Kroki Arbitrary File Read/Write
👉 https://hackerone.com/reports/1098793
🔹 Severity: High | 💰 5,600 USD
🔹 Reported To: GitLab
🔹 Reported By: #ledz1996
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 7:56pm (UTC)
👉 https://hackerone.com/reports/1098793
🔹 Severity: High | 💰 5,600 USD
🔹 Reported To: GitLab
🔹 Reported By: #ledz1996
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 7:56pm (UTC)
User Information Disclosure via waitlist.blockfi.com Prefinery Abuse
👉 https://hackerone.com/reports/1135294
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: BlockFi
🔹 Reported By: #tcbutler320
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 10:40pm (UTC)
👉 https://hackerone.com/reports/1135294
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: BlockFi
🔹 Reported By: #tcbutler320
🔹 State: 🟢 Resolved
🔹 Disclosed: May 21, 2021, 10:40pm (UTC)
SSRF на https://qiwi.com с помощью "Prerender HAR Capturer"
👉 https://hackerone.com/reports/1153862
🔹 Severity: Critical | 💰 1,500 USD
🔹 Reported To: QIWI
🔹 Reported By: #myway
🔹 State: 🟢 Resolved
🔹 Disclosed: May 22, 2021, 8:29am (UTC)
👉 https://hackerone.com/reports/1153862
🔹 Severity: Critical | 💰 1,500 USD
🔹 Reported To: QIWI
🔹 Reported By: #myway
🔹 State: 🟢 Resolved
🔹 Disclosed: May 22, 2021, 8:29am (UTC)
Web Server Predictable Session ID on EdgeSwitch
👉 https://hackerone.com/reports/774393
🔹 Severity: High | 💰 6,690 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
👉 https://hackerone.com/reports/774393
🔹 Severity: High | 💰 6,690 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
Readonly to Root Privilege Escalation on EdgeSwitch
👉 https://hackerone.com/reports/796414
🔹 Severity: High | 💰 6,690 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
👉 https://hackerone.com/reports/796414
🔹 Severity: High | 💰 6,690 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
SNMP Community String Disclosure to ReadOnly Users on EdgeSwitch
👉 https://hackerone.com/reports/797988
🔹 Severity: High | 💰 6,689 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
👉 https://hackerone.com/reports/797988
🔹 Severity: High | 💰 6,689 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
View Only to Root Privilege Escalation on UniFi Protect
👉 https://hackerone.com/reports/825764
🔹 Severity: High | 💰 11,689 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
👉 https://hackerone.com/reports/825764
🔹 Severity: High | 💰 11,689 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #fr33rh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:22am (UTC)
CSRF на установку своей почты к аккаунту.
👉 https://hackerone.com/reports/301586
🔹 Severity: Critical
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:31pm (UTC)
👉 https://hackerone.com/reports/301586
🔹 Severity: Critical
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2021, 1:31pm (UTC)
Reflected XSS on mtnhottseat.mtn.com.gh
👉 https://hackerone.com/reports/1069527
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 7:38am (UTC)
👉 https://hackerone.com/reports/1069527
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 7:38am (UTC)
Reflected XSS on gamesclub.mtn.com.g
👉 https://hackerone.com/reports/1069528
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 7:38am (UTC)
👉 https://hackerone.com/reports/1069528
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 7:38am (UTC)
Arbitrary file read during project import
👉 https://hackerone.com/reports/1132378
🔹 Severity: Critical | 💰 16,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #saltyyolk
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 8:51am (UTC)
👉 https://hackerone.com/reports/1132378
🔹 Severity: Critical | 💰 16,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #saltyyolk
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 8:51am (UTC)
Debug Mode Leak Critical Information [ AWS Keys , SMTP , Database , Django Secret Key ( RCE ) , Dodoc , Telegram , Twilio .. ]
👉 https://hackerone.com/reports/1083543
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #yukusawa18
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 9:29am (UTC)
👉 https://hackerone.com/reports/1083543
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #yukusawa18
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 9:29am (UTC)
HTML Injection In Email In one.newrelic.com
👉 https://hackerone.com/reports/1173219
🔹 Severity: Medium
🔹 Reported To: New Relic
🔹 Reported By: #itsz4x
🔹 State: ⚪️ Informative
🔹 Disclosed: May 24, 2021, 10:27am (UTC)
👉 https://hackerone.com/reports/1173219
🔹 Severity: Medium
🔹 Reported To: New Relic
🔹 Reported By: #itsz4x
🔹 State: ⚪️ Informative
🔹 Disclosed: May 24, 2021, 10:27am (UTC)
No Rate Limit On Forgot Password Page
👉 https://hackerone.com/reports/1195618
🔹 Severity: Low | 💰 300 USD
🔹 Reported To: Kaspersky
🔹 Reported By: #hacker-yadav
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 1:31pm (UTC)
👉 https://hackerone.com/reports/1195618
🔹 Severity: Low | 💰 300 USD
🔹 Reported To: Kaspersky
🔹 Reported By: #hacker-yadav
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 1:31pm (UTC)
[la.mail.ru] - SSRF + кража cookie
👉 https://hackerone.com/reports/1166977
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 8:40pm (UTC)
👉 https://hackerone.com/reports/1166977
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 8:40pm (UTC)
Blind SQL in id_locality GET param on [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1134687
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #organdonor
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 8:42pm (UTC)
👉 https://hackerone.com/reports/1134687
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #organdonor
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 8:42pm (UTC)
Blind SQL injection on [city-mobil.ru/taxiserv/] in filter{"id_locality"}
👉 https://hackerone.com/reports/1133083
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #organdonor
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 8:53pm (UTC)
👉 https://hackerone.com/reports/1133083
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #organdonor
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 8:53pm (UTC)
Development configurations file with a sensitive data exposure could be leads to take down the social media accounts and the DB
👉 https://hackerone.com/reports/1133672
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #0nlymohammed
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 9:00pm (UTC)
👉 https://hackerone.com/reports/1133672
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #0nlymohammed
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 9:00pm (UTC)
CVE-2021-22897: schannel cipher selection surprise
👉 https://hackerone.com/reports/1172857
🔹 Severity: Low | 💰 800 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:23am (UTC)
👉 https://hackerone.com/reports/1172857
🔹 Severity: Low | 💰 800 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:23am (UTC)
CVE-2021-22898: TELNET stack contents disclosure
👉 https://hackerone.com/reports/1176461
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:24am (UTC)
👉 https://hackerone.com/reports/1176461
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:24am (UTC)
CVE-2021-22901: TLS session caching disaster
👉 https://hackerone.com/reports/1180380
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:24am (UTC)
👉 https://hackerone.com/reports/1180380
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:24am (UTC)