Default Nextcloud server config and iOS Nextcloud client leak sharee searches to Nextcloud
👉 https://hackerone.com/reports/1167919
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: May 31, 2021, 10:52am (UTC)
👉 https://hackerone.com/reports/1167919
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: May 31, 2021, 10:52am (UTC)
Create alias does not validate account id
👉 https://hackerone.com/reports/1129996
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 8:40am (UTC)
👉 https://hackerone.com/reports/1129996
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 8:40am (UTC)
xmlrpc.php is publicly available at https://stories.showmax.com/xmlrpc.php
👉 https://hackerone.com/reports/1212760
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Showmax
🔹 Reported By: #mdakh404
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 9:56am (UTC)
👉 https://hackerone.com/reports/1212760
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Showmax
🔹 Reported By: #mdakh404
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 9:56am (UTC)
Take over a mail account due missing validation of account id
👉 https://hackerone.com/reports/1094063
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 6:10pm (UTC)
👉 https://hackerone.com/reports/1094063
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 6:10pm (UTC)
DoS due to improper input validation can break the admin access into the user data will disallow him from editing that user's data.
👉 https://hackerone.com/reports/1147611
🔹 Severity: High | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #demonia
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 6:29pm (UTC)
👉 https://hackerone.com/reports/1147611
🔹 Severity: High | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #demonia
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 6:29pm (UTC)
SSL certificate not validated when registering with a provider
👉 https://hackerone.com/reports/903424
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #icewater
🔹 State: 🟢 Resolved
🔹 Disclosed: June 2, 2021, 3:09am (UTC)
👉 https://hackerone.com/reports/903424
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #icewater
🔹 State: 🟢 Resolved
🔹 Disclosed: June 2, 2021, 3:09am (UTC)
Persistant Arbitrary code execution in mattermost android
👉 https://hackerone.com/reports/1115864
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Mattermost
🔹 Reported By: #hulkvision_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 10:40am (UTC)
👉 https://hackerone.com/reports/1115864
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Mattermost
🔹 Reported By: #hulkvision_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 10:40am (UTC)
Reflected XSS on /admin/stats.php
👉 https://hackerone.com/reports/1187820
🔹 Severity: Medium
🔹 Reported To: Revive Adserver
🔹 Reported By: #solov9ev
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 12:38pm (UTC)
👉 https://hackerone.com/reports/1187820
🔹 Severity: Medium
🔹 Reported To: Revive Adserver
🔹 Reported By: #solov9ev
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 12:38pm (UTC)
XSS STORED AT socialclub.rockstargames.com (add friend request from profile attacker)
👉 https://hackerone.com/reports/220852
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #ak1t4
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 12:46pm (UTC)
👉 https://hackerone.com/reports/220852
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #ak1t4
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 12:46pm (UTC)
Reflected XSS on https://██████
👉 https://hackerone.com/reports/1154378
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #thiennv
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:22pm (UTC)
👉 https://hackerone.com/reports/1154378
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #thiennv
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:22pm (UTC)
Reflected XSS through clickjacking at https://████
👉 https://hackerone.com/reports/1149144
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:23pm (UTC)
👉 https://hackerone.com/reports/1149144
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:23pm (UTC)
Reflected XSS at www.███████ at /██████████ via the ████████ parameter
👉 https://hackerone.com/reports/1173593
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #un4gi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:25pm (UTC)
👉 https://hackerone.com/reports/1173593
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #un4gi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:25pm (UTC)
Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935)
👉 https://hackerone.com/reports/1174185
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #un4gi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:27pm (UTC)
👉 https://hackerone.com/reports/1174185
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #un4gi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:27pm (UTC)
Web Cache Poisoning on █████
👉 https://hackerone.com/reports/1183263
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fr1nge
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:31pm (UTC)
👉 https://hackerone.com/reports/1183263
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fr1nge
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:31pm (UTC)
Reflected XSS
👉 https://hackerone.com/reports/1147060
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:31pm (UTC)
👉 https://hackerone.com/reports/1147060
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:31pm (UTC)
Blind SQL iNJECTION
👉 https://hackerone.com/reports/1102591
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #1337n0x
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:32pm (UTC)
👉 https://hackerone.com/reports/1102591
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #1337n0x
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:32pm (UTC)
CVE-2019-3403 on https://████/rest/api/2/user/picker?query=
👉 https://hackerone.com/reports/1147951
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:33pm (UTC)
👉 https://hackerone.com/reports/1147951
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:33pm (UTC)
Insufficient Session Expiration on Adobe Connect | https://█████████
👉 https://hackerone.com/reports/996122
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #x3ph_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:34pm (UTC)
👉 https://hackerone.com/reports/996122
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #x3ph_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:34pm (UTC)
account impersonate through broken link
👉 https://hackerone.com/reports/1205604
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #nowsafe
🔹 State: 🟢 Resolved
🔹 Disclosed: June 4, 2021, 1:17pm (UTC)
👉 https://hackerone.com/reports/1205604
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #nowsafe
🔹 State: 🟢 Resolved
🔹 Disclosed: June 4, 2021, 1:17pm (UTC)
Uncontrolled Search Path Element allows DLL hijacking for priv esc to SYSTEM
👉 https://hackerone.com/reports/921675
🔹 Severity: High | 💰 250 USD
🔹 Reported To: GlassWire
🔹 Reported By: #dawouw
🔹 State: 🟢 Resolved
🔹 Disclosed: June 4, 2021, 1:56pm (UTC)
👉 https://hackerone.com/reports/921675
🔹 Severity: High | 💰 250 USD
🔹 Reported To: GlassWire
🔹 Reported By: #dawouw
🔹 State: 🟢 Resolved
🔹 Disclosed: June 4, 2021, 1:56pm (UTC)
Add new development stores without permission
👉 https://hackerone.com/reports/1167453
🔹 Severity: Medium | 💰 1,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jmp_35p
🔹 State: 🟢 Resolved
🔹 Disclosed: June 4, 2021, 7:06pm (UTC)
👉 https://hackerone.com/reports/1167453
🔹 Severity: Medium | 💰 1,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jmp_35p
🔹 State: 🟢 Resolved
🔹 Disclosed: June 4, 2021, 7:06pm (UTC)