IDOR leads to See analytics of Loyalty Program in any restaurant.
👉 https://hackerone.com/reports/1137819
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Uber
🔹 Reported By: #0xprial
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 12:08am (UTC)
👉 https://hackerone.com/reports/1137819
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Uber
🔹 Reported By: #0xprial
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 12:08am (UTC)
Blocked user can see live video
👉 https://hackerone.com/reports/1067967
🔹 Severity: Medium | 💰 418 USD
🔹 Reported To: TikTok
🔹 Reported By: #sandipgyawali
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 2:22am (UTC)
👉 https://hackerone.com/reports/1067967
🔹 Severity: Medium | 💰 418 USD
🔹 Reported To: TikTok
🔹 Reported By: #sandipgyawali
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 2:22am (UTC)
DOM XSS в learning.ozon.ru
👉 https://hackerone.com/reports/1167230
🔹 Severity: No Rating
🔹 Reported To: Ozon
🔹 Reported By: #mrdruid
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 9:39am (UTC)
👉 https://hackerone.com/reports/1167230
🔹 Severity: No Rating
🔹 Reported To: Ozon
🔹 Reported By: #mrdruid
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 9:39am (UTC)
Захват домена ozoncorporate.ru
👉 https://hackerone.com/reports/1160381
🔹 Severity: No Rating
🔹 Reported To: Ozon
🔹 Reported By: #mrdruid
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 9:47am (UTC)
👉 https://hackerone.com/reports/1160381
🔹 Severity: No Rating
🔹 Reported To: Ozon
🔹 Reported By: #mrdruid
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 9:47am (UTC)
Stored XSS в профиле водителя [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1050017
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:18am (UTC)
👉 https://hackerone.com/reports/1050017
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:18am (UTC)
Stored XSS на странице "Измененить водителя" [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1050030
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1050030
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
Stored XSS на странице "Изменить клиента" [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1050022
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1050022
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
Stored XSS на странице "Изменить клиента", вкладка "История" [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1050047
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1050047
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
Stored XSS на странице "Почты" [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1050054
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1050054
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
XSS на странице "Создать водителя" [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1057971
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1057971
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
XSS при Изменения машины на странице "Контроль" [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1061439
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1061439
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
PHP Code Injection through "previewBlock()" method
👉 https://hackerone.com/reports/1092574
🔹 Severity: High
🔹 Reported To: Invision Power Services, Inc.
🔹 Reported By: #egix
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 4:50pm (UTC)
👉 https://hackerone.com/reports/1092574
🔹 Severity: High
🔹 Reported To: Invision Power Services, Inc.
🔹 Reported By: #egix
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 4:50pm (UTC)
[www.drive2.ru] Insufficient Session Expiration - Previously issued email change tokens do not expire upon issuing a new email change token
👉 https://hackerone.com/reports/1006677
🔹 Severity: Low
🔹 Reported To: DRIVE.NET, Inc.
🔹 Reported By: #what_web
🔹 State: 🟢 Resolved
🔹 Disclosed: May 29, 2021, 8:03am (UTC)
👉 https://hackerone.com/reports/1006677
🔹 Severity: Low
🔹 Reported To: DRIVE.NET, Inc.
🔹 Reported By: #what_web
🔹 State: 🟢 Resolved
🔹 Disclosed: May 29, 2021, 8:03am (UTC)
Subdomain takeover of www2.growasyouplan.com
👉 https://hackerone.com/reports/1179193
🔹 Severity: Medium
🔹 Reported To: Palo Alto Software
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: May 29, 2021, 7:29pm (UTC)
👉 https://hackerone.com/reports/1179193
🔹 Severity: Medium
🔹 Reported To: Palo Alto Software
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: May 29, 2021, 7:29pm (UTC)
Default Nextcloud server config and iOS Nextcloud client leak sharee searches to Nextcloud
👉 https://hackerone.com/reports/1167919
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: May 31, 2021, 10:52am (UTC)
👉 https://hackerone.com/reports/1167919
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: May 31, 2021, 10:52am (UTC)
Create alias does not validate account id
👉 https://hackerone.com/reports/1129996
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 8:40am (UTC)
👉 https://hackerone.com/reports/1129996
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 8:40am (UTC)
xmlrpc.php is publicly available at https://stories.showmax.com/xmlrpc.php
👉 https://hackerone.com/reports/1212760
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Showmax
🔹 Reported By: #mdakh404
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 9:56am (UTC)
👉 https://hackerone.com/reports/1212760
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Showmax
🔹 Reported By: #mdakh404
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 9:56am (UTC)
Take over a mail account due missing validation of account id
👉 https://hackerone.com/reports/1094063
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 6:10pm (UTC)
👉 https://hackerone.com/reports/1094063
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 6:10pm (UTC)
DoS due to improper input validation can break the admin access into the user data will disallow him from editing that user's data.
👉 https://hackerone.com/reports/1147611
🔹 Severity: High | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #demonia
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 6:29pm (UTC)
👉 https://hackerone.com/reports/1147611
🔹 Severity: High | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #demonia
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 6:29pm (UTC)
SSL certificate not validated when registering with a provider
👉 https://hackerone.com/reports/903424
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #icewater
🔹 State: 🟢 Resolved
🔹 Disclosed: June 2, 2021, 3:09am (UTC)
👉 https://hackerone.com/reports/903424
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #icewater
🔹 State: 🟢 Resolved
🔹 Disclosed: June 2, 2021, 3:09am (UTC)
Persistant Arbitrary code execution in mattermost android
👉 https://hackerone.com/reports/1115864
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Mattermost
🔹 Reported By: #hulkvision_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 10:40am (UTC)
👉 https://hackerone.com/reports/1115864
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Mattermost
🔹 Reported By: #hulkvision_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 10:40am (UTC)