[BrakTooth] Bluetooth vulnerability allows attacker to disconnect or deny reconnection to BT devices connected to a target. Attack #1
👉 https://hackerone.com/reports/1397601
🔹 Severity: No Rating | 💰 3,000 USD
🔹 Reported To: Intel Corporation
🔹 Reported By: #matheus_garbelini
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:41am (UTC)
👉 https://hackerone.com/reports/1397601
🔹 Severity: No Rating | 💰 3,000 USD
🔹 Reported To: Intel Corporation
🔹 Reported By: #matheus_garbelini
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:41am (UTC)
Missing captcha and rate limit protection in help form
👉 https://hackerone.com/reports/1165223
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 1:47pm (UTC)
👉 https://hackerone.com/reports/1165223
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 1:47pm (UTC)
RXSS - http://macademy.mtnonline.com
👉 https://hackerone.com/reports/1091165
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:31pm (UTC)
👉 https://hackerone.com/reports/1091165
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:31pm (UTC)
add class vulnerable Stored XSS
👉 https://hackerone.com/reports/1215179
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #mrirfan__07
🔹 State: 🟢 Resolved
🔹 Disclosed: December 12, 2021, 3:46am (UTC)
👉 https://hackerone.com/reports/1215179
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #mrirfan__07
🔹 State: 🟢 Resolved
🔹 Disclosed: December 12, 2021, 3:46am (UTC)
Error Page Content Spoofing or Text Injection
👉 https://hackerone.com/reports/1421413
🔹 Severity: No Rating
🔹 Reported To: Judge.me
🔹 Reported By: #tefa_
🔹 State: 🔴 N/A
🔹 Disclosed: December 13, 2021, 7:16am (UTC)
👉 https://hackerone.com/reports/1421413
🔹 Severity: No Rating
🔹 Reported To: Judge.me
🔹 Reported By: #tefa_
🔹 State: 🔴 N/A
🔹 Disclosed: December 13, 2021, 7:16am (UTC)
Vulnerabilities in exported activity WebView
👉 https://hackerone.com/reports/414101
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Shipt
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 7:30pm (UTC)
👉 https://hackerone.com/reports/414101
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Shipt
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 7:30pm (UTC)
No Rate limit on change password leads to account takeover
👉 https://hackerone.com/reports/1165285
🔹 Severity: Low
🔹 Reported To: Reddit
🔹 Reported By: #dreamispossible
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 13, 2021, 10:47pm (UTC)
👉 https://hackerone.com/reports/1165285
🔹 Severity: Low
🔹 Reported To: Reddit
🔹 Reported By: #dreamispossible
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 13, 2021, 10:47pm (UTC)
[dubsmash] Long String in 'shoutout' Parameter Leading Internal server Error on Popular hastags , Community and User Profile
👉 https://hackerone.com/reports/1237428
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #sandeep_rj49
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 10:48pm (UTC)
👉 https://hackerone.com/reports/1237428
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #sandeep_rj49
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 10:48pm (UTC)
com.reddit.frontpage vulernable to Task Hijacking (aka StrandHogg Attack)
👉 https://hackerone.com/reports/1325649
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #nexus2k
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 13, 2021, 10:48pm (UTC)
👉 https://hackerone.com/reports/1325649
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #nexus2k
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 13, 2021, 10:48pm (UTC)
[dubsmash] Username and password bruteforce
👉 https://hackerone.com/reports/1165225
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #asce21
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 10:48pm (UTC)
👉 https://hackerone.com/reports/1165225
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #asce21
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 10:48pm (UTC)
Universal Cross-Site Scripting vulnerability
👉 https://hackerone.com/reports/1326264
🔹 Severity: High
🔹 Reported To: Proctorio
🔹 Reported By: #sector7-nl
🔹 State: 🟢 Resolved
🔹 Disclosed: December 14, 2021, 8:35am (UTC)
👉 https://hackerone.com/reports/1326264
🔹 Severity: High
🔹 Reported To: Proctorio
🔹 Reported By: #sector7-nl
🔹 State: 🟢 Resolved
🔹 Disclosed: December 14, 2021, 8:35am (UTC)
Zero day path traversal vulnerability in Grafana 8.x allows unauthenticated arbitrary local file read
👉 https://hackerone.com/reports/1415820
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Aiven Ltd
🔹 Reported By: #j0v
🔹 State: 🟢 Resolved
🔹 Disclosed: December 14, 2021, 10:59am (UTC)
👉 https://hackerone.com/reports/1415820
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Aiven Ltd
🔹 Reported By: #j0v
🔹 State: 🟢 Resolved
🔹 Disclosed: December 14, 2021, 10:59am (UTC)
reflected xss in e.mail.ru
👉 https://hackerone.com/reports/1379297
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #seifelsallamy
🔹 State: 🟢 Resolved
🔹 Disclosed: December 15, 2021, 3:16am (UTC)
👉 https://hackerone.com/reports/1379297
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #seifelsallamy
🔹 State: 🟢 Resolved
🔹 Disclosed: December 15, 2021, 3:16am (UTC)
Получение паспортов пользователей + просмотр приватных фотографий пользователей/групп.
👉 https://hackerone.com/reports/584582
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: December 15, 2021, 1:28pm (UTC)
👉 https://hackerone.com/reports/584582
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: December 15, 2021, 1:28pm (UTC)
No rate limit on password reset leads to email enumeration at gateway-production.dubsmash.com
👉 https://hackerone.com/reports/1425884
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #cracker922
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 15, 2021, 6:37pm (UTC)
👉 https://hackerone.com/reports/1425884
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #cracker922
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 15, 2021, 6:37pm (UTC)
Weak rate limit could lead to ATO due to weak password protection mechanisms
👉 https://hackerone.com/reports/1065186
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: December 15, 2021, 6:40pm (UTC)
👉 https://hackerone.com/reports/1065186
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: December 15, 2021, 6:40pm (UTC)
Broken Github Link Used in deployment docs of "github.com/kubernetes/kompose"
👉 https://hackerone.com/reports/1398617
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 12:24am (UTC)
👉 https://hackerone.com/reports/1398617
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 12:24am (UTC)
Broken Link Takeover from kubernetes.io docs
👉 https://hackerone.com/reports/1398572
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 12:31am (UTC)
👉 https://hackerone.com/reports/1398572
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 12:31am (UTC)
Able to access private picture/video/writing when requesting for their JSON response
👉 https://hackerone.com/reports/1424291
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: FetLife
🔹 Reported By: #trieulieuf9
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 3:05pm (UTC)
👉 https://hackerone.com/reports/1424291
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: FetLife
🔹 Reported By: #trieulieuf9
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 3:05pm (UTC)
Race Condition Vulnerability when creating profiles
👉 https://hackerone.com/reports/1428690
🔹 Severity: Medium
🔹 Reported To: Showmax
🔹 Reported By: #ibrahimatix_
🔹 State: ⚪️ Informative
🔹 Disclosed: December 16, 2021, 4:43pm (UTC)
👉 https://hackerone.com/reports/1428690
🔹 Severity: Medium
🔹 Reported To: Showmax
🔹 Reported By: #ibrahimatix_
🔹 State: ⚪️ Informative
🔹 Disclosed: December 16, 2021, 4:43pm (UTC)
Google storage bucket takeover which is used to load JS file in dashboard.html in "github.com/kubernetes/release" which can lead to XSS
👉 https://hackerone.com/reports/1398706
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 9:56pm (UTC)
👉 https://hackerone.com/reports/1398706
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 9:56pm (UTC)