TAMS registration details API for admins open at https://tamsapi.gsa.gov/user/tams/api/usermgmnt/pendingUserDetails/
👉 https://hackerone.com/reports/1061292
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #skarsom
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 4:45am (UTC)
👉 https://hackerone.com/reports/1061292
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #skarsom
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 4:45am (UTC)
Disavowing an account doesn't disable it
👉 https://hackerone.com/reports/1165015
🔹 Severity: Low
🔹 Reported To: Liberapay
🔹 Reported By: #raven_in_matrix
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 7:43am (UTC)
👉 https://hackerone.com/reports/1165015
🔹 Severity: Low
🔹 Reported To: Liberapay
🔹 Reported By: #raven_in_matrix
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 7:43am (UTC)
Code Injection Bug Report
👉 https://hackerone.com/reports/745921
🔹 Severity: No Rating
🔹 Reported To: Ruby
🔹 Reported By: #geeknik
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 11:50am (UTC)
👉 https://hackerone.com/reports/745921
🔹 Severity: No Rating
🔹 Reported To: Ruby
🔹 Reported By: #geeknik
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 11:50am (UTC)
Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation
👉 https://hackerone.com/reports/1186985
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #spyata
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 3:52pm (UTC)
👉 https://hackerone.com/reports/1186985
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #spyata
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 3:52pm (UTC)
Exposed Openapi Token
👉 https://hackerone.com/reports/1132690
🔹 Severity: Critical
🔹 Reported To: Sifchain
🔹 Reported By: #johnjhacking
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 4:00pm (UTC)
👉 https://hackerone.com/reports/1132690
🔹 Severity: Critical
🔹 Reported To: Sifchain
🔹 Reported By: #johnjhacking
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 4:00pm (UTC)
ETHEREUM_PRIVATE_KEY leaked
👉 https://hackerone.com/reports/1183269
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #dexter34
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 4:04pm (UTC)
👉 https://hackerone.com/reports/1183269
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #dexter34
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 4:04pm (UTC)
Private KEY of crypto wallet
👉 https://hackerone.com/reports/1145581
🔹 Severity: Critical
🔹 Reported To: Sifchain
🔹 Reported By: #krynos
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 7, 2021, 4:08pm (UTC)
👉 https://hackerone.com/reports/1145581
🔹 Severity: Critical
🔹 Reported To: Sifchain
🔹 Reported By: #krynos
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 7, 2021, 4:08pm (UTC)
mongodb credentials leaked in github
👉 https://hackerone.com/reports/1183809
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #makuzo
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 4:58pm (UTC)
👉 https://hackerone.com/reports/1183809
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #makuzo
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 4:58pm (UTC)
RSA PRIVATE KEY discloser
👉 https://hackerone.com/reports/1183520
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #ni6h70wl
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 7, 2021, 5:44pm (UTC)
👉 https://hackerone.com/reports/1183520
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #ni6h70wl
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 7, 2021, 5:44pm (UTC)
Private RSA key for Vagrant exposed in GitHub repository
👉 https://hackerone.com/reports/1183502
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sdushantha
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 6:10pm (UTC)
👉 https://hackerone.com/reports/1183502
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sdushantha
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 6:10pm (UTC)
wrong url in hackerone > goes to wix.com > unconnected
👉 https://hackerone.com/reports/1187018
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 6:44pm (UTC)
👉 https://hackerone.com/reports/1187018
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 6:44pm (UTC)
ETHEREUM_PRIVATE_KEY leaked via Open Github Repository
👉 https://hackerone.com/reports/1133670
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #fozisimi
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 7:52pm (UTC)
👉 https://hackerone.com/reports/1133670
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #fozisimi
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 7:52pm (UTC)
Bypassing the External Link Warning
👉 https://hackerone.com/reports/1139520
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #whhackersbr
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 8:14pm (UTC)
👉 https://hackerone.com/reports/1139520
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #whhackersbr
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 8:14pm (UTC)
Subdomain Takeover At the Main Domain Of Your Site
👉 https://hackerone.com/reports/1183296
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Sifchain
🔹 Reported By: #ahmedelmalky
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 8:21pm (UTC)
👉 https://hackerone.com/reports/1183296
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Sifchain
🔹 Reported By: #ahmedelmalky
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 8:21pm (UTC)
A password in plain text in conf file
👉 https://hackerone.com/reports/1188188
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #nouradeen
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 8:33pm (UTC)
👉 https://hackerone.com/reports/1188188
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #nouradeen
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 8:33pm (UTC)
redirect_to(["string"]) remote code execution
👉 https://hackerone.com/reports/1106652
🔹 Severity: Low
🔹 Reported To: Ruby on Rails
🔹 Reported By: #gmcgibbon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 11:01pm (UTC)
👉 https://hackerone.com/reports/1106652
🔹 Severity: Low
🔹 Reported To: Ruby on Rails
🔹 Reported By: #gmcgibbon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 11:01pm (UTC)
Vulnerable for clickjacking attack
👉 https://hackerone.com/reports/1188639
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #akay0783
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 6:41am (UTC)
👉 https://hackerone.com/reports/1188639
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #akay0783
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 6:41am (UTC)
Information disclosure on Sifchain
👉 https://hackerone.com/reports/1188998
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #buggrammers
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 5:07pm (UTC)
👉 https://hackerone.com/reports/1188998
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #buggrammers
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 5:07pm (UTC)
Found key_adress and key_password in GitHub history
👉 https://hackerone.com/reports/1188982
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: ⚪️ Informative
🔹 Disclosed: May 8, 2021, 5:24pm (UTC)
👉 https://hackerone.com/reports/1188982
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: ⚪️ Informative
🔹 Disclosed: May 8, 2021, 5:24pm (UTC)
Graphql introspection is enabled and leaks details about the schema
👉 https://hackerone.com/reports/1132803
🔹 Severity: Low
🔹 Reported To: On
🔹 Reported By: #sahil__soni
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 1:26pm (UTC)
👉 https://hackerone.com/reports/1132803
🔹 Severity: Low
🔹 Reported To: On
🔹 Reported By: #sahil__soni
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 1:26pm (UTC)
Team members can trigger arbitrary code execution in Slack Desktop Apps via HTML Notifications
👉 https://hackerone.com/reports/816156
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #oskarsv
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 3:12pm (UTC)
👉 https://hackerone.com/reports/816156
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #oskarsv
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 3:12pm (UTC)