Bugpoint – Telegram
Bugpoint
@bugpoint
1.06K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.06K subscribers
Bugpoint
Binary output bypass

👉 https://hackerone.com/reports/1468962

🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #eliasknudsen
🔹 State: 🔴 N/A
🔹 Disclosed: March 9, 2022, 9:48pm (UTC)
342 views
Bugpoint
Use of Unsafe function || Strcpy

👉 https://hackerone.com/reports/1485379

🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #shobhit2401200
🔹 State: 🔴 N/A
🔹 Disclosed: March 9, 2022, 9:48pm (UTC)
370 views
Bugpoint
Open Redirect on https://██.8x8.com/login?nextPage=%2F

👉 https://hackerone.com/reports/1467046

🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #ig420_vrush
🔹 State: 🟢 Resolved
🔹 Disclosed: March 10, 2022, 12:19am (UTC)
404 views
Bugpoint
XSS via Mod Log Removed Posts

👉 https://hackerone.com/reports/1504410

🔹 Severity: High | 💰 6,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #ahacker1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 10, 2022, 11:18pm (UTC)
👍3
421 views
Bugpoint
Public Jenkins instance with /noscript enabled

👉 https://hackerone.com/reports/1492447

🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #thesanjok
🔹 State: 🟢 Resolved
🔹 Disclosed: March 11, 2022, 6:47pm (UTC)
407 views
Bugpoint
CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability - https://esccvc.de.ibm.com

👉 https://hackerone.com/reports/938684

🔹 Severity: High
🔹 Reported To: IBM
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: March 11, 2022, 6:57pm (UTC)
486 views
Bugpoint
Specially crafted message request crashes the webapp for users who view the message

👉 https://hackerone.com/reports/1253732

🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #thesecuritydev
🔹 State: 🟢 Resolved
🔹 Disclosed: March 14, 2022, 5:05am (UTC)
391 views
Bugpoint
User files is disclosed when someone called while the screen is locked

👉 https://hackerone.com/reports/1338781

🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #ctulhu
🔹 State: 🟢 Resolved
🔹 Disclosed: March 14, 2022, 3:41pm (UTC)
373 views
Bugpoint
registering with the same email address multiple times leads to account takeover

👉 https://hackerone.com/reports/785833

🔹 Severity: Low
🔹 Reported To: Reddit
🔹 Reported By: #whitehacker18
🔹 State: ⚪️ Informative
🔹 Disclosed: March 14, 2022, 9:13pm (UTC)
👍4
371 views
Bugpoint
Open redirect GET-Based on https://www.flickr.com/browser/upgrade/?continue=

👉 https://hackerone.com/reports/1217570

🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Flickr
🔹 Reported By: #c4rrilat0rr
🔹 State: 🟢 Resolved
🔹 Disclosed: March 16, 2022, 3:35am (UTC)
343 views
Bugpoint
Stored XSS through PDF viewer

👉 https://hackerone.com/reports/881557

🔹 Severity: High | 💰 4,875 USD
🔹 Reported To: Slack
🔹 Reported By: #hitman_47
🔹 State: 🟢 Resolved
🔹 Disclosed: March 16, 2022, 2:10pm (UTC)
🔥1
343 views
Bugpoint
0-day Cross Origin Request Forgery vulnerability in Grafana 8.x .

👉 https://hackerone.com/reports/1458236

🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Aiven Ltd
🔹 Reported By: #abrahack
🔹 State: 🟢 Resolved
🔹 Disclosed: March 16, 2022, 2:16pm (UTC)
👍2
362 views
Bugpoint
Instance Page DOS within Organization on TikTok Ads

👉 https://hackerone.com/reports/1478930

🔹 Severity: Low | 💰 200 USD
🔹 Reported To: TikTok
🔹 Reported By: #arsene_lupin
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 12:18am (UTC)
342 views
Bugpoint
Theft of protected files on Android

👉 https://hackerone.com/reports/1454002

🔹 Severity: Low | 💰 50 USD
🔹 Reported To: ownCloud
🔹 Reported By: #n00b-cyborg
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 8:42am (UTC)
338 views
Bugpoint
Use of uninitialized value of in req_parsebody method of lua_request.c

👉 https://hackerone.com/reports/1514863

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #chamal
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 3:01pm (UTC)
👍1
340 views
Bugpoint
IDOR at https://demo.sftool.gov/TwsHome/ScorecardManage/ via scorecard name

👉 https://hackerone.com/reports/1472721

🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #hollaatm3
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 4:23pm (UTC)
347 views
Bugpoint
SSRF + RCE через fastCGI в POST /api/nr/video

👉 https://hackerone.com/reports/1354335

🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:19am (UTC)
👍1
487 views
Bugpoint
OS command injection on seedr.ru

👉 https://hackerone.com/reports/1360208

🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:49am (UTC)
335 views
Bugpoint
XSS Stored on https://seedr.ru

👉 https://hackerone.com/reports/1350671

🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 8:22am (UTC)
326 views
Bugpoint
RCE в .api/nr/report/{id}/download

👉 https://hackerone.com/reports/1348154

🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 9:03am (UTC)
338 views
Bugpoint
XSS because of Akamai ARL misconfiguration on ████

👉 https://hackerone.com/reports/1305477

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:57pm (UTC)
300 views