Side Request Forgery in macro creation
Phabricator $500 Phabricator Phame Blog Skins Local File Inclusion
Phabricator $300 Phabricator Diffusion application allows unauthorized users to delete mirrors
Phabricator - Content injection
Phabricator - Content Spoofing through URL
Phabricator - Content spoofing
Phabricator - Password Policy issue
Phabricator $400 Open redirection on
Phabricator $300 Forgot Password Issue
Phabricator - Password Reset Links Not Expiring
Phabricator - Back - Refresh - Attack To Obtain User Credentials
Phabricator $1,000 XSS in editor by any user
Phabricator $300 Broken Authentication and Session Management
Phabricator $300 Abusing daemon logs for Privilege escalation under certain scenarios
Phabricator $600 Abusing VCS control on phabricator
Phabricator $300 Persistent XSS: Editor link
Phabricator $400 OAuth Stealing Attack (New)
Phabricator $300 Control character allowed in username
Phabricator $450 OAuth access_token stealing in Phabricator
Phabricator $300 UnAuthorized Editorial Publishing to Blogs
Phabricator - CSRF token valid even after the session logout of a particular user
Phabricator $500 Bypass (2)
Phabricator $300 Login CSRF using Twitter OAuth
Phabricator $1,000 Bypass
Phabricator $300 Improperly implemented password recovery link functionality
Phabricator $300 Log in a user to another account