Buffer overrun in Steam SILK voice decoder
👉 https://hackerone.com/reports/1180252
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Valve
🔹 Reported By: #slidybat
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2021, 5:56pm (UTC)
👉 https://hackerone.com/reports/1180252
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Valve
🔹 Reported By: #slidybat
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2021, 5:56pm (UTC)
[Java]: Add XXE sinks
👉 https://hackerone.com/reports/1339787
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2021, 9:29pm (UTC)
👉 https://hackerone.com/reports/1339787
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2021, 9:29pm (UTC)
CSRF in Account Deletion feature (https://www.flickr.com/account/delete)
👉 https://hackerone.com/reports/615448
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Flickr
🔹 Reported By: #asad0x01_
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2021, 9:59pm (UTC)
👉 https://hackerone.com/reports/615448
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Flickr
🔹 Reported By: #asad0x01_
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2021, 9:59pm (UTC)
[Java] CWE-079: Query to detect XSS with JavaServer Faces (JSF)
👉 https://hackerone.com/reports/1339898
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2021, 12:07am (UTC)
👉 https://hackerone.com/reports/1339898
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2021, 12:07am (UTC)
Webview address bar spoofing in LINE client for iOS
👉 https://hackerone.com/reports/1082991
🔹 Severity: Low
🔹 Reported To: LINE
🔹 Reported By: #reinforchu
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2021, 1:17am (UTC)
👉 https://hackerone.com/reports/1082991
🔹 Severity: Low
🔹 Reported To: LINE
🔹 Reported By: #reinforchu
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2021, 1:17am (UTC)
Use of a Broken or Risky Cryptographic Algorithm
👉 https://hackerone.com/reports/1306942
🔹 Severity: Medium
🔹 Reported To: Revive Adserver
🔹 Reported By: #418sec
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2021, 12:51pm (UTC)
👉 https://hackerone.com/reports/1306942
🔹 Severity: Medium
🔹 Reported To: Revive Adserver
🔹 Reported By: #418sec
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2021, 12:51pm (UTC)
Stored XSS in main page of a project caused by arbitrary noscript payload in group "Default initial branch name"
👉 https://hackerone.com/reports/1256777
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2021, 1:44pm (UTC)
👉 https://hackerone.com/reports/1256777
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2021, 1:44pm (UTC)
CVE-2021-22945: UAF and double-free in MQTT sending
👉 https://hackerone.com/reports/1269242
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: curl
🔹 Reported By: #z2_
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2021, 2:24pm (UTC)
👉 https://hackerone.com/reports/1269242
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: curl
🔹 Reported By: #z2_
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2021, 2:24pm (UTC)
Bypassing Rate limit for forgot password by using different ip addresses
👉 https://hackerone.com/reports/889246
🔹 Severity: Low
🔹 Reported To: Zivver
🔹 Reported By: #dhirenkumar8280
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2021, 7:36pm (UTC)
👉 https://hackerone.com/reports/889246
🔹 Severity: Low
🔹 Reported To: Zivver
🔹 Reported By: #dhirenkumar8280
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2021, 7:36pm (UTC)
[3] Bypassing IP Based Rate Limit Blocking leads to rate limit bypass in Courier Login Panel
👉 https://hackerone.com/reports/1320976
🔹 Severity: No Rating
🔹 Reported To: Courier
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2021, 5:31pm (UTC)
👉 https://hackerone.com/reports/1320976
🔹 Severity: No Rating
🔹 Reported To: Courier
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2021, 5:31pm (UTC)
Session Fixiation allow attacker to create new evil workspace without being logged in [ Insecure Session management ]
👉 https://hackerone.com/reports/1329434
🔹 Severity: Medium
🔹 Reported To: Courier
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2021, 5:32pm (UTC)
👉 https://hackerone.com/reports/1329434
🔹 Severity: Medium
🔹 Reported To: Courier
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2021, 5:32pm (UTC)
SSRF to AWS file read
👉 https://hackerone.com/reports/978823
🔹 Severity: Critical
🔹 Reported To: Topcoder
🔹 Reported By: #3viltwin
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2021, 10:30pm (UTC)
👉 https://hackerone.com/reports/978823
🔹 Severity: Critical
🔹 Reported To: Topcoder
🔹 Reported By: #3viltwin
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2021, 10:30pm (UTC)
Account takeover due to misconfiguration
👉 https://hackerone.com/reports/1114347
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #akashhamal0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: September 17, 2021, 5:19am (UTC)
👉 https://hackerone.com/reports/1114347
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #akashhamal0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: September 17, 2021, 5:19am (UTC)
Subdomain takeover of fr1.vpn.zomans.com
👉 https://hackerone.com/reports/1182864
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Zomato
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: September 17, 2021, 5:50am (UTC)
👉 https://hackerone.com/reports/1182864
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Zomato
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: September 17, 2021, 5:50am (UTC)
Subdomain Takeover due to ████████ NS records at us-east4.37signals.com
👉 https://hackerone.com/reports/1342422
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Basecamp
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: September 17, 2021, 9:45pm (UTC)
👉 https://hackerone.com/reports/1342422
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Basecamp
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: September 17, 2021, 9:45pm (UTC)
Text injection or content spoofing on forbiden page
👉 https://hackerone.com/reports/1310925
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: XVIDEOS
🔹 Reported By: #alone_test
🔹 State: 🟢 Resolved
🔹 Disclosed: September 19, 2021, 4:28pm (UTC)
👉 https://hackerone.com/reports/1310925
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: XVIDEOS
🔹 Reported By: #alone_test
🔹 State: 🟢 Resolved
🔹 Disclosed: September 19, 2021, 4:28pm (UTC)
Hacker can bypass minimum bounty amount restrictions in "invitation preferences" setting via UpdateInvitationPreferencesMutation GraphQL operation
👉 https://hackerone.com/reports/981036
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #frozensolid
🔹 State: ⚪️ Informative
🔹 Disclosed: September 20, 2021, 1:20pm (UTC)
👉 https://hackerone.com/reports/981036
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #frozensolid
🔹 State: ⚪️ Informative
🔹 Disclosed: September 20, 2021, 1:20pm (UTC)
New experimental query: Clipboard-based XSS
👉 https://hackerone.com/reports/1345484
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 20, 2021, 10:00pm (UTC)
👉 https://hackerone.com/reports/1345484
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 20, 2021, 10:00pm (UTC)
ihsinme: Add query for CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
👉 https://hackerone.com/reports/1345483
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 20, 2021, 10:00pm (UTC)
👉 https://hackerone.com/reports/1345483
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 20, 2021, 10:00pm (UTC)
Open Redirect through POST Request in OAuth
👉 https://hackerone.com/reports/1129761
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Moneybird
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2021, 2:29pm (UTC)
👉 https://hackerone.com/reports/1129761
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Moneybird
🔹 Reported By: #bugera
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2021, 2:29pm (UTC)
IDOR in https://moneybird.com/user/accountant_company/edit(change company name)
👉 https://hackerone.com/reports/726163
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Moneybird
🔹 Reported By: #t3chnophil3
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2021, 2:31pm (UTC)
👉 https://hackerone.com/reports/726163
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Moneybird
🔹 Reported By: #t3chnophil3
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2021, 2:31pm (UTC)