Subdomain takeover of www█████████.affirm.com
👉 https://hackerone.com/reports/1297689
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 6:25pm (UTC)
👉 https://hackerone.com/reports/1297689
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: August 18, 2021, 6:25pm (UTC)
Clipboard DOM-based XSS
👉 https://hackerone.com/reports/1196958
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: GitLab
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 2:15pm (UTC)
👉 https://hackerone.com/reports/1196958
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: GitLab
🔹 Reported By: #vovohelo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 2:15pm (UTC)
Reflected XSS on https://www.glassdoor.com/job-listing/spotlight
👉 https://hackerone.com/reports/1265390
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #vestige23
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 3:14pm (UTC)
👉 https://hackerone.com/reports/1265390
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #vestige23
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 3:14pm (UTC)
Email verification bypassed during sing up (https://developers.mtn.com/profile)
👉 https://hackerone.com/reports/1182016
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimauwal__
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 3:50pm (UTC)
👉 https://hackerone.com/reports/1182016
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimauwal__
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 3:50pm (UTC)
[CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!
👉 https://hackerone.com/reports/1278050
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:01pm (UTC)
👉 https://hackerone.com/reports/1278050
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:01pm (UTC)
S3 bucket listing/download
👉 https://hackerone.com/reports/1173598
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:03pm (UTC)
👉 https://hackerone.com/reports/1173598
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:03pm (UTC)
XSS due to CVE-2020-3580 [███.mil]
👉 https://hackerone.com/reports/1277383
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:04pm (UTC)
👉 https://hackerone.com/reports/1277383
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:04pm (UTC)
CUI labled and ████ and ██████ Restricted ██████ intelligence
👉 https://hackerone.com/reports/1244403
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alyssa_herrera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:06pm (UTC)
👉 https://hackerone.com/reports/1244403
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alyssa_herrera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:06pm (UTC)
XSS on ███
👉 https://hackerone.com/reports/1252282
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkot
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:07pm (UTC)
👉 https://hackerone.com/reports/1252282
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkot
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 7:07pm (UTC)
2x Remote file inclusion within your VMware Instances
👉 https://hackerone.com/reports/1069105
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #0x0luke
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 8:16pm (UTC)
👉 https://hackerone.com/reports/1069105
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #0x0luke
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 8:16pm (UTC)
When you call your branch the same name as a git hash, it could be checked out by dependents
👉 https://hackerone.com/reports/790634
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #retroplasma
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 9:09pm (UTC)
👉 https://hackerone.com/reports/790634
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #retroplasma
🔹 State: 🟢 Resolved
🔹 Disclosed: August 19, 2021, 9:09pm (UTC)
information discloure via logs files at ==> https://ihelp.mtnbusiness.com/logfiles/Log_21-06-2021.txt
👉 https://hackerone.com/reports/1239633
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #zero_or_1
🔹 State: 🟢 Resolved
🔹 Disclosed: August 20, 2021, 9:36am (UTC)
👉 https://hackerone.com/reports/1239633
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #zero_or_1
🔹 State: 🟢 Resolved
🔹 Disclosed: August 20, 2021, 9:36am (UTC)
kubectl creating secrets from stringData leaves secret in plain text
👉 https://hackerone.com/reports/1102064
🔹 Severity: Low
🔹 Reported To: Kubernetes
🔹 Reported By: #max_lan
🔹 State: ⚪️ Informative
🔹 Disclosed: August 21, 2021, 7:32am (UTC)
👉 https://hackerone.com/reports/1102064
🔹 Severity: Low
🔹 Reported To: Kubernetes
🔹 Reported By: #max_lan
🔹 State: ⚪️ Informative
🔹 Disclosed: August 21, 2021, 7:32am (UTC)
CVE-2020-9383 Floppy OOB read
👉 https://hackerone.com/reports/891846
🔹 Severity: High | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #jordyzomer
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:22am (UTC)
👉 https://hackerone.com/reports/891846
🔹 Severity: High | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #jordyzomer
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:22am (UTC)
Local Privilege Escalation during execution of VeraCryptExpander.exe (UAC bypass)
👉 https://hackerone.com/reports/530292
🔹 Severity: Medium | 💰 1,250 USD
🔹 Reported To: VeraCrypt
🔹 Reported By: #penrose
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:30am (UTC)
👉 https://hackerone.com/reports/530292
🔹 Severity: Medium | 💰 1,250 USD
🔹 Reported To: VeraCrypt
🔹 Reported By: #penrose
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:30am (UTC)
Several protocol parsers in before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal()
👉 https://hackerone.com/reports/800324
🔹 Severity: Critical | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:50am (UTC)
👉 https://hackerone.com/reports/800324
🔹 Severity: Critical | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:50am (UTC)
CVE-2020-10938-buffer overflow/out-of-bounds write in compress.c:HuffmanDecodeImage()
👉 https://hackerone.com/reports/816637
🔹 Severity: Critical | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #nathaniellives
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:54am (UTC)
👉 https://hackerone.com/reports/816637
🔹 Severity: Critical | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #nathaniellives
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:54am (UTC)
CVE-2017-13019: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print()
👉 https://hackerone.com/reports/802896
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:55am (UTC)
👉 https://hackerone.com/reports/802896
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:55am (UTC)
CVE-2017-13050: The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print()
👉 https://hackerone.com/reports/802863
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:56am (UTC)
👉 https://hackerone.com/reports/802863
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:56am (UTC)
The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print()
👉 https://hackerone.com/reports/802846
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:56am (UTC)
👉 https://hackerone.com/reports/802846
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:56am (UTC)
GitHub Integration doesn't sanitize repository URLs which might be attacker-controlled
👉 https://hackerone.com/reports/1197160
🔹 Severity: Low | 💰 512 USD
🔹 Reported To: New Relic
🔹 Reported By: #dee-see
🔹 State: 🟢 Resolved
🔹 Disclosed: August 23, 2021, 7:39pm (UTC)
👉 https://hackerone.com/reports/1197160
🔹 Severity: Low | 💰 512 USD
🔹 Reported To: New Relic
🔹 Reported By: #dee-see
🔹 State: 🟢 Resolved
🔹 Disclosed: August 23, 2021, 7:39pm (UTC)