Cross-site leak allows attacker to de-anonymize members of his team from another origin
👉 https://hackerone.com/reports/1068153
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Slack
🔹 Reported By: #jub0bs
🔹 State: 🟢 Resolved
🔹 Disclosed: November 11, 2021, 4:39pm (UTC)
👉 https://hackerone.com/reports/1068153
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Slack
🔹 Reported By: #jub0bs
🔹 State: 🟢 Resolved
🔹 Disclosed: November 11, 2021, 4:39pm (UTC)
Drive-by arbitrary file deletion in the GDK via letter_opener_web gem
👉 https://hackerone.com/reports/1353103
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: November 12, 2021, 8:29pm (UTC)
👉 https://hackerone.com/reports/1353103
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: November 12, 2021, 8:29pm (UTC)
GlassWire 2.1.167 vulnerability - MSVR 56639
👉 https://hackerone.com/reports/1193641
🔹 Severity: Medium
🔹 Reported To: GlassWire
🔹 Reported By: #msvr
🔹 State: 🟢 Resolved
🔹 Disclosed: November 13, 2021, 8:51am (UTC)
👉 https://hackerone.com/reports/1193641
🔹 Severity: Medium
🔹 Reported To: GlassWire
🔹 Reported By: #msvr
🔹 State: 🟢 Resolved
🔹 Disclosed: November 13, 2021, 8:51am (UTC)
Unauthorized access to employee panel with default credentials.
👉 https://hackerone.com/reports/1063298
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #7azimo
🔹 State: 🟢 Resolved
🔹 Disclosed: November 13, 2021, 8:46pm (UTC)
👉 https://hackerone.com/reports/1063298
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #7azimo
🔹 State: 🟢 Resolved
🔹 Disclosed: November 13, 2021, 8:46pm (UTC)
Broken subdomain takeover of runpanther which was pointing towards herokuapp
👉 https://hackerone.com/reports/1379910
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Panther Labs
🔹 Reported By: #dhakal_bibek
🔹 State: 🟢 Resolved
🔹 Disclosed: November 13, 2021, 10:29pm (UTC)
👉 https://hackerone.com/reports/1379910
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Panther Labs
🔹 Reported By: #dhakal_bibek
🔹 State: 🟢 Resolved
🔹 Disclosed: November 13, 2021, 10:29pm (UTC)
Stored XSS in profile page
👉 https://hackerone.com/reports/1084183
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #darkdream
🔹 State: 🟢 Resolved
🔹 Disclosed: November 14, 2021, 10:59am (UTC)
👉 https://hackerone.com/reports/1084183
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #darkdream
🔹 State: 🟢 Resolved
🔹 Disclosed: November 14, 2021, 10:59am (UTC)
Information disclosure on error message
👉 https://hackerone.com/reports/1385844
🔹 Severity: Low
🔹 Reported To: PortSwigger Web Security
🔹 Reported By: #cometome780
🔹 State: ⚪️ Informative
🔹 Disclosed: November 15, 2021, 8:33am (UTC)
👉 https://hackerone.com/reports/1385844
🔹 Severity: Low
🔹 Reported To: PortSwigger Web Security
🔹 Reported By: #cometome780
🔹 State: ⚪️ Informative
🔹 Disclosed: November 15, 2021, 8:33am (UTC)
Possible to steal any protected files on Android
👉 https://hackerone.com/reports/377107
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: ownCloud
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 8:40am (UTC)
👉 https://hackerone.com/reports/377107
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: ownCloud
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 8:40am (UTC)
CVE-2021-40870 in [███]
👉 https://hackerone.com/reports/1360593
🔹 Severity: Critical
🔹 Reported To: Informatica
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 9:10am (UTC)
👉 https://hackerone.com/reports/1360593
🔹 Severity: Critical
🔹 Reported To: Informatica
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 9:10am (UTC)
ReDoS in syntax highlighting due to Rouge
👉 https://hackerone.com/reports/1283484
🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: GitLab
🔹 Reported By: #doyensec
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 2:53pm (UTC)
👉 https://hackerone.com/reports/1283484
🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: GitLab
🔹 Reported By: #doyensec
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 2:53pm (UTC)
Use of Ruby Forwardable module and runtime meta-programming may introduce vulnerabilities
👉 https://hackerone.com/reports/874401
🔹 Severity: Medium
🔹 Reported To: GitLab
🔹 Reported By: #jobert
🔹 State: ⚪️ Informative
🔹 Disclosed: November 15, 2021, 4:24pm (UTC)
👉 https://hackerone.com/reports/874401
🔹 Severity: Medium
🔹 Reported To: GitLab
🔹 Reported By: #jobert
🔹 State: ⚪️ Informative
🔹 Disclosed: November 15, 2021, 4:24pm (UTC)
IDOR - Other user's delivery address disclosed
👉 https://hackerone.com/reports/964010
🔹 Severity: High | 💰 300 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #sachin_kumar_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 4:47pm (UTC)
👉 https://hackerone.com/reports/964010
🔹 Severity: High | 💰 300 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #sachin_kumar_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 4:47pm (UTC)
Corporate Jira credentials disclosed in public gist
👉 https://hackerone.com/reports/958432
🔹 Severity: High | 💰 300 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 5:29pm (UTC)
👉 https://hackerone.com/reports/958432
🔹 Severity: High | 💰 300 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 5:29pm (UTC)
Leak of Google Sheets API credentials
👉 https://hackerone.com/reports/965314
🔹 Severity: High | 💰 300 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #adsec2s
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 8:14pm (UTC)
👉 https://hackerone.com/reports/965314
🔹 Severity: High | 💰 300 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #adsec2s
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 8:14pm (UTC)
Fix for CVE-2021-22151 (Kibana path traversal issue) can be bypassed on Windows
👉 https://hackerone.com/reports/1353603
🔹 Severity: Low | 💰 584 USD
🔹 Reported To: Elastic
🔹 Reported By: #dee-see
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 8:32pm (UTC)
👉 https://hackerone.com/reports/1353603
🔹 Severity: Low | 💰 584 USD
🔹 Reported To: Elastic
🔹 Reported By: #dee-see
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2021, 8:32pm (UTC)
chainning bugs to get full disclosure of Users addresses
👉 https://hackerone.com/reports/1398905
🔹 Severity: Medium
🔹 Reported To: Glovo
🔹 Reported By: #spaceboy20
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2021, 8:57am (UTC)
👉 https://hackerone.com/reports/1398905
🔹 Severity: Medium
🔹 Reported To: Glovo
🔹 Reported By: #spaceboy20
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2021, 8:57am (UTC)
Мисконфигурация Cisco Smart Install
👉 https://hackerone.com/reports/1398662
🔹 Severity: Critical | 💰 2,000 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #kerbyj
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2021, 12:24pm (UTC)
👉 https://hackerone.com/reports/1398662
🔹 Severity: Critical | 💰 2,000 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #kerbyj
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2021, 12:24pm (UTC)
HTTP Request Smuggling on https://promosandbox.acronis.com
👉 https://hackerone.com/reports/1063493
🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #riramar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2021, 2:40pm (UTC)
👉 https://hackerone.com/reports/1063493
🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #riramar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2021, 2:40pm (UTC)
HTTP Request Smuggling on https://consumer.acronis.com
👉 https://hackerone.com/reports/1063627
🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #riramar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2021, 2:44pm (UTC)
👉 https://hackerone.com/reports/1063627
🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #riramar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2021, 2:44pm (UTC)
Cross Site Scripting (Reflected) on https://www.acronis.cz/
👉 https://hackerone.com/reports/1084156
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #darkdream
🔹 State: 🟢 Resolved
🔹 Disclosed: November 17, 2021, 10:00am (UTC)
👉 https://hackerone.com/reports/1084156
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Acronis
🔹 Reported By: #darkdream
🔹 State: 🟢 Resolved
🔹 Disclosed: November 17, 2021, 10:00am (UTC)
Social Club Account Takeover Via RGL And Steam/Epic Linked Account
👉 https://hackerone.com/reports/1235008
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #sn0wd3n
🔹 State: 🟢 Resolved
🔹 Disclosed: November 17, 2021, 4:52pm (UTC)
👉 https://hackerone.com/reports/1235008
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #sn0wd3n
🔹 State: 🟢 Resolved
🔹 Disclosed: November 17, 2021, 4:52pm (UTC)