Information Disclosure on https://rpc.sifchain.finance/
👉 https://hackerone.com/reports/1197035
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #bringing2021
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 15, 2021, 4:04am (UTC)
👉 https://hackerone.com/reports/1197035
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #bringing2021
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 15, 2021, 4:04am (UTC)
Open S3 Bucket | information leakage
👉 https://hackerone.com/reports/1186897
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #b29z
🔹 State: 🔴 N/A
🔹 Disclosed: May 15, 2021, 7:58pm (UTC)
👉 https://hackerone.com/reports/1186897
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #b29z
🔹 State: 🔴 N/A
🔹 Disclosed: May 15, 2021, 7:58pm (UTC)
User enumeration through forget password
👉 https://hackerone.com/reports/1166054
🔹 Severity: High
🔹 Reported To: UPchieve
🔹 Reported By: #mr-zero
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2021, 1:59am (UTC)
👉 https://hackerone.com/reports/1166054
🔹 Severity: High
🔹 Reported To: UPchieve
🔹 Reported By: #mr-zero
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2021, 1:59am (UTC)
Cross site noscripting
👉 https://hackerone.com/reports/1095797
🔹 Severity: High
🔹 Reported To: Informatica
🔹 Reported By: #rawezh_ali
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2021, 1:56pm (UTC)
👉 https://hackerone.com/reports/1095797
🔹 Severity: High
🔹 Reported To: Informatica
🔹 Reported By: #rawezh_ali
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2021, 1:56pm (UTC)
Privilege Escalation via REST API to Administrator leads to RCE
👉 https://hackerone.com/reports/1107282
🔹 Severity: High | 💰 1,125 USD
🔹 Reported To: WordPress
🔹 Reported By: #hoangkien1020
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2021, 4:34pm (UTC)
👉 https://hackerone.com/reports/1107282
🔹 Severity: High | 💰 1,125 USD
🔹 Reported To: WordPress
🔹 Reported By: #hoangkien1020
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2021, 4:34pm (UTC)
CS:GO Server -> Client RCE through OOB access in CSVCMsg_SplitScreen + Info leak in HTTP download
👉 https://hackerone.com/reports/1070835
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Valve
🔹 Reported By: #simonscannell
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2021, 10:01pm (UTC)
👉 https://hackerone.com/reports/1070835
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Valve
🔹 Reported By: #simonscannell
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2021, 10:01pm (UTC)
Japan - CSRF in webapp.starbucks.co.jp with user interaction could leak an access token if the user was not using Chrome
👉 https://hackerone.com/reports/1113559
🔹 Severity: High | 💰 1,050 USD
🔹 Reported To: Starbucks
🔹 Reported By: #elber
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 3:08am (UTC)
👉 https://hackerone.com/reports/1113559
🔹 Severity: High | 💰 1,050 USD
🔹 Reported To: Starbucks
🔹 Reported By: #elber
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 3:08am (UTC)
Authenticated XXE
👉 https://hackerone.com/reports/1095645
🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: WordPress
🔹 Reported By: #sonarsource
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 1:52pm (UTC)
👉 https://hackerone.com/reports/1095645
🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: WordPress
🔹 Reported By: #sonarsource
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 1:52pm (UTC)
Previously created sessions continue being valid after MFA activation
👉 https://hackerone.com/reports/1185479
🔹 Severity: Medium
🔹 Reported To: CS Money
🔹 Reported By: #gatolouco
🔹 State: ⚪️ Informative
🔹 Disclosed: May 18, 2021, 4:04pm (UTC)
👉 https://hackerone.com/reports/1185479
🔹 Severity: Medium
🔹 Reported To: CS Money
🔹 Reported By: #gatolouco
🔹 State: ⚪️ Informative
🔹 Disclosed: May 18, 2021, 4:04pm (UTC)
Bypass t.co link shortener in Twitter direct messages
👉 https://hackerone.com/reports/1148548
🔹 Severity: Low | 💰 560 USD
🔹 Reported To: Twitter
🔹 Reported By: #iambouali
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 4:19pm (UTC)
👉 https://hackerone.com/reports/1148548
🔹 Severity: Low | 💰 560 USD
🔹 Reported To: Twitter
🔹 Reported By: #iambouali
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 4:19pm (UTC)
No Valid SPF Records/don't have DMARC record
👉 https://hackerone.com/reports/1198439
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #shoaib_18
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 6:49pm (UTC)
👉 https://hackerone.com/reports/1198439
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #shoaib_18
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 6:49pm (UTC)
Pre-Auth Blind NoSQL Injection leading to Remote Code Execution
👉 https://hackerone.com/reports/1130721
🔹 Severity: Critical
🔹 Reported To: Rocket.Chat
🔹 Reported By: #sonarsource
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 8:36pm (UTC)
👉 https://hackerone.com/reports/1130721
🔹 Severity: Critical
🔹 Reported To: Rocket.Chat
🔹 Reported By: #sonarsource
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 8:36pm (UTC)
Improper Access Control on Lark Footer Feature
👉 https://hackerone.com/reports/1169340
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 9:42pm (UTC)
👉 https://hackerone.com/reports/1169340
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 9:42pm (UTC)
Account takeover just through csrf in https://booking.qiwi.kz/profile
👉 https://hackerone.com/reports/1066189
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #sniper302
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2021, 1:53pm (UTC)
👉 https://hackerone.com/reports/1066189
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #sniper302
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2021, 1:53pm (UTC)
Weak password policy leading to exposure of administrator account access
👉 https://hackerone.com/reports/1168104
🔹 Severity: Critical
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #rajeshpatil
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2021, 2:45pm (UTC)
👉 https://hackerone.com/reports/1168104
🔹 Severity: Critical
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #rajeshpatil
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2021, 2:45pm (UTC)
Several domains on kaspersky.com are vulnerable to Web Cache Deception attack
👉 https://hackerone.com/reports/1185028
🔹 Severity: Medium
🔹 Reported To: Kaspersky
🔹 Reported By: #golim
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2021, 4:20pm (UTC)
👉 https://hackerone.com/reports/1185028
🔹 Severity: Medium
🔹 Reported To: Kaspersky
🔹 Reported By: #golim
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2021, 4:20pm (UTC)
[Java] CWE-094: Rhino code injection
👉 https://hackerone.com/reports/1204660
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:14pm (UTC)
👉 https://hackerone.com/reports/1204660
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:14pm (UTC)
[Java] CWE-094: Jython code injection
👉 https://hackerone.com/reports/1204659
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:14pm (UTC)
👉 https://hackerone.com/reports/1204659
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:14pm (UTC)
[Java]: CWE-601 Spring url redirection detect
👉 https://hackerone.com/reports/1204658
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:14pm (UTC)
👉 https://hackerone.com/reports/1204658
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:14pm (UTC)
[Java] CWE-078: Add JSch lib OS Command Injection sink
👉 https://hackerone.com/reports/1196125
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #p0wn4j
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:15pm (UTC)
👉 https://hackerone.com/reports/1196125
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #p0wn4j
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:15pm (UTC)
[Python] CWE-400: Regular Expression Injection
👉 https://hackerone.com/reports/1196124
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:15pm (UTC)
👉 https://hackerone.com/reports/1196124
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:15pm (UTC)