Error Page Content Spoofing or Text Injection
👉 https://hackerone.com/reports/1196253
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #g4urav_19
🔹 State: 🔴 N/A
🔹 Disclosed: June 15, 2021, 11:51pm (UTC)
👉 https://hackerone.com/reports/1196253
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #g4urav_19
🔹 State: 🔴 N/A
🔹 Disclosed: June 15, 2021, 11:51pm (UTC)
Serverinfo endpoints are not bruteforce protected nor are tokens properly generated
👉 https://hackerone.com/reports/1210458
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:39am (UTC)
👉 https://hackerone.com/reports/1210458
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:39am (UTC)
Session fixation on public talk links
👉 https://hackerone.com/reports/1181962
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:40am (UTC)
👉 https://hackerone.com/reports/1181962
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:40am (UTC)
No admin audit entry for enabling/disabling 2FA
👉 https://hackerone.com/reports/1200989
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:40am (UTC)
👉 https://hackerone.com/reports/1200989
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:40am (UTC)
No admin audit log for auth tokens
👉 https://hackerone.com/reports/1200992
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:40am (UTC)
👉 https://hackerone.com/reports/1200992
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:40am (UTC)
Ransomware protection is missing extentions
👉 https://hackerone.com/reports/1195568
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:42am (UTC)
👉 https://hackerone.com/reports/1195568
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:42am (UTC)
Federated shares are not password protected
👉 https://hackerone.com/reports/1167817
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:56am (UTC)
👉 https://hackerone.com/reports/1167817
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:56am (UTC)
Trusted server shared secret stored unencrypted in the database
👉 https://hackerone.com/reports/1173670
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:56am (UTC)
👉 https://hackerone.com/reports/1173670
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: ⚪️ Informative
🔹 Disclosed: June 16, 2021, 8:56am (UTC)
Android app does not clear end to end encryption keys
👉 https://hackerone.com/reports/1189168
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:57am (UTC)
👉 https://hackerone.com/reports/1189168
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 8:57am (UTC)
XSS via JavaScript evaluation of an attacker controlled resource at www.pornhub.com
👉 https://hackerone.com/reports/944518
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Pornhub
🔹 Reported By: #wh0ru
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 11:05am (UTC)
👉 https://hackerone.com/reports/944518
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Pornhub
🔹 Reported By: #wh0ru
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 11:05am (UTC)
Broken Link on Ping Identity's Vulnerability Submission Form on Hackerone
👉 https://hackerone.com/reports/1225299
🔹 Severity: Low
🔹 Reported To: Ping Identity
🔹 Reported By: #awararesearcher
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 2:23pm (UTC)
👉 https://hackerone.com/reports/1225299
🔹 Severity: Low
🔹 Reported To: Ping Identity
🔹 Reported By: #awararesearcher
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 2:23pm (UTC)
Low Privileged user can add or remove cash to/from sales register
👉 https://hackerone.com/reports/905543
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #sandeep_rj49
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 5:27pm (UTC)
👉 https://hackerone.com/reports/905543
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #sandeep_rj49
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 5:27pm (UTC)
Account Takeover on unverified emails in File Sync & Share
👉 https://hackerone.com/reports/906790
🔹 Severity: Medium | 💰 337 USD
🔹 Reported To: Acronis
🔹 Reported By: #0xcrypto
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 6:26pm (UTC)
👉 https://hackerone.com/reports/906790
🔹 Severity: Medium | 💰 337 USD
🔹 Reported To: Acronis
🔹 Reported By: #0xcrypto
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 6:26pm (UTC)
XSS on https://partners.acronis.com/
👉 https://hackerone.com/reports/979204
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #yash_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 1:28am (UTC)
👉 https://hackerone.com/reports/979204
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #yash_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 1:28am (UTC)
Brave Browser Tor Window leaks user's real IP to the external DNS server
👉 https://hackerone.com/reports/1077022
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Brave Software
🔹 Reported By: #xiaoyinl
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 5:25am (UTC)
👉 https://hackerone.com/reports/1077022
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Brave Software
🔹 Reported By: #xiaoyinl
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 5:25am (UTC)
Web cache poisoning at www.acronis.com
👉 https://hackerone.com/reports/1010858
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #9529
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 9:25am (UTC)
👉 https://hackerone.com/reports/1010858
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #9529
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 9:25am (UTC)
Malicious apps can crash Nextcloud Android client by sending malformed intents
👉 https://hackerone.com/reports/859136
🔹 Severity: No Rating
🔹 Reported To: Nextcloud
🔹 Reported By: #bigbug
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 10:50am (UTC)
👉 https://hackerone.com/reports/859136
🔹 Severity: No Rating
🔹 Reported To: Nextcloud
🔹 Reported By: #bigbug
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 10:50am (UTC)
HackerOne making payments in USDC (Coinbase stable coin)
👉 https://hackerone.com/reports/1220747
🔹 Severity: No Rating | 💰 1 USD
🔹 Reported To: HackerOne
🔹 Reported By: #arl_rose
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 2:00pm (UTC)
👉 https://hackerone.com/reports/1220747
🔹 Severity: No Rating | 💰 1 USD
🔹 Reported To: HackerOne
🔹 Reported By: #arl_rose
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 2:00pm (UTC)
TikTok Session Donation CSRF via QR code login
👉 https://hackerone.com/reports/1133661
🔹 Severity: Low | 💰 111 USD
🔹 Reported To: TikTok
🔹 Reported By: #lauritz
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 9:27pm (UTC)
👉 https://hackerone.com/reports/1133661
🔹 Severity: Low | 💰 111 USD
🔹 Reported To: TikTok
🔹 Reported By: #lauritz
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 9:27pm (UTC)
[100K-ctf] Multiple vulnerabilities leading to compromise of Pinger instance.
👉 https://hackerone.com/reports/1215867
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #nukedx
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 10:27pm (UTC)
👉 https://hackerone.com/reports/1215867
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #nukedx
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 10:27pm (UTC)
H1-CTF 100k Solution - Congratz on the 100k Rep todayisnew
👉 https://hackerone.com/reports/1216408
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #w31rd0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 10:27pm (UTC)
👉 https://hackerone.com/reports/1216408
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #w31rd0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 10:27pm (UTC)