Full Path Disclosure of Server through 500 Server Error
👉 https://hackerone.com/reports/1082521
🔹 Severity: Low
🔹 Reported To: Kartpay
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:46pm (UTC)
👉 https://hackerone.com/reports/1082521
🔹 Severity: Low
🔹 Reported To: Kartpay
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:46pm (UTC)
Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log
👉 https://hackerone.com/reports/1249056
🔹 Severity: Medium | 💰 400 USD
🔹 Reported To: Brave Software
🔹 Reported By: #sickcodes
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:57pm (UTC)
👉 https://hackerone.com/reports/1249056
🔹 Severity: Medium | 💰 400 USD
🔹 Reported To: Brave Software
🔹 Reported By: #sickcodes
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 5:57pm (UTC)
Prototype Pollution leads to XSS on https://blog.swiftype.com/#__proto__[asd]=alert(document.domain)
👉 https://hackerone.com/reports/998398
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Elastic
🔹 Reported By: #s1r1u5
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 6:54pm (UTC)
👉 https://hackerone.com/reports/998398
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Elastic
🔹 Reported By: #s1r1u5
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 6:54pm (UTC)
No rate limit lead to otp brute forcing
👉 https://hackerone.com/reports/1060541
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 7:57pm (UTC)
👉 https://hackerone.com/reports/1060541
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 7:57pm (UTC)
No rate limit in otp code sending
👉 https://hackerone.com/reports/1060518
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 7:57pm (UTC)
👉 https://hackerone.com/reports/1060518
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 16, 2021, 7:57pm (UTC)
Blind XSS Stored and CORS misconfiguration в отчете "События" сервиса top.mail.ru
👉 https://hackerone.com/reports/1255676
🔹 Severity: High
🔹 Reported To: Mail.ru
🔹 Reported By: #savproga
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 6:24am (UTC)
👉 https://hackerone.com/reports/1255676
🔹 Severity: High
🔹 Reported To: Mail.ru
🔹 Reported By: #savproga
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 6:24am (UTC)
[acronis.secure.force.com] - Insecure Salesforce default/custom object permissions leads to information disclosure
👉 https://hackerone.com/reports/1023572
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #amsda
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 10:45am (UTC)
👉 https://hackerone.com/reports/1023572
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #amsda
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 10:45am (UTC)
Possible LDAP username and password disclosed on Github
👉 https://hackerone.com/reports/1004412
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Acronis
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 5:15pm (UTC)
👉 https://hackerone.com/reports/1004412
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Acronis
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 5:15pm (UTC)
Reflected XSS on delivery.glovoapp.com
👉 https://hackerone.com/reports/1264805
🔹 Severity: Medium
🔹 Reported To: Glovo
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 7:02am (UTC)
👉 https://hackerone.com/reports/1264805
🔹 Severity: Medium
🔹 Reported To: Glovo
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 7:02am (UTC)
No DMARC record at cordacon.com
👉 https://hackerone.com/reports/1125143
🔹 Severity: Low
🔹 Reported To: R3
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 8:27am (UTC)
👉 https://hackerone.com/reports/1125143
🔹 Severity: Low
🔹 Reported To: R3
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 8:27am (UTC)
CVE-2018-6389 exploitation - using noscripts loader
👉 https://hackerone.com/reports/925425
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 8:51am (UTC)
👉 https://hackerone.com/reports/925425
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 8:51am (UTC)
i can join without user and pass in this website https://argocd.upchieve.org/settings/accounts
👉 https://hackerone.com/reports/1304490
🔹 Severity: High
🔹 Reported To: UPchieve
🔹 Reported By: #4pag
🔹 State: 🔴 N/A
🔹 Disclosed: August 18, 2021, 6:22pm (UTC)
👉 https://hackerone.com/reports/1304490
🔹 Severity: High
🔹 Reported To: UPchieve
🔹 Reported By: #4pag
🔹 State: 🔴 N/A
🔹 Disclosed: August 18, 2021, 6:22pm (UTC)
Subdomain takeover of www█████████.affirm.com
👉 https://hackerone.com/reports/1297689
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 6:25pm (UTC)
👉 https://hackerone.com/reports/1297689
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 6:25pm (UTC)
Clipboard DOM-based XSS
👉 https://hackerone.com/reports/1196958
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: GitLab
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 2:15pm (UTC)
👉 https://hackerone.com/reports/1196958
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: GitLab
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 2:15pm (UTC)
Reflected XSS on https://www.glassdoor.com/job-listing/spotlight
👉 https://hackerone.com/reports/1265390
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #vestige23
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 3:14pm (UTC)
👉 https://hackerone.com/reports/1265390
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #vestige23
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 3:14pm (UTC)
Email verification bypassed during sing up (https://developers.mtn.com/profile)
👉 https://hackerone.com/reports/1182016
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimauwal__
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 3:50pm (UTC)
👉 https://hackerone.com/reports/1182016
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimauwal__
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 3:50pm (UTC)
[CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!
👉 https://hackerone.com/reports/1278050
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:01pm (UTC)
👉 https://hackerone.com/reports/1278050
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:01pm (UTC)
S3 bucket listing/download
👉 https://hackerone.com/reports/1173598
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:03pm (UTC)
👉 https://hackerone.com/reports/1173598
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:03pm (UTC)
XSS due to CVE-2020-3580 [███.mil]
👉 https://hackerone.com/reports/1277383
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:04pm (UTC)
👉 https://hackerone.com/reports/1277383
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:04pm (UTC)
CUI labled and ████ and ██████ Restricted ██████ intelligence
👉 https://hackerone.com/reports/1244403
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alyssa_herrera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:06pm (UTC)
👉 https://hackerone.com/reports/1244403
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alyssa_herrera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:06pm (UTC)
XSS on ███
👉 https://hackerone.com/reports/1252282
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkot
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:07pm (UTC)
👉 https://hackerone.com/reports/1252282
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkot
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:07pm (UTC)