Staff can use BULK_OPERATIONS_FINISH webhook topic using Graphql without permissions all
👉 https://hackerone.com/reports/1350095
🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: Shopify
🔹 Reported By: #yinvi777
🔹 State: 🟢 Resolved
🔹 Disclosed: December 4, 2021, 1:04am (UTC)
👉 https://hackerone.com/reports/1350095
🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: Shopify
🔹 Reported By: #yinvi777
🔹 State: 🟢 Resolved
🔹 Disclosed: December 4, 2021, 1:04am (UTC)
Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces
👉 https://hackerone.com/reports/1249583
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #libio
🔹 State: 🟢 Resolved
🔹 Disclosed: December 4, 2021, 10:16am (UTC)
👉 https://hackerone.com/reports/1249583
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #libio
🔹 State: 🟢 Resolved
🔹 Disclosed: December 4, 2021, 10:16am (UTC)
Recaptcha Secret key Leaked
👉 https://hackerone.com/reports/1416665
🔹 Severity: High
🔹 Reported To: Paragon Initiative Enterprises
🔹 Reported By: #kashifinfo90
🔹 State: ⚪️ Informative
🔹 Disclosed: December 4, 2021, 6:07pm (UTC)
👉 https://hackerone.com/reports/1416665
🔹 Severity: High
🔹 Reported To: Paragon Initiative Enterprises
🔹 Reported By: #kashifinfo90
🔹 State: ⚪️ Informative
🔹 Disclosed: December 4, 2021, 6:07pm (UTC)
[h1-2102] Wholesale - CSRF to Generate Invitation Token for a Customer and Move Customer to Invited Status
👉 https://hackerone.com/reports/1091209
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #rhynorater
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 1:26am (UTC)
👉 https://hackerone.com/reports/1091209
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #rhynorater
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 1:26am (UTC)
xss is triggered on your web
👉 https://hackerone.com/reports/1121900
🔹 Severity: Medium | 💰 2,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jaka_tingkir
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 5:34am (UTC)
👉 https://hackerone.com/reports/1121900
🔹 Severity: Medium | 💰 2,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jaka_tingkir
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 5:34am (UTC)
IDOR to view order information of users and personal information
👉 https://hackerone.com/reports/1323406
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #xfiltrer
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 6:39pm (UTC)
👉 https://hackerone.com/reports/1323406
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #xfiltrer
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 6:39pm (UTC)
Full read SSRF in www.evernote.com that can leak aws metadata and local file inclusion
👉 https://hackerone.com/reports/1189367
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: Evernote
🔹 Reported By: #neolexsecurity
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 9:41pm (UTC)
👉 https://hackerone.com/reports/1189367
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: Evernote
🔹 Reported By: #neolexsecurity
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 9:41pm (UTC)
Blind XSS
👉 https://hackerone.com/reports/1091118
🔹 Severity: Low
🔹 Reported To: Rocket.Chat
🔹 Reported By: #cyberasset
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 7:15am (UTC)
👉 https://hackerone.com/reports/1091118
🔹 Severity: Low
🔹 Reported To: Rocket.Chat
🔹 Reported By: #cyberasset
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 7:15am (UTC)
Guard WKS lookup: Evil WKS server forces connections to last forever
👉 https://hackerone.com/reports/1016691
🔹 Severity: Low | 💰 444 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #afewgoats
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 10:49am (UTC)
👉 https://hackerone.com/reports/1016691
🔹 Severity: Low | 💰 444 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #afewgoats
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 10:49am (UTC)
Bypass a fix for report #708013
👉 https://hackerone.com/reports/1363672
🔹 Severity: Medium | 💰 3,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #scaramouche31
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 1:14pm (UTC)
👉 https://hackerone.com/reports/1363672
🔹 Severity: Medium | 💰 3,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #scaramouche31
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 1:14pm (UTC)
Authentication Bypass - Email Verification code bypass in account registration process.
👉 https://hackerone.com/reports/1406471
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #anas_44
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 7, 2021, 6:57pm (UTC)
👉 https://hackerone.com/reports/1406471
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #anas_44
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 7, 2021, 6:57pm (UTC)
CORS origin validation failure
👉 https://hackerone.com/reports/1404986
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #jupiter-47
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 8:24pm (UTC)
👉 https://hackerone.com/reports/1404986
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #jupiter-47
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 8:24pm (UTC)
[allods.mail.ru] - WebCache Poisoning Host Header lead to Potential Stored XSS
👉 https://hackerone.com/reports/1262408
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #0xd0ff9
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 2:01am (UTC)
👉 https://hackerone.com/reports/1262408
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #0xd0ff9
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 2:01am (UTC)
Account Takeover through registration to the same email address
👉 https://hackerone.com/reports/1224008
🔹 Severity: High | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #avolume
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 9:17am (UTC)
👉 https://hackerone.com/reports/1224008
🔹 Severity: High | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #avolume
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 9:17am (UTC)
php info file and sql backup at vendor's subdomain
👉 https://hackerone.com/reports/1358249
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Semrush
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 2:12pm (UTC)
👉 https://hackerone.com/reports/1358249
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Semrush
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 2:12pm (UTC)
[Transportation Management Services Solution 2.0] Improper authorization at tmss.gsa.gov leads to data exposure of all registered users
👉 https://hackerone.com/reports/1175980
🔹 Severity: Critical
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #alexandrio
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 3:36pm (UTC)
👉 https://hackerone.com/reports/1175980
🔹 Severity: Critical
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #alexandrio
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 3:36pm (UTC)
Exposed kubernetes dashboard
👉 https://hackerone.com/reports/1418101
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #bugkill3r
🔹 State: 🟢 Resolved
🔹 Disclosed: December 9, 2021, 2:02am (UTC)
👉 https://hackerone.com/reports/1418101
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #bugkill3r
🔹 State: 🟢 Resolved
🔹 Disclosed: December 9, 2021, 2:02am (UTC)
clickjacking vulnerability
👉 https://hackerone.com/reports/1199904
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sravani_1234
🔹 State: Spam
🔹 Disclosed: December 9, 2021, 5:49pm (UTC)
👉 https://hackerone.com/reports/1199904
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sravani_1234
🔹 State: Spam
🔹 Disclosed: December 9, 2021, 5:49pm (UTC)
Clickjacking at sifchain.finance
👉 https://hackerone.com/reports/1212595
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #manjithgowthaman
🔹 State: Spam
🔹 Disclosed: December 9, 2021, 5:49pm (UTC)
👉 https://hackerone.com/reports/1212595
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #manjithgowthaman
🔹 State: Spam
🔹 Disclosed: December 9, 2021, 5:49pm (UTC)
Wrong Url in Main page of sifchain.finance
👉 https://hackerone.com/reports/1195512
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #beebeek
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
👉 https://hackerone.com/reports/1195512
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #beebeek
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
Wrong Implementation of Url in https://docs.sifchain.finance/
👉 https://hackerone.com/reports/1198877
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #sar00n
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
👉 https://hackerone.com/reports/1198877
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #sar00n
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)