Bugpoint – Telegram
Bugpoint
@bugpoint
1.05K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.05K subscribers
Bugpoint
Stored XSS in Conversations (both client and admin) when Active Conversation Editor is set to "Rich Text"

👉 https://hackerone.com/reports/616770

🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #bl4de
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 4:43pm (UTC)
282 views
Bugpoint
bypass sql injection #1109311

👉 https://hackerone.com/reports/1224660

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Acronis
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
272 views
Bugpoint
No server side check on terms of service page which leads to bypass

👉 https://hackerone.com/reports/1338256

🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #hackipie
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
265 views
Bugpoint
Domain does not Match SSL Certificate

👉 https://hackerone.com/reports/1341142

🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #skimask
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:20am (UTC)
267 views
Bugpoint
Ability to subscribe to inactive Post+ creators

👉 https://hackerone.com/reports/1322334

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Automattic
🔹 Reported By: #ajoekerr
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 1:00pm (UTC)
287 views
Bugpoint
Improper Validation at Partners Login

👉 https://hackerone.com/reports/990048

🔹 Severity: Critical | 💰 2,000 USD
🔹 Reported To: Zomato
🔹 Reported By: #ashoka_rao
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 8:25am (UTC)
294 views
Bugpoint
CVE-2021-40870 on [52.204.160.31]

👉 https://hackerone.com/reports/1356845

🔹 Severity: Critical | 💰 1,760 USD
🔹 Reported To: Elastic
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 4:06pm (UTC)
302 views
Bugpoint
SSRF for kube-apiserver cloudprovider scene

👉 https://hackerone.com/reports/941178

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #lazydog
🔹 State: 🟢 Resolved
🔹 Disclosed: October 7, 2021, 6:03pm (UTC)
308 views
Bugpoint
Man in the middle leading to root privilege escalation using hostNetwork=true (CAP_NET_RAW considered harmful)

👉 https://hackerone.com/reports/899103

🔹 Severity: Medium
🔹 Reported To: Kubernetes
🔹 Reported By: #champtar
🔹 State: ⚪️ Informative
🔹 Disclosed: October 8, 2021, 3:47am (UTC)
298 views
Bugpoint
3x Reflected XSS vectors for services.cgi (XM.v6.1.6, build 32290)

👉 https://hackerone.com/reports/331368

🔹 Severity: Medium | 💰 950 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #nih8l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2021, 11:23pm (UTC)
268 views
Bugpoint
XW 6.2.0 firmware: 5 Reflected XSS issues in link.cgi

👉 https://hackerone.com/reports/802498

🔹 Severity: Medium | 💰 344 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #nih8l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2021, 11:23pm (UTC)
273 views
Bugpoint
CVE-2020-11110: Grafana Unauthenticated Stored XSS - grafana-lms.rsv.bizml.ru

👉 https://hackerone.com/reports/1329433

🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:12am (UTC)
269 views
Bugpoint
Privilege escalation of "external user" (with maintainer privilege) to internal access through project token

👉 https://hackerone.com/reports/1193062

🔹 Severity: High | 💰 1,020 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 10:23am (UTC)
269 views
Bugpoint
Open redirect in fastify-static via mishandled user's input when attempt to redirect

👉 https://hackerone.com/reports/1354255

🔹 Severity: Low
🔹 Reported To: Fastify
🔹 Reported By: #drstrnegth
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:39pm (UTC)
256 views
Bugpoint
1-click DOS in fastify-static via directly passing user's input to new URL() of NodeJS without try/catch

👉 https://hackerone.com/reports/1361804

🔹 Severity: Medium
🔹 Reported To: Fastify
🔹 Reported By: #drstrnegth
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:41pm (UTC)
241 views
Bugpoint
[Python] CWE-348: Client supplied ip used in security check

👉 https://hackerone.com/reports/1365762

🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 5:06pm (UTC)
236 views
Bugpoint
[Java] CWE-200: Query to detect exposure of sensitive information from android file intent

👉 https://hackerone.com/reports/1365761

🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 5:06pm (UTC)
240 views
Bugpoint
Custom crafted message object in Meteor.Call allows remote code execution and impersonation

👉 https://hackerone.com/reports/534887

🔹 Severity: Critical
🔹 Reported To: Rocket.Chat
🔹 Reported By: #wreiske
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 5:20pm (UTC)
246 views
Bugpoint
Array Index Underflow--http rpc

👉 https://hackerone.com/reports/825091

🔹 Severity: High
🔹 Reported To: Monero
🔹 Reported By: #minerscan
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 8:35pm (UTC)
243 views
Bugpoint
Subdomain takeover of main domain of https://www.cyberlynx.lu/

👉 https://hackerone.com/reports/1256389

🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #doosec101
🔹 State: 🟢 Resolved
🔹 Disclosed: October 12, 2021, 9:15am (UTC)
253 views
Bugpoint
Open Redirect and CRLF Injection Leads to XSS on [app.doma.uchi.ru]

👉 https://hackerone.com/reports/1132209

🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 12, 2021, 10:54am (UTC)
277 views