Unauthorized Access To Admin panel
👉 https://hackerone.com/reports/1219681
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #01alsanosi
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2021, 12:33pm (UTC)
👉 https://hackerone.com/reports/1219681
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #01alsanosi
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2021, 12:33pm (UTC)
Bypassing SOP with XSS on account.my.games leading to steal CSRF token and user information
👉 https://hackerone.com/reports/1215053
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #sec_zone64
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2021, 2:41pm (UTC)
👉 https://hackerone.com/reports/1215053
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #sec_zone64
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2021, 2:41pm (UTC)
[tanks.mail.ru] SSRF + Кража cookie
👉 https://hackerone.com/reports/1166943
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2021, 3:07pm (UTC)
👉 https://hackerone.com/reports/1166943
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2021, 3:07pm (UTC)
[Lark Android] Vulnerability in exported activity WebView
👉 https://hackerone.com/reports/694053
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2021, 10:28pm (UTC)
👉 https://hackerone.com/reports/694053
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2021, 10:28pm (UTC)
Account takeover through multistage CSRF at https://autochoice.fas.gsa.gov/AutoChoice/changeQAOktaAnswer and ../AutoChoice/changePwOktaAnswer
👉 https://hackerone.com/reports/1208453
🔹 Severity: Medium
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #rajeshpatil
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2021, 2:07am (UTC)
👉 https://hackerone.com/reports/1208453
🔹 Severity: Medium
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #rajeshpatil
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2021, 2:07am (UTC)
Canonical Snapcraft vulnerable to remote code execution under certain conditions
👉 https://hackerone.com/reports/1073202
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #itszn
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2021, 3:13am (UTC)
👉 https://hackerone.com/reports/1073202
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #itszn
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2021, 3:13am (UTC)
Fragmentation and Aggregation Flaws in Wi-Fi
👉 https://hackerone.com/reports/1238470
🔹 Severity: No Rating | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #vanhoefm
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2021, 3:59am (UTC)
👉 https://hackerone.com/reports/1238470
🔹 Severity: No Rating | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #vanhoefm
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2021, 3:59am (UTC)
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c
👉 https://hackerone.com/reports/831353
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #dotsecurity
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2021, 5:14am (UTC)
👉 https://hackerone.com/reports/831353
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #dotsecurity
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2021, 5:14am (UTC)
[CVE-2020-27194] Linux kernel: eBPF verifier bug in `or` binary operation tracking function leads to LPE
👉 https://hackerone.com/reports/1010340
🔹 Severity: High | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #simonscannell
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2021, 7:55am (UTC)
👉 https://hackerone.com/reports/1010340
🔹 Severity: High | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #simonscannell
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2021, 7:55am (UTC)
Uncovering file quarantine and UX security issues in macOS apps ( .terminal, .fileloc and .url)
👉 https://hackerone.com/reports/944025
🔹 Severity: No Rating | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #metnew
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2021, 12:07pm (UTC)
👉 https://hackerone.com/reports/944025
🔹 Severity: No Rating | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #metnew
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2021, 12:07pm (UTC)
Git flag injection leads to arbitrary file write
👉 https://hackerone.com/reports/1070247
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Phabricator
🔹 Reported By: #crownpeanut
🔹 State: 🟢 Resolved
🔹 Disclosed: July 25, 2021, 3:13pm (UTC)
👉 https://hackerone.com/reports/1070247
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Phabricator
🔹 Reported By: #crownpeanut
🔹 State: 🟢 Resolved
🔹 Disclosed: July 25, 2021, 3:13pm (UTC)
Github access token exposure
👉 https://hackerone.com/reports/1087489
🔹 Severity: Critical | 💰 50,000 USD
🔹 Reported To: Shopify
🔹 Reported By: #augustozanellato
🔹 State: 🟢 Resolved
🔹 Disclosed: July 26, 2021, 7:50pm (UTC)
👉 https://hackerone.com/reports/1087489
🔹 Severity: Critical | 💰 50,000 USD
🔹 Reported To: Shopify
🔹 Reported By: #augustozanellato
🔹 State: 🟢 Resolved
🔹 Disclosed: July 26, 2021, 7:50pm (UTC)
[app-01.youdrive.club] RCE in CI/CD via dependency confusion
👉 https://hackerone.com/reports/1104693
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #act1on3
🔹 State: 🟢 Resolved
🔹 Disclosed: July 27, 2021, 9:06am (UTC)
👉 https://hackerone.com/reports/1104693
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #act1on3
🔹 State: 🟢 Resolved
🔹 Disclosed: July 27, 2021, 9:06am (UTC)
[geekbrains.ru] Node modules path disclosure due to lack of error handling
👉 https://hackerone.com/reports/1177588
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #nakabonne
🔹 State: 🟢 Resolved
🔹 Disclosed: July 27, 2021, 10:47am (UTC)
👉 https://hackerone.com/reports/1177588
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #nakabonne
🔹 State: 🟢 Resolved
🔹 Disclosed: July 27, 2021, 10:47am (UTC)
blind sql on [ https://argocd.upchieve.org/login?return_url=id= ]
👉 https://hackerone.com/reports/1278928
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #ben_lay
🔹 State: 🔴 N/A
🔹 Disclosed: July 28, 2021, 4:14pm (UTC)
👉 https://hackerone.com/reports/1278928
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #ben_lay
🔹 State: 🔴 N/A
🔹 Disclosed: July 28, 2021, 4:14pm (UTC)
hackers.upchieve.org and argocd.upchieve.org is not preloaded.
👉 https://hackerone.com/reports/1271742
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #171217
🔹 State: 🔴 N/A
🔹 Disclosed: July 28, 2021, 4:15pm (UTC)
👉 https://hackerone.com/reports/1271742
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #171217
🔹 State: 🔴 N/A
🔹 Disclosed: July 28, 2021, 4:15pm (UTC)
Vulnerability Report - sweet32 UPchieve
👉 https://hackerone.com/reports/1271701
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #171217
🔹 State: ⚪️ Informative
🔹 Disclosed: July 28, 2021, 4:17pm (UTC)
👉 https://hackerone.com/reports/1271701
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #171217
🔹 State: ⚪️ Informative
🔹 Disclosed: July 28, 2021, 4:17pm (UTC)
Buffer Overflow in ext_lm_group_acl helper
👉 https://hackerone.com/reports/789034
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #aaron_costello
🔹 State: 🟢 Resolved
🔹 Disclosed: July 28, 2021, 6:44pm (UTC)
👉 https://hackerone.com/reports/789034
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #aaron_costello
🔹 State: 🟢 Resolved
🔹 Disclosed: July 28, 2021, 6:44pm (UTC)
Buffer Overflow in smblib.c
👉 https://hackerone.com/reports/721333
🔹 Severity: Medium
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #aaron_costello
🔹 State: 🟢 Resolved
🔹 Disclosed: July 28, 2021, 11:54pm (UTC)
👉 https://hackerone.com/reports/721333
🔹 Severity: Medium
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #aaron_costello
🔹 State: 🟢 Resolved
🔹 Disclosed: July 28, 2021, 11:54pm (UTC)
SQL Injection on the administrator panel
👉 https://hackerone.com/reports/865436
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #light4kira
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 3:50am (UTC)
👉 https://hackerone.com/reports/865436
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #light4kira
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 3:50am (UTC)
Blind Stored XSS in https://partners.acronis.com/admin which lead to sensitive information/PII leakage
👉 https://hackerone.com/reports/1028820
🔹 Severity: High | 💰 150 USD
🔹 Reported To: Acronis
🔹 Reported By: #mansishah
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:54am (UTC)
👉 https://hackerone.com/reports/1028820
🔹 Severity: High | 💰 150 USD
🔹 Reported To: Acronis
🔹 Reported By: #mansishah
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:54am (UTC)