CVE-2021-22897: schannel cipher selection surprise
👉 https://hackerone.com/reports/1172857
🔹 Severity: Low | 💰 800 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:23am (UTC)
👉 https://hackerone.com/reports/1172857
🔹 Severity: Low | 💰 800 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:23am (UTC)
CVE-2021-22898: TELNET stack contents disclosure
👉 https://hackerone.com/reports/1176461
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:24am (UTC)
👉 https://hackerone.com/reports/1176461
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:24am (UTC)
CVE-2021-22901: TLS session caching disaster
👉 https://hackerone.com/reports/1180380
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:24am (UTC)
👉 https://hackerone.com/reports/1180380
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 8:24am (UTC)
[com.icq.mobile.client] Любое стороннее приложение может отправить произвольное сообщение от имени пользователя
👉 https://hackerone.com/reports/1052174
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #igorpyan
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 9:55am (UTC)
👉 https://hackerone.com/reports/1052174
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #igorpyan
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 9:55am (UTC)
Nextcloud deck sharee search leaks searches to lookupserver by default
👉 https://hackerone.com/reports/1167958
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 10:01am (UTC)
👉 https://hackerone.com/reports/1167958
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 10:01am (UTC)
Talk discloses turn server to anybody
👉 https://hackerone.com/reports/1195593
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: May 26, 2021, 10:52am (UTC)
👉 https://hackerone.com/reports/1195593
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: May 26, 2021, 10:52am (UTC)
[https://geekbrains.ru/profile] - authenticity_token not tied to user session leads to CSRF attacks
👉 https://hackerone.com/reports/1086134
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 1:04pm (UTC)
👉 https://hackerone.com/reports/1086134
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 1:04pm (UTC)
Disk-o Cloud application (Windows) does not validate server certificate on a TLS connection
👉 https://hackerone.com/reports/1026893
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #aapo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 1:48pm (UTC)
👉 https://hackerone.com/reports/1026893
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #aapo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 1:48pm (UTC)
Account takeover on [support2.ucs.ru]
👉 https://hackerone.com/reports/1029877
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #tounsi_007
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 5:27pm (UTC)
👉 https://hackerone.com/reports/1029877
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #tounsi_007
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 5:27pm (UTC)
SSRF By adding a custom integration on console.helium.com
👉 https://hackerone.com/reports/1055823
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Helium
🔹 Reported By: #th0roid
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 7:26pm (UTC)
👉 https://hackerone.com/reports/1055823
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Helium
🔹 Reported By: #th0roid
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 7:26pm (UTC)
CSRF on TikTok Ads Portal
👉 https://hackerone.com/reports/1087436
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #probatorem
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 9:14pm (UTC)
👉 https://hackerone.com/reports/1087436
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #probatorem
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 9:14pm (UTC)
Ability to add arbitrary images/denoscriptions/noscripts to ohter people's issues via IDOR on getrevue.co
👉 https://hackerone.com/reports/1096560
🔹 Severity: Critical
🔹 Reported To: Twitter
🔹 Reported By: #mirhat
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 9:56pm (UTC)
👉 https://hackerone.com/reports/1096560
🔹 Severity: Critical
🔹 Reported To: Twitter
🔹 Reported By: #mirhat
🔹 State: 🟢 Resolved
🔹 Disclosed: May 26, 2021, 9:56pm (UTC)
SMAP bypass
👉 https://hackerone.com/reports/1048322
🔹 Severity: Medium | 💰 3,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #m00nbsd
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 3:35am (UTC)
👉 https://hackerone.com/reports/1048322
🔹 Severity: Medium | 💰 3,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #m00nbsd
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 3:35am (UTC)
Git Config
👉 https://hackerone.com/reports/1176174
🔹 Severity: Medium
🔹 Reported To: MariaDB
🔹 Reported By: #dtattoedhackers
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 8:12am (UTC)
👉 https://hackerone.com/reports/1176174
🔹 Severity: Medium
🔹 Reported To: MariaDB
🔹 Reported By: #dtattoedhackers
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 8:12am (UTC)
CSRF in changing password after using reset password link
👉 https://hackerone.com/reports/1086752
🔹 Severity: Low
🔹 Reported To: OpenMage
🔹 Reported By: #xenx
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 8:55am (UTC)
👉 https://hackerone.com/reports/1086752
🔹 Severity: Low
🔹 Reported To: OpenMage
🔹 Reported By: #xenx
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 8:55am (UTC)
Signedness issue in ClassInfo message handler leads to RCE on CS:GO client
👉 https://hackerone.com/reports/876719
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Valve
🔹 Reported By: #chaynik
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 4:53pm (UTC)
👉 https://hackerone.com/reports/876719
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Valve
🔹 Reported By: #chaynik
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 4:53pm (UTC)
RCE on CS:GO client using unsanitized entity ID in EntityMsg message
👉 https://hackerone.com/reports/584603
🔹 Severity: Critical | 💰 9,000 USD
🔹 Reported To: Valve
🔹 Reported By: #chaynik
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 4:54pm (UTC)
👉 https://hackerone.com/reports/584603
🔹 Severity: Critical | 💰 9,000 USD
🔹 Reported To: Valve
🔹 Reported By: #chaynik
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 4:54pm (UTC)
Bypass apiserver proxy filter
👉 https://hackerone.com/reports/859962
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #javierprovecho
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 7:11pm (UTC)
👉 https://hackerone.com/reports/859962
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #javierprovecho
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 7:11pm (UTC)
[VK Android] Access to app protected components leads to arbitrary code execution
👉 https://hackerone.com/reports/1095633
🔹 Severity: No Rating | 💰 1,000 USD
🔹 Reported To: VK.com
🔹 Reported By: #bagipro
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 9:40pm (UTC)
👉 https://hackerone.com/reports/1095633
🔹 Severity: No Rating | 💰 1,000 USD
🔹 Reported To: VK.com
🔹 Reported By: #bagipro
🔹 State: 🟢 Resolved
🔹 Disclosed: May 27, 2021, 9:40pm (UTC)
IDOR leads to See analytics of Loyalty Program in any restaurant.
👉 https://hackerone.com/reports/1137819
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Uber
🔹 Reported By: #0xprial
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 12:08am (UTC)
👉 https://hackerone.com/reports/1137819
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Uber
🔹 Reported By: #0xprial
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 12:08am (UTC)
Blocked user can see live video
👉 https://hackerone.com/reports/1067967
🔹 Severity: Medium | 💰 418 USD
🔹 Reported To: TikTok
🔹 Reported By: #sandipgyawali
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 2:22am (UTC)
👉 https://hackerone.com/reports/1067967
🔹 Severity: Medium | 💰 418 USD
🔹 Reported To: TikTok
🔹 Reported By: #sandipgyawali
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 2:22am (UTC)