Reflected XSS on cz.acronis.com/dekujeme-za-odber-novinek-produktu-disk-director with ability to creating an admin user in WordPress
👉 https://hackerone.com/reports/935503
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #cabelo
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 12:56pm (UTC)
👉 https://hackerone.com/reports/935503
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #cabelo
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 12:56pm (UTC)
Local File Disclosure /Delete On [us-az-vpn.acronis.com]
👉 https://hackerone.com/reports/924407
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Acronis
🔹 Reported By: #10nf
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 2:47pm (UTC)
👉 https://hackerone.com/reports/924407
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Acronis
🔹 Reported By: #10nf
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 2:47pm (UTC)
Reflected XSS on my.acronis.com
👉 https://hackerone.com/reports/1168962
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #f_m
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 4:35pm (UTC)
👉 https://hackerone.com/reports/1168962
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #f_m
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 4:35pm (UTC)
SQL injection on admin.acronis.host development web service
👉 https://hackerone.com/reports/923020
🔹 Severity: High | 💰 250 USD
🔹 Reported To: Acronis
🔹 Reported By: #stealthy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 6:12pm (UTC)
👉 https://hackerone.com/reports/923020
🔹 Severity: High | 💰 250 USD
🔹 Reported To: Acronis
🔹 Reported By: #stealthy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 6:12pm (UTC)
[GO]: CWE-326: Insufficient key size
👉 https://hackerone.com/reports/1212272
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 10:59pm (UTC)
👉 https://hackerone.com/reports/1212272
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 10:59pm (UTC)
[Python] CWE-090: LDAP Injection
👉 https://hackerone.com/reports/1212273
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 10:59pm (UTC)
👉 https://hackerone.com/reports/1212273
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 10:59pm (UTC)
[JAVA]: CWE-347 - Improper Verification of Cryptographic Signature : Potential for Auth Bypass
👉 https://hackerone.com/reports/1212274
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
👉 https://hackerone.com/reports/1212274
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
Python: Add support of clickhouse-driver package
👉 https://hackerone.com/reports/1217143
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #japroc
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
👉 https://hackerone.com/reports/1217143
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #japroc
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
ihsinme:CPP Add query for CWE-415 Double Free
👉 https://hackerone.com/reports/1219491
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
👉 https://hackerone.com/reports/1219491
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
[Java]: CWE-730 Regex injection
👉 https://hackerone.com/reports/1219492
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
👉 https://hackerone.com/reports/1219492
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:00pm (UTC)
[Java] CWE-295 - Incorrect Hostname Verification - MitM
👉 https://hackerone.com/reports/1219493
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:01pm (UTC)
👉 https://hackerone.com/reports/1219493
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:01pm (UTC)
ihsinme: CPP Add query for CWE-1126: Declaration of Variable with Unnecessarily Wide Scope
👉 https://hackerone.com/reports/1219494
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:01pm (UTC)
👉 https://hackerone.com/reports/1219494
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:01pm (UTC)
[Java] BeanShell Injection
👉 https://hackerone.com/reports/1241574
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:01pm (UTC)
👉 https://hackerone.com/reports/1241574
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:01pm (UTC)
[Java]: CWE-502 Add UnsafeDeserialization sinks
👉 https://hackerone.com/reports/1241575
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
👉 https://hackerone.com/reports/1241575
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
[GO] CWE-1004: Sensitive cookie without HttpOnly
👉 https://hackerone.com/reports/1241576
🔹 Severity: Low
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
👉 https://hackerone.com/reports/1241576
🔹 Severity: Low
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
[JavaScript]: CWE-1004: Sensitive cookie without HttpOnly
👉 https://hackerone.com/reports/1241577
🔹 Severity: Low
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
👉 https://hackerone.com/reports/1241577
🔹 Severity: Low
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
ihsinme: CPP Add query for CWE-783 Operator Precedence Logic Error When Use Bool Type
👉 https://hackerone.com/reports/1241578
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
👉 https://hackerone.com/reports/1241578
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
Java: CodeQL query for unsafe RMI deserialization
👉 https://hackerone.com/reports/1241579
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:03pm (UTC)
👉 https://hackerone.com/reports/1241579
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:03pm (UTC)
C++: Support Pqxx connector to search for sql injections to Postgres
👉 https://hackerone.com/reports/1241583
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:03pm (UTC)
👉 https://hackerone.com/reports/1241583
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:03pm (UTC)
Insufficient Session Expiration
👉 https://hackerone.com/reports/1241483
🔹 Severity: Low
🔹 Reported To: Urban Company
🔹 Reported By: #vibhushan
🔹 State: 🔴 N/A
🔹 Disclosed: June 23, 2021, 11:44am (UTC)
👉 https://hackerone.com/reports/1241483
🔹 Severity: Low
🔹 Reported To: Urban Company
🔹 Reported By: #vibhushan
🔹 State: 🔴 N/A
🔹 Disclosed: June 23, 2021, 11:44am (UTC)
Firebase Database Takeover in Zego Sense Android app
👉 https://hackerone.com/reports/1065134
🔹 Severity: High
🔹 Reported To: Zego
🔹 Reported By: #sheikhrishad0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 23, 2021, 4:04pm (UTC)
👉 https://hackerone.com/reports/1065134
🔹 Severity: High
🔹 Reported To: Zego
🔹 Reported By: #sheikhrishad0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 23, 2021, 4:04pm (UTC)