Reflected XSS on play.mtn.co.za
👉 https://hackerone.com/reports/1061199
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: August 14, 2021, 6:45pm (UTC)
👉 https://hackerone.com/reports/1061199
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: August 14, 2021, 6:45pm (UTC)
IP-in-IP protocol routes arbitrary traffic by default - CVE-2020-10136
👉 https://hackerone.com/reports/893922
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #yannayl
🔹 State: 🟢 Resolved
🔹 Disclosed: August 15, 2021, 5:03am (UTC)
👉 https://hackerone.com/reports/893922
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #yannayl
🔹 State: 🟢 Resolved
🔹 Disclosed: August 15, 2021, 5:03am (UTC)
Subdomain takeover on "info-edcrunch.skillfactory.ru"
👉 https://hackerone.com/reports/1166996
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #abosala7
🔹 State: 🟢 Resolved
🔹 Disclosed: August 15, 2021, 7:03pm (UTC)
👉 https://hackerone.com/reports/1166996
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #abosala7
🔹 State: 🟢 Resolved
🔹 Disclosed: August 15, 2021, 7:03pm (UTC)
Brute Force against VMware Horizon
👉 https://hackerone.com/reports/1278072
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #ivanglinkin
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 6:21am (UTC)
👉 https://hackerone.com/reports/1278072
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #ivanglinkin
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 6:21am (UTC)
SQL Injection in agent-manager
👉 https://hackerone.com/reports/962889
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Acronis
🔹 Reported By: #bourbon
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 9:37am (UTC)
👉 https://hackerone.com/reports/962889
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Acronis
🔹 Reported By: #bourbon
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 9:37am (UTC)
Improper Input Validation on https://oberlo-image-proxy.shopifycloud.com/
👉 https://hackerone.com/reports/1267677
🔹 Severity: No Rating
🔹 Reported To: Shopify
🔹 Reported By: #riramar
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:20pm (UTC)
👉 https://hackerone.com/reports/1267677
🔹 Severity: No Rating
🔹 Reported To: Shopify
🔹 Reported By: #riramar
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:20pm (UTC)
CLICKJACKING LEADS TO DEACTIVATE ACCOUNT
👉 https://hackerone.com/reports/1301113
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #scianto05
🔹 State: 🟤 Duplicate
🔹 Disclosed: August 16, 2021, 5:21pm (UTC)
👉 https://hackerone.com/reports/1301113
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #scianto05
🔹 State: 🟤 Duplicate
🔹 Disclosed: August 16, 2021, 5:21pm (UTC)
Full Path Disclosure of Server through 500 Server Error
👉 https://hackerone.com/reports/1082521
🔹 Severity: Low
🔹 Reported To: Kartpay
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:46pm (UTC)
👉 https://hackerone.com/reports/1082521
🔹 Severity: Low
🔹 Reported To: Kartpay
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:46pm (UTC)
Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log
👉 https://hackerone.com/reports/1249056
🔹 Severity: Medium | 💰 400 USD
🔹 Reported To: Brave Software
🔹 Reported By: #sickcodes
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:57pm (UTC)
👉 https://hackerone.com/reports/1249056
🔹 Severity: Medium | 💰 400 USD
🔹 Reported To: Brave Software
🔹 Reported By: #sickcodes
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:57pm (UTC)
Prototype Pollution leads to XSS on https://blog.swiftype.com/#__proto__[asd]=alert(document.domain)
👉 https://hackerone.com/reports/998398
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Elastic
🔹 Reported By: #s1r1u5
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 6:54pm (UTC)
👉 https://hackerone.com/reports/998398
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Elastic
🔹 Reported By: #s1r1u5
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 6:54pm (UTC)
No rate limit lead to otp brute forcing
👉 https://hackerone.com/reports/1060541
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 7:57pm (UTC)
👉 https://hackerone.com/reports/1060541
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 7:57pm (UTC)
No rate limit in otp code sending
👉 https://hackerone.com/reports/1060518
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 7:57pm (UTC)
👉 https://hackerone.com/reports/1060518
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 7:57pm (UTC)
Blind XSS Stored and CORS misconfiguration в отчете "События" сервиса top.mail.ru
👉 https://hackerone.com/reports/1255676
🔹 Severity: High
🔹 Reported To: Mail.ru
🔹 Reported By: #savproga
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 6:24am (UTC)
👉 https://hackerone.com/reports/1255676
🔹 Severity: High
🔹 Reported To: Mail.ru
🔹 Reported By: #savproga
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 6:24am (UTC)
[acronis.secure.force.com] - Insecure Salesforce default/custom object permissions leads to information disclosure
👉 https://hackerone.com/reports/1023572
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #amsda
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 10:45am (UTC)
👉 https://hackerone.com/reports/1023572
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #amsda
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 10:45am (UTC)
Possible LDAP username and password disclosed on Github
👉 https://hackerone.com/reports/1004412
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Acronis
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 5:15pm (UTC)
👉 https://hackerone.com/reports/1004412
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Acronis
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 5:15pm (UTC)
Reflected XSS on delivery.glovoapp.com
👉 https://hackerone.com/reports/1264805
🔹 Severity: Medium
🔹 Reported To: Glovo
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 7:02am (UTC)
👉 https://hackerone.com/reports/1264805
🔹 Severity: Medium
🔹 Reported To: Glovo
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 7:02am (UTC)
No DMARC record at cordacon.com
👉 https://hackerone.com/reports/1125143
🔹 Severity: Low
🔹 Reported To: R3
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 8:27am (UTC)
👉 https://hackerone.com/reports/1125143
🔹 Severity: Low
🔹 Reported To: R3
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 8:27am (UTC)
CVE-2018-6389 exploitation - using noscripts loader
👉 https://hackerone.com/reports/925425
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 8:51am (UTC)
👉 https://hackerone.com/reports/925425
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 8:51am (UTC)
i can join without user and pass in this website https://argocd.upchieve.org/settings/accounts
👉 https://hackerone.com/reports/1304490
🔹 Severity: High
🔹 Reported To: UPchieve
🔹 Reported By: #4pag
🔹 State: 🔴 N/A
🔹 Disclosed: August 18, 2021, 6:22pm (UTC)
👉 https://hackerone.com/reports/1304490
🔹 Severity: High
🔹 Reported To: UPchieve
🔹 Reported By: #4pag
🔹 State: 🔴 N/A
🔹 Disclosed: August 18, 2021, 6:22pm (UTC)
Subdomain takeover of www█████████.affirm.com
👉 https://hackerone.com/reports/1297689
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 6:25pm (UTC)
👉 https://hackerone.com/reports/1297689
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 6:25pm (UTC)
Clipboard DOM-based XSS
👉 https://hackerone.com/reports/1196958
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: GitLab
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 2:15pm (UTC)
👉 https://hackerone.com/reports/1196958
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: GitLab
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 2:15pm (UTC)