OOB read in libuv
👉 https://hackerone.com/reports/1209681
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #ericsesterhenn
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2021, 8:30am (UTC)
👉 https://hackerone.com/reports/1209681
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #ericsesterhenn
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2021, 8:30am (UTC)
Arbitrary Code Execution via npm misconfiguration – installing internal libraries from the public registry
👉 https://hackerone.com/reports/1043385
🔹 Severity: Critical | 💰 11,500 USD
🔹 Reported To: LINE
🔹 Reported By: #alexbirsan
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2021, 1:37pm (UTC)
👉 https://hackerone.com/reports/1043385
🔹 Severity: Critical | 💰 11,500 USD
🔹 Reported To: LINE
🔹 Reported By: #alexbirsan
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2021, 1:37pm (UTC)
Verification Link not expiring leading to Account Takeover.
👉 https://hackerone.com/reports/1250631
🔹 Severity: No Rating
🔹 Reported To: New Relic
🔹 Reported By: #bbunnny
🔹 State: 🔴 N/A
🔹 Disclosed: July 5, 2021, 2:49pm (UTC)
👉 https://hackerone.com/reports/1250631
🔹 Severity: No Rating
🔹 Reported To: New Relic
🔹 Reported By: #bbunnny
🔹 State: 🔴 N/A
🔹 Disclosed: July 5, 2021, 2:49pm (UTC)
[QIWI Wallet] Access to protected app components
👉 https://hackerone.com/reports/482998
🔹 Severity: High | 💰 500 USD
🔹 Reported To: QIWI
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2021, 2:11pm (UTC)
👉 https://hackerone.com/reports/482998
🔹 Severity: High | 💰 500 USD
🔹 Reported To: QIWI
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2021, 2:11pm (UTC)
Theft of arbitrary files in LINE Lite client for Android
👉 https://hackerone.com/reports/1094702
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: LINE
🔹 Reported By: #hulkvision_
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2021, 3:25pm (UTC)
👉 https://hackerone.com/reports/1094702
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: LINE
🔹 Reported By: #hulkvision_
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2021, 3:25pm (UTC)
Slack integration setup lacks CSRF protection
👉 https://hackerone.com/reports/170552
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #whhackersbr
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2021, 3:39am (UTC)
👉 https://hackerone.com/reports/170552
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #whhackersbr
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2021, 3:39am (UTC)
New link opening method makes hackerone vulnerable to tabnabbing
👉 https://hackerone.com/reports/1159398
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #recon_ninja
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2021, 8:49am (UTC)
👉 https://hackerone.com/reports/1159398
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #recon_ninja
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2021, 8:49am (UTC)
DNS Leaks when using any VPN Browser extension with Brave Shield enabled
👉 https://hackerone.com/reports/1203842
🔹 Severity: High | 💰 700 USD
🔹 Reported To: Brave Software
🔹 Reported By: #neeythann
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 4:09am (UTC)
👉 https://hackerone.com/reports/1203842
🔹 Severity: High | 💰 700 USD
🔹 Reported To: Brave Software
🔹 Reported By: #neeythann
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 4:09am (UTC)
imap: StartTLS stripping attack (CVE-2016-0772).
👉 https://hackerone.com/reports/1178562
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Ruby
🔹 Reported By: #chinarulezzz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 3:34pm (UTC)
👉 https://hackerone.com/reports/1178562
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Ruby
🔹 Reported By: #chinarulezzz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 3:34pm (UTC)
lib/net/ftp.rb: trusting PASV responses allow client abuse
👉 https://hackerone.com/reports/1145454
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Ruby
🔹 Reported By: #chinarulezzz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 3:34pm (UTC)
👉 https://hackerone.com/reports/1145454
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Ruby
🔹 Reported By: #chinarulezzz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 3:34pm (UTC)
Removing parts of URL from jQuery request exposes links for download of Paid Digital Assets of the most recent Order placed by anyone on the store!
👉 https://hackerone.com/reports/1044285
🔹 Severity: Medium | 💰 2,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #superbsic
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 6:20pm (UTC)
👉 https://hackerone.com/reports/1044285
🔹 Severity: Medium | 💰 2,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #superbsic
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 6:20pm (UTC)
Add new managed stores without permission
👉 https://hackerone.com/reports/1167753
🔹 Severity: Medium | 💰 1,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jmp_35p
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 6:25pm (UTC)
👉 https://hackerone.com/reports/1167753
🔹 Severity: Medium | 💰 1,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jmp_35p
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 6:25pm (UTC)
Bypass the fix of report #1078283 due to poor validation
👉 https://hackerone.com/reports/1212337
🔹 Severity: High
🔹 Reported To: Khan Academy
🔹 Reported By: #lucenaxpl0it
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 7:25pm (UTC)
👉 https://hackerone.com/reports/1212337
🔹 Severity: High
🔹 Reported To: Khan Academy
🔹 Reported By: #lucenaxpl0it
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 7:25pm (UTC)
API on campus-vtc.com allows access to ~100 Uber users full names, email addresses and telephone numbers.
👉 https://hackerone.com/reports/580268
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Uber
🔹 Reported By: #healdb
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 8:32pm (UTC)
👉 https://hackerone.com/reports/580268
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Uber
🔹 Reported By: #healdb
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2021, 8:32pm (UTC)
Blind XSS on Twitter's internal Big Data panel at █████████████
👉 https://hackerone.com/reports/1207040
🔹 Severity: Critical | 💰 5,040 USD
🔹 Reported To: Twitter
🔹 Reported By: #iambouali
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2021, 1:34am (UTC)
👉 https://hackerone.com/reports/1207040
🔹 Severity: Critical | 💰 5,040 USD
🔹 Reported To: Twitter
🔹 Reported By: #iambouali
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2021, 1:34am (UTC)
No Rate Limit On Forgot Password Page
👉 https://hackerone.com/reports/1245529
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #technical_junkie
🔹 State: 🔴 N/A
🔹 Disclosed: July 9, 2021, 1:25pm (UTC)
👉 https://hackerone.com/reports/1245529
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #technical_junkie
🔹 State: 🔴 N/A
🔹 Disclosed: July 9, 2021, 1:25pm (UTC)
Cache Posioning leading do Denial of Service on `www.█████████`
👉 https://hackerone.com/reports/1198434
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #brumens
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2021, 6:20pm (UTC)
👉 https://hackerone.com/reports/1198434
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #brumens
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2021, 6:20pm (UTC)
CVE-2017-13041 The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
👉 https://hackerone.com/reports/964583
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #karas
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2021, 8:12pm (UTC)
👉 https://hackerone.com/reports/964583
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #karas
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2021, 8:12pm (UTC)
CVE-2017-13040 The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.
👉 https://hackerone.com/reports/964582
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #karas
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2021, 8:15pm (UTC)
👉 https://hackerone.com/reports/964582
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #karas
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2021, 8:15pm (UTC)
Heap buffer overflow vulnerability while processing a malformed TIFF file.
👉 https://hackerone.com/reports/1047086
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #hardik05
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2021, 8:21pm (UTC)
👉 https://hackerone.com/reports/1047086
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #hardik05
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2021, 8:21pm (UTC)
Blocked user can send notification by liking the message due to Logical Bug
👉 https://hackerone.com/reports/1083421
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #sandipgyawali
🔹 State: 🟢 Resolved
🔹 Disclosed: July 10, 2021, 1:07am (UTC)
👉 https://hackerone.com/reports/1083421
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #sandipgyawali
🔹 State: 🟢 Resolved
🔹 Disclosed: July 10, 2021, 1:07am (UTC)