Improper Access Control on Lark Footer Feature
👉 https://hackerone.com/reports/1169340
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 9:42pm (UTC)
👉 https://hackerone.com/reports/1169340
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2021, 9:42pm (UTC)
Account takeover just through csrf in https://booking.qiwi.kz/profile
👉 https://hackerone.com/reports/1066189
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #sniper302
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2021, 1:53pm (UTC)
👉 https://hackerone.com/reports/1066189
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #sniper302
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2021, 1:53pm (UTC)
Weak password policy leading to exposure of administrator account access
👉 https://hackerone.com/reports/1168104
🔹 Severity: Critical
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #rajeshpatil
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2021, 2:45pm (UTC)
👉 https://hackerone.com/reports/1168104
🔹 Severity: Critical
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #rajeshpatil
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2021, 2:45pm (UTC)
Several domains on kaspersky.com are vulnerable to Web Cache Deception attack
👉 https://hackerone.com/reports/1185028
🔹 Severity: Medium
🔹 Reported To: Kaspersky
🔹 Reported By: #golim
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2021, 4:20pm (UTC)
👉 https://hackerone.com/reports/1185028
🔹 Severity: Medium
🔹 Reported To: Kaspersky
🔹 Reported By: #golim
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2021, 4:20pm (UTC)
[Java] CWE-094: Rhino code injection
👉 https://hackerone.com/reports/1204660
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:14pm (UTC)
👉 https://hackerone.com/reports/1204660
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:14pm (UTC)
[Java] CWE-094: Jython code injection
👉 https://hackerone.com/reports/1204659
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:14pm (UTC)
👉 https://hackerone.com/reports/1204659
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:14pm (UTC)
[Java]: CWE-601 Spring url redirection detect
👉 https://hackerone.com/reports/1204658
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:14pm (UTC)
👉 https://hackerone.com/reports/1204658
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:14pm (UTC)
[Java] CWE-078: Add JSch lib OS Command Injection sink
👉 https://hackerone.com/reports/1196125
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #p0wn4j
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:15pm (UTC)
👉 https://hackerone.com/reports/1196125
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #p0wn4j
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:15pm (UTC)
[Python] CWE-400: Regular Expression Injection
👉 https://hackerone.com/reports/1196124
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:15pm (UTC)
👉 https://hackerone.com/reports/1196124
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 4:15pm (UTC)
Kroki Arbitrary File Read/Write
👉 https://hackerone.com/reports/1098793
🔹 Severity: High | 💰 5,600 USD
🔹 Reported To: GitLab
🔹 Reported By: #ledz1996
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 7:56pm (UTC)
👉 https://hackerone.com/reports/1098793
🔹 Severity: High | 💰 5,600 USD
🔹 Reported To: GitLab
🔹 Reported By: #ledz1996
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 7:56pm (UTC)
User Information Disclosure via waitlist.blockfi.com Prefinery Abuse
👉 https://hackerone.com/reports/1135294
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: BlockFi
🔹 Reported By: #tcbutler320
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 10:40pm (UTC)
👉 https://hackerone.com/reports/1135294
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: BlockFi
🔹 Reported By: #tcbutler320
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 10:40pm (UTC)
SSRF на https://qiwi.com с помощью "Prerender HAR Capturer"
👉 https://hackerone.com/reports/1153862
🔹 Severity: Critical | 💰 1,500 USD
🔹 Reported To: QIWI
🔹 Reported By: #myway
🔹 State: 🟢 Resolved
🔹 Disclosed: May 22, 2021, 8:29am (UTC)
👉 https://hackerone.com/reports/1153862
🔹 Severity: Critical | 💰 1,500 USD
🔹 Reported To: QIWI
🔹 Reported By: #myway
🔹 State: 🟢 Resolved
🔹 Disclosed: May 22, 2021, 8:29am (UTC)
Web Server Predictable Session ID on EdgeSwitch
👉 https://hackerone.com/reports/774393
🔹 Severity: High | 💰 6,690 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
👉 https://hackerone.com/reports/774393
🔹 Severity: High | 💰 6,690 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
Readonly to Root Privilege Escalation on EdgeSwitch
👉 https://hackerone.com/reports/796414
🔹 Severity: High | 💰 6,690 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
👉 https://hackerone.com/reports/796414
🔹 Severity: High | 💰 6,690 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
SNMP Community String Disclosure to ReadOnly Users on EdgeSwitch
👉 https://hackerone.com/reports/797988
🔹 Severity: High | 💰 6,689 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
👉 https://hackerone.com/reports/797988
🔹 Severity: High | 💰 6,689 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
View Only to Root Privilege Escalation on UniFi Protect
👉 https://hackerone.com/reports/825764
🔹 Severity: High | 💰 11,689 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
👉 https://hackerone.com/reports/825764
🔹 Severity: High | 💰 11,689 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
CSRF на установку своей почты к аккаунту.
👉 https://hackerone.com/reports/301586
🔹 Severity: Critical
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:31pm (UTC)
👉 https://hackerone.com/reports/301586
🔹 Severity: Critical
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:31pm (UTC)
Reflected XSS on mtnhottseat.mtn.com.gh
👉 https://hackerone.com/reports/1069527
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 7:38am (UTC)
👉 https://hackerone.com/reports/1069527
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 7:38am (UTC)
Reflected XSS on gamesclub.mtn.com.g
👉 https://hackerone.com/reports/1069528
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 7:38am (UTC)
👉 https://hackerone.com/reports/1069528
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 7:38am (UTC)
Arbitrary file read during project import
👉 https://hackerone.com/reports/1132378
🔹 Severity: Critical | 💰 16,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #saltyyolk
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 8:51am (UTC)
👉 https://hackerone.com/reports/1132378
🔹 Severity: Critical | 💰 16,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #saltyyolk
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 8:51am (UTC)
Debug Mode Leak Critical Information [ AWS Keys , SMTP , Database , Django Secret Key ( RCE ) , Dodoc , Telegram , Twilio .. ]
👉 https://hackerone.com/reports/1083543
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #yukusawa18
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 9:29am (UTC)
👉 https://hackerone.com/reports/1083543
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #yukusawa18
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 9:29am (UTC)