NEW BOT Телеграм, страница

Bugpoint

Stored xss on helpdesk using user's city

👉 https://hackerone.com/reports/971857

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 14, 2022, 8:36pm (UTC)

👍2

354 views20:38

Bugpoint

In orginization stored xss using location (Larksuite survey app)

👉 https://hackerone.com/reports/998138

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 14, 2022, 8:41pm (UTC)

👍2

386 views20:44

Bugpoint

Lack of URL normalization renders Blocked-Previews feature ineffectual

👉 https://hackerone.com/reports/1102764

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Slack
🔹 Reported By: #jub0bs
🔹 State: 🟢 Resolved
🔹 Disclosed: January 16, 2022, 7:48am (UTC)

🎉1

372 views07:50

Bugpoint

Clickjacking

👉 https://hackerone.com/reports/688546

🔹 Severity: No Rating
🔹 Reported To: Palo Alto Software
🔹 Reported By: #paramdham
🔹 State: 🟢 Resolved
🔹 Disclosed: January 17, 2022, 7:27am (UTC)

342 views07:30

Bugpoint

SSRF & Blind XSS in Gravatar email

👉 https://hackerone.com/reports/1100096

🔹 Severity: High | 💰 750 USD
🔹 Reported To: Automattic
🔹 Reported By: #rockybandana
🔹 State: 🟢 Resolved
🔹 Disclosed: January 17, 2022, 8:44pm (UTC)

🔥4

336 views20:46

Bugpoint

DOM XSS through ads

👉 https://hackerone.com/reports/889041

🔹 Severity: Medium
🔹 Reported To: Urban Dictionary
🔹 Reported By: #bemodtwz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 18, 2022, 12:56am (UTC)

🤩1

351 views00:58

Bugpoint

Exposed Golang debugger on tier3.riot.mail.ru:9090, 9080

👉 https://hackerone.com/reports/1247910

🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:48am (UTC)

337 views07:50

Bugpoint

Dom Xss vulnerability

👉 https://hackerone.com/reports/1448616

🔹 Severity: High
🔹 Reported To: Recorded Future
🔹 Reported By: #fornex
🔹 State: ⚪️ Informative
🔹 Disclosed: January 19, 2022, 11:00am (UTC)

328 views11:02

Bugpoint

User can pay using archived price by manipulating the request sent to `POST /v1/payment_pages/for_plink`

👉 https://hackerone.com/reports/1328278

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Stripe
🔹 Reported By: #gregxsunday
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 3:19pm (UTC)

293 views15:22

Bugpoint

Wrong settings in ADF Faces leads to information disclosure

👉 https://hackerone.com/reports/1422641

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #h3xr
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:28pm (UTC)

274 views19:30

Bugpoint

XSS Reflected - ██████████

👉 https://hackerone.com/reports/1223577

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #drauschkolb
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:29pm (UTC)

👍1

256 views19:32

Bugpoint

Reflected XSS in https://███████ via hidden parameter "████████"

👉 https://hackerone.com/reports/1029238

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #supr4s
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:30pm (UTC)

224 views19:32

Bugpoint

Reflected XSS on https://███/████via hidden parameter "█████████"

👉 https://hackerone.com/reports/1029243

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #supr4s
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:31pm (UTC)

225 views19:34

Bugpoint

██████████ running a vulnerable log4j

👉 https://hackerone.com/reports/1423496

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alex_gaynor
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:33pm (UTC)

225 views19:36

Bugpoint

███ ████████ running a vulnerable log4j

👉 https://hackerone.com/reports/1438393

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alex_gaynor
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:35pm (UTC)

226 views19:38

Bugpoint

[Java] CWE-552: Query to detect unsafe request dispatcher usage

👉 https://hackerone.com/reports/1454582

🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:10pm (UTC)

214 views22:12

Bugpoint

[Java] CWE-089: MyBatis Mapper XML SQL Injection

👉 https://hackerone.com/reports/1442954

🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:11pm (UTC)

👍1

208 views22:14

Bugpoint

[Javanoscript]: [Clipboard-based XSS]

👉 https://hackerone.com/reports/1448236

🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:11pm (UTC)

197 views22:14

Bugpoint

Java: Regex injection

👉 https://hackerone.com/reports/1443028

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)

187 views22:14

Bugpoint

[Java] CWE-400: Query to detect uncontrolled thread resource consumption

👉 https://hackerone.com/reports/1413542

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)

190 views22:14

Bugpoint

[porcupiney.hairs]: [Python] Add Flask Path injection sinks

👉 https://hackerone.com/reports/1413541

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)

188 views22:14

About

Blog

Apps

Platform