[titans.3clans.ru] phpBB 3.0.8 - Захват аккаунта администратора + удалённое выполнение кода.
👉 https://hackerone.com/reports/1072857
🔹 Severity: No Rating | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:05pm (UTC)
👉 https://hackerone.com/reports/1072857
🔹 Severity: No Rating | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:05pm (UTC)
tmgame.mail.ru - Blind sql injection
👉 https://hackerone.com/reports/943487
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:06pm (UTC)
👉 https://hackerone.com/reports/943487
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:06pm (UTC)
bit.games - sql-inj
👉 https://hackerone.com/reports/862836
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:07pm (UTC)
👉 https://hackerone.com/reports/862836
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #alexeysergeevich
🔹 State: 🟢 Resolved
🔹 Disclosed: November 6, 2021, 7:07pm (UTC)
IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements
👉 https://hackerone.com/reports/819717
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #champtar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 7, 2021, 3:52am (UTC)
👉 https://hackerone.com/reports/819717
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #champtar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 7, 2021, 3:52am (UTC)
Web Cache Poisoning leading to DoS
👉 https://hackerone.com/reports/1346618
🔹 Severity: Medium
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #letm3through
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 4:06am (UTC)
👉 https://hackerone.com/reports/1346618
🔹 Severity: Medium
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #letm3through
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 4:06am (UTC)
Leaked H1's Employees Email addresses,meeting info on private bug bounty program https://hackerone-hackers.affinity.co/
👉 https://hackerone.com/reports/1285115
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #superman85
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 12:27pm (UTC)
👉 https://hackerone.com/reports/1285115
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #superman85
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 12:27pm (UTC)
Blog posts atom feed of a store with password protection can be accessed by anyone
👉 https://hackerone.com/reports/1256375
🔹 Severity: Medium | 💰 5,000 USD
🔹 Reported To: Shopify
🔹 Reported By: #xenx
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 3:10pm (UTC)
👉 https://hackerone.com/reports/1256375
🔹 Severity: Medium | 💰 5,000 USD
🔹 Reported To: Shopify
🔹 Reported By: #xenx
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 3:10pm (UTC)
Senseitive data Related to Shopify Host -> https://shopify.zendesk.com/
👉 https://hackerone.com/reports/1298809
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #sam_exploit
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 3:12pm (UTC)
👉 https://hackerone.com/reports/1298809
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #sam_exploit
🔹 State: 🟢 Resolved
🔹 Disclosed: November 8, 2021, 3:12pm (UTC)
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
👉 https://hackerone.com/reports/1394916
🔹 Severity: Critical | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #monkey_logic
🔹 State: 🟢 Resolved
🔹 Disclosed: November 9, 2021, 8:19pm (UTC)
👉 https://hackerone.com/reports/1394916
🔹 Severity: Critical | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #monkey_logic
🔹 State: 🟢 Resolved
🔹 Disclosed: November 9, 2021, 8:19pm (UTC)
Failure to Invalid Session after Password Change
👉 https://hackerone.com/reports/957557
🔹 Severity: No Rating
🔹 Reported To: Rockset
🔹 Reported By: #shad0123
🔹 State: 🟤 Duplicate
🔹 Disclosed: November 9, 2021, 9:14pm (UTC)
👉 https://hackerone.com/reports/957557
🔹 Severity: No Rating
🔹 Reported To: Rockset
🔹 Reported By: #shad0123
🔹 State: 🟤 Duplicate
🔹 Disclosed: November 9, 2021, 9:14pm (UTC)
A member-member privilege could access the https://console.rockset.com/billing?tab=payment page even though the billing page is hidden from the menu.
👉 https://hackerone.com/reports/946384
🔹 Severity: Medium
🔹 Reported To: Rockset
🔹 Reported By: #jhimansh
🔹 State: 🟢 Resolved
🔹 Disclosed: November 9, 2021, 9:15pm (UTC)
👉 https://hackerone.com/reports/946384
🔹 Severity: Medium
🔹 Reported To: Rockset
🔹 Reported By: #jhimansh
🔹 State: 🟢 Resolved
🔹 Disclosed: November 9, 2021, 9:15pm (UTC)
Reflected XSS in VPN Appliance
👉 https://hackerone.com/reports/1386438
🔹 Severity: Medium | 💰 1,024 USD
🔹 Reported To: New Relic
🔹 Reported By: #mr-hakhak
🔹 State: 🟢 Resolved
🔹 Disclosed: November 10, 2021, 1:47pm (UTC)
👉 https://hackerone.com/reports/1386438
🔹 Severity: Medium | 💰 1,024 USD
🔹 Reported To: New Relic
🔹 Reported By: #mr-hakhak
🔹 State: 🟢 Resolved
🔹 Disclosed: November 10, 2021, 1:47pm (UTC)
A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution
👉 https://hackerone.com/reports/1350444
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #byc_404
🔹 State: 🟢 Resolved
🔹 Disclosed: November 11, 2021, 1:00am (UTC)
👉 https://hackerone.com/reports/1350444
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #byc_404
🔹 State: 🟢 Resolved
🔹 Disclosed: November 11, 2021, 1:00am (UTC)
The response shows the nginx version
👉 https://hackerone.com/reports/1395068
🔹 Severity: No Rating
🔹 Reported To: Judge.me
🔹 Reported By: #cametome006
🔹 State: ⚪️ Informative
🔹 Disclosed: November 11, 2021, 8:05am (UTC)
👉 https://hackerone.com/reports/1395068
🔹 Severity: No Rating
🔹 Reported To: Judge.me
🔹 Reported By: #cametome006
🔹 State: ⚪️ Informative
🔹 Disclosed: November 11, 2021, 8:05am (UTC)
Cross-site leak allows attacker to de-anonymize members of his team from another origin
👉 https://hackerone.com/reports/1068153
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Slack
🔹 Reported By: #jub0bs
🔹 State: 🟢 Resolved
🔹 Disclosed: November 11, 2021, 4:39pm (UTC)
👉 https://hackerone.com/reports/1068153
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Slack
🔹 Reported By: #jub0bs
🔹 State: 🟢 Resolved
🔹 Disclosed: November 11, 2021, 4:39pm (UTC)
Drive-by arbitrary file deletion in the GDK via letter_opener_web gem
👉 https://hackerone.com/reports/1353103
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: November 12, 2021, 8:29pm (UTC)
👉 https://hackerone.com/reports/1353103
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: November 12, 2021, 8:29pm (UTC)
GlassWire 2.1.167 vulnerability - MSVR 56639
👉 https://hackerone.com/reports/1193641
🔹 Severity: Medium
🔹 Reported To: GlassWire
🔹 Reported By: #msvr
🔹 State: 🟢 Resolved
🔹 Disclosed: November 13, 2021, 8:51am (UTC)
👉 https://hackerone.com/reports/1193641
🔹 Severity: Medium
🔹 Reported To: GlassWire
🔹 Reported By: #msvr
🔹 State: 🟢 Resolved
🔹 Disclosed: November 13, 2021, 8:51am (UTC)
Unauthorized access to employee panel with default credentials.
👉 https://hackerone.com/reports/1063298
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #7azimo
🔹 State: 🟢 Resolved
🔹 Disclosed: November 13, 2021, 8:46pm (UTC)
👉 https://hackerone.com/reports/1063298
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #7azimo
🔹 State: 🟢 Resolved
🔹 Disclosed: November 13, 2021, 8:46pm (UTC)
Broken subdomain takeover of runpanther which was pointing towards herokuapp
👉 https://hackerone.com/reports/1379910
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Panther Labs
🔹 Reported By: #dhakal_bibek
🔹 State: 🟢 Resolved
🔹 Disclosed: November 13, 2021, 10:29pm (UTC)
👉 https://hackerone.com/reports/1379910
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Panther Labs
🔹 Reported By: #dhakal_bibek
🔹 State: 🟢 Resolved
🔹 Disclosed: November 13, 2021, 10:29pm (UTC)
Stored XSS in profile page
👉 https://hackerone.com/reports/1084183
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #darkdream
🔹 State: 🟢 Resolved
🔹 Disclosed: November 14, 2021, 10:59am (UTC)
👉 https://hackerone.com/reports/1084183
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #darkdream
🔹 State: 🟢 Resolved
🔹 Disclosed: November 14, 2021, 10:59am (UTC)
Information disclosure on error message
👉 https://hackerone.com/reports/1385844
🔹 Severity: Low
🔹 Reported To: PortSwigger Web Security
🔹 Reported By: #cometome780
🔹 State: ⚪️ Informative
🔹 Disclosed: November 15, 2021, 8:33am (UTC)
👉 https://hackerone.com/reports/1385844
🔹 Severity: Low
🔹 Reported To: PortSwigger Web Security
🔹 Reported By: #cometome780
🔹 State: ⚪️ Informative
🔹 Disclosed: November 15, 2021, 8:33am (UTC)