Malicious apps can crash Nextcloud Android client by sending malformed intents
👉 https://hackerone.com/reports/859136
🔹 Severity: No Rating
🔹 Reported To: Nextcloud
🔹 Reported By: #bigbug
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 10:50am (UTC)
👉 https://hackerone.com/reports/859136
🔹 Severity: No Rating
🔹 Reported To: Nextcloud
🔹 Reported By: #bigbug
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 10:50am (UTC)
HackerOne making payments in USDC (Coinbase stable coin)
👉 https://hackerone.com/reports/1220747
🔹 Severity: No Rating | 💰 1 USD
🔹 Reported To: HackerOne
🔹 Reported By: #arl_rose
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 2:00pm (UTC)
👉 https://hackerone.com/reports/1220747
🔹 Severity: No Rating | 💰 1 USD
🔹 Reported To: HackerOne
🔹 Reported By: #arl_rose
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 2:00pm (UTC)
TikTok Session Donation CSRF via QR code login
👉 https://hackerone.com/reports/1133661
🔹 Severity: Low | 💰 111 USD
🔹 Reported To: TikTok
🔹 Reported By: #lauritz
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 9:27pm (UTC)
👉 https://hackerone.com/reports/1133661
🔹 Severity: Low | 💰 111 USD
🔹 Reported To: TikTok
🔹 Reported By: #lauritz
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 9:27pm (UTC)
[100K-ctf] Multiple vulnerabilities leading to compromise of Pinger instance.
👉 https://hackerone.com/reports/1215867
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #nukedx
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 10:27pm (UTC)
👉 https://hackerone.com/reports/1215867
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #nukedx
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 10:27pm (UTC)
H1-CTF 100k Solution - Congratz on the 100k Rep todayisnew
👉 https://hackerone.com/reports/1216408
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #w31rd0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 10:27pm (UTC)
👉 https://hackerone.com/reports/1216408
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #w31rd0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2021, 10:27pm (UTC)
Adam and the Deadly Injections
👉 https://hackerone.com/reports/1217702
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #akshansh
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 4:58am (UTC)
👉 https://hackerone.com/reports/1217702
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #akshansh
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 4:58am (UTC)
ccc.h1ctf.com CTF
👉 https://hackerone.com/reports/1215919
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #erbbysam
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 4:59am (UTC)
👉 https://hackerone.com/reports/1215919
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #erbbysam
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 4:59am (UTC)
Clickjacking misconfiguration bug
👉 https://hackerone.com/reports/1176104
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #niloychowdhury3
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 18, 2021, 2:48pm (UTC)
👉 https://hackerone.com/reports/1176104
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #niloychowdhury3
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 18, 2021, 2:48pm (UTC)
Subdomain Takeover – www.jet.acronis.com pointing to unclaimed Webflow services
👉 https://hackerone.com/reports/953719
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #sumgr0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 5:09pm (UTC)
👉 https://hackerone.com/reports/953719
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #sumgr0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 5:09pm (UTC)
Subdomain Takeover – jet.acronis.com pointing to unclaimed Webflow services
👉 https://hackerone.com/reports/952166
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #sumgr0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 5:09pm (UTC)
👉 https://hackerone.com/reports/952166
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #sumgr0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 5:09pm (UTC)
Second-order SOQL injection through email and campaign name parameter in Salesforce lead submission
👉 https://hackerone.com/reports/1039821
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #jobert
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 7:15pm (UTC)
👉 https://hackerone.com/reports/1039821
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #jobert
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 7:15pm (UTC)
Private ip leaking through response
👉 https://hackerone.com/reports/622937
🔹 Severity: No Rating
🔹 Reported To: Urban Company
🔹 Reported By: #t3chn0phil3
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 10:08am (UTC)
👉 https://hackerone.com/reports/622937
🔹 Severity: No Rating
🔹 Reported To: Urban Company
🔹 Reported By: #t3chn0phil3
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 10:08am (UTC)
Broken Link on Urban Company's Vulnerability Submission Form
👉 https://hackerone.com/reports/1239334
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Urban Company
🔹 Reported By: #awararesearcher
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 9:00am (UTC)
👉 https://hackerone.com/reports/1239334
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Urban Company
🔹 Reported By: #awararesearcher
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 9:00am (UTC)
👏1
Remote Code Execution through "Files_antivirus" plugin
👉 https://hackerone.com/reports/903872
🔹 Severity: Medium
🔹 Reported To: ownCloud
🔹 Reported By: #pabl00nicarres
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 12:28pm (UTC)
👉 https://hackerone.com/reports/903872
🔹 Severity: Medium
🔹 Reported To: ownCloud
🔹 Reported By: #pabl00nicarres
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 12:28pm (UTC)
Command Injection via STARTTLS in SMTP
👉 https://hackerone.com/reports/1204962
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #murgi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 1:36pm (UTC)
👉 https://hackerone.com/reports/1204962
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #murgi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 1:36pm (UTC)
No rate Limit on Add new Translation Project
👉 https://hackerone.com/reports/1238749
🔹 Severity: No Rating
🔹 Reported To: Weblate
🔹 Reported By: #deathpoolxrs
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 3:07pm (UTC)
👉 https://hackerone.com/reports/1238749
🔹 Severity: No Rating
🔹 Reported To: Weblate
🔹 Reported By: #deathpoolxrs
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 3:07pm (UTC)
one delegate can add another delegate and delete other delegates, exposing all confidential inbox messages
👉 https://hackerone.com/reports/986532
🔹 Severity: High
🔹 Reported To: Zivver
🔹 Reported By: #mavericknerd
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 4:37pm (UTC)
👉 https://hackerone.com/reports/986532
🔹 Severity: High
🔹 Reported To: Zivver
🔹 Reported By: #mavericknerd
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 4:37pm (UTC)
A malicious user can upload a malicious noscript through managesieve and trigger its execution in order to consume almost 100% of CPU (LMTP).
👉 https://hackerone.com/reports/989668
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #rumata
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 4:42pm (UTC)
👉 https://hackerone.com/reports/989668
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #rumata
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 4:42pm (UTC)
Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation
👉 https://hackerone.com/reports/1218173
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #foysalahmed
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 21, 2021, 7:56pm (UTC)
👉 https://hackerone.com/reports/1218173
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #foysalahmed
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 21, 2021, 7:56pm (UTC)
100K CTF's Writeup
👉 https://hackerone.com/reports/1216591
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #dexter0us
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 8:44pm (UTC)
👉 https://hackerone.com/reports/1216591
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #dexter0us
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 8:44pm (UTC)
CCC H1 June 2021 CTF Writeup
👉 https://hackerone.com/reports/1217114
🔹 Severity: Critical
🔹 Reported To: h1-ctf
🔹 Reported By: #pmnh
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 8:44pm (UTC)
👉 https://hackerone.com/reports/1217114
🔹 Severity: Critical
🔹 Reported To: h1-ctf
🔹 Reported By: #pmnh
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 8:44pm (UTC)