Broken Github Link Used in deployment docs of "github.com/kubernetes/kompose"
👉 https://hackerone.com/reports/1398617
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 12:24am (UTC)
👉 https://hackerone.com/reports/1398617
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 12:24am (UTC)
Broken Link Takeover from kubernetes.io docs
👉 https://hackerone.com/reports/1398572
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 12:31am (UTC)
👉 https://hackerone.com/reports/1398572
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 12:31am (UTC)
Able to access private picture/video/writing when requesting for their JSON response
👉 https://hackerone.com/reports/1424291
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: FetLife
🔹 Reported By: #trieulieuf9
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 3:05pm (UTC)
👉 https://hackerone.com/reports/1424291
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: FetLife
🔹 Reported By: #trieulieuf9
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 3:05pm (UTC)
Race Condition Vulnerability when creating profiles
👉 https://hackerone.com/reports/1428690
🔹 Severity: Medium
🔹 Reported To: Showmax
🔹 Reported By: #ibrahimatix_
🔹 State: ⚪️ Informative
🔹 Disclosed: December 16, 2021, 4:43pm (UTC)
👉 https://hackerone.com/reports/1428690
🔹 Severity: Medium
🔹 Reported To: Showmax
🔹 Reported By: #ibrahimatix_
🔹 State: ⚪️ Informative
🔹 Disclosed: December 16, 2021, 4:43pm (UTC)
Google storage bucket takeover which is used to load JS file in dashboard.html in "github.com/kubernetes/release" which can lead to XSS
👉 https://hackerone.com/reports/1398706
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 9:56pm (UTC)
👉 https://hackerone.com/reports/1398706
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 16, 2021, 9:56pm (UTC)
Reflected Cross-Site Scripting/HTML Injection
👉 https://hackerone.com/reports/1379158
🔹 Severity: Low
🔹 Reported To: Informatica
🔹 Reported By: #jak0_
🔹 State: 🟢 Resolved
🔹 Disclosed: December 17, 2021, 4:54pm (UTC)
👉 https://hackerone.com/reports/1379158
🔹 Severity: Low
🔹 Reported To: Informatica
🔹 Reported By: #jak0_
🔹 State: 🟢 Resolved
🔹 Disclosed: December 17, 2021, 4:54pm (UTC)
html injection at judge.me
👉 https://hackerone.com/reports/1036995
🔹 Severity: No Rating
🔹 Reported To: Judge.me
🔹 Reported By: #0xteles
🔹 State: ⚪️ Informative
🔹 Disclosed: December 17, 2021, 5:44pm (UTC)
👉 https://hackerone.com/reports/1036995
🔹 Severity: No Rating
🔹 Reported To: Judge.me
🔹 Reported By: #0xteles
🔹 State: ⚪️ Informative
🔹 Disclosed: December 17, 2021, 5:44pm (UTC)
Flickr Account Takeover using AWS Cognito API
👉 https://hackerone.com/reports/1342088
🔹 Severity: Critical | 💰 7,550 USD
🔹 Reported To: Flickr
🔹 Reported By: #lauritz
🔹 State: 🟢 Resolved
🔹 Disclosed: December 18, 2021, 12:35am (UTC)
👉 https://hackerone.com/reports/1342088
🔹 Severity: Critical | 💰 7,550 USD
🔹 Reported To: Flickr
🔹 Reported By: #lauritz
🔹 State: 🟢 Resolved
🔹 Disclosed: December 18, 2021, 12:35am (UTC)
HTML injection in email content during registration via FirstName/LastName parameter
👉 https://hackerone.com/reports/1256496
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimatix_
🔹 State: 🟢 Resolved
🔹 Disclosed: December 18, 2021, 9:42am (UTC)
👉 https://hackerone.com/reports/1256496
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimatix_
🔹 State: 🟢 Resolved
🔹 Disclosed: December 18, 2021, 9:42am (UTC)
Stored XSS on 1.4.0
👉 https://hackerone.com/reports/1331281
🔹 Severity: Medium
🔹 Reported To: ImpressCMS
🔹 Reported By: #tehwinsam
🔹 State: 🟢 Resolved
🔹 Disclosed: December 18, 2021, 2:32pm (UTC)
👉 https://hackerone.com/reports/1331281
🔹 Severity: Medium
🔹 Reported To: ImpressCMS
🔹 Reported By: #tehwinsam
🔹 State: 🟢 Resolved
🔹 Disclosed: December 18, 2021, 2:32pm (UTC)
Dependency repository hijacking aka Repo Jacking from GitHub repo rubygems/bundler-site & rubygems/bundler.github.io + bundler.io docs
👉 https://hackerone.com/reports/1430405
🔹 Severity: Medium
🔹 Reported To: RubyGems
🔹 Reported By: #akincibor
🔹 State: ⚪️ Informative
🔹 Disclosed: December 19, 2021, 11:12am (UTC)
👉 https://hackerone.com/reports/1430405
🔹 Severity: Medium
🔹 Reported To: RubyGems
🔹 Reported By: #akincibor
🔹 State: ⚪️ Informative
🔹 Disclosed: December 19, 2021, 11:12am (UTC)
Open redirect (DOM-based) on av.ru via "return_url" parameter (Login form)
👉 https://hackerone.com/reports/958864
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #zophi
🔹 State: 🟢 Resolved
🔹 Disclosed: December 19, 2021, 1:43pm (UTC)
👉 https://hackerone.com/reports/958864
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #zophi
🔹 State: 🟢 Resolved
🔹 Disclosed: December 19, 2021, 1:43pm (UTC)
Unauthorized access to choice.av.ru control panel
👉 https://hackerone.com/reports/963161
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #wocat
🔹 State: 🟢 Resolved
🔹 Disclosed: December 19, 2021, 1:52pm (UTC)
👉 https://hackerone.com/reports/963161
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #wocat
🔹 State: 🟢 Resolved
🔹 Disclosed: December 19, 2021, 1:52pm (UTC)
Log4j RCE on https://judge.me/reviews
👉 https://hackerone.com/reports/1427589
🔹 Severity: No Rating | 💰 50 USD
🔹 Reported To: Judge.me
🔹 Reported By: #bhishma14
🔹 State: 🟢 Resolved
🔹 Disclosed: December 21, 2021, 8:57am (UTC)
👉 https://hackerone.com/reports/1427589
🔹 Severity: No Rating | 💰 50 USD
🔹 Reported To: Judge.me
🔹 Reported By: #bhishma14
🔹 State: 🟢 Resolved
🔹 Disclosed: December 21, 2021, 8:57am (UTC)
admin password disclosure via log file
👉 https://hackerone.com/reports/1121972
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #darkdream
🔹 State: 🟢 Resolved
🔹 Disclosed: December 21, 2021, 9:31am (UTC)
👉 https://hackerone.com/reports/1121972
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #darkdream
🔹 State: 🟢 Resolved
🔹 Disclosed: December 21, 2021, 9:31am (UTC)
Rxss on █████████ via logout?service=javanoscript:alert(1)
👉 https://hackerone.com/reports/1406598
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #xko2x
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 4:21pm (UTC)
👉 https://hackerone.com/reports/1406598
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #xko2x
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 4:21pm (UTC)
Угон домена photo-test.gb.ru (возможно)
👉 https://hackerone.com/reports/1257091
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 9:51pm (UTC)
👉 https://hackerone.com/reports/1257091
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 9:51pm (UTC)
Cache Poisoning DoS on updates.rockstargames.com
👉 https://hackerone.com/reports/1219038
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/1219038
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
Cache poisoning Denial of Service affecting assets.gitlab-static.net
👉 https://hackerone.com/reports/1160407
🔹 Severity: High | 💰 4,850 USD
🔹 Reported To: GitLab
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/1160407
🔹 Severity: High | 💰 4,850 USD
🔹 Reported To: GitLab
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
Static files on HackerOne.com can be made inaccessible through Cache Poisoning attack
👉 https://hackerone.com/reports/1181946
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/1181946
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
Cache Poisoning DoS on downloads.exodus.com
👉 https://hackerone.com/reports/1173153
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Exodus
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/1173153
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Exodus
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)