bypass sql injection #1109311
👉 https://hackerone.com/reports/1224660
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Acronis
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
👉 https://hackerone.com/reports/1224660
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Acronis
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
No server side check on terms of service page which leads to bypass
👉 https://hackerone.com/reports/1338256
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #hackipie
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
👉 https://hackerone.com/reports/1338256
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #hackipie
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
Domain does not Match SSL Certificate
👉 https://hackerone.com/reports/1341142
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #skimask
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:20am (UTC)
👉 https://hackerone.com/reports/1341142
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #skimask
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:20am (UTC)
Ability to subscribe to inactive Post+ creators
👉 https://hackerone.com/reports/1322334
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Automattic
🔹 Reported By: #ajoekerr
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 1:00pm (UTC)
👉 https://hackerone.com/reports/1322334
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Automattic
🔹 Reported By: #ajoekerr
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 1:00pm (UTC)
Improper Validation at Partners Login
👉 https://hackerone.com/reports/990048
🔹 Severity: Critical | 💰 2,000 USD
🔹 Reported To: Zomato
🔹 Reported By: #ashoka_rao
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 8:25am (UTC)
👉 https://hackerone.com/reports/990048
🔹 Severity: Critical | 💰 2,000 USD
🔹 Reported To: Zomato
🔹 Reported By: #ashoka_rao
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 8:25am (UTC)
CVE-2021-40870 on [52.204.160.31]
👉 https://hackerone.com/reports/1356845
🔹 Severity: Critical | 💰 1,760 USD
🔹 Reported To: Elastic
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 4:06pm (UTC)
👉 https://hackerone.com/reports/1356845
🔹 Severity: Critical | 💰 1,760 USD
🔹 Reported To: Elastic
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 4:06pm (UTC)
SSRF for kube-apiserver cloudprovider scene
👉 https://hackerone.com/reports/941178
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #lazydog
🔹 State: 🟢 Resolved
🔹 Disclosed: October 7, 2021, 6:03pm (UTC)
👉 https://hackerone.com/reports/941178
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #lazydog
🔹 State: 🟢 Resolved
🔹 Disclosed: October 7, 2021, 6:03pm (UTC)
Man in the middle leading to root privilege escalation using hostNetwork=true (CAP_NET_RAW considered harmful)
👉 https://hackerone.com/reports/899103
🔹 Severity: Medium
🔹 Reported To: Kubernetes
🔹 Reported By: #champtar
🔹 State: ⚪️ Informative
🔹 Disclosed: October 8, 2021, 3:47am (UTC)
👉 https://hackerone.com/reports/899103
🔹 Severity: Medium
🔹 Reported To: Kubernetes
🔹 Reported By: #champtar
🔹 State: ⚪️ Informative
🔹 Disclosed: October 8, 2021, 3:47am (UTC)
3x Reflected XSS vectors for services.cgi (XM.v6.1.6, build 32290)
👉 https://hackerone.com/reports/331368
🔹 Severity: Medium | 💰 950 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #nih8l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2021, 11:23pm (UTC)
👉 https://hackerone.com/reports/331368
🔹 Severity: Medium | 💰 950 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #nih8l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2021, 11:23pm (UTC)
XW 6.2.0 firmware: 5 Reflected XSS issues in link.cgi
👉 https://hackerone.com/reports/802498
🔹 Severity: Medium | 💰 344 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #nih8l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2021, 11:23pm (UTC)
👉 https://hackerone.com/reports/802498
🔹 Severity: Medium | 💰 344 USD
🔹 Reported To: Ubiquiti Inc.
🔹 Reported By: #nih8l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2021, 11:23pm (UTC)
CVE-2020-11110: Grafana Unauthenticated Stored XSS - grafana-lms.rsv.bizml.ru
👉 https://hackerone.com/reports/1329433
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:12am (UTC)
👉 https://hackerone.com/reports/1329433
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:12am (UTC)
Privilege escalation of "external user" (with maintainer privilege) to internal access through project token
👉 https://hackerone.com/reports/1193062
🔹 Severity: High | 💰 1,020 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 10:23am (UTC)
👉 https://hackerone.com/reports/1193062
🔹 Severity: High | 💰 1,020 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 10:23am (UTC)
Open redirect in fastify-static via mishandled user's input when attempt to redirect
👉 https://hackerone.com/reports/1354255
🔹 Severity: Low
🔹 Reported To: Fastify
🔹 Reported By: #drstrnegth
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:39pm (UTC)
👉 https://hackerone.com/reports/1354255
🔹 Severity: Low
🔹 Reported To: Fastify
🔹 Reported By: #drstrnegth
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:39pm (UTC)
1-click DOS in fastify-static via directly passing user's input to new URL() of NodeJS without try/catch
👉 https://hackerone.com/reports/1361804
🔹 Severity: Medium
🔹 Reported To: Fastify
🔹 Reported By: #drstrnegth
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:41pm (UTC)
👉 https://hackerone.com/reports/1361804
🔹 Severity: Medium
🔹 Reported To: Fastify
🔹 Reported By: #drstrnegth
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 4:41pm (UTC)
[Python] CWE-348: Client supplied ip used in security check
👉 https://hackerone.com/reports/1365762
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 5:06pm (UTC)
👉 https://hackerone.com/reports/1365762
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 5:06pm (UTC)
[Java] CWE-200: Query to detect exposure of sensitive information from android file intent
👉 https://hackerone.com/reports/1365761
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 5:06pm (UTC)
👉 https://hackerone.com/reports/1365761
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 5:06pm (UTC)
Custom crafted message object in Meteor.Call allows remote code execution and impersonation
👉 https://hackerone.com/reports/534887
🔹 Severity: Critical
🔹 Reported To: Rocket.Chat
🔹 Reported By: #wreiske
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 5:20pm (UTC)
👉 https://hackerone.com/reports/534887
🔹 Severity: Critical
🔹 Reported To: Rocket.Chat
🔹 Reported By: #wreiske
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 5:20pm (UTC)
Array Index Underflow--http rpc
👉 https://hackerone.com/reports/825091
🔹 Severity: High
🔹 Reported To: Monero
🔹 Reported By: #minerscan
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 8:35pm (UTC)
👉 https://hackerone.com/reports/825091
🔹 Severity: High
🔹 Reported To: Monero
🔹 Reported By: #minerscan
🔹 State: 🟢 Resolved
🔹 Disclosed: October 11, 2021, 8:35pm (UTC)
Subdomain takeover of main domain of https://www.cyberlynx.lu/
👉 https://hackerone.com/reports/1256389
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #doosec101
🔹 State: 🟢 Resolved
🔹 Disclosed: October 12, 2021, 9:15am (UTC)
👉 https://hackerone.com/reports/1256389
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #doosec101
🔹 State: 🟢 Resolved
🔹 Disclosed: October 12, 2021, 9:15am (UTC)
Open Redirect and CRLF Injection Leads to XSS on [app.doma.uchi.ru]
👉 https://hackerone.com/reports/1132209
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 12, 2021, 10:54am (UTC)
👉 https://hackerone.com/reports/1132209
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 12, 2021, 10:54am (UTC)
HTML - injection
👉 https://hackerone.com/reports/245233
🔹 Severity: No Rating
🔹 Reported To: WakaTime
🔹 Reported By: #mr_n0b3dy
🔹 State: 🔴 N/A
🔹 Disclosed: October 12, 2021, 11:18pm (UTC)
👉 https://hackerone.com/reports/245233
🔹 Severity: No Rating
🔹 Reported To: WakaTime
🔹 Reported By: #mr_n0b3dy
🔹 State: 🔴 N/A
🔹 Disclosed: October 12, 2021, 11:18pm (UTC)