Vulnerable for clickjacking attack
👉 https://hackerone.com/reports/1188639
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #akay0783
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 6:41am (UTC)
👉 https://hackerone.com/reports/1188639
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #akay0783
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 6:41am (UTC)
Information disclosure on Sifchain
👉 https://hackerone.com/reports/1188998
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #buggrammers
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 5:07pm (UTC)
👉 https://hackerone.com/reports/1188998
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #buggrammers
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 8, 2021, 5:07pm (UTC)
Found key_adress and key_password in GitHub history
👉 https://hackerone.com/reports/1188982
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: ⚪️ Informative
🔹 Disclosed: May 8, 2021, 5:24pm (UTC)
👉 https://hackerone.com/reports/1188982
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #mhohlfeld
🔹 State: ⚪️ Informative
🔹 Disclosed: May 8, 2021, 5:24pm (UTC)
Graphql introspection is enabled and leaks details about the schema
👉 https://hackerone.com/reports/1132803
🔹 Severity: Low
🔹 Reported To: On
🔹 Reported By: #sahil__soni
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 1:26pm (UTC)
👉 https://hackerone.com/reports/1132803
🔹 Severity: Low
🔹 Reported To: On
🔹 Reported By: #sahil__soni
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 1:26pm (UTC)
Team members can trigger arbitrary code execution in Slack Desktop Apps via HTML Notifications
👉 https://hackerone.com/reports/816156
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #oskarsv
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 3:12pm (UTC)
👉 https://hackerone.com/reports/816156
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #oskarsv
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 3:12pm (UTC)
SHA512 incorrect on most/many releases
👉 https://hackerone.com/reports/1130416
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #ronald_petty
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 8:16pm (UTC)
👉 https://hackerone.com/reports/1130416
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #ronald_petty
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2021, 8:16pm (UTC)
Host Header Injection
👉 https://hackerone.com/reports/1098948
🔹 Severity: Medium
🔹 Reported To: Kartpay
🔹 Reported By: #streetdragon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 6:14am (UTC)
👉 https://hackerone.com/reports/1098948
🔹 Severity: Medium
🔹 Reported To: Kartpay
🔹 Reported By: #streetdragon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 6:14am (UTC)
removed user can still join the organization
👉 https://hackerone.com/reports/976441
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: New Relic
🔹 Reported By: #moon_shadow
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 11:24am (UTC)
👉 https://hackerone.com/reports/976441
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: New Relic
🔹 Reported By: #moon_shadow
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 11:24am (UTC)
PHP-FPM status page disclosure
👉 https://hackerone.com/reports/1157893
🔹 Severity: Low
🔹 Reported To: Algolia
🔹 Reported By: #iamthefrogy
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 3:10pm (UTC)
👉 https://hackerone.com/reports/1157893
🔹 Severity: Low
🔹 Reported To: Algolia
🔹 Reported By: #iamthefrogy
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 3:10pm (UTC)
DMARC and DNS Records not found on mcuboot.com
👉 https://hackerone.com/reports/1186701
🔹 Severity: No Rating
🔹 Reported To: MCUboot
🔹 Reported By: #dk82hg
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 5:26pm (UTC)
👉 https://hackerone.com/reports/1186701
🔹 Severity: No Rating
🔹 Reported To: MCUboot
🔹 Reported By: #dk82hg
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 5:26pm (UTC)
[Portal 2] Remote Code Execution via voice packets
👉 https://hackerone.com/reports/733267
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: Valve
🔹 Reported By: #gamer7112
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 6:18pm (UTC)
👉 https://hackerone.com/reports/733267
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: Valve
🔹 Reported By: #gamer7112
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2021, 6:18pm (UTC)
Clickjacking Vulnerability in sifchain.finance
👉 https://hackerone.com/reports/1185949
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #lemon_in-the_spoon
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 11, 2021, 3:10am (UTC)
👉 https://hackerone.com/reports/1185949
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #lemon_in-the_spoon
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 11, 2021, 3:10am (UTC)
Default Nextcloud allows http federated shares
👉 https://hackerone.com/reports/1183302
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: May 11, 2021, 11:38am (UTC)
👉 https://hackerone.com/reports/1183302
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: May 11, 2021, 11:38am (UTC)
Email Spoofing on sifchain.finance
👉 https://hackerone.com/reports/1191209
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #ibrahimauwal1
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 11, 2021, 2:23pm (UTC)
👉 https://hackerone.com/reports/1191209
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #ibrahimauwal1
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 11, 2021, 2:23pm (UTC)
Members Personal Information Leak Due to IDOR
👉 https://hackerone.com/reports/847185
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #r00tpgp
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:13pm (UTC)
👉 https://hackerone.com/reports/847185
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #r00tpgp
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:13pm (UTC)
DOM Based XSS on https://████ via backURL param
👉 https://hackerone.com/reports/1159255
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:15pm (UTC)
👉 https://hackerone.com/reports/1159255
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:15pm (UTC)
Path Traversal - [ CVE-2020-3452 ]
👉 https://hackerone.com/reports/1137321
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #khun_myat
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:16pm (UTC)
👉 https://hackerone.com/reports/1137321
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #khun_myat
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:16pm (UTC)
https://████ is vulnerable to cve-2020-3452
👉 https://hackerone.com/reports/998925
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #moon_shadow
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:18pm (UTC)
👉 https://hackerone.com/reports/998925
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #moon_shadow
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:18pm (UTC)
XSS via X-Forwarded-Host header
👉 https://hackerone.com/reports/882220
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #geeknik
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:19pm (UTC)
👉 https://hackerone.com/reports/882220
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #geeknik
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:19pm (UTC)
███ on https://████ enable ███ scraping, injection, stored XSS
👉 https://hackerone.com/reports/1048571
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #skarsom
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:25pm (UTC)
👉 https://hackerone.com/reports/1048571
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #skarsom
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:25pm (UTC)
Moodle XSS on evolve.glovoapp.com
👉 https://hackerone.com/reports/1165540
🔹 Severity: Medium
🔹 Reported To: Glovo
🔹 Reported By: #sn3akysnak3
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2021, 7:41am (UTC)
👉 https://hackerone.com/reports/1165540
🔹 Severity: Medium
🔹 Reported To: Glovo
🔹 Reported By: #sn3akysnak3
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2021, 7:41am (UTC)