Server-side Template Injection in lodash.js
👉 https://hackerone.com/reports/904672
🔹 Severity: High
🔹 Reported To: Node.js third-party modules
🔹 Reported By: #zerohex
🔹 State: ⚪️ Informative
🔹 Disclosed: June 28, 2021, 8:43am (UTC)
👉 https://hackerone.com/reports/904672
🔹 Severity: High
🔹 Reported To: Node.js third-party modules
🔹 Reported By: #zerohex
🔹 State: ⚪️ Informative
🔹 Disclosed: June 28, 2021, 8:43am (UTC)
clickjacking at brew.sh
👉 https://hackerone.com/reports/1245972
🔹 Severity: Low
🔹 Reported To: Homebrew
🔹 Reported By: #sai545
🔹 State: 🔴 N/A
🔹 Disclosed: June 28, 2021, 9:56am (UTC)
👉 https://hackerone.com/reports/1245972
🔹 Severity: Low
🔹 Reported To: Homebrew
🔹 Reported By: #sai545
🔹 State: 🔴 N/A
🔹 Disclosed: June 28, 2021, 9:56am (UTC)
Open URL Redirection
👉 https://hackerone.com/reports/1238684
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Unikrn
🔹 Reported By: #stark303
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 10:03am (UTC)
👉 https://hackerone.com/reports/1238684
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Unikrn
🔹 Reported By: #stark303
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 10:03am (UTC)
F5 BIG-IP Cookie potentially reveal BigIP pool name, backend's IP address and port, routed domain.
👉 https://hackerone.com/reports/1211094
🔹 Severity: Low
🔹 Reported To: Informatica
🔹 Reported By: #k4b33r_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1211094
🔹 Severity: Low
🔹 Reported To: Informatica
🔹 Reported By: #k4b33r_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 11:19am (UTC)
Untrusted deserialization issue when loading newrelic.yml file in Java agent leads to code execution on host
👉 https://hackerone.com/reports/1109620
🔹 Severity: Low | 💰 768 USD
🔹 Reported To: New Relic
🔹 Reported By: #j0v
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 1:00pm (UTC)
👉 https://hackerone.com/reports/1109620
🔹 Severity: Low | 💰 768 USD
🔹 Reported To: New Relic
🔹 Reported By: #j0v
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 1:00pm (UTC)
Account Takeover via Email ID Change and Forgot Password Functionality
👉 https://hackerone.com/reports/1089467
🔹 Severity: High | 💰 2,048 USD
🔹 Reported To: New Relic
🔹 Reported By: #dsdh
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 2:44pm (UTC)
👉 https://hackerone.com/reports/1089467
🔹 Severity: High | 💰 2,048 USD
🔹 Reported To: New Relic
🔹 Reported By: #dsdh
🔹 State: 🟢 Resolved
🔹 Disclosed: June 28, 2021, 2:44pm (UTC)
Responsible Disclosure of Privacy Leakage Issue
👉 https://hackerone.com/reports/1089914
🔹 Severity: High
🔹 Reported To: GitLab
🔹 Reported By: #mzaheri
🔹 State: ⚪️ Informative
🔹 Disclosed: June 29, 2021, 6:31am (UTC)
👉 https://hackerone.com/reports/1089914
🔹 Severity: High
🔹 Reported To: GitLab
🔹 Reported By: #mzaheri
🔹 State: ⚪️ Informative
🔹 Disclosed: June 29, 2021, 6:31am (UTC)
Unauthenticated SSRF in jira.tochka.com leading to RCE in confluence.bank24.int
👉 https://hackerone.com/reports/713900
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: QIWI
🔹 Reported By: #alexeypetrenko
🔹 State: 🟢 Resolved
🔹 Disclosed: June 29, 2021, 8:43am (UTC)
👉 https://hackerone.com/reports/713900
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: QIWI
🔹 Reported By: #alexeypetrenko
🔹 State: 🟢 Resolved
🔹 Disclosed: June 29, 2021, 8:43am (UTC)
Cross-Site Scripting thorough XSSJacking/PasteJacking Technique
👉 https://hackerone.com/reports/893240
🔹 Severity: No Rating
🔹 Reported To: Zivver
🔹 Reported By: #njgadhiya
🔹 State: ⚪️ Informative
🔹 Disclosed: June 29, 2021, 10:37am (UTC)
👉 https://hackerone.com/reports/893240
🔹 Severity: No Rating
🔹 Reported To: Zivver
🔹 Reported By: #njgadhiya
🔹 State: ⚪️ Informative
🔹 Disclosed: June 29, 2021, 10:37am (UTC)
Google Maps API key stored as plain text leading to DOS and financial damage
👉 https://hackerone.com/reports/1093667
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Zenly
🔹 Reported By: #sdushantha
🔹 State: 🟢 Resolved
🔹 Disclosed: June 29, 2021, 10:56am (UTC)
👉 https://hackerone.com/reports/1093667
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Zenly
🔹 Reported By: #sdushantha
🔹 State: 🟢 Resolved
🔹 Disclosed: June 29, 2021, 10:56am (UTC)
PIN bypass
👉 https://hackerone.com/reports/1242212
🔹 Severity: Critical
🔹 Reported To: MyEtherWallet
🔹 Reported By: #tushar_9905
🔹 State: ⚪️ Informative
🔹 Disclosed: June 29, 2021, 8:19pm (UTC)
👉 https://hackerone.com/reports/1242212
🔹 Severity: Critical
🔹 Reported To: MyEtherWallet
🔹 Reported By: #tushar_9905
🔹 State: ⚪️ Informative
🔹 Disclosed: June 29, 2021, 8:19pm (UTC)
CORS misconfiguration
👉 https://hackerone.com/reports/1187543
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #coptech77
🔹 State: ⚪️ Informative
🔹 Disclosed: June 29, 2021, 11:12pm (UTC)
👉 https://hackerone.com/reports/1187543
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #coptech77
🔹 State: ⚪️ Informative
🔹 Disclosed: June 29, 2021, 11:12pm (UTC)
Post-Auth Stored XSS with User Interaction leads to Remote Code Execution
👉 https://hackerone.com/reports/1132202
🔹 Severity: High
🔹 Reported To: Rocket.Chat
🔹 Reported By: #sonarsource
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 10:55am (UTC)
👉 https://hackerone.com/reports/1132202
🔹 Severity: High
🔹 Reported To: Rocket.Chat
🔹 Reported By: #sonarsource
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 10:55am (UTC)
SQL Injection at /displayPDF.php (printshop.engelvoelkers.com)
👉 https://hackerone.com/reports/914427
🔹 Severity: Critical
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #djurado
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 12:51pm (UTC)
👉 https://hackerone.com/reports/914427
🔹 Severity: Critical
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #djurado
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 12:51pm (UTC)
Publicly accessible .SVN repository allows downloading entire source code
👉 https://hackerone.com/reports/914194
🔹 Severity: Low
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #djurado
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 12:57pm (UTC)
👉 https://hackerone.com/reports/914194
🔹 Severity: Low
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #djurado
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 12:57pm (UTC)
Information Exposure at https://printshop.engelvoelkers.com/
👉 https://hackerone.com/reports/805642
🔹 Severity: Medium
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #luisk2
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 12:58pm (UTC)
👉 https://hackerone.com/reports/805642
🔹 Severity: Medium
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #luisk2
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 12:58pm (UTC)
Improper authentication on phpmyadmin portal which is hosted in https://eventapp.engelvoelkers.com
👉 https://hackerone.com/reports/915813
🔹 Severity: Low
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #n0nce
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:01pm (UTC)
👉 https://hackerone.com/reports/915813
🔹 Severity: Low
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #n0nce
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:01pm (UTC)
SPF Misconfiguration
👉 https://hackerone.com/reports/916170
🔹 Severity: Low
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #meme-man
🔹 State: ⚪️ Informative
🔹 Disclosed: June 30, 2021, 1:03pm (UTC)
👉 https://hackerone.com/reports/916170
🔹 Severity: Low
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #meme-man
🔹 State: ⚪️ Informative
🔹 Disclosed: June 30, 2021, 1:03pm (UTC)
Information disclosure via Spring Boot Actuators on gonext-stage.engelvoelkers.com
👉 https://hackerone.com/reports/914719
🔹 Severity: Critical
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #b1ackgamba
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:19pm (UTC)
👉 https://hackerone.com/reports/914719
🔹 Severity: Critical
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #b1ackgamba
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:19pm (UTC)
reflected xss in ██████
👉 https://hackerone.com/reports/909576
🔹 Severity: Medium
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #ahmedalroky
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 30, 2021, 1:20pm (UTC)
👉 https://hackerone.com/reports/909576
🔹 Severity: Medium
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #ahmedalroky
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 30, 2021, 1:20pm (UTC)
XSS reflected
👉 https://hackerone.com/reports/1030397
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #er_salil
🔹 State: ⚪️ Informative
🔹 Disclosed: June 30, 2021, 1:23pm (UTC)
👉 https://hackerone.com/reports/1030397
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #er_salil
🔹 State: ⚪️ Informative
🔹 Disclosed: June 30, 2021, 1:23pm (UTC)