HTML Injection In Email In one.newrelic.com
👉 https://hackerone.com/reports/1173219
🔹 Severity: Medium
🔹 Reported To: New Relic
🔹 Reported By: #itsz4x
🔹 State: ⚪️ Informative
🔹 Disclosed: May 24, 2021, 10:27am (UTC)
👉 https://hackerone.com/reports/1173219
🔹 Severity: Medium
🔹 Reported To: New Relic
🔹 Reported By: #itsz4x
🔹 State: ⚪️ Informative
🔹 Disclosed: May 24, 2021, 10:27am (UTC)
No Rate Limit On Forgot Password Page
👉 https://hackerone.com/reports/1195618
🔹 Severity: Low | 💰 300 USD
🔹 Reported To: Kaspersky
🔹 Reported By: #hacker-yadav
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 1:31pm (UTC)
👉 https://hackerone.com/reports/1195618
🔹 Severity: Low | 💰 300 USD
🔹 Reported To: Kaspersky
🔹 Reported By: #hacker-yadav
🔹 State: 🟢 Resolved
🔹 Disclosed: May 24, 2021, 1:31pm (UTC)
[la.mail.ru] - SSRF + кража cookie
👉 https://hackerone.com/reports/1166977
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 8:40pm (UTC)
👉 https://hackerone.com/reports/1166977
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 8:40pm (UTC)
Blind SQL in id_locality GET param on [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1134687
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #organdonor
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 8:42pm (UTC)
👉 https://hackerone.com/reports/1134687
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #organdonor
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 8:42pm (UTC)
Blind SQL injection on [city-mobil.ru/taxiserv/] in filter{"id_locality"}
👉 https://hackerone.com/reports/1133083
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #organdonor
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 8:53pm (UTC)
👉 https://hackerone.com/reports/1133083
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #organdonor
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 8:53pm (UTC)
Development configurations file with a sensitive data exposure could be leads to take down the social media accounts and the DB
👉 https://hackerone.com/reports/1133672
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #0nlymohammed
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 9:00pm (UTC)
👉 https://hackerone.com/reports/1133672
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #0nlymohammed
🔹 State: 🟢 Resolved
🔹 Disclosed: May 25, 2021, 9:00pm (UTC)
CVE-2021-22897: schannel cipher selection surprise
👉 https://hackerone.com/reports/1172857
🔹 Severity: Low | 💰 800 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:23am (UTC)
👉 https://hackerone.com/reports/1172857
🔹 Severity: Low | 💰 800 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:23am (UTC)
CVE-2021-22898: TELNET stack contents disclosure
👉 https://hackerone.com/reports/1176461
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:24am (UTC)
👉 https://hackerone.com/reports/1176461
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:24am (UTC)
CVE-2021-22901: TLS session caching disaster
👉 https://hackerone.com/reports/1180380
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:24am (UTC)
👉 https://hackerone.com/reports/1180380
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:24am (UTC)
[com.icq.mobile.client] Любое стороннее приложение может отправить произвольное сообщение от имени пользователя
👉 https://hackerone.com/reports/1052174
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #igorpyan
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 9:55am (UTC)
👉 https://hackerone.com/reports/1052174
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #igorpyan
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 9:55am (UTC)
Nextcloud deck sharee search leaks searches to lookupserver by default
👉 https://hackerone.com/reports/1167958
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 10:01am (UTC)
👉 https://hackerone.com/reports/1167958
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 10:01am (UTC)
Talk discloses turn server to anybody
👉 https://hackerone.com/reports/1195593
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: May 26, 2021, 10:52am (UTC)
👉 https://hackerone.com/reports/1195593
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: May 26, 2021, 10:52am (UTC)
[https://geekbrains.ru/profile] - authenticity_token not tied to user session leads to CSRF attacks
👉 https://hackerone.com/reports/1086134
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 1:04pm (UTC)
👉 https://hackerone.com/reports/1086134
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 1:04pm (UTC)
Disk-o Cloud application (Windows) does not validate server certificate on a TLS connection
👉 https://hackerone.com/reports/1026893
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #aapo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 1:48pm (UTC)
👉 https://hackerone.com/reports/1026893
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #aapo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 1:48pm (UTC)
Account takeover on [support2.ucs.ru]
👉 https://hackerone.com/reports/1029877
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #tounsi_007
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 5:27pm (UTC)
👉 https://hackerone.com/reports/1029877
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #tounsi_007
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 5:27pm (UTC)
SSRF By adding a custom integration on console.helium.com
👉 https://hackerone.com/reports/1055823
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Helium
🔹 Reported By: #th0roid
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 7:26pm (UTC)
👉 https://hackerone.com/reports/1055823
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Helium
🔹 Reported By: #th0roid
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 7:26pm (UTC)
CSRF on TikTok Ads Portal
👉 https://hackerone.com/reports/1087436
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #probatorem
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 9:14pm (UTC)
👉 https://hackerone.com/reports/1087436
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #probatorem
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 9:14pm (UTC)
Ability to add arbitrary images/denoscriptions/noscripts to ohter people's issues via IDOR on getrevue.co
👉 https://hackerone.com/reports/1096560
🔹 Severity: Critical
🔹 Reported To: Twitter
🔹 Reported By: #mirhat
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 9:56pm (UTC)
👉 https://hackerone.com/reports/1096560
🔹 Severity: Critical
🔹 Reported To: Twitter
🔹 Reported By: #mirhat
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 9:56pm (UTC)
SMAP bypass
👉 https://hackerone.com/reports/1048322
🔹 Severity: Medium | 💰 3,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #m00nbsd
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 3:35am (UTC)
👉 https://hackerone.com/reports/1048322
🔹 Severity: Medium | 💰 3,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #m00nbsd
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 3:35am (UTC)
Git Config
👉 https://hackerone.com/reports/1176174
🔹 Severity: Medium
🔹 Reported To: MariaDB
🔹 Reported By: #dtattoedhackers
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 8:12am (UTC)
👉 https://hackerone.com/reports/1176174
🔹 Severity: Medium
🔹 Reported To: MariaDB
🔹 Reported By: #dtattoedhackers
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 8:12am (UTC)
CSRF in changing password after using reset password link
👉 https://hackerone.com/reports/1086752
🔹 Severity: Low
🔹 Reported To: OpenMage
🔹 Reported By: #xenx
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 8:55am (UTC)
👉 https://hackerone.com/reports/1086752
🔹 Severity: Low
🔹 Reported To: OpenMage
🔹 Reported By: #xenx
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 8:55am (UTC)