Reflected XSS
👉 https://hackerone.com/reports/1147060
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:31pm (UTC)
👉 https://hackerone.com/reports/1147060
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:31pm (UTC)
Blind SQL iNJECTION
👉 https://hackerone.com/reports/1102591
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #1337n0x
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:32pm (UTC)
👉 https://hackerone.com/reports/1102591
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #1337n0x
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:32pm (UTC)
CVE-2019-3403 on https://████/rest/api/2/user/picker?query=
👉 https://hackerone.com/reports/1147951
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:33pm (UTC)
👉 https://hackerone.com/reports/1147951
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:33pm (UTC)
Insufficient Session Expiration on Adobe Connect | https://█████████
👉 https://hackerone.com/reports/996122
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #x3ph_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:34pm (UTC)
👉 https://hackerone.com/reports/996122
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #x3ph_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:34pm (UTC)
account impersonate through broken link
👉 https://hackerone.com/reports/1205604
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #nowsafe
🔹 State: 🟢 Resolved
🔹 Disclosed: June 4, 2021, 1:17pm (UTC)
👉 https://hackerone.com/reports/1205604
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #nowsafe
🔹 State: 🟢 Resolved
🔹 Disclosed: June 4, 2021, 1:17pm (UTC)
Uncontrolled Search Path Element allows DLL hijacking for priv esc to SYSTEM
👉 https://hackerone.com/reports/921675
🔹 Severity: High | 💰 250 USD
🔹 Reported To: GlassWire
🔹 Reported By: #dawouw
🔹 State: 🟢 Resolved
🔹 Disclosed: June 4, 2021, 1:56pm (UTC)
👉 https://hackerone.com/reports/921675
🔹 Severity: High | 💰 250 USD
🔹 Reported To: GlassWire
🔹 Reported By: #dawouw
🔹 State: 🟢 Resolved
🔹 Disclosed: June 4, 2021, 1:56pm (UTC)
Add new development stores without permission
👉 https://hackerone.com/reports/1167453
🔹 Severity: Medium | 💰 1,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jmp_35p
🔹 State: 🟢 Resolved
🔹 Disclosed: June 4, 2021, 7:06pm (UTC)
👉 https://hackerone.com/reports/1167453
🔹 Severity: Medium | 💰 1,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jmp_35p
🔹 State: 🟢 Resolved
🔹 Disclosed: June 4, 2021, 7:06pm (UTC)
prometheus server monitoring System publicly accessible
👉 https://hackerone.com/reports/1085724
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #a1c3venomvirus
🔹 State: 🟢 Resolved
🔹 Disclosed: June 6, 2021, 9:11am (UTC)
👉 https://hackerone.com/reports/1085724
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #a1c3venomvirus
🔹 State: 🟢 Resolved
🔹 Disclosed: June 6, 2021, 9:11am (UTC)
XSS (reflected, and then, cookie persisted) on api documentation site theme selector (old version of dokuwiki)
👉 https://hackerone.com/reports/1066502
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #mvm
🔹 State: 🟢 Resolved
🔹 Disclosed: June 6, 2021, 9:14am (UTC)
👉 https://hackerone.com/reports/1066502
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #mvm
🔹 State: 🟢 Resolved
🔹 Disclosed: June 6, 2021, 9:14am (UTC)
Acessed internal api documentation and information
👉 https://hackerone.com/reports/1049733
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #impalanichamy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 6, 2021, 9:17am (UTC)
👉 https://hackerone.com/reports/1049733
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #impalanichamy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 6, 2021, 9:17am (UTC)
https://secure.showmax.com/profile/payments
👉 https://hackerone.com/reports/1078081
🔹 Severity: No Rating
🔹 Reported To: Showmax
🔹 Reported By: #abhiram
🔹 State: ⚪️ Informative
🔹 Disclosed: June 7, 2021, 9:31am (UTC)
👉 https://hackerone.com/reports/1078081
🔹 Severity: No Rating
🔹 Reported To: Showmax
🔹 Reported By: #abhiram
🔹 State: ⚪️ Informative
🔹 Disclosed: June 7, 2021, 9:31am (UTC)
bypass parental pin succesfully
👉 https://hackerone.com/reports/1121169
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Showmax
🔹 Reported By: #abdulsec
🔹 State: 🟢 Resolved
🔹 Disclosed: June 7, 2021, 9:32am (UTC)
👉 https://hackerone.com/reports/1121169
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Showmax
🔹 Reported By: #abdulsec
🔹 State: 🟢 Resolved
🔹 Disclosed: June 7, 2021, 9:32am (UTC)
Cross-Site Scripting through search form on mtnplay.co.zm
👉 https://hackerone.com/reports/761573
🔹 Severity: Low
🔹 Reported To: MTN Group
🔹 Reported By: #droop3r
🔹 State: 🟢 Resolved
🔹 Disclosed: June 8, 2021, 5:40am (UTC)
👉 https://hackerone.com/reports/761573
🔹 Severity: Low
🔹 Reported To: MTN Group
🔹 Reported By: #droop3r
🔹 State: 🟢 Resolved
🔹 Disclosed: June 8, 2021, 5:40am (UTC)
Private program disclosure of `██████████` through notifications
👉 https://hackerone.com/reports/1179241
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #h13-
🔹 State: 🟢 Resolved
🔹 Disclosed: June 9, 2021, 1:37am (UTC)
👉 https://hackerone.com/reports/1179241
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #h13-
🔹 State: 🟢 Resolved
🔹 Disclosed: June 9, 2021, 1:37am (UTC)
Header modification results in disclosure of Slack infra metadata to unauthorized parties
👉 https://hackerone.com/reports/727330
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Slack
🔹 Reported By: #showuon
🔹 State: 🟢 Resolved
🔹 Disclosed: June 9, 2021, 2:21am (UTC)
👉 https://hackerone.com/reports/727330
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Slack
🔹 Reported By: #showuon
🔹 State: 🟢 Resolved
🔹 Disclosed: June 9, 2021, 2:21am (UTC)
CORS Misconfiguration, could lead to disclosure of sensitive information
👉 https://hackerone.com/reports/1199527
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #riski0912
🔹 State: 🟢 Resolved
🔹 Disclosed: June 9, 2021, 7:01pm (UTC)
👉 https://hackerone.com/reports/1199527
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #riski0912
🔹 State: 🟢 Resolved
🔹 Disclosed: June 9, 2021, 7:01pm (UTC)
Trusted servers exchange can be triggered by attacker
👉 https://hackerone.com/reports/1167853
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2021, 11:44am (UTC)
👉 https://hackerone.com/reports/1167853
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2021, 11:44am (UTC)
End to end encryption folder locking is not properly protected
👉 https://hackerone.com/reports/1189174
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2021, 11:45am (UTC)
👉 https://hackerone.com/reports/1189174
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2021, 11:45am (UTC)
Stored XSS in Acronis Cyber Protect Console
👉 https://hackerone.com/reports/1064095
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Acronis
🔹 Reported By: #sbakhour
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2021, 1:07pm (UTC)
👉 https://hackerone.com/reports/1064095
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Acronis
🔹 Reported By: #sbakhour
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2021, 1:07pm (UTC)
Default settings leak federated cloud id to lookup server of all users
👉 https://hackerone.com/reports/1173436
🔹 Severity: Low | 💰 350 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2021, 1:41pm (UTC)
👉 https://hackerone.com/reports/1173436
🔹 Severity: Low | 💰 350 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2021, 1:41pm (UTC)
Attacker can obtain write access to any federated share/public link
👉 https://hackerone.com/reports/1170024
🔹 Severity: High | 💰 4,000 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2021, 1:41pm (UTC)
👉 https://hackerone.com/reports/1170024
🔹 Severity: High | 💰 4,000 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2021, 1:41pm (UTC)