HTTP Host injection in redirect_to function
👉 https://hackerone.com/reports/888176
🔹 Severity: No Rating
🔹 Reported To: Ruby on Rails
🔹 Reported By: #komang4130
🔹 State: ⚪️ Informative
🔹 Disclosed: June 15, 2021, 5:44pm (UTC)
👉 https://hackerone.com/reports/888176
🔹 Severity: No Rating
🔹 Reported To: Ruby on Rails
🔹 Reported By: #komang4130
🔹 State: ⚪️ Informative
🔹 Disclosed: June 15, 2021, 5:44pm (UTC)
XSS by MathML at Active Storage
👉 https://hackerone.com/reports/429873
🔹 Severity: Medium
🔹 Reported To: Ruby on Rails
🔹 Reported By: #ooooooo_q
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 15, 2021, 5:44pm (UTC)
👉 https://hackerone.com/reports/429873
🔹 Severity: Medium
🔹 Reported To: Ruby on Rails
🔹 Reported By: #ooooooo_q
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 15, 2021, 5:44pm (UTC)
Default Nextcloud Server and Android Client leak sharee searches to Nextcloud
👉 https://hackerone.com/reports/1167916
🔹 Severity: Low | 💰 750 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2021, 7:11pm (UTC)
👉 https://hackerone.com/reports/1167916
🔹 Severity: Low | 💰 750 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2021, 7:11pm (UTC)
Elmah.axd is publicly accessible leaking Error Log
👉 https://hackerone.com/reports/1139340
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2021, 7:24pm (UTC)
👉 https://hackerone.com/reports/1139340
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2021, 7:24pm (UTC)
Default Admin Username and Password on █████ Server at █████████mil
👉 https://hackerone.com/reports/1195325
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #the_boschko
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2021, 7:28pm (UTC)
👉 https://hackerone.com/reports/1195325
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #the_boschko
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2021, 7:28pm (UTC)
XML Injection / External Service Interaction (HTTP/DNS) On https://█████████.mil
👉 https://hackerone.com/reports/1150799
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2021, 7:30pm (UTC)
👉 https://hackerone.com/reports/1150799
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2021, 7:30pm (UTC)
Reflected XSS through ClickJacking
👉 https://hackerone.com/reports/1171403
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sazouki
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2021, 7:31pm (UTC)
👉 https://hackerone.com/reports/1171403
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sazouki
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2021, 7:31pm (UTC)
Denial of service via cache poisoning on https://www.data.gov/
👉 https://hackerone.com/reports/942629
🔹 Severity: High
🔹 Reported To: TTS Bug Bounty
🔹 Reported By: #kq8dq
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 15, 2021, 7:42pm (UTC)
👉 https://hackerone.com/reports/942629
🔹 Severity: High
🔹 Reported To: TTS Bug Bounty
🔹 Reported By: #kq8dq
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 15, 2021, 7:42pm (UTC)
Clickjacking on profile page leading to unauthorized changes
👉 https://hackerone.com/reports/1198907
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #shivanshmalik2
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2021, 10:14pm (UTC)
👉 https://hackerone.com/reports/1198907
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #shivanshmalik2
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2021, 10:14pm (UTC)
Error Page Content Spoofing or Text Injection
👉 https://hackerone.com/reports/1196253
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #g4urav_19
🔹 State: 🔴 N/A
🔹 Disclosed: June 15, 2021, 11:51pm (UTC)
👉 https://hackerone.com/reports/1196253
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #g4urav_19
🔹 State: 🔴 N/A
🔹 Disclosed: June 15, 2021, 11:51pm (UTC)
Serverinfo endpoints are not bruteforce protected nor are tokens properly generated
👉 https://hackerone.com/reports/1210458
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:39am (UTC)
👉 https://hackerone.com/reports/1210458
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:39am (UTC)
Session fixation on public talk links
👉 https://hackerone.com/reports/1181962
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:40am (UTC)
👉 https://hackerone.com/reports/1181962
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:40am (UTC)
No admin audit entry for enabling/disabling 2FA
👉 https://hackerone.com/reports/1200989
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:40am (UTC)
👉 https://hackerone.com/reports/1200989
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:40am (UTC)
No admin audit log for auth tokens
👉 https://hackerone.com/reports/1200992
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:40am (UTC)
👉 https://hackerone.com/reports/1200992
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:40am (UTC)
Ransomware protection is missing extentions
👉 https://hackerone.com/reports/1195568
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:42am (UTC)
👉 https://hackerone.com/reports/1195568
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:42am (UTC)
Federated shares are not password protected
👉 https://hackerone.com/reports/1167817
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:56am (UTC)
👉 https://hackerone.com/reports/1167817
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:56am (UTC)
Trusted server shared secret stored unencrypted in the database
👉 https://hackerone.com/reports/1173670
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:56am (UTC)
👉 https://hackerone.com/reports/1173670
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:56am (UTC)
Android app does not clear end to end encryption keys
👉 https://hackerone.com/reports/1189168
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:57am (UTC)
👉 https://hackerone.com/reports/1189168
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:57am (UTC)
XSS via JavaScript evaluation of an attacker controlled resource at www.pornhub.com
👉 https://hackerone.com/reports/944518
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Pornhub
🔹 Reported By: #wh0ru
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 11:05am (UTC)
👉 https://hackerone.com/reports/944518
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Pornhub
🔹 Reported By: #wh0ru
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 11:05am (UTC)
Broken Link on Ping Identity's Vulnerability Submission Form on Hackerone
👉 https://hackerone.com/reports/1225299
🔹 Severity: Low
🔹 Reported To: Ping Identity
🔹 Reported By: #awararesearcher
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 2:23pm (UTC)
👉 https://hackerone.com/reports/1225299
🔹 Severity: Low
🔹 Reported To: Ping Identity
🔹 Reported By: #awararesearcher
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 2:23pm (UTC)
Low Privileged user can add or remove cash to/from sales register
👉 https://hackerone.com/reports/905543
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #sandeep_rj49
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 5:27pm (UTC)
👉 https://hackerone.com/reports/905543
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #sandeep_rj49
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 5:27pm (UTC)