SPF Misconfiguration
👉 https://hackerone.com/reports/916170
🔹 Severity: Low
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #meme-man
🔹 State: ⚪️ Informative
🔹 Disclosed: June 30, 2021, 1:03pm (UTC)
👉 https://hackerone.com/reports/916170
🔹 Severity: Low
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #meme-man
🔹 State: ⚪️ Informative
🔹 Disclosed: June 30, 2021, 1:03pm (UTC)
Information disclosure via Spring Boot Actuators on gonext-stage.engelvoelkers.com
👉 https://hackerone.com/reports/914719
🔹 Severity: Critical
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #b1ackgamba
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:19pm (UTC)
👉 https://hackerone.com/reports/914719
🔹 Severity: Critical
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #b1ackgamba
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:19pm (UTC)
reflected xss in ██████
👉 https://hackerone.com/reports/909576
🔹 Severity: Medium
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #ahmedalroky
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 30, 2021, 1:20pm (UTC)
👉 https://hackerone.com/reports/909576
🔹 Severity: Medium
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #ahmedalroky
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 30, 2021, 1:20pm (UTC)
XSS reflected
👉 https://hackerone.com/reports/1030397
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #er_salil
🔹 State: ⚪️ Informative
🔹 Disclosed: June 30, 2021, 1:23pm (UTC)
👉 https://hackerone.com/reports/1030397
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #er_salil
🔹 State: ⚪️ Informative
🔹 Disclosed: June 30, 2021, 1:23pm (UTC)
CSS-Reflected
👉 https://hackerone.com/reports/1032001
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #er_salil
🔹 State: ⚪️ Informative
🔹 Disclosed: June 30, 2021, 1:24pm (UTC)
👉 https://hackerone.com/reports/1032001
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #er_salil
🔹 State: ⚪️ Informative
🔹 Disclosed: June 30, 2021, 1:24pm (UTC)
rXSS on https://mackeeperapp.mackeeper.com/landings/download-blue/
👉 https://hackerone.com/reports/1206020
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Clario
🔹 Reported By: #trungnd95
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:25pm (UTC)
👉 https://hackerone.com/reports/1206020
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Clario
🔹 Reported By: #trungnd95
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:25pm (UTC)
XXE on www.publish.engelvoelkers.com
👉 https://hackerone.com/reports/914801
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #b1ackgamba
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:32pm (UTC)
👉 https://hackerone.com/reports/914801
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #b1ackgamba
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:32pm (UTC)
Blind SSRF on infodesk.engelvoelkers.com via proxy.php
👉 https://hackerone.com/reports/1051431
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #mikkocarreon
🔹 State: ⚪️ Informative
🔹 Disclosed: June 30, 2021, 1:37pm (UTC)
👉 https://hackerone.com/reports/1051431
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #mikkocarreon
🔹 State: ⚪️ Informative
🔹 Disclosed: June 30, 2021, 1:37pm (UTC)
CVE-2019-11248 on alertmanager.ev-cloud-platform.engelvoelkers.com
👉 https://hackerone.com/reports/1102283
🔹 Severity: Low
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #iamthefrogy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:39pm (UTC)
👉 https://hackerone.com/reports/1102283
🔹 Severity: Low
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #iamthefrogy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:39pm (UTC)
Grafana default username password authentication into the Grafana platform of the grafana.ev-cloud-platform.engelvoelkers.com
👉 https://hackerone.com/reports/1102297
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #iamthefrogy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:41pm (UTC)
👉 https://hackerone.com/reports/1102297
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #iamthefrogy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:41pm (UTC)
Remote Code Execution (RCE) at "juid" parameter in /get_zip.php (printshop.engelvoelkers.com)
👉 https://hackerone.com/reports/914392
🔹 Severity: Critical
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #djurado
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 2:09pm (UTC)
👉 https://hackerone.com/reports/914392
🔹 Severity: Critical
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #djurado
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 2:09pm (UTC)
Report Bulk endpoint "agree-on-going-public" action may reveal Report disclosure state for invite-only programs
👉 https://hackerone.com/reports/1219011
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #clubbable
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 2:21pm (UTC)
👉 https://hackerone.com/reports/1219011
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #clubbable
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 2:21pm (UTC)
[█████████] Reflected Cross-Site Scripting Vulnerability
👉 https://hackerone.com/reports/1196989
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:38pm (UTC)
👉 https://hackerone.com/reports/1196989
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:38pm (UTC)
Unauthorized access to admin panel of the Questionmark Perception system at https://██████████
👉 https://hackerone.com/reports/1026146
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #qdoan95
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:41pm (UTC)
👉 https://hackerone.com/reports/1026146
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #qdoan95
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:41pm (UTC)
[www.███] Reflected Cross-Site Scripting
👉 https://hackerone.com/reports/1184644
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:42pm (UTC)
👉 https://hackerone.com/reports/1184644
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:42pm (UTC)
CSRF Based XSS @ https://██████████
👉 https://hackerone.com/reports/1147949
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:44pm (UTC)
👉 https://hackerone.com/reports/1147949
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:44pm (UTC)
Self stored Xss + Login Csrf
👉 https://hackerone.com/reports/1092678
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #biest
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:45pm (UTC)
👉 https://hackerone.com/reports/1092678
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #biest
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:45pm (UTC)
Reflected XSS at [████████]
👉 https://hackerone.com/reports/1196945
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #prophet
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:45pm (UTC)
👉 https://hackerone.com/reports/1196945
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #prophet
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:45pm (UTC)
IDOR while uploading ████ attachments at [█████████]
👉 https://hackerone.com/reports/1196976
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #prophet
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:47pm (UTC)
👉 https://hackerone.com/reports/1196976
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #prophet
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:47pm (UTC)
Reflected XSS on https://help.glassdoor.com/GD_HC_EmbeddedChatVF
👉 https://hackerone.com/reports/1244053
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #l0cpd
🔹 State: 🟢 Resolved
🔹 Disclosed: July 1, 2021, 2:48pm (UTC)
👉 https://hackerone.com/reports/1244053
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #l0cpd
🔹 State: 🟢 Resolved
🔹 Disclosed: July 1, 2021, 2:48pm (UTC)
Ratelimiting can be bypassed using IPv6 subnets
👉 https://hackerone.com/reports/1154003
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #sjw
🔹 State: 🟢 Resolved
🔹 Disclosed: July 1, 2021, 6:02pm (UTC)
👉 https://hackerone.com/reports/1154003
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #sjw
🔹 State: 🟢 Resolved
🔹 Disclosed: July 1, 2021, 6:02pm (UTC)