No brute force protection on web-api-cloud.acronis.com
👉 https://hackerone.com/reports/972045
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #hensis
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:46am (UTC)
👉 https://hackerone.com/reports/972045
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #hensis
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:46am (UTC)
Session Hijacking leads to full control of account by attacker
👉 https://hackerone.com/reports/1201396
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #sampritdas
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 4:05pm (UTC)
👉 https://hackerone.com/reports/1201396
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #sampritdas
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 4:05pm (UTC)
Open redirect в карусели сообщения бота
👉 https://hackerone.com/reports/1206117
🔹 Severity: Low | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #manaenckov
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 6:13pm (UTC)
👉 https://hackerone.com/reports/1206117
🔹 Severity: Low | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #manaenckov
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 6:13pm (UTC)
Report Duplicate Detector can match deleted and draft reports, may disclose noscript and vulnerability information
👉 https://hackerone.com/reports/1242680
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #jobert
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 7:34pm (UTC)
👉 https://hackerone.com/reports/1242680
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #jobert
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 7:34pm (UTC)
XSS in (Support Requests) : User Cases
👉 https://hackerone.com/reports/961226
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #soulx01
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:26pm (UTC)
👉 https://hackerone.com/reports/961226
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #soulx01
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 8:26pm (UTC)
Stored XSS in IE11 on hackerone.com via custom fields
👉 https://hackerone.com/reports/1173040
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #tester2020
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 11:40pm (UTC)
👉 https://hackerone.com/reports/1173040
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #tester2020
🔹 State: 🟢 Resolved
🔹 Disclosed: June 24, 2021, 11:40pm (UTC)
Subdomain takeover of v.zego.com
👉 https://hackerone.com/reports/1180697
🔹 Severity: High
🔹 Reported To: Zego
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: June 26, 2021, 4:22am (UTC)
👉 https://hackerone.com/reports/1180697
🔹 Severity: High
🔹 Reported To: Zego
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: June 26, 2021, 4:22am (UTC)
Stored XSS in backup scanning plan name
👉 https://hackerone.com/reports/961046
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Acronis
🔹 Reported By: #sbakhour
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 3:11am (UTC)
👉 https://hackerone.com/reports/961046
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Acronis
🔹 Reported By: #sbakhour
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 3:11am (UTC)
Self XSS on Acronis Cyber Cloud
👉 https://hackerone.com/reports/957229
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #sbakhour
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 3:12am (UTC)
👉 https://hackerone.com/reports/957229
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #sbakhour
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 3:12am (UTC)
Exposed data of credit card details to hacker or attacker.
👉 https://hackerone.com/reports/1245094
🔹 Severity: Medium
🔹 Reported To: Urban Company
🔹 Reported By: #nispat
🔹 State: 🔴 N/A
🔹 Disclosed: June 28, 2021, 4:53am (UTC)
👉 https://hackerone.com/reports/1245094
🔹 Severity: Medium
🔹 Reported To: Urban Company
🔹 Reported By: #nispat
🔹 State: 🔴 N/A
🔹 Disclosed: June 28, 2021, 4:53am (UTC)
Bypass of SSRF Vulnerability
👉 https://hackerone.com/reports/879803
🔹 Severity: High
🔹 Reported To: Node.js third-party modules
🔹 Reported By: #njgadhiya
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 28, 2021, 8:34am (UTC)
👉 https://hackerone.com/reports/879803
🔹 Severity: High
🔹 Reported To: Node.js third-party modules
🔹 Reported By: #njgadhiya
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 28, 2021, 8:34am (UTC)
Prototype Pollution Vulnerability in noble Package
👉 https://hackerone.com/reports/390857
🔹 Severity: High
🔹 Reported To: Node.js third-party modules
🔹 Reported By: #cris_semmle
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 8:38am (UTC)
👉 https://hackerone.com/reports/390857
🔹 Severity: High
🔹 Reported To: Node.js third-party modules
🔹 Reported By: #cris_semmle
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 8:38am (UTC)
Server-side Template Injection in lodash.js
👉 https://hackerone.com/reports/904672
🔹 Severity: High
🔹 Reported To: Node.js third-party modules
🔹 Reported By: #zerohex
🔹 State: ⚪️ Informative
🔹 Disclosed: June 28, 2021, 8:43am (UTC)
👉 https://hackerone.com/reports/904672
🔹 Severity: High
🔹 Reported To: Node.js third-party modules
🔹 Reported By: #zerohex
🔹 State: ⚪️ Informative
🔹 Disclosed: June 28, 2021, 8:43am (UTC)
clickjacking at brew.sh
👉 https://hackerone.com/reports/1245972
🔹 Severity: Low
🔹 Reported To: Homebrew
🔹 Reported By: #sai545
🔹 State: 🔴 N/A
🔹 Disclosed: June 28, 2021, 9:56am (UTC)
👉 https://hackerone.com/reports/1245972
🔹 Severity: Low
🔹 Reported To: Homebrew
🔹 Reported By: #sai545
🔹 State: 🔴 N/A
🔹 Disclosed: June 28, 2021, 9:56am (UTC)
Open URL Redirection
👉 https://hackerone.com/reports/1238684
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Unikrn
🔹 Reported By: #stark303
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 10:03am (UTC)
👉 https://hackerone.com/reports/1238684
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Unikrn
🔹 Reported By: #stark303
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 10:03am (UTC)
F5 BIG-IP Cookie potentially reveal BigIP pool name, backend's IP address and port, routed domain.
👉 https://hackerone.com/reports/1211094
🔹 Severity: Low
🔹 Reported To: Informatica
🔹 Reported By: #k4b33r_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1211094
🔹 Severity: Low
🔹 Reported To: Informatica
🔹 Reported By: #k4b33r_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 11:19am (UTC)
Untrusted deserialization issue when loading newrelic.yml file in Java agent leads to code execution on host
👉 https://hackerone.com/reports/1109620
🔹 Severity: Low | 💰 768 USD
🔹 Reported To: New Relic
🔹 Reported By: #j0v
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 1:00pm (UTC)
👉 https://hackerone.com/reports/1109620
🔹 Severity: Low | 💰 768 USD
🔹 Reported To: New Relic
🔹 Reported By: #j0v
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 1:00pm (UTC)
Account Takeover via Email ID Change and Forgot Password Functionality
👉 https://hackerone.com/reports/1089467
🔹 Severity: High | 💰 2,048 USD
🔹 Reported To: New Relic
🔹 Reported By: #dsdh
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 2:44pm (UTC)
👉 https://hackerone.com/reports/1089467
🔹 Severity: High | 💰 2,048 USD
🔹 Reported To: New Relic
🔹 Reported By: #dsdh
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 2:44pm (UTC)
Responsible Disclosure of Privacy Leakage Issue
👉 https://hackerone.com/reports/1089914
🔹 Severity: High
🔹 Reported To: GitLab
🔹 Reported By: #mzaheri
🔹 State: ⚪️ Informative
🔹 Disclosed: June 29, 2021, 6:31am (UTC)
👉 https://hackerone.com/reports/1089914
🔹 Severity: High
🔹 Reported To: GitLab
🔹 Reported By: #mzaheri
🔹 State: ⚪️ Informative
🔹 Disclosed: June 29, 2021, 6:31am (UTC)
Unauthenticated SSRF in jira.tochka.com leading to RCE in confluence.bank24.int
👉 https://hackerone.com/reports/713900
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: QIWI
🔹 Reported By: #alexeypetrenko
🔹 State: 🟢 Resolved
🔹 Disclosed: June 29, 2021, 8:43am (UTC)
👉 https://hackerone.com/reports/713900
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: QIWI
🔹 Reported By: #alexeypetrenko
🔹 State: 🟢 Resolved
🔹 Disclosed: June 29, 2021, 8:43am (UTC)
Cross-Site Scripting thorough XSSJacking/PasteJacking Technique
👉 https://hackerone.com/reports/893240
🔹 Severity: No Rating
🔹 Reported To: Zivver
🔹 Reported By: #njgadhiya
🔹 State: ⚪️ Informative
🔹 Disclosed: June 29, 2021, 10:37am (UTC)
👉 https://hackerone.com/reports/893240
🔹 Severity: No Rating
🔹 Reported To: Zivver
🔹 Reported By: #njgadhiya
🔹 State: ⚪️ Informative
🔹 Disclosed: June 29, 2021, 10:37am (UTC)