[acronis.secure.force.com] - Insecure Salesforce default/custom object permissions leads to information disclosure
👉 https://hackerone.com/reports/1023572
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #amsda
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 10:45am (UTC)
👉 https://hackerone.com/reports/1023572
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #amsda
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 10:45am (UTC)
Possible LDAP username and password disclosed on Github
👉 https://hackerone.com/reports/1004412
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Acronis
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 5:15pm (UTC)
👉 https://hackerone.com/reports/1004412
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Acronis
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 17, 2021, 5:15pm (UTC)
Reflected XSS on delivery.glovoapp.com
👉 https://hackerone.com/reports/1264805
🔹 Severity: Medium
🔹 Reported To: Glovo
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 7:02am (UTC)
👉 https://hackerone.com/reports/1264805
🔹 Severity: Medium
🔹 Reported To: Glovo
🔹 Reported By: #celesian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 7:02am (UTC)
No DMARC record at cordacon.com
👉 https://hackerone.com/reports/1125143
🔹 Severity: Low
🔹 Reported To: R3
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 8:27am (UTC)
👉 https://hackerone.com/reports/1125143
🔹 Severity: Low
🔹 Reported To: R3
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 8:27am (UTC)
CVE-2018-6389 exploitation - using noscripts loader
👉 https://hackerone.com/reports/925425
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 8:51am (UTC)
👉 https://hackerone.com/reports/925425
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 8:51am (UTC)
i can join without user and pass in this website https://argocd.upchieve.org/settings/accounts
👉 https://hackerone.com/reports/1304490
🔹 Severity: High
🔹 Reported To: UPchieve
🔹 Reported By: #4pag
🔹 State: 🔴 N/A
🔹 Disclosed: August 18, 2021, 6:22pm (UTC)
👉 https://hackerone.com/reports/1304490
🔹 Severity: High
🔹 Reported To: UPchieve
🔹 Reported By: #4pag
🔹 State: 🔴 N/A
🔹 Disclosed: August 18, 2021, 6:22pm (UTC)
Subdomain takeover of www█████████.affirm.com
👉 https://hackerone.com/reports/1297689
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 6:25pm (UTC)
👉 https://hackerone.com/reports/1297689
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 6:25pm (UTC)
Clipboard DOM-based XSS
👉 https://hackerone.com/reports/1196958
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: GitLab
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 2:15pm (UTC)
👉 https://hackerone.com/reports/1196958
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: GitLab
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 2:15pm (UTC)
Reflected XSS on https://www.glassdoor.com/job-listing/spotlight
👉 https://hackerone.com/reports/1265390
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #vestige23
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 3:14pm (UTC)
👉 https://hackerone.com/reports/1265390
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #vestige23
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 3:14pm (UTC)
Email verification bypassed during sing up (https://developers.mtn.com/profile)
👉 https://hackerone.com/reports/1182016
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimauwal__
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 3:50pm (UTC)
👉 https://hackerone.com/reports/1182016
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimauwal__
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 3:50pm (UTC)
[CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!
👉 https://hackerone.com/reports/1278050
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:01pm (UTC)
👉 https://hackerone.com/reports/1278050
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:01pm (UTC)
S3 bucket listing/download
👉 https://hackerone.com/reports/1173598
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:03pm (UTC)
👉 https://hackerone.com/reports/1173598
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:03pm (UTC)
XSS due to CVE-2020-3580 [███.mil]
👉 https://hackerone.com/reports/1277383
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:04pm (UTC)
👉 https://hackerone.com/reports/1277383
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:04pm (UTC)
CUI labled and ████ and ██████ Restricted ██████ intelligence
👉 https://hackerone.com/reports/1244403
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alyssa_herrera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:06pm (UTC)
👉 https://hackerone.com/reports/1244403
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alyssa_herrera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:06pm (UTC)
XSS on ███
👉 https://hackerone.com/reports/1252282
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkot
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:07pm (UTC)
👉 https://hackerone.com/reports/1252282
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkot
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:07pm (UTC)
2x Remote file inclusion within your VMware Instances
👉 https://hackerone.com/reports/1069105
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #0x0luke
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 8:16pm (UTC)
👉 https://hackerone.com/reports/1069105
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #0x0luke
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 8:16pm (UTC)
When you call your branch the same name as a git hash, it could be checked out by dependents
👉 https://hackerone.com/reports/790634
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #retroplasma
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 9:09pm (UTC)
👉 https://hackerone.com/reports/790634
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #retroplasma
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 9:09pm (UTC)
information discloure via logs files at ==> https://ihelp.mtnbusiness.com/logfiles/Log_21-06-2021.txt
👉 https://hackerone.com/reports/1239633
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #zero_or_1
🔹 State: 🟢 Resolved
🔹 Disclosed: August 20, 2021, 9:36am (UTC)
👉 https://hackerone.com/reports/1239633
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #zero_or_1
🔹 State: 🟢 Resolved
🔹 Disclosed: August 20, 2021, 9:36am (UTC)
kubectl creating secrets from stringData leaves secret in plain text
👉 https://hackerone.com/reports/1102064
🔹 Severity: Low
🔹 Reported To: Kubernetes
🔹 Reported By: #max_lan
🔹 State: ⚪️ Informative
🔹 Disclosed: August 21, 2021, 7:32am (UTC)
👉 https://hackerone.com/reports/1102064
🔹 Severity: Low
🔹 Reported To: Kubernetes
🔹 Reported By: #max_lan
🔹 State: ⚪️ Informative
🔹 Disclosed: August 21, 2021, 7:32am (UTC)
CVE-2020-9383 Floppy OOB read
👉 https://hackerone.com/reports/891846
🔹 Severity: High | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #jordyzomer
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:22am (UTC)
👉 https://hackerone.com/reports/891846
🔹 Severity: High | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #jordyzomer
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:22am (UTC)
Local Privilege Escalation during execution of VeraCryptExpander.exe (UAC bypass)
👉 https://hackerone.com/reports/530292
🔹 Severity: Medium | 💰 1,250 USD
🔹 Reported To: VeraCrypt
🔹 Reported By: #penrose
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:30am (UTC)
👉 https://hackerone.com/reports/530292
🔹 Severity: Medium | 💰 1,250 USD
🔹 Reported To: VeraCrypt
🔹 Reported By: #penrose
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:30am (UTC)