[GO] CWE-1004: Sensitive cookie without HttpOnly
👉 https://hackerone.com/reports/1241576
🔹 Severity: Low
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
👉 https://hackerone.com/reports/1241576
🔹 Severity: Low
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
[JavaScript]: CWE-1004: Sensitive cookie without HttpOnly
👉 https://hackerone.com/reports/1241577
🔹 Severity: Low
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
👉 https://hackerone.com/reports/1241577
🔹 Severity: Low
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
ihsinme: CPP Add query for CWE-783 Operator Precedence Logic Error When Use Bool Type
👉 https://hackerone.com/reports/1241578
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
👉 https://hackerone.com/reports/1241578
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:02pm (UTC)
Java: CodeQL query for unsafe RMI deserialization
👉 https://hackerone.com/reports/1241579
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:03pm (UTC)
👉 https://hackerone.com/reports/1241579
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:03pm (UTC)
C++: Support Pqxx connector to search for sql injections to Postgres
👉 https://hackerone.com/reports/1241583
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:03pm (UTC)
👉 https://hackerone.com/reports/1241583
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: June 22, 2021, 11:03pm (UTC)
Insufficient Session Expiration
👉 https://hackerone.com/reports/1241483
🔹 Severity: Low
🔹 Reported To: Urban Company
🔹 Reported By: #vibhushan
🔹 State: 🔴 N/A
🔹 Disclosed: June 23, 2021, 11:44am (UTC)
👉 https://hackerone.com/reports/1241483
🔹 Severity: Low
🔹 Reported To: Urban Company
🔹 Reported By: #vibhushan
🔹 State: 🔴 N/A
🔹 Disclosed: June 23, 2021, 11:44am (UTC)
Firebase Database Takeover in Zego Sense Android app
👉 https://hackerone.com/reports/1065134
🔹 Severity: High
🔹 Reported To: Zego
🔹 Reported By: #sheikhrishad0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 23, 2021, 4:04pm (UTC)
👉 https://hackerone.com/reports/1065134
🔹 Severity: High
🔹 Reported To: Zego
🔹 Reported By: #sheikhrishad0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 23, 2021, 4:04pm (UTC)
ccc ctf
👉 https://hackerone.com/reports/1216085
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #shamollash
🔹 State: 🟢 Resolved
🔹 Disclosed: June 23, 2021, 4:18pm (UTC)
👉 https://hackerone.com/reports/1216085
🔹 Severity: Critical | 💰 100 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #shamollash
🔹 State: 🟢 Resolved
🔹 Disclosed: June 23, 2021, 4:18pm (UTC)
anti_ransomware_service.exe REST API does not require authentication
👉 https://hackerone.com/reports/858608
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Acronis
🔹 Reported By: #mjoensen
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:20am (UTC)
👉 https://hackerone.com/reports/858608
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Acronis
🔹 Reported By: #mjoensen
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:20am (UTC)
Local Privilege Escalation in anti_ransomware_service.exe via quarantine
👉 https://hackerone.com/reports/858598
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Acronis
🔹 Reported By: #mjoensen
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:21am (UTC)
👉 https://hackerone.com/reports/858598
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Acronis
🔹 Reported By: #mjoensen
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:21am (UTC)
Denial of Service in anti_ransomware_service.exe via logs files
👉 https://hackerone.com/reports/858603
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Acronis
🔹 Reported By: #mjoensen
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:21am (UTC)
👉 https://hackerone.com/reports/858603
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Acronis
🔹 Reported By: #mjoensen
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:21am (UTC)
No brute force protection on web-api-cloud.acronis.com
👉 https://hackerone.com/reports/972045
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #hensis
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:46am (UTC)
👉 https://hackerone.com/reports/972045
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #hensis
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:46am (UTC)
Session Hijacking leads to full control of account by attacker
👉 https://hackerone.com/reports/1201396
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #sampritdas
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 4:05pm (UTC)
👉 https://hackerone.com/reports/1201396
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #sampritdas
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 4:05pm (UTC)
Open redirect в карусели сообщения бота
👉 https://hackerone.com/reports/1206117
🔹 Severity: Low | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #manaenckov
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 6:13pm (UTC)
👉 https://hackerone.com/reports/1206117
🔹 Severity: Low | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #manaenckov
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 6:13pm (UTC)
Report Duplicate Detector can match deleted and draft reports, may disclose noscript and vulnerability information
👉 https://hackerone.com/reports/1242680
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #jobert
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 7:34pm (UTC)
👉 https://hackerone.com/reports/1242680
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #jobert
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 7:34pm (UTC)
XSS in (Support Requests) : User Cases
👉 https://hackerone.com/reports/961226
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #soulx01
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:26pm (UTC)
👉 https://hackerone.com/reports/961226
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #soulx01
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:26pm (UTC)
Stored XSS in IE11 on hackerone.com via custom fields
👉 https://hackerone.com/reports/1173040
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #tester2020
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 11:40pm (UTC)
👉 https://hackerone.com/reports/1173040
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #tester2020
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 11:40pm (UTC)
Subdomain takeover of v.zego.com
👉 https://hackerone.com/reports/1180697
🔹 Severity: High
🔹 Reported To: Zego
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: June 26, 2021, 4:22am (UTC)
👉 https://hackerone.com/reports/1180697
🔹 Severity: High
🔹 Reported To: Zego
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: June 26, 2021, 4:22am (UTC)
Stored XSS in backup scanning plan name
👉 https://hackerone.com/reports/961046
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Acronis
🔹 Reported By: #sbakhour
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 3:11am (UTC)
👉 https://hackerone.com/reports/961046
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Acronis
🔹 Reported By: #sbakhour
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 3:11am (UTC)
Self XSS on Acronis Cyber Cloud
👉 https://hackerone.com/reports/957229
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #sbakhour
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 3:12am (UTC)
👉 https://hackerone.com/reports/957229
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #sbakhour
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 3:12am (UTC)
Exposed data of credit card details to hacker or attacker.
👉 https://hackerone.com/reports/1245094
🔹 Severity: Medium
🔹 Reported To: Urban Company
🔹 Reported By: #nispat
🔹 State: 🔴 N/A
🔹 Disclosed: June 28, 2021, 4:53am (UTC)
👉 https://hackerone.com/reports/1245094
🔹 Severity: Medium
🔹 Reported To: Urban Company
🔹 Reported By: #nispat
🔹 State: 🔴 N/A
🔹 Disclosed: June 28, 2021, 4:53am (UTC)