Access to images and videos in drafts on LINE BLOG
👉 https://hackerone.com/reports/1290170
🔹 Severity: Medium | 💰 780 USD
🔹 Reported To: LINE
🔹 Reported By: #akichia
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:50am (UTC)
👉 https://hackerone.com/reports/1290170
🔹 Severity: Medium | 💰 780 USD
🔹 Reported To: LINE
🔹 Reported By: #akichia
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:50am (UTC)
Bot setting information leakage in OpenChat room
👉 https://hackerone.com/reports/1305432
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: LINE
🔹 Reported By: #akichia
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:51am (UTC)
👉 https://hackerone.com/reports/1305432
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: LINE
🔹 Reported By: #akichia
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:51am (UTC)
Баг с оплатой подписки
👉 https://hackerone.com/reports/1300583
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #azimoff
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 6:15am (UTC)
👉 https://hackerone.com/reports/1300583
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #azimoff
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 6:15am (UTC)
SQL Injection leads to retrieve the contents of an entire database.
👉 https://hackerone.com/reports/1002641
🔹 Severity: Critical
🔹 Reported To: BlockDev Sp. Z o.o
🔹 Reported By: #u-itachi
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 29, 2021, 2:28pm (UTC)
👉 https://hackerone.com/reports/1002641
🔹 Severity: Critical
🔹 Reported To: BlockDev Sp. Z o.o
🔹 Reported By: #u-itachi
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 29, 2021, 2:28pm (UTC)
Log4j CVE-2021–44228
👉 https://hackerone.com/reports/1431624
🔹 Severity: No Rating
🔹 Reported To: Krisp
🔹 Reported By: #karthik86
🔹 State: ⚪️ Informative
🔹 Disclosed: December 29, 2021, 6:47pm (UTC)
👉 https://hackerone.com/reports/1431624
🔹 Severity: No Rating
🔹 Reported To: Krisp
🔹 Reported By: #karthik86
🔹 State: ⚪️ Informative
🔹 Disclosed: December 29, 2021, 6:47pm (UTC)
Change project visibility to a restricted option
👉 https://hackerone.com/reports/1086781
🔹 Severity: Medium | 💰 1,370 USD
🔹 Reported To: GitLab
🔹 Reported By: #s4nderdevelopment
🔹 State: 🟢 Resolved
🔹 Disclosed: December 30, 2021, 1:28am (UTC)
👉 https://hackerone.com/reports/1086781
🔹 Severity: Medium | 💰 1,370 USD
🔹 Reported To: GitLab
🔹 Reported By: #s4nderdevelopment
🔹 State: 🟢 Resolved
🔹 Disclosed: December 30, 2021, 1:28am (UTC)
Выполняем любой API метод при открытии сообщества/приложения + повышение прав у любого токена.
👉 https://hackerone.com/reports/1354452
🔹 Severity: High
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: December 30, 2021, 10:26am (UTC)
👉 https://hackerone.com/reports/1354452
🔹 Severity: High
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: December 30, 2021, 10:26am (UTC)
DLL hijacking in Monero GUI for Windows 0.17.3.0 would allow an attacker to perform remote command execution
👉 https://hackerone.com/reports/1437942
🔹 Severity: Medium
🔹 Reported To: Monero
🔹 Reported By: #fukuyama
🔹 State: ⚪️ Informative
🔹 Disclosed: December 30, 2021, 5:08pm (UTC)
👉 https://hackerone.com/reports/1437942
🔹 Severity: Medium
🔹 Reported To: Monero
🔹 Reported By: #fukuyama
🔹 State: ⚪️ Informative
🔹 Disclosed: December 30, 2021, 5:08pm (UTC)
Read-only user can edit user segments.
👉 https://hackerone.com/reports/1277753
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #astates
🔹 State: 🟢 Resolved
🔹 Disclosed: December 30, 2021, 6:28pm (UTC)
👉 https://hackerone.com/reports/1277753
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #astates
🔹 State: 🟢 Resolved
🔹 Disclosed: December 30, 2021, 6:28pm (UTC)
ADB Backup is enabled within AndroidManifest
👉 https://hackerone.com/reports/1225158
🔹 Severity: Medium
🔹 Reported To: Zivver
🔹 Reported By: #hack_4fun
🔹 State: 🟢 Resolved
🔹 Disclosed: December 31, 2021, 11:27am (UTC)
👉 https://hackerone.com/reports/1225158
🔹 Severity: Medium
🔹 Reported To: Zivver
🔹 Reported By: #hack_4fun
🔹 State: 🟢 Resolved
🔹 Disclosed: December 31, 2021, 11:27am (UTC)
Improper authorization allows disclosing users' notification data in Notification channel server
👉 https://hackerone.com/reports/1314162
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: LINE
🔹 Reported By: #66ed3gs
🔹 State: 🟢 Resolved
🔹 Disclosed: December 31, 2021, 12:08pm (UTC)
👉 https://hackerone.com/reports/1314162
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: LINE
🔹 Reported By: #66ed3gs
🔹 State: 🟢 Resolved
🔹 Disclosed: December 31, 2021, 12:08pm (UTC)
Default credentials lead to Spring Boot Admin dashboard access
👉 https://hackerone.com/reports/1417635
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #sparroww
🔹 State: 🟢 Resolved
🔹 Disclosed: January 2, 2022, 2:41pm (UTC)
👉 https://hackerone.com/reports/1417635
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #sparroww
🔹 State: 🟢 Resolved
🔹 Disclosed: January 2, 2022, 2:41pm (UTC)
EMAIL SPOOFING
👉 https://hackerone.com/reports/496360
🔹 Severity: Medium
🔹 Reported To: Khan Academy
🔹 Reported By: #hackthedevil
🔹 State: 🟢 Resolved
🔹 Disclosed: January 2, 2022, 6:30pm (UTC)
👉 https://hackerone.com/reports/496360
🔹 Severity: Medium
🔹 Reported To: Khan Academy
🔹 Reported By: #hackthedevil
🔹 State: 🟢 Resolved
🔹 Disclosed: January 2, 2022, 6:30pm (UTC)
Log4Shell: RCE 0-day exploit on █████████
👉 https://hackerone.com/reports/1429014
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #mr_x_strange
🔹 State: 🟢 Resolved
🔹 Disclosed: January 3, 2022, 9:23pm (UTC)
👉 https://hackerone.com/reports/1429014
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #mr_x_strange
🔹 State: 🟢 Resolved
🔹 Disclosed: January 3, 2022, 9:23pm (UTC)
👍1
%0A (New line) and limitness URL leads to DoS at all system [Main adress (https://www.acronis.com/)]
👉 https://hackerone.com/reports/1382448
🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #plantos
🔹 State: 🟢 Resolved
🔹 Disclosed: January 4, 2022, 9:47am (UTC)
👉 https://hackerone.com/reports/1382448
🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #plantos
🔹 State: 🟢 Resolved
🔹 Disclosed: January 4, 2022, 9:47am (UTC)
Buffer overflow in req_parsebody method in lua_request.c
👉 https://hackerone.com/reports/1434056
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #chamal
🔹 State: 🟢 Resolved
🔹 Disclosed: January 4, 2022, 3:31pm (UTC)
👉 https://hackerone.com/reports/1434056
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #chamal
🔹 State: 🟢 Resolved
🔹 Disclosed: January 4, 2022, 3:31pm (UTC)
OPEN REDIRECT
👉 https://hackerone.com/reports/1369806
🔹 Severity: Low
🔹 Reported To: Nutanix
🔹 Reported By: #kauenavarro
🔹 State: 🟢 Resolved
🔹 Disclosed: January 4, 2022, 4:14pm (UTC)
👉 https://hackerone.com/reports/1369806
🔹 Severity: Low
🔹 Reported To: Nutanix
🔹 Reported By: #kauenavarro
🔹 State: 🟢 Resolved
🔹 Disclosed: January 4, 2022, 4:14pm (UTC)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
👉 https://hackerone.com/reports/1440161
🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #n1had
🔹 State: 🟢 Resolved
🔹 Disclosed: January 5, 2022, 2:44am (UTC)
👉 https://hackerone.com/reports/1440161
🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #n1had
🔹 State: 🟢 Resolved
🔹 Disclosed: January 5, 2022, 2:44am (UTC)
ABLE TO TRICK THE VICTIM INTO USING A CRAFTED EMAIL ADDRESS FOR A PARTICULAR SESSION AND THEN LATER TAKE BACK THE ACCOUNT
👉 https://hackerone.com/reports/1357013
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #at11zt00
🔹 State: 🟢 Resolved
🔹 Disclosed: January 5, 2022, 5:15am (UTC)
👉 https://hackerone.com/reports/1357013
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #at11zt00
🔹 State: 🟢 Resolved
🔹 Disclosed: January 5, 2022, 5:15am (UTC)
Subdomain takeover of images.crossinstall.com
👉 https://hackerone.com/reports/1406335
🔹 Severity: High
🔹 Reported To: Twitter
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: January 5, 2022, 7:58pm (UTC)
👉 https://hackerone.com/reports/1406335
🔹 Severity: High
🔹 Reported To: Twitter
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: January 5, 2022, 7:58pm (UTC)
Grafana LFI on https://grafana.mariadb.org
👉 https://hackerone.com/reports/1419213
🔹 Severity: Medium
🔹 Reported To: MariaDB
🔹 Reported By: #realtess
🔹 State: 🟢 Resolved
🔹 Disclosed: January 6, 2022, 5:57pm (UTC)
👉 https://hackerone.com/reports/1419213
🔹 Severity: Medium
🔹 Reported To: MariaDB
🔹 Reported By: #realtess
🔹 State: 🟢 Resolved
🔹 Disclosed: January 6, 2022, 5:57pm (UTC)