XSS Reflected on https://███ (███ parameter)
👉 https://hackerone.com/reports/1143776
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:41pm (UTC)
👉 https://hackerone.com/reports/1143776
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:41pm (UTC)
[HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████
👉 https://hackerone.com/reports/728110
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sp1d3rs
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:43pm (UTC)
👉 https://hackerone.com/reports/728110
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sp1d3rs
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:43pm (UTC)
Reflected XSS - https://███
👉 https://hackerone.com/reports/1260823
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:44pm (UTC)
👉 https://hackerone.com/reports/1260823
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fiveguyslover
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:44pm (UTC)
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
👉 https://hackerone.com/reports/1249456
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:45pm (UTC)
👉 https://hackerone.com/reports/1249456
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:45pm (UTC)
XSS DUE TO CVE-2020-3580
👉 https://hackerone.com/reports/1245048
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #vess_razz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:45pm (UTC)
👉 https://hackerone.com/reports/1245048
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #vess_razz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:45pm (UTC)
XSS DUE TO CVE-2020-3580
👉 https://hackerone.com/reports/1245055
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #veshrajghimire
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:46pm (UTC)
👉 https://hackerone.com/reports/1245055
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #veshrajghimire
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:46pm (UTC)
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████
👉 https://hackerone.com/reports/695005
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sp1d3rs
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:49pm (UTC)
👉 https://hackerone.com/reports/695005
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sp1d3rs
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:49pm (UTC)
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
👉 https://hackerone.com/reports/1248040
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:50pm (UTC)
👉 https://hackerone.com/reports/1248040
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:50pm (UTC)
SQL injection my method -1 OR 3*2*1=6 AND 000159=000159
👉 https://hackerone.com/reports/1250293
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:51pm (UTC)
👉 https://hackerone.com/reports/1250293
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:51pm (UTC)
All private support requests to ███████ are being disclosed at https://███████
👉 https://hackerone.com/reports/1004964
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:53pm (UTC)
👉 https://hackerone.com/reports/1004964
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 7:53pm (UTC)
CSRF when unlocking lenses leads to lenses being forcefully installed without user interaction
👉 https://hackerone.com/reports/1085336
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Snapchat
🔹 Reported By: #sdushantha
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 10:33pm (UTC)
👉 https://hackerone.com/reports/1085336
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Snapchat
🔹 Reported By: #sdushantha
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 10:33pm (UTC)
Publicly accessible Continuous Integration Tool
👉 https://hackerone.com/reports/313457
🔹 Severity: Critical | 💰 25,000 USD
🔹 Reported To: Snapchat
🔹 Reported By: #apfeifer27
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 10:36pm (UTC)
👉 https://hackerone.com/reports/313457
🔹 Severity: Critical | 💰 25,000 USD
🔹 Reported To: Snapchat
🔹 Reported By: #apfeifer27
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 10:36pm (UTC)
Stealing SSO Login Tokens (snappublisher.snapchat.com)
👉 https://hackerone.com/reports/265943
🔹 Severity: High | 💰 7,500 USD
🔹 Reported To: Snapchat
🔹 Reported By: #coolboss
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 10:37pm (UTC)
👉 https://hackerone.com/reports/265943
🔹 Severity: High | 💰 7,500 USD
🔹 Reported To: Snapchat
🔹 Reported By: #coolboss
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 10:37pm (UTC)
Exposed Kubernetes API - RCE/Exposed Creds
👉 https://hackerone.com/reports/455645
🔹 Severity: Critical | 💰 25,000 USD
🔹 Reported To: Snapchat
🔹 Reported By: #txt3rob
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 10:37pm (UTC)
👉 https://hackerone.com/reports/455645
🔹 Severity: Critical | 💰 25,000 USD
🔹 Reported To: Snapchat
🔹 Reported By: #txt3rob
🔹 State: 🟢 Resolved
🔹 Disclosed: July 29, 2021, 10:37pm (UTC)
Bypassing Content-Security-Policy leads to open-redirect and iframe xss
👉 https://hackerone.com/reports/1166766
🔹 Severity: Medium
🔹 Reported To: Stripo Inc
🔹 Reported By: #jmrcsnchz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 30, 2021, 5:33am (UTC)
👉 https://hackerone.com/reports/1166766
🔹 Severity: Medium
🔹 Reported To: Stripo Inc
🔹 Reported By: #jmrcsnchz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 30, 2021, 5:33am (UTC)
DNS Misconfiguration (Subdomain Takeover) - █████████.8x8.com
👉 https://hackerone.com/reports/1280167
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: July 30, 2021, 9:57am (UTC)
👉 https://hackerone.com/reports/1280167
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: July 30, 2021, 9:57am (UTC)
url redirection
👉 https://hackerone.com/reports/1283200
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #ben_lay
🔹 State: 🔴 N/A
🔹 Disclosed: July 30, 2021, 2:33pm (UTC)
👉 https://hackerone.com/reports/1283200
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #ben_lay
🔹 State: 🔴 N/A
🔹 Disclosed: July 30, 2021, 2:33pm (UTC)
Bitmoji source code is accessible
👉 https://hackerone.com/reports/301812
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Snapchat
🔹 Reported By: #rms
🔹 State: 🟢 Resolved
🔹 Disclosed: July 31, 2021, 12:20am (UTC)
👉 https://hackerone.com/reports/301812
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Snapchat
🔹 Reported By: #rms
🔹 State: 🟢 Resolved
🔹 Disclosed: July 31, 2021, 12:20am (UTC)
Post-Auth Blind NoSQL Injection in the users.list API leads to Remote Code Execution
👉 https://hackerone.com/reports/1130874
🔹 Severity: High
🔹 Reported To: Rocket.Chat
🔹 Reported By: #sonarsource
🔹 State: 🟢 Resolved
🔹 Disclosed: July 31, 2021, 8:31am (UTC)
👉 https://hackerone.com/reports/1130874
🔹 Severity: High
🔹 Reported To: Rocket.Chat
🔹 Reported By: #sonarsource
🔹 State: 🟢 Resolved
🔹 Disclosed: July 31, 2021, 8:31am (UTC)
Two-factor authentication enforcement bypass
👉 https://hackerone.com/reports/1050244
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #abdullah-a
🔹 State: 🟢 Resolved
🔹 Disclosed: July 31, 2021, 2:05pm (UTC)
👉 https://hackerone.com/reports/1050244
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #abdullah-a
🔹 State: 🟢 Resolved
🔹 Disclosed: July 31, 2021, 2:05pm (UTC)
Vulnerable javanoscript dependency at Main domain
👉 https://hackerone.com/reports/1188643
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🔴 N/A
🔹 Disclosed: August 2, 2021, 12:03am (UTC)
👉 https://hackerone.com/reports/1188643
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🔴 N/A
🔹 Disclosed: August 2, 2021, 12:03am (UTC)