Business logic error
👉 https://hackerone.com/reports/1296597
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #scianto05
🔹 State: 🔴 N/A
🔹 Disclosed: August 11, 2021, 5:46pm (UTC)
👉 https://hackerone.com/reports/1296597
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #scianto05
🔹 State: 🔴 N/A
🔹 Disclosed: August 11, 2021, 5:46pm (UTC)
Java: Timing attacks while comparing results of cryptographic operations
👉 https://hackerone.com/reports/1301753
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 12, 2021, 5:27pm (UTC)
👉 https://hackerone.com/reports/1301753
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 12, 2021, 5:27pm (UTC)
[C#]: HttpOnly and Secure Cookies for .NET Core and .NET
👉 https://hackerone.com/reports/1301752
🔹 Severity: Low
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 12, 2021, 5:27pm (UTC)
👉 https://hackerone.com/reports/1301752
🔹 Severity: Low
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 12, 2021, 5:27pm (UTC)
Client IP Spoofing using "X-Forwarded-For: 127.0.0.1" on "studio-app.snapchat.com" exposing bucket details
👉 https://hackerone.com/reports/382678
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Snapchat
🔹 Reported By: #damian89
🔹 State: 🟢 Resolved
🔹 Disclosed: August 12, 2021, 9:33pm (UTC)
👉 https://hackerone.com/reports/382678
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Snapchat
🔹 Reported By: #damian89
🔹 State: 🟢 Resolved
🔹 Disclosed: August 12, 2021, 9:33pm (UTC)
Leaked JFrog Artifactory username and password exposed on GitHub - https://snapchat.jfrog.io
👉 https://hackerone.com/reports/911606
🔹 Severity: High | 💰 15,000 USD
🔹 Reported To: Snapchat
🔹 Reported By: #kiyell
🔹 State: 🟢 Resolved
🔹 Disclosed: August 12, 2021, 9:40pm (UTC)
👉 https://hackerone.com/reports/911606
🔹 Severity: High | 💰 15,000 USD
🔹 Reported To: Snapchat
🔹 Reported By: #kiyell
🔹 State: 🟢 Resolved
🔹 Disclosed: August 12, 2021, 9:40pm (UTC)
Chain of vulnerabilities in Uber for Business Vouchers program allows for attacker to perform arbitrary charges to victim's U4B payment account
👉 https://hackerone.com/reports/1145428
🔹 Severity: High | 💰 5,750 USD
🔹 Reported To: Uber
🔹 Reported By: #pmnh
🔹 State: 🟢 Resolved
🔹 Disclosed: August 12, 2021, 10:17pm (UTC)
👉 https://hackerone.com/reports/1145428
🔹 Severity: High | 💰 5,750 USD
🔹 Reported To: Uber
🔹 Reported By: #pmnh
🔹 State: 🟢 Resolved
🔹 Disclosed: August 12, 2021, 10:17pm (UTC)
[http://kiwi.youdrive.today/] Information disclosure via Kiwi TCMS vulnerability
👉 https://hackerone.com/reports/968402
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #act1on3
🔹 State: 🟢 Resolved
🔹 Disclosed: August 13, 2021, 3:16pm (UTC)
👉 https://hackerone.com/reports/968402
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #act1on3
🔹 State: 🟢 Resolved
🔹 Disclosed: August 13, 2021, 3:16pm (UTC)
uchi.ru check_lessons Blind SQL Injection
👉 https://hackerone.com/reports/1214814
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #cutoffurmind
🔹 State: 🟢 Resolved
🔹 Disclosed: August 13, 2021, 3:21pm (UTC)
👉 https://hackerone.com/reports/1214814
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #cutoffurmind
🔹 State: 🟢 Resolved
🔹 Disclosed: August 13, 2021, 3:21pm (UTC)
mailer.i.bizml.ru viber service preprod information disclosure
👉 https://hackerone.com/reports/836149
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #cutoffurmind
🔹 State: 🟢 Resolved
🔹 Disclosed: August 13, 2021, 3:22pm (UTC)
👉 https://hackerone.com/reports/836149
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #cutoffurmind
🔹 State: 🟢 Resolved
🔹 Disclosed: August 13, 2021, 3:22pm (UTC)
Domain Takeover [3737signals.com]
👉 https://hackerone.com/reports/1253926
🔹 Severity: Low | 💰 300 USD
🔹 Reported To: Basecamp
🔹 Reported By: #mrmax4o4
🔹 State: 🟢 Resolved
🔹 Disclosed: August 13, 2021, 6:23pm (UTC)
👉 https://hackerone.com/reports/1253926
🔹 Severity: Low | 💰 300 USD
🔹 Reported To: Basecamp
🔹 Reported By: #mrmax4o4
🔹 State: 🟢 Resolved
🔹 Disclosed: August 13, 2021, 6:23pm (UTC)
Information Disclosure on TikTok Unplugged Site
👉 https://hackerone.com/reports/1249050
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #nanwn
🔹 State: 🟢 Resolved
🔹 Disclosed: August 13, 2021, 7:27pm (UTC)
👉 https://hackerone.com/reports/1249050
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #nanwn
🔹 State: 🟢 Resolved
🔹 Disclosed: August 13, 2021, 7:27pm (UTC)
Blind SQL Injection
👉 https://hackerone.com/reports/1069531
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: August 14, 2021, 6:34pm (UTC)
👉 https://hackerone.com/reports/1069531
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: August 14, 2021, 6:34pm (UTC)
Reflected XSS on play.mtn.co.za
👉 https://hackerone.com/reports/1061199
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: August 14, 2021, 6:45pm (UTC)
👉 https://hackerone.com/reports/1061199
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: August 14, 2021, 6:45pm (UTC)
IP-in-IP protocol routes arbitrary traffic by default - CVE-2020-10136
👉 https://hackerone.com/reports/893922
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #yannayl
🔹 State: 🟢 Resolved
🔹 Disclosed: August 15, 2021, 5:03am (UTC)
👉 https://hackerone.com/reports/893922
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #yannayl
🔹 State: 🟢 Resolved
🔹 Disclosed: August 15, 2021, 5:03am (UTC)
Subdomain takeover on "info-edcrunch.skillfactory.ru"
👉 https://hackerone.com/reports/1166996
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #abosala7
🔹 State: 🟢 Resolved
🔹 Disclosed: August 15, 2021, 7:03pm (UTC)
👉 https://hackerone.com/reports/1166996
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #abosala7
🔹 State: 🟢 Resolved
🔹 Disclosed: August 15, 2021, 7:03pm (UTC)
Brute Force against VMware Horizon
👉 https://hackerone.com/reports/1278072
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #ivanglinkin
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 6:21am (UTC)
👉 https://hackerone.com/reports/1278072
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #ivanglinkin
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 6:21am (UTC)
SQL Injection in agent-manager
👉 https://hackerone.com/reports/962889
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Acronis
🔹 Reported By: #bourbon
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 9:37am (UTC)
👉 https://hackerone.com/reports/962889
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Acronis
🔹 Reported By: #bourbon
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 9:37am (UTC)
Improper Input Validation on https://oberlo-image-proxy.shopifycloud.com/
👉 https://hackerone.com/reports/1267677
🔹 Severity: No Rating
🔹 Reported To: Shopify
🔹 Reported By: #riramar
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:20pm (UTC)
👉 https://hackerone.com/reports/1267677
🔹 Severity: No Rating
🔹 Reported To: Shopify
🔹 Reported By: #riramar
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:20pm (UTC)
CLICKJACKING LEADS TO DEACTIVATE ACCOUNT
👉 https://hackerone.com/reports/1301113
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #scianto05
🔹 State: 🟤 Duplicate
🔹 Disclosed: August 16, 2021, 5:21pm (UTC)
👉 https://hackerone.com/reports/1301113
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #scianto05
🔹 State: 🟤 Duplicate
🔹 Disclosed: August 16, 2021, 5:21pm (UTC)
Full Path Disclosure of Server through 500 Server Error
👉 https://hackerone.com/reports/1082521
🔹 Severity: Low
🔹 Reported To: Kartpay
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:46pm (UTC)
👉 https://hackerone.com/reports/1082521
🔹 Severity: Low
🔹 Reported To: Kartpay
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:46pm (UTC)
Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log
👉 https://hackerone.com/reports/1249056
🔹 Severity: Medium | 💰 400 USD
🔹 Reported To: Brave Software
🔹 Reported By: #sickcodes
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:57pm (UTC)
👉 https://hackerone.com/reports/1249056
🔹 Severity: Medium | 💰 400 USD
🔹 Reported To: Brave Software
🔹 Reported By: #sickcodes
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:57pm (UTC)