[app-01.youdrive.club] RCE in CI/CD via dependency confusion
👉 https://hackerone.com/reports/1104693
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #act1on3
🔹 State: 🟢 Resolved
🔹 Disclosed: July 27, 2021, 9:06am (UTC)
👉 https://hackerone.com/reports/1104693
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #act1on3
🔹 State: 🟢 Resolved
🔹 Disclosed: July 27, 2021, 9:06am (UTC)
[geekbrains.ru] Node modules path disclosure due to lack of error handling
👉 https://hackerone.com/reports/1177588
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #nakabonne
🔹 State: 🟢 Resolved
🔹 Disclosed: July 27, 2021, 10:47am (UTC)
👉 https://hackerone.com/reports/1177588
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #nakabonne
🔹 State: 🟢 Resolved
🔹 Disclosed: July 27, 2021, 10:47am (UTC)
blind sql on [ https://argocd.upchieve.org/login?return_url=id= ]
👉 https://hackerone.com/reports/1278928
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #ben_lay
🔹 State: 🔴 N/A
🔹 Disclosed: July 28, 2021, 4:14pm (UTC)
👉 https://hackerone.com/reports/1278928
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #ben_lay
🔹 State: 🔴 N/A
🔹 Disclosed: July 28, 2021, 4:14pm (UTC)
hackers.upchieve.org and argocd.upchieve.org is not preloaded.
👉 https://hackerone.com/reports/1271742
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #171217
🔹 State: 🔴 N/A
🔹 Disclosed: July 28, 2021, 4:15pm (UTC)
👉 https://hackerone.com/reports/1271742
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #171217
🔹 State: 🔴 N/A
🔹 Disclosed: July 28, 2021, 4:15pm (UTC)
Vulnerability Report - sweet32 UPchieve
👉 https://hackerone.com/reports/1271701
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #171217
🔹 State: ⚪️ Informative
🔹 Disclosed: July 28, 2021, 4:17pm (UTC)
👉 https://hackerone.com/reports/1271701
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #171217
🔹 State: ⚪️ Informative
🔹 Disclosed: July 28, 2021, 4:17pm (UTC)
Buffer Overflow in ext_lm_group_acl helper
👉 https://hackerone.com/reports/789034
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #aaron_costello
🔹 State: 🟢 Resolved
🔹 Disclosed: July 28, 2021, 6:44pm (UTC)
👉 https://hackerone.com/reports/789034
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #aaron_costello
🔹 State: 🟢 Resolved
🔹 Disclosed: July 28, 2021, 6:44pm (UTC)
Buffer Overflow in smblib.c
👉 https://hackerone.com/reports/721333
🔹 Severity: Medium
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #aaron_costello
🔹 State: 🟢 Resolved
🔹 Disclosed: July 28, 2021, 11:54pm (UTC)
👉 https://hackerone.com/reports/721333
🔹 Severity: Medium
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #aaron_costello
🔹 State: 🟢 Resolved
🔹 Disclosed: July 28, 2021, 11:54pm (UTC)
SQL Injection on the administrator panel
👉 https://hackerone.com/reports/865436
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #light4kira
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 3:50am (UTC)
👉 https://hackerone.com/reports/865436
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #light4kira
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 3:50am (UTC)
Blind Stored XSS in https://partners.acronis.com/admin which lead to sensitive information/PII leakage
👉 https://hackerone.com/reports/1028820
🔹 Severity: High | 💰 150 USD
🔹 Reported To: Acronis
🔹 Reported By: #mansishah
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:54am (UTC)
👉 https://hackerone.com/reports/1028820
🔹 Severity: High | 💰 150 USD
🔹 Reported To: Acronis
🔹 Reported By: #mansishah
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:54am (UTC)
SQLi on █████████
👉 https://hackerone.com/reports/954667
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #hexagr
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:24pm (UTC)
👉 https://hackerone.com/reports/954667
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #hexagr
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:24pm (UTC)
Cross site noscripting
👉 https://hackerone.com/reports/1250199
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:35pm (UTC)
👉 https://hackerone.com/reports/1250199
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:35pm (UTC)
xss reflected on https://███████- (███ parameters)
👉 https://hackerone.com/reports/1143783
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:38pm (UTC)
👉 https://hackerone.com/reports/1143783
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:38pm (UTC)
xss on https://███████(█████████ parameter)
👉 https://hackerone.com/reports/1143780
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:39pm (UTC)
👉 https://hackerone.com/reports/1143780
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:39pm (UTC)
XSS Reflected on https://███ (███ parameter)
👉 https://hackerone.com/reports/1143776
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:41pm (UTC)
👉 https://hackerone.com/reports/1143776
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:41pm (UTC)
[HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████
👉 https://hackerone.com/reports/728110
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sp1d3rs
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:43pm (UTC)
👉 https://hackerone.com/reports/728110
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sp1d3rs
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:43pm (UTC)
Reflected XSS - https://███
👉 https://hackerone.com/reports/1260823
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:44pm (UTC)
👉 https://hackerone.com/reports/1260823
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:44pm (UTC)
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
👉 https://hackerone.com/reports/1249456
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:45pm (UTC)
👉 https://hackerone.com/reports/1249456
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:45pm (UTC)
XSS DUE TO CVE-2020-3580
👉 https://hackerone.com/reports/1245048
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #vess_razz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:45pm (UTC)
👉 https://hackerone.com/reports/1245048
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #vess_razz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:45pm (UTC)
XSS DUE TO CVE-2020-3580
👉 https://hackerone.com/reports/1245055
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #veshrajghimire
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:46pm (UTC)
👉 https://hackerone.com/reports/1245055
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #veshrajghimire
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:46pm (UTC)
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████
👉 https://hackerone.com/reports/695005
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sp1d3rs
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:49pm (UTC)
👉 https://hackerone.com/reports/695005
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sp1d3rs
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:49pm (UTC)
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
👉 https://hackerone.com/reports/1248040
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:50pm (UTC)
👉 https://hackerone.com/reports/1248040
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:50pm (UTC)