Adam and the Deadly Injections

👉 https://hackerone.com/reports/1217702

🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #akshansh
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 4:58am (UTC)

ccc.h1ctf.com CTF

👉 https://hackerone.com/reports/1215919

🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #erbbysam
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 4:59am (UTC)

Clickjacking misconfiguration bug

👉 https://hackerone.com/reports/1176104

🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #niloychowdhury3
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 18, 2021, 2:48pm (UTC)

Subdomain Takeover – www.jet.acronis.com pointing to unclaimed Webflow services

👉 https://hackerone.com/reports/953719

🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #sumgr0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 5:09pm (UTC)

Subdomain Takeover – jet.acronis.com pointing to unclaimed Webflow services

👉 https://hackerone.com/reports/952166

🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #sumgr0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 5:09pm (UTC)

Second-order SOQL injection through email and campaign name parameter in Salesforce lead submission

👉 https://hackerone.com/reports/1039821

🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #jobert
🔹 State: 🟢 Resolved
🔹 Disclosed: June 18, 2021, 7:15pm (UTC)

Private ip leaking through response

👉 https://hackerone.com/reports/622937

🔹 Severity: No Rating
🔹 Reported To: Urban Company
🔹 Reported By: #t3chn0phil3
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2021, 10:08am (UTC)

Broken Link on Urban Company's Vulnerability Submission Form

👉 https://hackerone.com/reports/1239334

🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Urban Company
🔹 Reported By: #awararesearcher
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 9:00am (UTC)

Remote Code Execution through "Files_antivirus" plugin

👉 https://hackerone.com/reports/903872

🔹 Severity: Medium
🔹 Reported To: ownCloud
🔹 Reported By: #pabl00nicarres
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 12:28pm (UTC)

Command Injection via STARTTLS in SMTP

👉 https://hackerone.com/reports/1204962

🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #murgi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 1:36pm (UTC)

No rate Limit on Add new Translation Project

👉 https://hackerone.com/reports/1238749

🔹 Severity: No Rating
🔹 Reported To: Weblate
🔹 Reported By: #deathpoolxrs
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 3:07pm (UTC)

one delegate can add another delegate and delete other delegates, exposing all confidential inbox messages

👉 https://hackerone.com/reports/986532

🔹 Severity: High
🔹 Reported To: Zivver
🔹 Reported By: #mavericknerd
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 4:37pm (UTC)

A malicious user can upload a malicious noscript through managesieve and trigger its execution in order to consume almost 100% of CPU (LMTP).

👉 https://hackerone.com/reports/989668

🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #rumata
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 4:42pm (UTC)

Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation

👉 https://hackerone.com/reports/1218173

🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #foysalahmed
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 21, 2021, 7:56pm (UTC)

100K CTF's Writeup

👉 https://hackerone.com/reports/1216591

🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #dexter0us
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 8:44pm (UTC)

CCC H1 June 2021 CTF Writeup

👉 https://hackerone.com/reports/1217114

🔹 Severity: Critical
🔹 Reported To: h1-ctf
🔹 Reported By: #pmnh
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 8:44pm (UTC)

HackerOne’s 100K CTF Writeup

👉 https://hackerone.com/reports/1218708

🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #rykkard
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 9:51pm (UTC)

internal path disclosure via error message

👉 https://hackerone.com/reports/1191534

🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #ali-h-hasan
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 9:08am (UTC)

CSRF + XSS leads to ATO

👉 https://hackerone.com/reports/1081148

🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 9:11am (UTC)

[mcs.mail.ru] Пользователь с ролью наблюдателя может создавать ключи доступа для очереди сообщений (sqs.mcs.mail.ru)

👉 https://hackerone.com/reports/1177451

🔹 Severity: Medium | 💰 15,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mrd0x1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 12:55pm (UTC)

[com.icq.mobile.client] Любое стороннее приложение может угнать сессию, а также другие файлы приложения

👉 https://hackerone.com/reports/1029457

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #igorpyan
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 12:55pm (UTC)