The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print()
👉 https://hackerone.com/reports/802846
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:56am (UTC)
👉 https://hackerone.com/reports/802846
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:56am (UTC)
GitHub Integration doesn't sanitize repository URLs which might be attacker-controlled
👉 https://hackerone.com/reports/1197160
🔹 Severity: Low | 💰 512 USD
🔹 Reported To: New Relic
🔹 Reported By: #dee-see
🔹 State: 🟢 Resolved
🔹 Disclosed: August 23, 2021, 7:39pm (UTC)
👉 https://hackerone.com/reports/1197160
🔹 Severity: Low | 💰 512 USD
🔹 Reported To: New Relic
🔹 Reported By: #dee-see
🔹 State: 🟢 Resolved
🔹 Disclosed: August 23, 2021, 7:39pm (UTC)
Hackers can find out the ID of private programs
👉 https://hackerone.com/reports/1129649
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 3:10am (UTC)
👉 https://hackerone.com/reports/1129649
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 3:10am (UTC)
The possibility of disrupting the normal operation of frontend using markdown
👉 https://hackerone.com/reports/1138668
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 3:19am (UTC)
👉 https://hackerone.com/reports/1138668
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 3:19am (UTC)
Hackers can reveal the names of private programs that have an external link
👉 https://hackerone.com/reports/1127455
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: ⚪️ Informative
🔹 Disclosed: August 24, 2021, 3:20am (UTC)
👉 https://hackerone.com/reports/1127455
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: ⚪️ Informative
🔹 Disclosed: August 24, 2021, 3:20am (UTC)
Hackers can reveal the names of private programs that have an external link and Enterprise Product Edition
👉 https://hackerone.com/reports/1130235
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 4:13am (UTC)
👉 https://hackerone.com/reports/1130235
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 4:13am (UTC)
Attachment object in GraphQL continues to grant access to files, even if they are removed from rendering
👉 https://hackerone.com/reports/1132606
🔹 Severity: Medium
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 4:15am (UTC)
👉 https://hackerone.com/reports/1132606
🔹 Severity: Medium
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 4:15am (UTC)
Disclosure handle private program with external link
👉 https://hackerone.com/reports/1276992
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 4:48pm (UTC)
👉 https://hackerone.com/reports/1276992
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 4:48pm (UTC)
Enumerating HackerOne Pentests
👉 https://hackerone.com/reports/1139541
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #whhackersbr
🔹 State: ⚪️ Informative
🔹 Disclosed: August 25, 2021, 3:40am (UTC)
👉 https://hackerone.com/reports/1139541
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #whhackersbr
🔹 State: ⚪️ Informative
🔹 Disclosed: August 25, 2021, 3:40am (UTC)
[Python] CWE-943: Add NoSQL Injection Query
👉 https://hackerone.com/reports/1319271
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:01pm (UTC)
👉 https://hackerone.com/reports/1319271
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:01pm (UTC)
[C#]: Deserialization sinks
👉 https://hackerone.com/reports/1319270
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:01pm (UTC)
👉 https://hackerone.com/reports/1319270
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:01pm (UTC)
Buffer overflow in PyCArg_repr in _ctypes/callproc.c for Python 3.x to 3.9.1
👉 https://hackerone.com/reports/1084342
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Python (IBB)
🔹 Reported By: #jordyzomer
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:32pm (UTC)
👉 https://hackerone.com/reports/1084342
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Python (IBB)
🔹 Reported By: #jordyzomer
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:32pm (UTC)
Two out-of-bounds array reads in Python AST builder (Re-opening 520612 with CVEs)
👉 https://hackerone.com/reports/746766
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: Python (IBB)
🔹 Reported By: #blarsen
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:51pm (UTC)
👉 https://hackerone.com/reports/746766
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: Python (IBB)
🔹 Reported By: #blarsen
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:51pm (UTC)
[CVE-2021-29156] LDAP Injection at https://██████
👉 https://hackerone.com/reports/1278891
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)
👉 https://hackerone.com/reports/1278891
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)
Sensitive information on '████████'
👉 https://hackerone.com/reports/1300591
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)
👉 https://hackerone.com/reports/1300591
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)
Sensitive information on ██████████
👉 https://hackerone.com/reports/1300589
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:34pm (UTC)
👉 https://hackerone.com/reports/1300589
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:34pm (UTC)
https://██████/ Vulnerable to CVE-2013-3827 (Directory-traversal vulnerability)
👉 https://hackerone.com/reports/1280188
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #team_tsk
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:35pm (UTC)
👉 https://hackerone.com/reports/1280188
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #team_tsk
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:35pm (UTC)
CUI labled and ████ Restricted pdf on █████
👉 https://hackerone.com/reports/1243782
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alyssa_herrera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:36pm (UTC)
👉 https://hackerone.com/reports/1243782
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alyssa_herrera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:36pm (UTC)
Squid as reverse proxy RCE and data leak
👉 https://hackerone.com/reports/778610
🔹 Severity: Critical | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #guido
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:10pm (UTC)
👉 https://hackerone.com/reports/778610
🔹 Severity: Critical | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #guido
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:10pm (UTC)
Organization Members in Snap Kit may Deactivate Apps
👉 https://hackerone.com/reports/1103448
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Snapchat
🔹 Reported By: #mainteemoforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:21pm (UTC)
👉 https://hackerone.com/reports/1103448
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Snapchat
🔹 Reported By: #mainteemoforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:21pm (UTC)
Cache Poisoning
👉 https://hackerone.com/reports/824753
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:26pm (UTC)
👉 https://hackerone.com/reports/824753
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:26pm (UTC)