Broken Link on TikTokUS.Info
👉 https://hackerone.com/reports/1338457
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #siratsami
🔹 State: 🟢 Resolved
🔹 Disclosed: October 1, 2021, 11:34pm (UTC)
👉 https://hackerone.com/reports/1338457
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #siratsami
🔹 State: 🟢 Resolved
🔹 Disclosed: October 1, 2021, 11:34pm (UTC)
Path Traversal on meetcqpub1.gsa.gov allows attackers to see arbitrary file listings.
👉 https://hackerone.com/reports/1313040
🔹 Severity: Low
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #0x0luke
🔹 State: 🟢 Resolved
🔹 Disclosed: October 2, 2021, 5:52pm (UTC)
👉 https://hackerone.com/reports/1313040
🔹 Severity: Low
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #0x0luke
🔹 State: 🟢 Resolved
🔹 Disclosed: October 2, 2021, 5:52pm (UTC)
Denial of Service via Hyperlinks in Posts
👉 https://hackerone.com/reports/1077136
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #joaovitormaia
🔹 State: 🟢 Resolved
🔹 Disclosed: October 3, 2021, 1:52pm (UTC)
👉 https://hackerone.com/reports/1077136
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #joaovitormaia
🔹 State: 🟢 Resolved
🔹 Disclosed: October 3, 2021, 1:52pm (UTC)
Using gossip to drain miner wallets
👉 https://hackerone.com/reports/1058879
🔹 Severity: Critical | 💰 10,000 USD
🔹 Reported To: Zilliqa
🔹 Reported By: #ahook
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 5:24am (UTC)
👉 https://hackerone.com/reports/1058879
🔹 Severity: Critical | 💰 10,000 USD
🔹 Reported To: Zilliqa
🔹 Reported By: #ahook
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 5:24am (UTC)
No Rate Limiting on /reset-password-request/ endpoint
👉 https://hackerone.com/reports/1331268
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #1bdool492
🔹 State: 🔴 N/A
🔹 Disclosed: October 4, 2021, 1:50pm (UTC)
👉 https://hackerone.com/reports/1331268
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #1bdool492
🔹 State: 🔴 N/A
🔹 Disclosed: October 4, 2021, 1:50pm (UTC)
SSRF bypass
👉 https://hackerone.com/reports/863221
🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #pabl00nicarres
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 3:53pm (UTC)
👉 https://hackerone.com/reports/863221
🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #pabl00nicarres
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 3:53pm (UTC)
Stored XSS in Conversations (both client and admin) when Active Conversation Editor is set to "Rich Text"
👉 https://hackerone.com/reports/616770
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #bl4de
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 4:43pm (UTC)
👉 https://hackerone.com/reports/616770
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #bl4de
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 4:43pm (UTC)
bypass sql injection #1109311
👉 https://hackerone.com/reports/1224660
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Acronis
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
👉 https://hackerone.com/reports/1224660
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Acronis
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
No server side check on terms of service page which leads to bypass
👉 https://hackerone.com/reports/1338256
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #hackipie
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
👉 https://hackerone.com/reports/1338256
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #hackipie
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
Domain does not Match SSL Certificate
👉 https://hackerone.com/reports/1341142
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #skimask
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:20am (UTC)
👉 https://hackerone.com/reports/1341142
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #skimask
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:20am (UTC)
Ability to subscribe to inactive Post+ creators
👉 https://hackerone.com/reports/1322334
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Automattic
🔹 Reported By: #ajoekerr
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 1:00pm (UTC)
👉 https://hackerone.com/reports/1322334
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Automattic
🔹 Reported By: #ajoekerr
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 1:00pm (UTC)
Improper Validation at Partners Login
👉 https://hackerone.com/reports/990048
🔹 Severity: Critical | 💰 2,000 USD
🔹 Reported To: Zomato
🔹 Reported By: #ashoka_rao
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 8:25am (UTC)
👉 https://hackerone.com/reports/990048
🔹 Severity: Critical | 💰 2,000 USD
🔹 Reported To: Zomato
🔹 Reported By: #ashoka_rao
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 8:25am (UTC)
CVE-2021-40870 on [52.204.160.31]
👉 https://hackerone.com/reports/1356845
🔹 Severity: Critical | 💰 1,760 USD
🔹 Reported To: Elastic
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 4:06pm (UTC)
👉 https://hackerone.com/reports/1356845
🔹 Severity: Critical | 💰 1,760 USD
🔹 Reported To: Elastic
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 4:06pm (UTC)
SSRF for kube-apiserver cloudprovider scene
👉 https://hackerone.com/reports/941178
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #lazydog
🔹 State: 🟢 Resolved
🔹 Disclosed: October 7, 2021, 6:03pm (UTC)
👉 https://hackerone.com/reports/941178
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #lazydog
🔹 State: 🟢 Resolved
🔹 Disclosed: October 7, 2021, 6:03pm (UTC)
Man in the middle leading to root privilege escalation using hostNetwork=true (CAP_NET_RAW considered harmful)
👉 https://hackerone.com/reports/899103
🔹 Severity: Medium
🔹 Reported To: Kubernetes
🔹 Reported By: #champtar
🔹 State: ⚪️ Informative
🔹 Disclosed: October 8, 2021, 3:47am (UTC)
👉 https://hackerone.com/reports/899103
🔹 Severity: Medium
🔹 Reported To: Kubernetes
🔹 Reported By: #champtar
🔹 State: ⚪️ Informative
🔹 Disclosed: October 8, 2021, 3:47am (UTC)
3x Reflected XSS vectors for services.cgi (XM.v6.1.6, build 32290)
👉 https://hackerone.com/reports/331368
🔹 Severity: Medium | 💰 950 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #nih8l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2021, 11:23pm (UTC)
👉 https://hackerone.com/reports/331368
🔹 Severity: Medium | 💰 950 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #nih8l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2021, 11:23pm (UTC)
XW 6.2.0 firmware: 5 Reflected XSS issues in link.cgi
👉 https://hackerone.com/reports/802498
🔹 Severity: Medium | 💰 344 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #nih8l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2021, 11:23pm (UTC)
👉 https://hackerone.com/reports/802498
🔹 Severity: Medium | 💰 344 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #nih8l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2021, 11:23pm (UTC)
CVE-2020-11110: Grafana Unauthenticated Stored XSS - grafana-lms.rsv.bizml.ru
👉 https://hackerone.com/reports/1329433
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:12am (UTC)
👉 https://hackerone.com/reports/1329433
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:12am (UTC)
Privilege escalation of "external user" (with maintainer privilege) to internal access through project token
👉 https://hackerone.com/reports/1193062
🔹 Severity: High | 💰 1,020 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 10:23am (UTC)
👉 https://hackerone.com/reports/1193062
🔹 Severity: High | 💰 1,020 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 10:23am (UTC)
Open redirect in fastify-static via mishandled user's input when attempt to redirect
👉 https://hackerone.com/reports/1354255
🔹 Severity: Low
🔹 Reported To: Fastify
🔹 Reported By: #drstrnegth
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:39pm (UTC)
👉 https://hackerone.com/reports/1354255
🔹 Severity: Low
🔹 Reported To: Fastify
🔹 Reported By: #drstrnegth
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:39pm (UTC)
1-click DOS in fastify-static via directly passing user's input to new URL() of NodeJS without try/catch
👉 https://hackerone.com/reports/1361804
🔹 Severity: Medium
🔹 Reported To: Fastify
🔹 Reported By: #drstrnegth
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:41pm (UTC)
👉 https://hackerone.com/reports/1361804
🔹 Severity: Medium
🔹 Reported To: Fastify
🔹 Reported By: #drstrnegth
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:41pm (UTC)