No Rate Limit On Reset Password
👉 https://hackerone.com/reports/1166066
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #elcayser-0x0a
🔹 State: 🟢 Resolved
🔹 Disclosed: August 31, 2021, 3:23pm (UTC)
👉 https://hackerone.com/reports/1166066
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #elcayser-0x0a
🔹 State: 🟢 Resolved
🔹 Disclosed: August 31, 2021, 3:23pm (UTC)
Subdomain takeover due to non registered TLD [ ██████████.█████.██████.com ]
👉 https://hackerone.com/reports/1312365
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Affirm
🔹 Reported By: #0xprial
🔹 State: 🟢 Resolved
🔹 Disclosed: August 31, 2021, 4:18pm (UTC)
👉 https://hackerone.com/reports/1312365
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Affirm
🔹 Reported By: #0xprial
🔹 State: 🟢 Resolved
🔹 Disclosed: August 31, 2021, 4:18pm (UTC)
session takeover via open protocol redirection on streamlabs.com
👉 https://hackerone.com/reports/1178239
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Logitech
🔹 Reported By: #f_m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2021, 3:49pm (UTC)
👉 https://hackerone.com/reports/1178239
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Logitech
🔹 Reported By: #f_m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2021, 3:49pm (UTC)
Critical || Unrestricted access to private Github repos and properties of Elastic through leaked token of Elastic employee
👉 https://hackerone.com/reports/1266188
🔹 Severity: Critical | 💰 2,000 USD
🔹 Reported To: Elastic
🔹 Reported By: #prateek_0490
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2021, 5:40pm (UTC)
👉 https://hackerone.com/reports/1266188
🔹 Severity: Critical | 💰 2,000 USD
🔹 Reported To: Elastic
🔹 Reported By: #prateek_0490
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2021, 5:40pm (UTC)
Improper input validation in projects leads to fully deny access to project resources
👉 https://hackerone.com/reports/1237700
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Semrush
🔹 Reported By: #a_d_a_m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2021, 8:11pm (UTC)
👉 https://hackerone.com/reports/1237700
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Semrush
🔹 Reported By: #a_d_a_m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2021, 8:11pm (UTC)
e-mail verification bypass through interception & modification of response status
👉 https://hackerone.com/reports/1181253
🔹 Severity: No Rating
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #rajeshpatil
🔹 State: 🟢 Resolved
🔹 Disclosed: September 2, 2021, 2:46pm (UTC)
👉 https://hackerone.com/reports/1181253
🔹 Severity: No Rating
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #rajeshpatil
🔹 State: 🟢 Resolved
🔹 Disclosed: September 2, 2021, 2:46pm (UTC)
Java: Static initialization vector
👉 https://hackerone.com/reports/1329260
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2021, 12:15am (UTC)
👉 https://hackerone.com/reports/1329260
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2021, 12:15am (UTC)
Improper Authentication - any user can login as other user with otp/logout & otp/login
👉 https://hackerone.com/reports/921780
🔹 Severity: Critical | 💰 25,000 USD
🔹 Reported To: Snapchat
🔹 Reported By: #korniltsev
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2021, 9:12am (UTC)
👉 https://hackerone.com/reports/921780
🔹 Severity: Critical | 💰 25,000 USD
🔹 Reported To: Snapchat
🔹 Reported By: #korniltsev
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2021, 9:12am (UTC)
Protocol Smuggling over LDAP password field
👉 https://hackerone.com/reports/1054282
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: ownCloud
🔹 Reported By: #pabl00nicarres
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2021, 1:20pm (UTC)
👉 https://hackerone.com/reports/1054282
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: ownCloud
🔹 Reported By: #pabl00nicarres
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2021, 1:20pm (UTC)
Payment method token being sent to 3rd party analytics service
👉 https://hackerone.com/reports/637267
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Upserve
🔹 Reported By: #ctulhu
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2021, 3:06pm (UTC)
👉 https://hackerone.com/reports/637267
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Upserve
🔹 Reported By: #ctulhu
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2021, 3:06pm (UTC)
Possible to invite any team member without being logged in. [ Session Management Issue ]
👉 https://hackerone.com/reports/1319892
🔹 Severity: Medium
🔹 Reported To: Courier
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2021, 7:28pm (UTC)
👉 https://hackerone.com/reports/1319892
🔹 Severity: Medium
🔹 Reported To: Courier
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2021, 7:28pm (UTC)
Google Maps API Key Leakage
👉 https://hackerone.com/reports/1321830
🔹 Severity: High
🔹 Reported To: Uber
🔹 Reported By: #batman9
🔹 State: ⚪️ Informative
🔹 Disclosed: September 3, 2021, 8:39pm (UTC)
👉 https://hackerone.com/reports/1321830
🔹 Severity: High
🔹 Reported To: Uber
🔹 Reported By: #batman9
🔹 State: ⚪️ Informative
🔹 Disclosed: September 3, 2021, 8:39pm (UTC)
No Limit on Email Subnoscription
👉 https://hackerone.com/reports/1085079
🔹 Severity: Low
🔹 Reported To: OpenMage
🔹 Reported By: #thecyberjerry
🔹 State: 🟢 Resolved
🔹 Disclosed: September 4, 2021, 7:05am (UTC)
👉 https://hackerone.com/reports/1085079
🔹 Severity: Low
🔹 Reported To: OpenMage
🔹 Reported By: #thecyberjerry
🔹 State: 🟢 Resolved
🔹 Disclosed: September 4, 2021, 7:05am (UTC)
XSS Stored in Cacheable response
👉 https://hackerone.com/reports/1011093
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #dj4ng0d2
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 1:47am (UTC)
👉 https://hackerone.com/reports/1011093
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #dj4ng0d2
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 1:47am (UTC)
Подмена фотографий автомобиля [city-mobil.ru/taxiserv/]
👉 https://hackerone.com/reports/1130528
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #lobity
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 10:51am (UTC)
👉 https://hackerone.com/reports/1130528
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #lobity
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 10:51am (UTC)
informations disclosure(Email,Numbers,Agreements, admin Sessions and more ...) through a PostgreSQL database belongs to (legium-back.corp.mail.ru)
👉 https://hackerone.com/reports/1241637
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #yukusawa18
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 11:41am (UTC)
👉 https://hackerone.com/reports/1241637
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #yukusawa18
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 11:41am (UTC)
Node Validation Admission does not observe all oldObject fields
👉 https://hackerone.com/reports/1095612
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #ariellima
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 11:17pm (UTC)
👉 https://hackerone.com/reports/1095612
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #ariellima
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 11:17pm (UTC)
Holes in EndpointSlice Validation Enable Host Network Hijack
👉 https://hackerone.com/reports/1145044
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #howardjohn
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 11:29pm (UTC)
👉 https://hackerone.com/reports/1145044
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #howardjohn
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 11:29pm (UTC)
XSS on ub.icq.net
👉 https://hackerone.com/reports/1064587
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #nightmare_msf
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2021, 12:53pm (UTC)
👉 https://hackerone.com/reports/1064587
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #nightmare_msf
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2021, 12:53pm (UTC)
Social Oauth Disconnect CSRF at znakcup.ru
👉 https://hackerone.com/reports/1074869
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #nightmare_msf
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2021, 1:28pm (UTC)
👉 https://hackerone.com/reports/1074869
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #nightmare_msf
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2021, 1:28pm (UTC)
Bootstrap library is vulnerable
👉 https://hackerone.com/reports/1198203
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #sathish87
🔹 State: 🔴 N/A
🔹 Disclosed: September 6, 2021, 4:40pm (UTC)
👉 https://hackerone.com/reports/1198203
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #sathish87
🔹 State: 🔴 N/A
🔹 Disclosed: September 6, 2021, 4:40pm (UTC)