CVE-2019-11248 on alertmanager.ev-cloud-platform.engelvoelkers.com
👉 https://hackerone.com/reports/1102283
🔹 Severity: Low
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #iamthefrogy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:39pm (UTC)
👉 https://hackerone.com/reports/1102283
🔹 Severity: Low
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #iamthefrogy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:39pm (UTC)
Grafana default username password authentication into the Grafana platform of the grafana.ev-cloud-platform.engelvoelkers.com
👉 https://hackerone.com/reports/1102297
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #iamthefrogy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:41pm (UTC)
👉 https://hackerone.com/reports/1102297
🔹 Severity: High
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #iamthefrogy
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 1:41pm (UTC)
Remote Code Execution (RCE) at "juid" parameter in /get_zip.php (printshop.engelvoelkers.com)
👉 https://hackerone.com/reports/914392
🔹 Severity: Critical
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #djurado
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 2:09pm (UTC)
👉 https://hackerone.com/reports/914392
🔹 Severity: Critical
🔹 Reported To: Engel & Völkers Technology GmbH
🔹 Reported By: #djurado
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 2:09pm (UTC)
Report Bulk endpoint "agree-on-going-public" action may reveal Report disclosure state for invite-only programs
👉 https://hackerone.com/reports/1219011
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #clubbable
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 2:21pm (UTC)
👉 https://hackerone.com/reports/1219011
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #clubbable
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 2:21pm (UTC)
[█████████] Reflected Cross-Site Scripting Vulnerability
👉 https://hackerone.com/reports/1196989
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:38pm (UTC)
👉 https://hackerone.com/reports/1196989
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:38pm (UTC)
Unauthorized access to admin panel of the Questionmark Perception system at https://██████████
👉 https://hackerone.com/reports/1026146
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #qdoan95
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:41pm (UTC)
👉 https://hackerone.com/reports/1026146
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #qdoan95
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:41pm (UTC)
[www.███] Reflected Cross-Site Scripting
👉 https://hackerone.com/reports/1184644
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:42pm (UTC)
👉 https://hackerone.com/reports/1184644
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:42pm (UTC)
CSRF Based XSS @ https://██████████
👉 https://hackerone.com/reports/1147949
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:44pm (UTC)
👉 https://hackerone.com/reports/1147949
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:44pm (UTC)
Self stored Xss + Login Csrf
👉 https://hackerone.com/reports/1092678
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #biest
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:45pm (UTC)
👉 https://hackerone.com/reports/1092678
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #biest
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:45pm (UTC)
Reflected XSS at [████████]
👉 https://hackerone.com/reports/1196945
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #prophet
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:45pm (UTC)
👉 https://hackerone.com/reports/1196945
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #prophet
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:45pm (UTC)
IDOR while uploading ████ attachments at [█████████]
👉 https://hackerone.com/reports/1196976
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #prophet
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:47pm (UTC)
👉 https://hackerone.com/reports/1196976
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #prophet
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2021, 8:47pm (UTC)
Reflected XSS on https://help.glassdoor.com/GD_HC_EmbeddedChatVF
👉 https://hackerone.com/reports/1244053
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #l0cpd
🔹 State: 🟢 Resolved
🔹 Disclosed: July 1, 2021, 2:48pm (UTC)
👉 https://hackerone.com/reports/1244053
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #l0cpd
🔹 State: 🟢 Resolved
🔹 Disclosed: July 1, 2021, 2:48pm (UTC)
Ratelimiting can be bypassed using IPv6 subnets
👉 https://hackerone.com/reports/1154003
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #sjw
🔹 State: 🟢 Resolved
🔹 Disclosed: July 1, 2021, 6:02pm (UTC)
👉 https://hackerone.com/reports/1154003
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #sjw
🔹 State: 🟢 Resolved
🔹 Disclosed: July 1, 2021, 6:02pm (UTC)
Node Installer Local Privilege Escalation
👉 https://hackerone.com/reports/1211160
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #deepsurface-robert
🔹 State: 🟢 Resolved
🔹 Disclosed: July 1, 2021, 8:00pm (UTC)
👉 https://hackerone.com/reports/1211160
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #deepsurface-robert
🔹 State: 🟢 Resolved
🔹 Disclosed: July 1, 2021, 8:00pm (UTC)
Account takeover by using abandoned email id of victim which has already been changed to new by victim himself on one.newrelic.com
👉 https://hackerone.com/reports/1021232
🔹 Severity: Low | 💰 300 USD
🔹 Reported To: New Relic
🔹 Reported By: #ashmek
🔹 State: 🟢 Resolved
🔹 Disclosed: July 2, 2021, 12:09pm (UTC)
👉 https://hackerone.com/reports/1021232
🔹 Severity: Low | 💰 300 USD
🔹 Reported To: New Relic
🔹 Reported By: #ashmek
🔹 State: 🟢 Resolved
🔹 Disclosed: July 2, 2021, 12:09pm (UTC)
Webview in LINE client for iOS will render application/octet-stream files as HTML
👉 https://hackerone.com/reports/988332
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: LINE
🔹 Reported By: #s5s
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2021, 5:01am (UTC)
👉 https://hackerone.com/reports/988332
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: LINE
🔹 Reported By: #s5s
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2021, 5:01am (UTC)
OOB read in libuv
👉 https://hackerone.com/reports/1209681
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #ericsesterhenn
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2021, 8:30am (UTC)
👉 https://hackerone.com/reports/1209681
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #ericsesterhenn
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2021, 8:30am (UTC)
Arbitrary Code Execution via npm misconfiguration – installing internal libraries from the public registry
👉 https://hackerone.com/reports/1043385
🔹 Severity: Critical | 💰 11,500 USD
🔹 Reported To: LINE
🔹 Reported By: #alexbirsan
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2021, 1:37pm (UTC)
👉 https://hackerone.com/reports/1043385
🔹 Severity: Critical | 💰 11,500 USD
🔹 Reported To: LINE
🔹 Reported By: #alexbirsan
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2021, 1:37pm (UTC)
Verification Link not expiring leading to Account Takeover.
👉 https://hackerone.com/reports/1250631
🔹 Severity: No Rating
🔹 Reported To: New Relic
🔹 Reported By: #bbunnny
🔹 State: 🔴 N/A
🔹 Disclosed: July 5, 2021, 2:49pm (UTC)
👉 https://hackerone.com/reports/1250631
🔹 Severity: No Rating
🔹 Reported To: New Relic
🔹 Reported By: #bbunnny
🔹 State: 🔴 N/A
🔹 Disclosed: July 5, 2021, 2:49pm (UTC)
[QIWI Wallet] Access to protected app components
👉 https://hackerone.com/reports/482998
🔹 Severity: High | 💰 500 USD
🔹 Reported To: QIWI
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2021, 2:11pm (UTC)
👉 https://hackerone.com/reports/482998
🔹 Severity: High | 💰 500 USD
🔹 Reported To: QIWI
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2021, 2:11pm (UTC)
Theft of arbitrary files in LINE Lite client for Android
👉 https://hackerone.com/reports/1094702
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: LINE
🔹 Reported By: #hulkvision_
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2021, 3:25pm (UTC)
👉 https://hackerone.com/reports/1094702
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: LINE
🔹 Reported By: #hulkvision_
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2021, 3:25pm (UTC)