[CVE-2021-29156] LDAP Injection at https://██████
👉 https://hackerone.com/reports/1278891
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)
👉 https://hackerone.com/reports/1278891
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)
Sensitive information on '████████'
👉 https://hackerone.com/reports/1300591
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)
👉 https://hackerone.com/reports/1300591
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)
Sensitive information on ██████████
👉 https://hackerone.com/reports/1300589
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:34pm (UTC)
👉 https://hackerone.com/reports/1300589
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:34pm (UTC)
https://██████/ Vulnerable to CVE-2013-3827 (Directory-traversal vulnerability)
👉 https://hackerone.com/reports/1280188
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #team_tsk
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:35pm (UTC)
👉 https://hackerone.com/reports/1280188
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #team_tsk
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:35pm (UTC)
CUI labled and ████ Restricted pdf on █████
👉 https://hackerone.com/reports/1243782
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alyssa_herrera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:36pm (UTC)
👉 https://hackerone.com/reports/1243782
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alyssa_herrera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:36pm (UTC)
Squid as reverse proxy RCE and data leak
👉 https://hackerone.com/reports/778610
🔹 Severity: Critical | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #guido
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:10pm (UTC)
👉 https://hackerone.com/reports/778610
🔹 Severity: Critical | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #guido
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:10pm (UTC)
Organization Members in Snap Kit may Deactivate Apps
👉 https://hackerone.com/reports/1103448
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Snapchat
🔹 Reported By: #mainteemoforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:21pm (UTC)
👉 https://hackerone.com/reports/1103448
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Snapchat
🔹 Reported By: #mainteemoforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:21pm (UTC)
Cache Poisoning
👉 https://hackerone.com/reports/824753
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:26pm (UTC)
👉 https://hackerone.com/reports/824753
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:26pm (UTC)
Cache Manager ACL Bypass
👉 https://hackerone.com/reports/824203
🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:28pm (UTC)
👉 https://hackerone.com/reports/824203
🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:28pm (UTC)
URN Request bypass ACL Checks
👉 https://hackerone.com/reports/824802
🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:32pm (UTC)
👉 https://hackerone.com/reports/824802
🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:32pm (UTC)
UrnState Heap Overflow
👉 https://hackerone.com/reports/824771
🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/824771
🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:36pm (UTC)
Squid leaks previous content from reusable buffer
👉 https://hackerone.com/reports/824163
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:37pm (UTC)
👉 https://hackerone.com/reports/824163
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:37pm (UTC)
Basic Authentication Heap Overflow
👉 https://hackerone.com/reports/641240
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:39pm (UTC)
👉 https://hackerone.com/reports/641240
🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:39pm (UTC)
HTTP Smuggling multiple issues in Squid 3.x & squid 4.x
👉 https://hackerone.com/reports/758445
🔹 Severity: Critical | 💰 18,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #regilero
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:57pm (UTC)
👉 https://hackerone.com/reports/758445
🔹 Severity: Critical | 💰 18,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #regilero
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:57pm (UTC)
1-byte heap buffer overflow in DNS resolver
👉 https://hackerone.com/reports/1210450
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Nginx (IBB)
🔹 Reported By: #luismerino
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 12:07am (UTC)
👉 https://hackerone.com/reports/1210450
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Nginx (IBB)
🔹 Reported By: #luismerino
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 12:07am (UTC)
Information Exposure Through Directory Listing
👉 https://hackerone.com/reports/1316412
🔹 Severity: High
🔹 Reported To: Tor
🔹 Reported By: #sasikaran
🔹 State: 🔴 N/A
🔹 Disclosed: August 27, 2021, 11:15am (UTC)
👉 https://hackerone.com/reports/1316412
🔹 Severity: High
🔹 Reported To: Tor
🔹 Reported By: #sasikaran
🔹 State: 🔴 N/A
🔹 Disclosed: August 27, 2021, 11:15am (UTC)
No Rate Limit On Contact Us
👉 https://hackerone.com/reports/1166069
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 5:23pm (UTC)
👉 https://hackerone.com/reports/1166069
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 5:23pm (UTC)
2 Bypass of #1067533 rate limit via X-Forwarded-For<space>: Source IP on ( www.trycourier.app )
👉 https://hackerone.com/reports/1206777
🔹 Severity: Medium
🔹 Reported To: Courier
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 5:47pm (UTC)
👉 https://hackerone.com/reports/1206777
🔹 Severity: Medium
🔹 Reported To: Courier
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 5:47pm (UTC)
HTTP Request Smuggling via HTTP/2
👉 https://hackerone.com/reports/1211724
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Basecamp
🔹 Reported By: #neex
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 7:21pm (UTC)
👉 https://hackerone.com/reports/1211724
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Basecamp
🔹 Reported By: #neex
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 7:21pm (UTC)
Publicly exposed HashiCorp Vault (Secrets management) at usec-gcp-staging.uberinternal.com & usec-gcp.uberinternal.com
👉 https://hackerone.com/reports/519044
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Uber
🔹 Reported By: #ayoubfathi_
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 8:20pm (UTC)
👉 https://hackerone.com/reports/519044
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Uber
🔹 Reported By: #ayoubfathi_
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 8:20pm (UTC)
Unauthenticated Arbitrary File Deletion (CVE-2020-3187)
👉 https://hackerone.com/reports/1056611
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 29, 2021, 3:25pm (UTC)
👉 https://hackerone.com/reports/1056611
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 29, 2021, 3:25pm (UTC)