Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation
👉 https://hackerone.com/reports/1186985
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #spyata
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 3:52pm (UTC)
👉 https://hackerone.com/reports/1186985
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #spyata
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 3:52pm (UTC)
Exposed Openapi Token
👉 https://hackerone.com/reports/1132690
🔹 Severity: Critical
🔹 Reported To: Sifchain
🔹 Reported By: #johnjhacking
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 4:00pm (UTC)
👉 https://hackerone.com/reports/1132690
🔹 Severity: Critical
🔹 Reported To: Sifchain
🔹 Reported By: #johnjhacking
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 4:00pm (UTC)
ETHEREUM_PRIVATE_KEY leaked
👉 https://hackerone.com/reports/1183269
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #dexter34
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 4:04pm (UTC)
👉 https://hackerone.com/reports/1183269
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #dexter34
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 4:04pm (UTC)
Private KEY of crypto wallet
👉 https://hackerone.com/reports/1145581
🔹 Severity: Critical
🔹 Reported To: Sifchain
🔹 Reported By: #krynos
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 7, 2021, 4:08pm (UTC)
👉 https://hackerone.com/reports/1145581
🔹 Severity: Critical
🔹 Reported To: Sifchain
🔹 Reported By: #krynos
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 7, 2021, 4:08pm (UTC)
mongodb credentials leaked in github
👉 https://hackerone.com/reports/1183809
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #makuzo
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 4:58pm (UTC)
👉 https://hackerone.com/reports/1183809
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #makuzo
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 4:58pm (UTC)
RSA PRIVATE KEY discloser
👉 https://hackerone.com/reports/1183520
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #ni6h70wl
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 7, 2021, 5:44pm (UTC)
👉 https://hackerone.com/reports/1183520
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #ni6h70wl
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 7, 2021, 5:44pm (UTC)
Private RSA key for Vagrant exposed in GitHub repository
👉 https://hackerone.com/reports/1183502
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sdushantha
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 6:10pm (UTC)
👉 https://hackerone.com/reports/1183502
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sdushantha
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 6:10pm (UTC)
wrong url in hackerone > goes to wix.com > unconnected
👉 https://hackerone.com/reports/1187018
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 6:44pm (UTC)
👉 https://hackerone.com/reports/1187018
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 6:44pm (UTC)
ETHEREUM_PRIVATE_KEY leaked via Open Github Repository
👉 https://hackerone.com/reports/1133670
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #fozisimi
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 7:52pm (UTC)
👉 https://hackerone.com/reports/1133670
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #fozisimi
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 7:52pm (UTC)
Bypassing the External Link Warning
👉 https://hackerone.com/reports/1139520
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #whhackersbr
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 8:14pm (UTC)
👉 https://hackerone.com/reports/1139520
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #whhackersbr
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 8:14pm (UTC)
Subdomain Takeover At the Main Domain Of Your Site
👉 https://hackerone.com/reports/1183296
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Sifchain
🔹 Reported By: #ahmedelmalky
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 8:21pm (UTC)
👉 https://hackerone.com/reports/1183296
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Sifchain
🔹 Reported By: #ahmedelmalky
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 8:21pm (UTC)
A password in plain text in conf file
👉 https://hackerone.com/reports/1188188
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #nouradeen
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 8:33pm (UTC)
👉 https://hackerone.com/reports/1188188
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #nouradeen
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 8:33pm (UTC)
redirect_to(["string"]) remote code execution
👉 https://hackerone.com/reports/1106652
🔹 Severity: Low
🔹 Reported To: Ruby on Rails
🔹 Reported By: #gmcgibbon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 11:01pm (UTC)
👉 https://hackerone.com/reports/1106652
🔹 Severity: Low
🔹 Reported To: Ruby on Rails
🔹 Reported By: #gmcgibbon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 11:01pm (UTC)
Vulnerable for clickjacking attack
👉 https://hackerone.com/reports/1188639
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #akay0783
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 6:41am (UTC)
👉 https://hackerone.com/reports/1188639
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #akay0783
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 6:41am (UTC)
Information disclosure on Sifchain
👉 https://hackerone.com/reports/1188998
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #buggrammers
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 5:07pm (UTC)
👉 https://hackerone.com/reports/1188998
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #buggrammers
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 5:07pm (UTC)
Found key_adress and key_password in GitHub history
👉 https://hackerone.com/reports/1188982
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: ⚪️ Informative
🔹 Disclosed: May 8, 2021, 5:24pm (UTC)
👉 https://hackerone.com/reports/1188982
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: ⚪️ Informative
🔹 Disclosed: May 8, 2021, 5:24pm (UTC)
Graphql introspection is enabled and leaks details about the schema
👉 https://hackerone.com/reports/1132803
🔹 Severity: Low
🔹 Reported To: On
🔹 Reported By: #sahil__soni
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 1:26pm (UTC)
👉 https://hackerone.com/reports/1132803
🔹 Severity: Low
🔹 Reported To: On
🔹 Reported By: #sahil__soni
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 1:26pm (UTC)
Team members can trigger arbitrary code execution in Slack Desktop Apps via HTML Notifications
👉 https://hackerone.com/reports/816156
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #oskarsv
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 3:12pm (UTC)
👉 https://hackerone.com/reports/816156
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #oskarsv
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 3:12pm (UTC)
SHA512 incorrect on most/many releases
👉 https://hackerone.com/reports/1130416
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #ronald_petty
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 8:16pm (UTC)
👉 https://hackerone.com/reports/1130416
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #ronald_petty
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 8:16pm (UTC)
Host Header Injection
👉 https://hackerone.com/reports/1098948
🔹 Severity: Medium
🔹 Reported To: Kartpay
🔹 Reported By: #streetdragon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 6:14am (UTC)
👉 https://hackerone.com/reports/1098948
🔹 Severity: Medium
🔹 Reported To: Kartpay
🔹 Reported By: #streetdragon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 6:14am (UTC)
removed user can still join the organization
👉 https://hackerone.com/reports/976441
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: New Relic
🔹 Reported By: #moon_shadow
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 11:24am (UTC)
👉 https://hackerone.com/reports/976441
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: New Relic
🔹 Reported By: #moon_shadow
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 11:24am (UTC)