Clients do not verify server public key
👉 https://hackerone.com/reports/1192470
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: September 23, 2021, 12:25pm (UTC)
👉 https://hackerone.com/reports/1192470
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: September 23, 2021, 12:25pm (UTC)
End to end encryption public key is not properly verified on Desktop and Android
👉 https://hackerone.com/reports/1189162
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: September 23, 2021, 12:25pm (UTC)
👉 https://hackerone.com/reports/1189162
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: September 23, 2021, 12:25pm (UTC)
[Python] CWE-522: Insecure LDAP Authentication
👉 https://hackerone.com/reports/1350076
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 23, 2021, 11:37pm (UTC)
👉 https://hackerone.com/reports/1350076
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: September 23, 2021, 11:37pm (UTC)
DoS of LINE client for Android via message containing multiple unicode characters (0x0e & 0x0f)
👉 https://hackerone.com/reports/1058383
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: LINE
🔹 Reported By: #lynx_vn
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 1:49am (UTC)
👉 https://hackerone.com/reports/1058383
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: LINE
🔹 Reported By: #lynx_vn
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 1:49am (UTC)
Guest Users can create issues for Sentry errors and track their status
👉 https://hackerone.com/reports/1117768
🔹 Severity: Low | 💰 610 USD
🔹 Reported To: GitLab
🔹 Reported By: #maruthi12
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 12:07pm (UTC)
👉 https://hackerone.com/reports/1117768
🔹 Severity: Low | 💰 610 USD
🔹 Reported To: GitLab
🔹 Reported By: #maruthi12
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 12:07pm (UTC)
CVE-2021-22947: STARTTLS protocol injection via MITM
👉 https://hackerone.com/reports/1334763
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: curl
🔹 Reported By: #monnerat
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 1:14pm (UTC)
👉 https://hackerone.com/reports/1334763
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: curl
🔹 Reported By: #monnerat
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 1:14pm (UTC)
CVE-2021-22946: Protocol downgrade required TLS bypassed
👉 https://hackerone.com/reports/1334111
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: curl
🔹 Reported By: #monnerat
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 1:15pm (UTC)
👉 https://hackerone.com/reports/1334111
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: curl
🔹 Reported By: #monnerat
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 1:15pm (UTC)
Phar Deserialization Vulnerability via Logging Settings
👉 https://hackerone.com/reports/1063039
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #egix
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 4:52pm (UTC)
👉 https://hackerone.com/reports/1063039
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #egix
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 4:52pm (UTC)
Deserialization of untrusted data at https://www.redtube.com/media/hls?s=data
👉 https://hackerone.com/reports/1312641
🔹 Severity: Critical | 💰 10,000 USD
🔹 Reported To: Redtube
🔹 Reported By: #kevsecurity
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 4:56pm (UTC)
👉 https://hackerone.com/reports/1312641
🔹 Severity: Critical | 💰 10,000 USD
🔹 Reported To: Redtube
🔹 Reported By: #kevsecurity
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 4:56pm (UTC)
unclaimed s3 bucket takeover in the 3 js file located on the github page of brave software
👉 https://hackerone.com/reports/1316650
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Brave Software
🔹 Reported By: #bhatiagaurav1211
🔹 State: ⚪️ Informative
🔹 Disclosed: September 24, 2021, 5:32pm (UTC)
👉 https://hackerone.com/reports/1316650
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Brave Software
🔹 Reported By: #bhatiagaurav1211
🔹 State: ⚪️ Informative
🔹 Disclosed: September 24, 2021, 5:32pm (UTC)
CVE-2020-3187 - unauthenticated arbitrary file deletion in Cisco
👉 https://hackerone.com/reports/944665
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: QIWI
🔹 Reported By: #lalit2020
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 8:37pm (UTC)
👉 https://hackerone.com/reports/944665
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: QIWI
🔹 Reported By: #lalit2020
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 8:37pm (UTC)
Reflected Cross-Site noscripting in : mtn.bj
👉 https://hackerone.com/reports/1264832
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #alimanshester
🔹 State: 🟢 Resolved
🔹 Disclosed: September 26, 2021, 12:59pm (UTC)
👉 https://hackerone.com/reports/1264832
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #alimanshester
🔹 State: 🟢 Resolved
🔹 Disclosed: September 26, 2021, 12:59pm (UTC)
com.duckduckgo.mobile.android - Cache corruption
👉 https://hackerone.com/reports/1074613
🔹 Severity: Medium
🔹 Reported To: DuckDuckGo
🔹 Reported By: #webklex
🔹 State: 🟢 Resolved
🔹 Disclosed: September 26, 2021, 11:08pm (UTC)
👉 https://hackerone.com/reports/1074613
🔹 Severity: Medium
🔹 Reported To: DuckDuckGo
🔹 Reported By: #webklex
🔹 State: 🟢 Resolved
🔹 Disclosed: September 26, 2021, 11:08pm (UTC)
Tor Browser using --log or --verbose logs the exact connection time a client connects to any v2 domains.
👉 https://hackerone.com/reports/1250273
🔹 Severity: High
🔹 Reported To: Tor
🔹 Reported By: #sickcodes
🔹 State: ⚪️ Informative
🔹 Disclosed: September 27, 2021, 9:14am (UTC)
👉 https://hackerone.com/reports/1250273
🔹 Severity: High
🔹 Reported To: Tor
🔹 Reported By: #sickcodes
🔹 State: ⚪️ Informative
🔹 Disclosed: September 27, 2021, 9:14am (UTC)
Stored XSS in Document Title
👉 https://hackerone.com/reports/1321407
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Localize
🔹 Reported By: #thd3r7
🔹 State: 🟢 Resolved
🔹 Disclosed: September 27, 2021, 2:00pm (UTC)
👉 https://hackerone.com/reports/1321407
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Localize
🔹 Reported By: #thd3r7
🔹 State: 🟢 Resolved
🔹 Disclosed: September 27, 2021, 2:00pm (UTC)
CVE-2021-3711: SM2 decrypt buffer overflow
👉 https://hackerone.com/reports/1352429
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #ouyang
🔹 State: 🟢 Resolved
🔹 Disclosed: September 27, 2021, 6:19pm (UTC)
👉 https://hackerone.com/reports/1352429
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #ouyang
🔹 State: 🟢 Resolved
🔹 Disclosed: September 27, 2021, 6:19pm (UTC)
[mtn.com.af] Multiple vulnerabilities allow to Application level DoS
👉 https://hackerone.com/reports/946578
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2021, 4:52am (UTC)
👉 https://hackerone.com/reports/946578
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2021, 4:52am (UTC)
[ii.worki.ru ] emarsys subdomain takeover
👉 https://hackerone.com/reports/1287686
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #uddeshaya001
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2021, 6:20am (UTC)
👉 https://hackerone.com/reports/1287686
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #uddeshaya001
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2021, 6:20am (UTC)
HTTP Request Smuggling on api.flocktory.com Leads to XSS on Customer Sites
👉 https://hackerone.com/reports/955170
🔹 Severity: Critical | 💰 300 USD
🔹 Reported To: QIWI
🔹 Reported By: #wdahlenb
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 1:55pm (UTC)
👉 https://hackerone.com/reports/955170
🔹 Severity: Critical | 💰 300 USD
🔹 Reported To: QIWI
🔹 Reported By: #wdahlenb
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 1:55pm (UTC)
Information disclosure at '████████' --- CVE-2020-14179
👉 https://hackerone.com/reports/1336397
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x3f
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 5:43pm (UTC)
👉 https://hackerone.com/reports/1336397
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x3f
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 5:43pm (UTC)
███████ - XSS - CVE-2020-3580
👉 https://hackerone.com/reports/1243650
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pr3r00t
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 5:44pm (UTC)
👉 https://hackerone.com/reports/1243650
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pr3r00t
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 5:44pm (UTC)