blind sql on [selfcare.mtn.com.af]
👉 https://hackerone.com/reports/925007
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 11:39am (UTC)
👉 https://hackerone.com/reports/925007
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 11:39am (UTC)
SQL injection [futexpert.mtngbissau.com]
👉 https://hackerone.com/reports/924855
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 11:40am (UTC)
👉 https://hackerone.com/reports/924855
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 11:40am (UTC)
link.avito.ru - Bypass of restrictions on external links.
👉 https://hackerone.com/reports/956449
🔹 Severity: Medium
🔹 Reported To: Avito
🔹 Reported By: #hen51
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 5:25pm (UTC)
👉 https://hackerone.com/reports/956449
🔹 Severity: Medium
🔹 Reported To: Avito
🔹 Reported By: #hen51
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 5:25pm (UTC)
Subdomain takeover of ███
👉 https://hackerone.com/reports/892667
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #simplyrishabh
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:55pm (UTC)
👉 https://hackerone.com/reports/892667
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #simplyrishabh
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:55pm (UTC)
XSS due to CVE-2020-3580 [██████]
👉 https://hackerone.com/reports/1277392
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:56pm (UTC)
👉 https://hackerone.com/reports/1277392
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:56pm (UTC)
XSS due to CVE-2020-3580 [███]
👉 https://hackerone.com/reports/1277389
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:57pm (UTC)
👉 https://hackerone.com/reports/1277389
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:57pm (UTC)
Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179
👉 https://hackerone.com/reports/1153817
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:58pm (UTC)
👉 https://hackerone.com/reports/1153817
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:58pm (UTC)
System Error Reveals SQL Information
👉 https://hackerone.com/reports/1272095
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #miguel_santareno
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:59pm (UTC)
👉 https://hackerone.com/reports/1272095
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #miguel_santareno
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:59pm (UTC)
SQL injection located in `███` in POST param `████████`
👉 https://hackerone.com/reports/1262757
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #brumens
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 8:00pm (UTC)
👉 https://hackerone.com/reports/1262757
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #brumens
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 8:00pm (UTC)
Stored XSS on top.mail.ru
👉 https://hackerone.com/reports/1241107
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #savproga
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 7:18am (UTC)
👉 https://hackerone.com/reports/1241107
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #savproga
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 7:18am (UTC)
[play.mtn.co.za] Application level DoS via xmlrpc.php
👉 https://hackerone.com/reports/925519
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 4:21pm (UTC)
👉 https://hackerone.com/reports/925519
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 4:21pm (UTC)
Improper handling of untypical characters in domain names
👉 https://hackerone.com/reports/1178337
🔹 Severity: High
🔹 Reported To: Node.js
🔹 Reported By: #philippjeitner
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 5:51pm (UTC)
👉 https://hackerone.com/reports/1178337
🔹 Severity: High
🔹 Reported To: Node.js
🔹 Reported By: #philippjeitner
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 5:51pm (UTC)
Built-in TLS module unexpectedly treats "rejectUnauthorized: undefined" as "rejectUnauthorized: false", disabling all certificate validation
👉 https://hackerone.com/reports/1278254
🔹 Severity: Low
🔹 Reported To: Node.js
🔹 Reported By: #pimterry
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 5:53pm (UTC)
👉 https://hackerone.com/reports/1278254
🔹 Severity: Low
🔹 Reported To: Node.js
🔹 Reported By: #pimterry
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 5:53pm (UTC)
Create free Shopify application credits.
👉 https://hackerone.com/reports/1257428
🔹 Severity: Medium | 💰 2,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jmp_35p
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 9:53pm (UTC)
👉 https://hackerone.com/reports/1257428
🔹 Severity: Medium | 💰 2,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jmp_35p
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 9:53pm (UTC)
Hardware Wallets Do Not Check Unlock TIme
👉 https://hackerone.com/reports/817245
🔹 Severity: Medium
🔹 Reported To: Monero
🔹 Reported By: #thecharlatan
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2021, 8:36am (UTC)
👉 https://hackerone.com/reports/817245
🔹 Severity: Medium
🔹 Reported To: Monero
🔹 Reported By: #thecharlatan
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2021, 8:36am (UTC)
Unix time unlock_time values have dangerous validation rules enabling a number of exploits
👉 https://hackerone.com/reports/854726
🔹 Severity: High
🔹 Reported To: Monero
🔹 Reported By: #thecharlatan
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2021, 8:36am (UTC)
👉 https://hackerone.com/reports/854726
🔹 Severity: High
🔹 Reported To: Monero
🔹 Reported By: #thecharlatan
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2021, 8:36am (UTC)
Privilege Escalation leading to post in channel without having privilege
👉 https://hackerone.com/reports/1114617
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #fuzzsqlb0f
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2021, 5:36am (UTC)
👉 https://hackerone.com/reports/1114617
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #fuzzsqlb0f
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2021, 5:36am (UTC)
No Rate Limit On Regenerate Password on Portswigger
👉 https://hackerone.com/reports/1337425
🔹 Severity: No Rating
🔹 Reported To: PortSwigger Web Security
🔹 Reported By: #thespiritman
🔹 State: ⚪️ Informative
🔹 Disclosed: September 13, 2021, 1:03pm (UTC)
👉 https://hackerone.com/reports/1337425
🔹 Severity: No Rating
🔹 Reported To: PortSwigger Web Security
🔹 Reported By: #thespiritman
🔹 State: ⚪️ Informative
🔹 Disclosed: September 13, 2021, 1:03pm (UTC)
Buffer overrun in Steam SILK voice decoder
👉 https://hackerone.com/reports/1180252
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Valve
🔹 Reported By: #slidybat
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2021, 5:56pm (UTC)
👉 https://hackerone.com/reports/1180252
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Valve
🔹 Reported By: #slidybat
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2021, 5:56pm (UTC)
[Java]: Add XXE sinks
👉 https://hackerone.com/reports/1339787
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2021, 9:29pm (UTC)
👉 https://hackerone.com/reports/1339787
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2021, 9:29pm (UTC)
CSRF in Account Deletion feature (https://www.flickr.com/account/delete)
👉 https://hackerone.com/reports/615448
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Flickr
🔹 Reported By: #asad0x01_
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2021, 9:59pm (UTC)
👉 https://hackerone.com/reports/615448
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Flickr
🔹 Reported By: #asad0x01_
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2021, 9:59pm (UTC)