Google Maps API Key Leakage
👉 https://hackerone.com/reports/1321830
🔹 Severity: High
🔹 Reported To: Uber
🔹 Reported By: #batman9
🔹 State: ⚪️ Informative
🔹 Disclosed: September 3, 2021, 8:39pm (UTC)
👉 https://hackerone.com/reports/1321830
🔹 Severity: High
🔹 Reported To: Uber
🔹 Reported By: #batman9
🔹 State: ⚪️ Informative
🔹 Disclosed: September 3, 2021, 8:39pm (UTC)
No Limit on Email Subnoscription
👉 https://hackerone.com/reports/1085079
🔹 Severity: Low
🔹 Reported To: OpenMage
🔹 Reported By: #thecyberjerry
🔹 State: 🟢 Resolved
🔹 Disclosed: September 4, 2021, 7:05am (UTC)
👉 https://hackerone.com/reports/1085079
🔹 Severity: Low
🔹 Reported To: OpenMage
🔹 Reported By: #thecyberjerry
🔹 State: 🟢 Resolved
🔹 Disclosed: September 4, 2021, 7:05am (UTC)
XSS Stored in Cacheable response
👉 https://hackerone.com/reports/1011093
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #dj4ng0d2
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 1:47am (UTC)
👉 https://hackerone.com/reports/1011093
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #dj4ng0d2
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 1:47am (UTC)
Подмена фотографий автомобиля [city-mobil.ru/taxiserv/]
👉 https://hackerone.com/reports/1130528
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #lobity
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 10:51am (UTC)
👉 https://hackerone.com/reports/1130528
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #lobity
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 10:51am (UTC)
informations disclosure(Email,Numbers,Agreements, admin Sessions and more ...) through a PostgreSQL database belongs to (legium-back.corp.mail.ru)
👉 https://hackerone.com/reports/1241637
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #yukusawa18
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 11:41am (UTC)
👉 https://hackerone.com/reports/1241637
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #yukusawa18
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 11:41am (UTC)
Node Validation Admission does not observe all oldObject fields
👉 https://hackerone.com/reports/1095612
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #ariellima
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 11:17pm (UTC)
👉 https://hackerone.com/reports/1095612
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #ariellima
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 11:17pm (UTC)
Holes in EndpointSlice Validation Enable Host Network Hijack
👉 https://hackerone.com/reports/1145044
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #howardjohn
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 11:29pm (UTC)
👉 https://hackerone.com/reports/1145044
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #howardjohn
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2021, 11:29pm (UTC)
XSS on ub.icq.net
👉 https://hackerone.com/reports/1064587
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #nightmare_msf
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2021, 12:53pm (UTC)
👉 https://hackerone.com/reports/1064587
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #nightmare_msf
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2021, 12:53pm (UTC)
Social Oauth Disconnect CSRF at znakcup.ru
👉 https://hackerone.com/reports/1074869
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #nightmare_msf
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2021, 1:28pm (UTC)
👉 https://hackerone.com/reports/1074869
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #nightmare_msf
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2021, 1:28pm (UTC)
Bootstrap library is vulnerable
👉 https://hackerone.com/reports/1198203
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #sathish87
🔹 State: 🔴 N/A
🔹 Disclosed: September 6, 2021, 4:40pm (UTC)
👉 https://hackerone.com/reports/1198203
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #sathish87
🔹 State: 🔴 N/A
🔹 Disclosed: September 6, 2021, 4:40pm (UTC)
subdomain takeover disney.samokat.ru
👉 https://hackerone.com/reports/1052819
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #nanwn
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2021, 9:29am (UTC)
👉 https://hackerone.com/reports/1052819
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #nanwn
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2021, 9:29am (UTC)
Path Traversal in dict-fs and no-check Escape Character in oauth2-jwt
👉 https://hackerone.com/reports/1132160
🔹 Severity: Medium | 💰 982 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #northsea
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2021, 10:10am (UTC)
👉 https://hackerone.com/reports/1132160
🔹 Severity: Medium | 💰 982 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #northsea
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2021, 10:10am (UTC)
HTML Injection @ /[restaurant]/order endpoint.
👉 https://hackerone.com/reports/738810
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Zomato
🔹 Reported By: #mr_edwards
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2021, 11:28am (UTC)
👉 https://hackerone.com/reports/738810
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Zomato
🔹 Reported By: #mr_edwards
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2021, 11:28am (UTC)
HTML injection leads to reflected XSS
👉 https://hackerone.com/reports/743345
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Zomato
🔹 Reported By: #haxor5392
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2021, 11:29am (UTC)
👉 https://hackerone.com/reports/743345
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Zomato
🔹 Reported By: #haxor5392
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2021, 11:29am (UTC)
Subdomain Takeover on 1c-start.tochka.com pointing to unbouncepages
👉 https://hackerone.com/reports/1266659
🔹 Severity: High | 💰 50 USD
🔹 Reported To: QIWI
🔹 Reported By: #uddeshaya001
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2021, 5:02pm (UTC)
👉 https://hackerone.com/reports/1266659
🔹 Severity: High | 💰 50 USD
🔹 Reported To: QIWI
🔹 Reported By: #uddeshaya001
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2021, 5:02pm (UTC)
Access to alerta.khanacademy.org leak sensitive data
👉 https://hackerone.com/reports/1061664
🔹 Severity: Critical
🔹 Reported To: Khan Academy
🔹 Reported By: #nightmare_msf
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 8:36am (UTC)
👉 https://hackerone.com/reports/1061664
🔹 Severity: Critical
🔹 Reported To: Khan Academy
🔹 Reported By: #nightmare_msf
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 8:36am (UTC)
SQL injection on jd.mail.ru
👉 https://hackerone.com/reports/365011
🔹 Severity: High | 💰 300 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 9:30am (UTC)
👉 https://hackerone.com/reports/365011
🔹 Severity: High | 💰 300 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 9:30am (UTC)
Information disclosure -> 2fa bypass -> POST exploitation
👉 https://hackerone.com/reports/1276373
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Algolia
🔹 Reported By: #akashhamal0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 1:40pm (UTC)
👉 https://hackerone.com/reports/1276373
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Algolia
🔹 Reported By: #akashhamal0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 1:40pm (UTC)
[185.30.178.57:8080] - Vulnerable to Jetleak
👉 https://hackerone.com/reports/1289029
🔹 Severity: Critical | 💰 250 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #xaleraf4ra
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 4:43pm (UTC)
👉 https://hackerone.com/reports/1289029
🔹 Severity: Critical | 💰 250 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #xaleraf4ra
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 4:43pm (UTC)
DNS Miconfiguration Leads to Subdomain Takeover - max1.liveplan.com
👉 https://hackerone.com/reports/1294492
🔹 Severity: High
🔹 Reported To: Palo Alto Software
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 4:45pm (UTC)
👉 https://hackerone.com/reports/1294492
🔹 Severity: High
🔹 Reported To: Palo Alto Software
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 4:45pm (UTC)
Underrepresentation Bias through Twitter's Cropping Algorithm
👉 https://hackerone.com/reports/1294062
🔹 Severity: Critical
🔹 Reported To: Twitter Algorithmic Bias
🔹 Reported By: #cyberqueenmeg
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 10:50pm (UTC)
👉 https://hackerone.com/reports/1294062
🔹 Severity: Critical
🔹 Reported To: Twitter Algorithmic Bias
🔹 Reported By: #cyberqueenmeg
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 10:50pm (UTC)