Private KEY of crypto wallet
👉 https://hackerone.com/reports/1145581
🔹 Severity: Critical
🔹 Reported To: Sifchain
🔹 Reported By: #krynos
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 7, 2021, 4:08pm (UTC)
👉 https://hackerone.com/reports/1145581
🔹 Severity: Critical
🔹 Reported To: Sifchain
🔹 Reported By: #krynos
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 7, 2021, 4:08pm (UTC)
mongodb credentials leaked in github
👉 https://hackerone.com/reports/1183809
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #makuzo
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 4:58pm (UTC)
👉 https://hackerone.com/reports/1183809
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #makuzo
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 4:58pm (UTC)
RSA PRIVATE KEY discloser
👉 https://hackerone.com/reports/1183520
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #ni6h70wl
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 7, 2021, 5:44pm (UTC)
👉 https://hackerone.com/reports/1183520
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #ni6h70wl
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 7, 2021, 5:44pm (UTC)
Private RSA key for Vagrant exposed in GitHub repository
👉 https://hackerone.com/reports/1183502
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sdushantha
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 6:10pm (UTC)
👉 https://hackerone.com/reports/1183502
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sdushantha
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 6:10pm (UTC)
wrong url in hackerone > goes to wix.com > unconnected
👉 https://hackerone.com/reports/1187018
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 6:44pm (UTC)
👉 https://hackerone.com/reports/1187018
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 6:44pm (UTC)
ETHEREUM_PRIVATE_KEY leaked via Open Github Repository
👉 https://hackerone.com/reports/1133670
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #fozisimi
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 7:52pm (UTC)
👉 https://hackerone.com/reports/1133670
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #fozisimi
🔹 State: ⚪️ Informative
🔹 Disclosed: May 7, 2021, 7:52pm (UTC)
Bypassing the External Link Warning
👉 https://hackerone.com/reports/1139520
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #whhackersbr
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 8:14pm (UTC)
👉 https://hackerone.com/reports/1139520
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #whhackersbr
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 8:14pm (UTC)
Subdomain Takeover At the Main Domain Of Your Site
👉 https://hackerone.com/reports/1183296
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Sifchain
🔹 Reported By: #ahmedelmalky
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 8:21pm (UTC)
👉 https://hackerone.com/reports/1183296
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Sifchain
🔹 Reported By: #ahmedelmalky
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 8:21pm (UTC)
A password in plain text in conf file
👉 https://hackerone.com/reports/1188188
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #nouradeen
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 8:33pm (UTC)
👉 https://hackerone.com/reports/1188188
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #nouradeen
🔹 State: 🔴 N/A
🔹 Disclosed: May 7, 2021, 8:33pm (UTC)
redirect_to(["string"]) remote code execution
👉 https://hackerone.com/reports/1106652
🔹 Severity: Low
🔹 Reported To: Ruby on Rails
🔹 Reported By: #gmcgibbon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 11:01pm (UTC)
👉 https://hackerone.com/reports/1106652
🔹 Severity: Low
🔹 Reported To: Ruby on Rails
🔹 Reported By: #gmcgibbon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 7, 2021, 11:01pm (UTC)
Vulnerable for clickjacking attack
👉 https://hackerone.com/reports/1188639
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #akay0783
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 6:41am (UTC)
👉 https://hackerone.com/reports/1188639
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #akay0783
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 6:41am (UTC)
Information disclosure on Sifchain
👉 https://hackerone.com/reports/1188998
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #buggrammers
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 5:07pm (UTC)
👉 https://hackerone.com/reports/1188998
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #buggrammers
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 5:07pm (UTC)
Found key_adress and key_password in GitHub history
👉 https://hackerone.com/reports/1188982
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: ⚪️ Informative
🔹 Disclosed: May 8, 2021, 5:24pm (UTC)
👉 https://hackerone.com/reports/1188982
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: ⚪️ Informative
🔹 Disclosed: May 8, 2021, 5:24pm (UTC)
Graphql introspection is enabled and leaks details about the schema
👉 https://hackerone.com/reports/1132803
🔹 Severity: Low
🔹 Reported To: On
🔹 Reported By: #sahil__soni
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 1:26pm (UTC)
👉 https://hackerone.com/reports/1132803
🔹 Severity: Low
🔹 Reported To: On
🔹 Reported By: #sahil__soni
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 1:26pm (UTC)
Team members can trigger arbitrary code execution in Slack Desktop Apps via HTML Notifications
👉 https://hackerone.com/reports/816156
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #oskarsv
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 3:12pm (UTC)
👉 https://hackerone.com/reports/816156
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #oskarsv
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 3:12pm (UTC)
SHA512 incorrect on most/many releases
👉 https://hackerone.com/reports/1130416
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #ronald_petty
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 8:16pm (UTC)
👉 https://hackerone.com/reports/1130416
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #ronald_petty
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 8:16pm (UTC)
Host Header Injection
👉 https://hackerone.com/reports/1098948
🔹 Severity: Medium
🔹 Reported To: Kartpay
🔹 Reported By: #streetdragon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 6:14am (UTC)
👉 https://hackerone.com/reports/1098948
🔹 Severity: Medium
🔹 Reported To: Kartpay
🔹 Reported By: #streetdragon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 6:14am (UTC)
removed user can still join the organization
👉 https://hackerone.com/reports/976441
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: New Relic
🔹 Reported By: #moon_shadow
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 11:24am (UTC)
👉 https://hackerone.com/reports/976441
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: New Relic
🔹 Reported By: #moon_shadow
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 11:24am (UTC)
PHP-FPM status page disclosure
👉 https://hackerone.com/reports/1157893
🔹 Severity: Low
🔹 Reported To: Algolia
🔹 Reported By: #iamthefrogy
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 3:10pm (UTC)
👉 https://hackerone.com/reports/1157893
🔹 Severity: Low
🔹 Reported To: Algolia
🔹 Reported By: #iamthefrogy
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 3:10pm (UTC)
DMARC and DNS Records not found on mcuboot.com
👉 https://hackerone.com/reports/1186701
🔹 Severity: No Rating
🔹 Reported To: MCUboot
🔹 Reported By: #dk82hg
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 5:26pm (UTC)
👉 https://hackerone.com/reports/1186701
🔹 Severity: No Rating
🔹 Reported To: MCUboot
🔹 Reported By: #dk82hg
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 5:26pm (UTC)
[Portal 2] Remote Code Execution via voice packets
👉 https://hackerone.com/reports/733267
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: Valve
🔹 Reported By: #gamer7112
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 6:18pm (UTC)
👉 https://hackerone.com/reports/733267
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: Valve
🔹 Reported By: #gamer7112
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 6:18pm (UTC)