Username disclosure at Main Domain
👉 https://hackerone.com/reports/1188662
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 6:50pm (UTC)
👉 https://hackerone.com/reports/1188662
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 6:50pm (UTC)
No valid SPF record found
👉 https://hackerone.com/reports/1187001
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tamilarasi11
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 7:17pm (UTC)
👉 https://hackerone.com/reports/1187001
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tamilarasi11
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 7:17pm (UTC)
Vulnerability : Email Spoofing
👉 https://hackerone.com/reports/1180668
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tajammul
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 7:18pm (UTC)
👉 https://hackerone.com/reports/1180668
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tajammul
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 7:18pm (UTC)
CORS (Cross-Origin Resource Sharing) origin validation failure
👉 https://hackerone.com/reports/1192147
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #11holefinder
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 7:18pm (UTC)
👉 https://hackerone.com/reports/1192147
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #11holefinder
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 7:18pm (UTC)
Linux Desktop application "sifnoded" executable does not use Pie / no ASLR
👉 https://hackerone.com/reports/1188633
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 7:48pm (UTC)
👉 https://hackerone.com/reports/1188633
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 7:48pm (UTC)
Misconfiguration Certificate Authority Authorization Rule
👉 https://hackerone.com/reports/1186740
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #d4rk_r0s3
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 7:49pm (UTC)
👉 https://hackerone.com/reports/1186740
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #d4rk_r0s3
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 7:49pm (UTC)
Endpoint without access control leads to order informations and status changes
👉 https://hackerone.com/reports/1050753
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #cabelo
🔹 State: 🟢 Resolved
🔹 Disclosed: December 9, 2021, 9:35pm (UTC)
👉 https://hackerone.com/reports/1050753
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #cabelo
🔹 State: 🟢 Resolved
🔹 Disclosed: December 9, 2021, 9:35pm (UTC)
[BrakTooth] Bluetooth vulnerability allows attacker to disconnect or deny reconnection to BT devices connected to a target. Attack #2
👉 https://hackerone.com/reports/1397602
🔹 Severity: No Rating | 💰 3,000 USD
🔹 Reported To: Intel Corporation
🔹 Reported By: #matheus_garbelini
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:40am (UTC)
👉 https://hackerone.com/reports/1397602
🔹 Severity: No Rating | 💰 3,000 USD
🔹 Reported To: Intel Corporation
🔹 Reported By: #matheus_garbelini
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:40am (UTC)
[BrakTooth] Bluetooth vulnerability allows attacker to disconnect or deny reconnection to BT devices connected to a target. Attack #1
👉 https://hackerone.com/reports/1397601
🔹 Severity: No Rating | 💰 3,000 USD
🔹 Reported To: Intel Corporation
🔹 Reported By: #matheus_garbelini
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:41am (UTC)
👉 https://hackerone.com/reports/1397601
🔹 Severity: No Rating | 💰 3,000 USD
🔹 Reported To: Intel Corporation
🔹 Reported By: #matheus_garbelini
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:41am (UTC)
Missing captcha and rate limit protection in help form
👉 https://hackerone.com/reports/1165223
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 1:47pm (UTC)
👉 https://hackerone.com/reports/1165223
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 1:47pm (UTC)
RXSS - http://macademy.mtnonline.com
👉 https://hackerone.com/reports/1091165
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:31pm (UTC)
👉 https://hackerone.com/reports/1091165
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:31pm (UTC)
add class vulnerable Stored XSS
👉 https://hackerone.com/reports/1215179
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #mrirfan__07
🔹 State: 🟢 Resolved
🔹 Disclosed: December 12, 2021, 3:46am (UTC)
👉 https://hackerone.com/reports/1215179
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #mrirfan__07
🔹 State: 🟢 Resolved
🔹 Disclosed: December 12, 2021, 3:46am (UTC)
Error Page Content Spoofing or Text Injection
👉 https://hackerone.com/reports/1421413
🔹 Severity: No Rating
🔹 Reported To: Judge.me
🔹 Reported By: #tefa_
🔹 State: 🔴 N/A
🔹 Disclosed: December 13, 2021, 7:16am (UTC)
👉 https://hackerone.com/reports/1421413
🔹 Severity: No Rating
🔹 Reported To: Judge.me
🔹 Reported By: #tefa_
🔹 State: 🔴 N/A
🔹 Disclosed: December 13, 2021, 7:16am (UTC)
Vulnerabilities in exported activity WebView
👉 https://hackerone.com/reports/414101
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Shipt
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 7:30pm (UTC)
👉 https://hackerone.com/reports/414101
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Shipt
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 7:30pm (UTC)
No Rate limit on change password leads to account takeover
👉 https://hackerone.com/reports/1165285
🔹 Severity: Low
🔹 Reported To: Reddit
🔹 Reported By: #dreamispossible
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 13, 2021, 10:47pm (UTC)
👉 https://hackerone.com/reports/1165285
🔹 Severity: Low
🔹 Reported To: Reddit
🔹 Reported By: #dreamispossible
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 13, 2021, 10:47pm (UTC)
[dubsmash] Long String in 'shoutout' Parameter Leading Internal server Error on Popular hastags , Community and User Profile
👉 https://hackerone.com/reports/1237428
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #sandeep_rj49
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 10:48pm (UTC)
👉 https://hackerone.com/reports/1237428
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #sandeep_rj49
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 10:48pm (UTC)
com.reddit.frontpage vulernable to Task Hijacking (aka StrandHogg Attack)
👉 https://hackerone.com/reports/1325649
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #nexus2k
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 13, 2021, 10:48pm (UTC)
👉 https://hackerone.com/reports/1325649
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #nexus2k
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 13, 2021, 10:48pm (UTC)
[dubsmash] Username and password bruteforce
👉 https://hackerone.com/reports/1165225
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #asce21
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 10:48pm (UTC)
👉 https://hackerone.com/reports/1165225
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #asce21
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 10:48pm (UTC)
Universal Cross-Site Scripting vulnerability
👉 https://hackerone.com/reports/1326264
🔹 Severity: High
🔹 Reported To: Proctorio
🔹 Reported By: #sector7-nl
🔹 State: 🟢 Resolved
🔹 Disclosed: December 14, 2021, 8:35am (UTC)
👉 https://hackerone.com/reports/1326264
🔹 Severity: High
🔹 Reported To: Proctorio
🔹 Reported By: #sector7-nl
🔹 State: 🟢 Resolved
🔹 Disclosed: December 14, 2021, 8:35am (UTC)
Zero day path traversal vulnerability in Grafana 8.x allows unauthenticated arbitrary local file read
👉 https://hackerone.com/reports/1415820
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Aiven Ltd
🔹 Reported By: #j0v
🔹 State: 🟢 Resolved
🔹 Disclosed: December 14, 2021, 10:59am (UTC)
👉 https://hackerone.com/reports/1415820
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Aiven Ltd
🔹 Reported By: #j0v
🔹 State: 🟢 Resolved
🔹 Disclosed: December 14, 2021, 10:59am (UTC)
reflected xss in e.mail.ru
👉 https://hackerone.com/reports/1379297
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #seifelsallamy
🔹 State: 🟢 Resolved
🔹 Disclosed: December 15, 2021, 3:16am (UTC)
👉 https://hackerone.com/reports/1379297
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #seifelsallamy
🔹 State: 🟢 Resolved
🔹 Disclosed: December 15, 2021, 3:16am (UTC)