Path Traversal CVE-2021-26086 CVE-2021-26085
👉 https://hackerone.com/reports/1369288
🔹 Severity: Medium
🔹 Reported To: MariaDB
🔹 Reported By: #kljunowsky
🔹 State: 🟤 Duplicate
🔹 Disclosed: November 5, 2021, 5:33pm (UTC)
👉 https://hackerone.com/reports/1369288
🔹 Severity: Medium
🔹 Reported To: MariaDB
🔹 Reported By: #kljunowsky
🔹 State: 🟤 Duplicate
🔹 Disclosed: November 5, 2021, 5:33pm (UTC)
clickjacking on deleting user's clips [https://crossclip.com/clips]
👉 https://hackerone.com/reports/1294767
🔹 Severity: Low
🔹 Reported To: Logitech
🔹 Reported By: #hacking_fox
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 8:39pm (UTC)
👉 https://hackerone.com/reports/1294767
🔹 Severity: Low
🔹 Reported To: Logitech
🔹 Reported By: #hacking_fox
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 8:39pm (UTC)
HackerOne Staging uses Production data for testing
👉 https://hackerone.com/reports/1392511
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: HackerOne
🔹 Reported By: #tk0
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 8:52pm (UTC)
👉 https://hackerone.com/reports/1392511
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: HackerOne
🔹 Reported By: #tk0
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 8:52pm (UTC)
Broken Link Hijacking on kubernetes.io Documentation
👉 https://hackerone.com/reports/1331361
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 6:04pm (UTC)
👉 https://hackerone.com/reports/1331361
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 6:04pm (UTC)
Broken link hijacing in https://kubernetes-csi.github.io/docs/drivers.html
👉 https://hackerone.com/reports/1212853
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #milan0
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 6:04pm (UTC)
👉 https://hackerone.com/reports/1212853
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #milan0
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 6:04pm (UTC)
REST API Endpoint leads to Unauthorized user disclosed private [ issue ] details
👉 https://hackerone.com/reports/1099489
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #updatelap
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 6:48pm (UTC)
👉 https://hackerone.com/reports/1099489
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #updatelap
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 6:48pm (UTC)
kds.ucs.ru - раскрытие информации.
👉 https://hackerone.com/reports/1073551
🔹 Severity: High | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:03pm (UTC)
👉 https://hackerone.com/reports/1073551
🔹 Severity: High | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:03pm (UTC)
restaurant.delivery-club.ru - возможность получить информацию об чужих акциях.
👉 https://hackerone.com/reports/1086453
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:03pm (UTC)
👉 https://hackerone.com/reports/1086453
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:03pm (UTC)
[titans.3clans.ru] phpBB 3.0.8 - Захват аккаунта администратора + удалённое выполнение кода.
👉 https://hackerone.com/reports/1072857
🔹 Severity: No Rating | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:05pm (UTC)
👉 https://hackerone.com/reports/1072857
🔹 Severity: No Rating | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:05pm (UTC)
tmgame.mail.ru - Blind sql injection
👉 https://hackerone.com/reports/943487
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:06pm (UTC)
👉 https://hackerone.com/reports/943487
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:06pm (UTC)
bit.games - sql-inj
👉 https://hackerone.com/reports/862836
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:07pm (UTC)
👉 https://hackerone.com/reports/862836
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:07pm (UTC)
IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements
👉 https://hackerone.com/reports/819717
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #champtar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 7, 2021, 3:52am (UTC)
👉 https://hackerone.com/reports/819717
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #champtar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 7, 2021, 3:52am (UTC)
Web Cache Poisoning leading to DoS
👉 https://hackerone.com/reports/1346618
🔹 Severity: Medium
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #letm3through
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 4:06am (UTC)
👉 https://hackerone.com/reports/1346618
🔹 Severity: Medium
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #letm3through
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 4:06am (UTC)
Leaked H1's Employees Email addresses,meeting info on private bug bounty program https://hackerone-hackers.affinity.co/
👉 https://hackerone.com/reports/1285115
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #superman85
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 12:27pm (UTC)
👉 https://hackerone.com/reports/1285115
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #superman85
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 12:27pm (UTC)
Blog posts atom feed of a store with password protection can be accessed by anyone
👉 https://hackerone.com/reports/1256375
🔹 Severity: Medium | 💰 5,000 USD
🔹 Reported To: Shopify
🔹 Reported By: #xenx
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 3:10pm (UTC)
👉 https://hackerone.com/reports/1256375
🔹 Severity: Medium | 💰 5,000 USD
🔹 Reported To: Shopify
🔹 Reported By: #xenx
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 3:10pm (UTC)
Senseitive data Related to Shopify Host -> https://shopify.zendesk.com/
👉 https://hackerone.com/reports/1298809
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #sam_exploit
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 3:12pm (UTC)
👉 https://hackerone.com/reports/1298809
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #sam_exploit
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 3:12pm (UTC)
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
👉 https://hackerone.com/reports/1394916
🔹 Severity: Critical | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #monkey_logic
🔹 State: 🟢 Resolved
🔹 Disclosed: November 9, 2021, 8:19pm (UTC)
👉 https://hackerone.com/reports/1394916
🔹 Severity: Critical | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #monkey_logic
🔹 State: 🟢 Resolved
🔹 Disclosed: November 9, 2021, 8:19pm (UTC)
Failure to Invalid Session after Password Change
👉 https://hackerone.com/reports/957557
🔹 Severity: No Rating
🔹 Reported To: Rockset
🔹 Reported By: #shad0123
🔹 State: 🟤 Duplicate
🔹 Disclosed: November 9, 2021, 9:14pm (UTC)
👉 https://hackerone.com/reports/957557
🔹 Severity: No Rating
🔹 Reported To: Rockset
🔹 Reported By: #shad0123
🔹 State: 🟤 Duplicate
🔹 Disclosed: November 9, 2021, 9:14pm (UTC)
A member-member privilege could access the https://console.rockset.com/billing?tab=payment page even though the billing page is hidden from the menu.
👉 https://hackerone.com/reports/946384
🔹 Severity: Medium
🔹 Reported To: Rockset
🔹 Reported By: #jhimansh
🔹 State: 🟢 Resolved
🔹 Disclosed: November 9, 2021, 9:15pm (UTC)
👉 https://hackerone.com/reports/946384
🔹 Severity: Medium
🔹 Reported To: Rockset
🔹 Reported By: #jhimansh
🔹 State: 🟢 Resolved
🔹 Disclosed: November 9, 2021, 9:15pm (UTC)
Reflected XSS in VPN Appliance
👉 https://hackerone.com/reports/1386438
🔹 Severity: Medium | 💰 1,024 USD
🔹 Reported To: New Relic
🔹 Reported By: #mr-hakhak
🔹 State: 🟢 Resolved
🔹 Disclosed: November 10, 2021, 1:47pm (UTC)
👉 https://hackerone.com/reports/1386438
🔹 Severity: Medium | 💰 1,024 USD
🔹 Reported To: New Relic
🔹 Reported By: #mr-hakhak
🔹 State: 🟢 Resolved
🔹 Disclosed: November 10, 2021, 1:47pm (UTC)
A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution
👉 https://hackerone.com/reports/1350444
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #byc_404
🔹 State: 🟢 Resolved
🔹 Disclosed: November 11, 2021, 1:00am (UTC)
👉 https://hackerone.com/reports/1350444
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #byc_404
🔹 State: 🟢 Resolved
🔹 Disclosed: November 11, 2021, 1:00am (UTC)