Deserialization of untrusted data at https://www.redtube.com/media/hls?s=data
👉 https://hackerone.com/reports/1312641
🔹 Severity: Critical | 💰 10,000 USD
🔹 Reported To: Redtube
🔹 Reported By: #kevsecurity
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 4:56pm (UTC)
👉 https://hackerone.com/reports/1312641
🔹 Severity: Critical | 💰 10,000 USD
🔹 Reported To: Redtube
🔹 Reported By: #kevsecurity
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 4:56pm (UTC)
unclaimed s3 bucket takeover in the 3 js file located on the github page of brave software
👉 https://hackerone.com/reports/1316650
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Brave Software
🔹 Reported By: #bhatiagaurav1211
🔹 State: ⚪️ Informative
🔹 Disclosed: September 24, 2021, 5:32pm (UTC)
👉 https://hackerone.com/reports/1316650
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Brave Software
🔹 Reported By: #bhatiagaurav1211
🔹 State: ⚪️ Informative
🔹 Disclosed: September 24, 2021, 5:32pm (UTC)
CVE-2020-3187 - unauthenticated arbitrary file deletion in Cisco
👉 https://hackerone.com/reports/944665
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: QIWI
🔹 Reported By: #lalit2020
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 8:37pm (UTC)
👉 https://hackerone.com/reports/944665
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: QIWI
🔹 Reported By: #lalit2020
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2021, 8:37pm (UTC)
Reflected Cross-Site noscripting in : mtn.bj
👉 https://hackerone.com/reports/1264832
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #alimanshester
🔹 State: 🟢 Resolved
🔹 Disclosed: September 26, 2021, 12:59pm (UTC)
👉 https://hackerone.com/reports/1264832
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #alimanshester
🔹 State: 🟢 Resolved
🔹 Disclosed: September 26, 2021, 12:59pm (UTC)
com.duckduckgo.mobile.android - Cache corruption
👉 https://hackerone.com/reports/1074613
🔹 Severity: Medium
🔹 Reported To: DuckDuckGo
🔹 Reported By: #webklex
🔹 State: 🟢 Resolved
🔹 Disclosed: September 26, 2021, 11:08pm (UTC)
👉 https://hackerone.com/reports/1074613
🔹 Severity: Medium
🔹 Reported To: DuckDuckGo
🔹 Reported By: #webklex
🔹 State: 🟢 Resolved
🔹 Disclosed: September 26, 2021, 11:08pm (UTC)
Tor Browser using --log or --verbose logs the exact connection time a client connects to any v2 domains.
👉 https://hackerone.com/reports/1250273
🔹 Severity: High
🔹 Reported To: Tor
🔹 Reported By: #sickcodes
🔹 State: ⚪️ Informative
🔹 Disclosed: September 27, 2021, 9:14am (UTC)
👉 https://hackerone.com/reports/1250273
🔹 Severity: High
🔹 Reported To: Tor
🔹 Reported By: #sickcodes
🔹 State: ⚪️ Informative
🔹 Disclosed: September 27, 2021, 9:14am (UTC)
Stored XSS in Document Title
👉 https://hackerone.com/reports/1321407
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Localize
🔹 Reported By: #thd3r7
🔹 State: 🟢 Resolved
🔹 Disclosed: September 27, 2021, 2:00pm (UTC)
👉 https://hackerone.com/reports/1321407
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Localize
🔹 Reported By: #thd3r7
🔹 State: 🟢 Resolved
🔹 Disclosed: September 27, 2021, 2:00pm (UTC)
CVE-2021-3711: SM2 decrypt buffer overflow
👉 https://hackerone.com/reports/1352429
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #ouyang
🔹 State: 🟢 Resolved
🔹 Disclosed: September 27, 2021, 6:19pm (UTC)
👉 https://hackerone.com/reports/1352429
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #ouyang
🔹 State: 🟢 Resolved
🔹 Disclosed: September 27, 2021, 6:19pm (UTC)
[mtn.com.af] Multiple vulnerabilities allow to Application level DoS
👉 https://hackerone.com/reports/946578
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2021, 4:52am (UTC)
👉 https://hackerone.com/reports/946578
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2021, 4:52am (UTC)
[ii.worki.ru ] emarsys subdomain takeover
👉 https://hackerone.com/reports/1287686
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #uddeshaya001
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2021, 6:20am (UTC)
👉 https://hackerone.com/reports/1287686
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #uddeshaya001
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2021, 6:20am (UTC)
HTTP Request Smuggling on api.flocktory.com Leads to XSS on Customer Sites
👉 https://hackerone.com/reports/955170
🔹 Severity: Critical | 💰 300 USD
🔹 Reported To: QIWI
🔹 Reported By: #wdahlenb
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 1:55pm (UTC)
👉 https://hackerone.com/reports/955170
🔹 Severity: Critical | 💰 300 USD
🔹 Reported To: QIWI
🔹 Reported By: #wdahlenb
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 1:55pm (UTC)
Information disclosure at '████████' --- CVE-2020-14179
👉 https://hackerone.com/reports/1336397
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x3f
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 5:43pm (UTC)
👉 https://hackerone.com/reports/1336397
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x3f
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 5:43pm (UTC)
███████ - XSS - CVE-2020-3580
👉 https://hackerone.com/reports/1243650
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pr3r00t
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 5:44pm (UTC)
👉 https://hackerone.com/reports/1243650
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pr3r00t
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 5:44pm (UTC)
Vulnerable Jira Instance
👉 https://hackerone.com/reports/1352461
🔹 Severity: Medium
🔹 Reported To: OneWeb
🔹 Reported By: #lesleybw
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2021, 11:00am (UTC)
👉 https://hackerone.com/reports/1352461
🔹 Severity: Medium
🔹 Reported To: OneWeb
🔹 Reported By: #lesleybw
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2021, 11:00am (UTC)
Broken Link on TikTokUS.Info
👉 https://hackerone.com/reports/1338457
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #siratsami
🔹 State: 🟢 Resolved
🔹 Disclosed: October 1, 2021, 11:34pm (UTC)
👉 https://hackerone.com/reports/1338457
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #siratsami
🔹 State: 🟢 Resolved
🔹 Disclosed: October 1, 2021, 11:34pm (UTC)
Path Traversal on meetcqpub1.gsa.gov allows attackers to see arbitrary file listings.
👉 https://hackerone.com/reports/1313040
🔹 Severity: Low
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #0x0luke
🔹 State: 🟢 Resolved
🔹 Disclosed: October 2, 2021, 5:52pm (UTC)
👉 https://hackerone.com/reports/1313040
🔹 Severity: Low
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #0x0luke
🔹 State: 🟢 Resolved
🔹 Disclosed: October 2, 2021, 5:52pm (UTC)
Denial of Service via Hyperlinks in Posts
👉 https://hackerone.com/reports/1077136
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #joaovitormaia
🔹 State: 🟢 Resolved
🔹 Disclosed: October 3, 2021, 1:52pm (UTC)
👉 https://hackerone.com/reports/1077136
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #joaovitormaia
🔹 State: 🟢 Resolved
🔹 Disclosed: October 3, 2021, 1:52pm (UTC)
Using gossip to drain miner wallets
👉 https://hackerone.com/reports/1058879
🔹 Severity: Critical | 💰 10,000 USD
🔹 Reported To: Zilliqa
🔹 Reported By: #ahook
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 5:24am (UTC)
👉 https://hackerone.com/reports/1058879
🔹 Severity: Critical | 💰 10,000 USD
🔹 Reported To: Zilliqa
🔹 Reported By: #ahook
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 5:24am (UTC)
No Rate Limiting on /reset-password-request/ endpoint
👉 https://hackerone.com/reports/1331268
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #1bdool492
🔹 State: 🔴 N/A
🔹 Disclosed: October 4, 2021, 1:50pm (UTC)
👉 https://hackerone.com/reports/1331268
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #1bdool492
🔹 State: 🔴 N/A
🔹 Disclosed: October 4, 2021, 1:50pm (UTC)
SSRF bypass
👉 https://hackerone.com/reports/863221
🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #pabl00nicarres
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 3:53pm (UTC)
👉 https://hackerone.com/reports/863221
🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #pabl00nicarres
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 3:53pm (UTC)
Stored XSS in Conversations (both client and admin) when Active Conversation Editor is set to "Rich Text"
👉 https://hackerone.com/reports/616770
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #bl4de
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 4:43pm (UTC)
👉 https://hackerone.com/reports/616770
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #bl4de
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 4:43pm (UTC)