Subdomain takeover of main domain of https://www.cyberlynx.lu/
👉 https://hackerone.com/reports/1256389
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #doosec101
🔹 State: 🟢 Resolved
🔹 Disclosed: October 12, 2021, 9:15am (UTC)
👉 https://hackerone.com/reports/1256389
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #doosec101
🔹 State: 🟢 Resolved
🔹 Disclosed: October 12, 2021, 9:15am (UTC)
Open Redirect and CRLF Injection Leads to XSS on [app.doma.uchi.ru]
👉 https://hackerone.com/reports/1132209
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 12, 2021, 10:54am (UTC)
👉 https://hackerone.com/reports/1132209
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 12, 2021, 10:54am (UTC)
HTML - injection
👉 https://hackerone.com/reports/245233
🔹 Severity: No Rating
🔹 Reported To: WakaTime
🔹 Reported By: #mr_n0b3dy
🔹 State: 🔴 N/A
🔹 Disclosed: October 12, 2021, 11:18pm (UTC)
👉 https://hackerone.com/reports/245233
🔹 Severity: No Rating
🔹 Reported To: WakaTime
🔹 Reported By: #mr_n0b3dy
🔹 State: 🔴 N/A
🔹 Disclosed: October 12, 2021, 11:18pm (UTC)
Path traversal on [███]
👉 https://hackerone.com/reports/1212746
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #letfornz
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2021, 10:11pm (UTC)
👉 https://hackerone.com/reports/1212746
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #letfornz
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2021, 10:11pm (UTC)
POST based RXSS on https://███████/ via ███ parameter
👉 https://hackerone.com/reports/998935
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2021, 10:13pm (UTC)
👉 https://hackerone.com/reports/998935
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2021, 10:13pm (UTC)
Cache Posioning leading to denial of service at `█████████` - Bypass fix from report #1198434
👉 https://hackerone.com/reports/1322732
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #brumens
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2021, 10:15pm (UTC)
👉 https://hackerone.com/reports/1322732
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #brumens
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2021, 10:15pm (UTC)
Subdomain takeover [████████]
👉 https://hackerone.com/reports/1341133
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2021, 10:17pm (UTC)
👉 https://hackerone.com/reports/1341133
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2021, 10:17pm (UTC)
DoD internal documents are leaked to the public
👉 https://hackerone.com/reports/1330455
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #mrempy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 15, 2021, 4:23pm (UTC)
👉 https://hackerone.com/reports/1330455
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #mrempy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 15, 2021, 4:23pm (UTC)
Authenticated path traversal to RCE
👉 https://hackerone.com/reports/1102067
🔹 Severity: High
🔹 Reported To: Concrete CMS
🔹 Reported By: #d3addog
🔹 State: 🟢 Resolved
🔹 Disclosed: October 15, 2021, 4:37pm (UTC)
👉 https://hackerone.com/reports/1102067
🔹 Severity: High
🔹 Reported To: Concrete CMS
🔹 Reported By: #d3addog
🔹 State: 🟢 Resolved
🔹 Disclosed: October 15, 2021, 4:37pm (UTC)
Stored unauth XSS in calendar event via CSRF
👉 https://hackerone.com/reports/1102018
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #d3addog
🔹 State: 🟢 Resolved
🔹 Disclosed: October 15, 2021, 4:38pm (UTC)
👉 https://hackerone.com/reports/1102018
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #d3addog
🔹 State: 🟢 Resolved
🔹 Disclosed: October 15, 2021, 4:38pm (UTC)
Stored XSS in markdown via the DesignReferenceFilter
👉 https://hackerone.com/reports/1212067
🔹 Severity: Critical | 💰 16,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 5:49am (UTC)
👉 https://hackerone.com/reports/1212067
🔹 Severity: Critical | 💰 16,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 5:49am (UTC)
Reporters can upload design to issues using the "Move to" feature
👉 https://hackerone.com/reports/1112297
🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: GitLab
🔹 Reported By: #maruthi12
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 5:57am (UTC)
👉 https://hackerone.com/reports/1112297
🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: GitLab
🔹 Reported By: #maruthi12
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 5:57am (UTC)
Stored XSS in Mermaid when viewing Markdown files
👉 https://hackerone.com/reports/1212822
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #saleemrashid
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 6:00am (UTC)
👉 https://hackerone.com/reports/1212822
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #saleemrashid
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 6:00am (UTC)
RXSS - ████
👉 https://hackerone.com/reports/923864
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:25pm (UTC)
👉 https://hackerone.com/reports/923864
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:25pm (UTC)
RXSS - https://████████/
👉 https://hackerone.com/reports/872304
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:25pm (UTC)
👉 https://hackerone.com/reports/872304
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:25pm (UTC)
RXSS Via URI Path - https://██████████/
👉 https://hackerone.com/reports/984654
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:26pm (UTC)
👉 https://hackerone.com/reports/984654
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:26pm (UTC)
Reflected Xss https://██████/
👉 https://hackerone.com/reports/759418
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:28pm (UTC)
👉 https://hackerone.com/reports/759418
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:28pm (UTC)
phpinfo() disclosure info
👉 https://hackerone.com/reports/804809
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:29pm (UTC)
👉 https://hackerone.com/reports/804809
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:29pm (UTC)
Unauthorized Kubernetes to RCE (root) and found TEAMTNT Crypto Miner on it
👉 https://hackerone.com/reports/1317236
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #un_kn0wn
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:30pm (UTC)
👉 https://hackerone.com/reports/1317236
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #un_kn0wn
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:30pm (UTC)
SQL Injection in IBM access control panel & Broken access in admin panel
👉 https://hackerone.com/reports/1355817
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #thecyberguy0
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:50pm (UTC)
👉 https://hackerone.com/reports/1355817
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #thecyberguy0
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:50pm (UTC)
CSRF leads to account deactivation of users
👉 https://hackerone.com/reports/1121990
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Evernote
🔹 Reported By: #sampritdas
🔹 State: 🟢 Resolved
🔹 Disclosed: October 19, 2021, 7:05pm (UTC)
👉 https://hackerone.com/reports/1121990
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Evernote
🔹 Reported By: #sampritdas
🔹 State: 🟢 Resolved
🔹 Disclosed: October 19, 2021, 7:05pm (UTC)