[C#]: Deserialization sinks
👉 https://hackerone.com/reports/1319270
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:01pm (UTC)
👉 https://hackerone.com/reports/1319270
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:01pm (UTC)
Buffer overflow in PyCArg_repr in _ctypes/callproc.c for Python 3.x to 3.9.1
👉 https://hackerone.com/reports/1084342
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Python (IBB)
🔹 Reported By: #jordyzomer
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:32pm (UTC)
👉 https://hackerone.com/reports/1084342
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Python (IBB)
🔹 Reported By: #jordyzomer
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:32pm (UTC)
Two out-of-bounds array reads in Python AST builder (Re-opening 520612 with CVEs)
👉 https://hackerone.com/reports/746766
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: Python (IBB)
🔹 Reported By: #blarsen
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:51pm (UTC)
👉 https://hackerone.com/reports/746766
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: Python (IBB)
🔹 Reported By: #blarsen
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:51pm (UTC)
[CVE-2021-29156] LDAP Injection at https://██████
👉 https://hackerone.com/reports/1278891
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)
👉 https://hackerone.com/reports/1278891
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)
Sensitive information on '████████'
👉 https://hackerone.com/reports/1300591
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)
👉 https://hackerone.com/reports/1300591
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)
Sensitive information on ██████████
👉 https://hackerone.com/reports/1300589
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:34pm (UTC)
👉 https://hackerone.com/reports/1300589
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:34pm (UTC)
https://██████/ Vulnerable to CVE-2013-3827 (Directory-traversal vulnerability)
👉 https://hackerone.com/reports/1280188
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #team_tsk
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:35pm (UTC)
👉 https://hackerone.com/reports/1280188
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #team_tsk
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:35pm (UTC)
CUI labled and ████ Restricted pdf on █████
👉 https://hackerone.com/reports/1243782
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alyssa_herrera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:36pm (UTC)
👉 https://hackerone.com/reports/1243782
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alyssa_herrera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:36pm (UTC)
Squid as reverse proxy RCE and data leak
👉 https://hackerone.com/reports/778610
🔹 Severity: Critical | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #guido
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:10pm (UTC)
👉 https://hackerone.com/reports/778610
🔹 Severity: Critical | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #guido
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:10pm (UTC)
Organization Members in Snap Kit may Deactivate Apps
👉 https://hackerone.com/reports/1103448
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Snapchat
🔹 Reported By: #mainteemoforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:21pm (UTC)
👉 https://hackerone.com/reports/1103448
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Snapchat
🔹 Reported By: #mainteemoforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:21pm (UTC)
Cache Poisoning
👉 https://hackerone.com/reports/824753
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:26pm (UTC)
👉 https://hackerone.com/reports/824753
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:26pm (UTC)
Cache Manager ACL Bypass
👉 https://hackerone.com/reports/824203
🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:28pm (UTC)
👉 https://hackerone.com/reports/824203
🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:28pm (UTC)
URN Request bypass ACL Checks
👉 https://hackerone.com/reports/824802
🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:32pm (UTC)
👉 https://hackerone.com/reports/824802
🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:32pm (UTC)
UrnState Heap Overflow
👉 https://hackerone.com/reports/824771
🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/824771
🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:36pm (UTC)
Squid leaks previous content from reusable buffer
👉 https://hackerone.com/reports/824163
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:37pm (UTC)
👉 https://hackerone.com/reports/824163
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:37pm (UTC)
Basic Authentication Heap Overflow
👉 https://hackerone.com/reports/641240
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:39pm (UTC)
👉 https://hackerone.com/reports/641240
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:39pm (UTC)
HTTP Smuggling multiple issues in Squid 3.x & squid 4.x
👉 https://hackerone.com/reports/758445
🔹 Severity: Critical | 💰 18,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #regilero
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:57pm (UTC)
👉 https://hackerone.com/reports/758445
🔹 Severity: Critical | 💰 18,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #regilero
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:57pm (UTC)
1-byte heap buffer overflow in DNS resolver
👉 https://hackerone.com/reports/1210450
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Nginx (IBB)
🔹 Reported By: #luismerino
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 12:07am (UTC)
👉 https://hackerone.com/reports/1210450
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Nginx (IBB)
🔹 Reported By: #luismerino
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 12:07am (UTC)
Information Exposure Through Directory Listing
👉 https://hackerone.com/reports/1316412
🔹 Severity: High
🔹 Reported To: Tor
🔹 Reported By: #sasikaran
🔹 State: 🔴 N/A
🔹 Disclosed: August 27, 2021, 11:15am (UTC)
👉 https://hackerone.com/reports/1316412
🔹 Severity: High
🔹 Reported To: Tor
🔹 Reported By: #sasikaran
🔹 State: 🔴 N/A
🔹 Disclosed: August 27, 2021, 11:15am (UTC)
No Rate Limit On Contact Us
👉 https://hackerone.com/reports/1166069
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 5:23pm (UTC)
👉 https://hackerone.com/reports/1166069
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 5:23pm (UTC)
2 Bypass of #1067533 rate limit via X-Forwarded-For<space>: Source IP on ( www.trycourier.app )
👉 https://hackerone.com/reports/1206777
🔹 Severity: Medium
🔹 Reported To: Courier
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 5:47pm (UTC)
👉 https://hackerone.com/reports/1206777
🔹 Severity: Medium
🔹 Reported To: Courier
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 5:47pm (UTC)