Bugpoint – Telegram
Bugpoint
@bugpoint
1.05K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.05K subscribers
Bugpoint
URN Request bypass ACL Checks

👉 https://hackerone.com/reports/824802

🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:32pm (UTC)
204 views
Bugpoint
UrnState Heap Overflow

👉 https://hackerone.com/reports/824771

🔹 Severity: Critical | 💰 12,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:36pm (UTC)
214 views
Bugpoint
Squid leaks previous content from reusable buffer

👉 https://hackerone.com/reports/824163

🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:37pm (UTC)
221 views
Bugpoint
Basic Authentication Heap Overflow

👉 https://hackerone.com/reports/641240

🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #jeriko_one
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:39pm (UTC)
240 views
Bugpoint
HTTP Smuggling multiple issues in Squid 3.x & squid 4.x

👉 https://hackerone.com/reports/758445

🔹 Severity: Critical | 💰 18,000 USD
🔹 Reported To: Squid Cache (IBB)
🔹 Reported By: #regilero
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 11:57pm (UTC)
307 views
Bugpoint
1-byte heap buffer overflow in DNS resolver

👉 https://hackerone.com/reports/1210450

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Nginx (IBB)
🔹 Reported By: #luismerino
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 12:07am (UTC)
273 views
Bugpoint
Information Exposure Through Directory Listing

👉 https://hackerone.com/reports/1316412

🔹 Severity: High
🔹 Reported To: Tor
🔹 Reported By: #sasikaran
🔹 State: 🔴 N/A
🔹 Disclosed: August 27, 2021, 11:15am (UTC)
253 views
Bugpoint
No Rate Limit On Contact Us

👉 https://hackerone.com/reports/1166069

🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 5:23pm (UTC)
252 views
Bugpoint
2 Bypass of #1067533 rate limit via X-Forwarded-For<space>: Source IP on ( www.trycourier.app )

👉 https://hackerone.com/reports/1206777

🔹 Severity: Medium
🔹 Reported To: Courier
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 5:47pm (UTC)
272 views
Bugpoint
HTTP Request Smuggling via HTTP/2

👉 https://hackerone.com/reports/1211724

🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Basecamp
🔹 Reported By: #neex
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 7:21pm (UTC)
291 views
Bugpoint
Publicly exposed HashiCorp Vault (Secrets management) at usec-gcp-staging.uberinternal.com & usec-gcp.uberinternal.com

👉 https://hackerone.com/reports/519044

🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Uber
🔹 Reported By: #ayoubfathi_
🔹 State: 🟢 Resolved
🔹 Disclosed: August 27, 2021, 8:20pm (UTC)
311 views
Bugpoint
Unauthenticated Arbitrary File Deletion (CVE-2020-3187)

👉 https://hackerone.com/reports/1056611

🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #logic_err0r
🔹 State: 🟢 Resolved
🔹 Disclosed: August 29, 2021, 3:25pm (UTC)
284 views
Bugpoint
[Biz] [Mailer] Кроп любых* изображений расположенных на сервере

👉 https://hackerone.com/reports/1073485

🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #rainbow_json
🔹 State: 🟢 Resolved
🔹 Disclosed: August 30, 2021, 4:17am (UTC)
271 views
Bugpoint
Guest users can create new test cases

👉 https://hackerone.com/reports/1113289

🔹 Severity: Low | 💰 650 USD
🔹 Reported To: GitLab
🔹 Reported By: #maruthi12
🔹 State: 🟢 Resolved
🔹 Disclosed: August 30, 2021, 11:01am (UTC)
264 views
Bugpoint
A profile page of a user can be denied from loading by appending .html to the username

👉 https://hackerone.com/reports/475098

🔹 Severity: Low | 💰 200 USD
🔹 Reported To: GitLab
🔹 Reported By: #maruthi12
🔹 State: 🟢 Resolved
🔹 Disclosed: August 30, 2021, 11:02am (UTC)
264 views
Bugpoint
A deactivated user can access data through GraphQL

👉 https://hackerone.com/reports/1192460

🔹 Severity: Medium | 💰 1,370 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: August 30, 2021, 1:25pm (UTC)
267 views
Bugpoint
SSH server due to Improper Signature Verification

👉 https://hackerone.com/reports/1294043

🔹 Severity: High
🔹 Reported To: Sifchain
🔹 Reported By: #escanor56
🔹 State: 🔴 N/A
🔹 Disclosed: August 30, 2021, 2:35pm (UTC)
252 views
Bugpoint
Index Out Of Bounds in protobuf unmarshalling

👉 https://hackerone.com/reports/1073363

🔹 Severity: No Rating | 💰 250 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #pulpkk
🔹 State: 🟢 Resolved
🔹 Disclosed: August 30, 2021, 7:06pm (UTC)
253 views
Bugpoint
Bypass of the installation sandbox by injecting keystrokes with TIOCSTI

👉 https://hackerone.com/reports/1283871

🔹 Severity: Low
🔹 Reported To: Homebrew
🔹 Reported By: #gedwards
🔹 State: 🟢 Resolved
🔹 Disclosed: August 30, 2021, 11:46pm (UTC)
251 views
Bugpoint
Open Redirect

👉 https://hackerone.com/reports/1213580

🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Affirm
🔹 Reported By: #litt1eb0y
🔹 State: 🟢 Resolved
🔹 Disclosed: August 31, 2021, 8:48am (UTC)
249 views
Bugpoint
Failed to validate Session after Password Change

👉 https://hackerone.com/reports/1295187

🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #aaruthra
🔹 State: 🟤 Duplicate
🔹 Disclosed: August 31, 2021, 9:15am (UTC)
245 views