A malicious user can upload a malicious noscript through managesieve and trigger its execution in order to consume almost 100% of CPU (LMTP).
👉 https://hackerone.com/reports/989668
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #rumata
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 4:42pm (UTC)
👉 https://hackerone.com/reports/989668
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #rumata
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 4:42pm (UTC)
Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation
👉 https://hackerone.com/reports/1218173
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #foysalahmed
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 21, 2021, 7:56pm (UTC)
👉 https://hackerone.com/reports/1218173
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #foysalahmed
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 21, 2021, 7:56pm (UTC)
100K CTF's Writeup
👉 https://hackerone.com/reports/1216591
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #dexter0us
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 8:44pm (UTC)
👉 https://hackerone.com/reports/1216591
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #dexter0us
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 8:44pm (UTC)
CCC H1 June 2021 CTF Writeup
👉 https://hackerone.com/reports/1217114
🔹 Severity: Critical
🔹 Reported To: h1-ctf
🔹 Reported By: #pmnh
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 8:44pm (UTC)
👉 https://hackerone.com/reports/1217114
🔹 Severity: Critical
🔹 Reported To: h1-ctf
🔹 Reported By: #pmnh
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 8:44pm (UTC)
HackerOne’s 100K CTF Writeup
👉 https://hackerone.com/reports/1218708
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #rykkard
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 9:51pm (UTC)
👉 https://hackerone.com/reports/1218708
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #rykkard
🔹 State: 🟢 Resolved
🔹 Disclosed: June 21, 2021, 9:51pm (UTC)
internal path disclosure via error message
👉 https://hackerone.com/reports/1191534
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #ali-h-hasan
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 9:08am (UTC)
👉 https://hackerone.com/reports/1191534
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #ali-h-hasan
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 9:08am (UTC)
CSRF + XSS leads to ATO
👉 https://hackerone.com/reports/1081148
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 9:11am (UTC)
👉 https://hackerone.com/reports/1081148
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 9:11am (UTC)
[mcs.mail.ru] Пользователь с ролью наблюдателя может создавать ключи доступа для очереди сообщений (sqs.mcs.mail.ru)
👉 https://hackerone.com/reports/1177451
🔹 Severity: Medium | 💰 15,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mrd0x1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 12:55pm (UTC)
👉 https://hackerone.com/reports/1177451
🔹 Severity: Medium | 💰 15,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mrd0x1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 12:55pm (UTC)
[com.icq.mobile.client] Любое стороннее приложение может угнать сессию, а также другие файлы приложения
👉 https://hackerone.com/reports/1029457
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #igorpyan
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 12:55pm (UTC)
👉 https://hackerone.com/reports/1029457
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #igorpyan
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 12:55pm (UTC)
Reflected XSS on cz.acronis.com/dekujeme-za-odber-novinek-produktu-disk-director with ability to creating an admin user in WordPress
👉 https://hackerone.com/reports/935503
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #cabelo
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 12:56pm (UTC)
👉 https://hackerone.com/reports/935503
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #cabelo
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 12:56pm (UTC)
Local File Disclosure /Delete On [us-az-vpn.acronis.com]
👉 https://hackerone.com/reports/924407
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Acronis
🔹 Reported By: #10nf
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 2:47pm (UTC)
👉 https://hackerone.com/reports/924407
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Acronis
🔹 Reported By: #10nf
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 2:47pm (UTC)
Reflected XSS on my.acronis.com
👉 https://hackerone.com/reports/1168962
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #f_m
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 4:35pm (UTC)
👉 https://hackerone.com/reports/1168962
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #f_m
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 4:35pm (UTC)
SQL injection on admin.acronis.host development web service
👉 https://hackerone.com/reports/923020
🔹 Severity: High | 💰 250 USD
🔹 Reported To: Acronis
🔹 Reported By: #stealthy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 6:12pm (UTC)
👉 https://hackerone.com/reports/923020
🔹 Severity: High | 💰 250 USD
🔹 Reported To: Acronis
🔹 Reported By: #stealthy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 6:12pm (UTC)
[GO]: CWE-326: Insufficient key size
👉 https://hackerone.com/reports/1212272
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 10:59pm (UTC)
👉 https://hackerone.com/reports/1212272
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 10:59pm (UTC)
[Python] CWE-090: LDAP Injection
👉 https://hackerone.com/reports/1212273
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 10:59pm (UTC)
👉 https://hackerone.com/reports/1212273
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 10:59pm (UTC)
[JAVA]: CWE-347 - Improper Verification of Cryptographic Signature : Potential for Auth Bypass
👉 https://hackerone.com/reports/1212274
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
👉 https://hackerone.com/reports/1212274
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
Python: Add support of clickhouse-driver package
👉 https://hackerone.com/reports/1217143
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #japroc
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
👉 https://hackerone.com/reports/1217143
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #japroc
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
ihsinme:CPP Add query for CWE-415 Double Free
👉 https://hackerone.com/reports/1219491
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
👉 https://hackerone.com/reports/1219491
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
[Java]: CWE-730 Regex injection
👉 https://hackerone.com/reports/1219492
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
👉 https://hackerone.com/reports/1219492
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
[Java] CWE-295 - Incorrect Hostname Verification - MitM
👉 https://hackerone.com/reports/1219493
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:01pm (UTC)
👉 https://hackerone.com/reports/1219493
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:01pm (UTC)
ihsinme: CPP Add query for CWE-1126: Declaration of Variable with Unnecessarily Wide Scope
👉 https://hackerone.com/reports/1219494
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:01pm (UTC)
👉 https://hackerone.com/reports/1219494
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:01pm (UTC)