OS command injection on seedr.ru
👉 https://hackerone.com/reports/1360208
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:49am (UTC)
👉 https://hackerone.com/reports/1360208
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:49am (UTC)
XSS Stored on https://seedr.ru
👉 https://hackerone.com/reports/1350671
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 8:22am (UTC)
👉 https://hackerone.com/reports/1350671
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 8:22am (UTC)
RCE в .api/nr/report/{id}/download
👉 https://hackerone.com/reports/1348154
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 9:03am (UTC)
👉 https://hackerone.com/reports/1348154
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 9:03am (UTC)
XSS because of Akamai ARL misconfiguration on ████
👉 https://hackerone.com/reports/1305477
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:57pm (UTC)
👉 https://hackerone.com/reports/1305477
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:57pm (UTC)
CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████
👉 https://hackerone.com/reports/1446236
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #3th1c_yuk1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:58pm (UTC)
👉 https://hackerone.com/reports/1446236
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #3th1c_yuk1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:58pm (UTC)
CSRF - Delete Account (Urgent)
👉 https://hackerone.com/reports/799855
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:59pm (UTC)
👉 https://hackerone.com/reports/799855
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:59pm (UTC)
IDOR - Delete Users Saved Projects
👉 https://hackerone.com/reports/800608
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:00pm (UTC)
👉 https://hackerone.com/reports/800608
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:00pm (UTC)
Reflected XSS - in Email Input
👉 https://hackerone.com/reports/799839
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:01pm (UTC)
👉 https://hackerone.com/reports/799839
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:01pm (UTC)
CSRF - Modify User Settings with one click - Account TakeOver
👉 https://hackerone.com/reports/799895
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:03pm (UTC)
👉 https://hackerone.com/reports/799895
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:03pm (UTC)
Arbitrary File Deletion (CVE-2020-3187) on ████████
👉 https://hackerone.com/reports/1455266
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:04pm (UTC)
👉 https://hackerone.com/reports/1455266
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:04pm (UTC)
CVE-2020-3452 on https://█████/
👉 https://hackerone.com/reports/1455257
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:05pm (UTC)
👉 https://hackerone.com/reports/1455257
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:05pm (UTC)
Military name,email,phone,address,certdata Disclosure
👉 https://hackerone.com/reports/1490133
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #unknownsh
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:09pm (UTC)
👉 https://hackerone.com/reports/1490133
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #unknownsh
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:09pm (UTC)
PIN 📌 BYPASS 🥷
👉 https://hackerone.com/reports/1257586
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Yoti
🔹 Reported By: #ww1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 10:25pm (UTC)
👉 https://hackerone.com/reports/1257586
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Yoti
🔹 Reported By: #ww1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 10:25pm (UTC)
🛑 Blocking bounty payments for Russian & Belarusian hackers 🇺🇸🇺🇦
👉 https://www.hackerone.com/sanctions-faq
👉 https://www.hackerone.com/sanctions-faq
🤬10👍7😢4👎1
Exposed .bash_history at http://21days2017.mtncameroon.net/.bash_history
👉 https://hackerone.com/reports/801437
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #xlife
🔹 State: 🟢 Resolved
🔹 Disclosed: March 20, 2022, 5:31am (UTC)
👉 https://hackerone.com/reports/801437
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #xlife
🔹 State: 🟢 Resolved
🔹 Disclosed: March 20, 2022, 5:31am (UTC)
Insecure crossdomain.xml on https://vdc.mtnonline.com/
👉 https://hackerone.com/reports/838817
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #xlife
🔹 State: 🟢 Resolved
🔹 Disclosed: March 20, 2022, 5:31am (UTC)
👉 https://hackerone.com/reports/838817
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #xlife
🔹 State: 🟢 Resolved
🔹 Disclosed: March 20, 2022, 5:31am (UTC)
RXSS
👉 https://hackerone.com/reports/1418413
🔹 Severity: Medium
🔹 Reported To: SecurityScorecard
🔹 Reported By: #ww1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 20, 2022, 6:55am (UTC)
👉 https://hackerone.com/reports/1418413
🔹 Severity: Medium
🔹 Reported To: SecurityScorecard
🔹 Reported By: #ww1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 20, 2022, 6:55am (UTC)
Get all personal email IDs of Glassdoor users[No user interaction required]
👉 https://hackerone.com/reports/864783
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #safehacker_2715
🔹 State: 🟢 Resolved
🔹 Disclosed: March 21, 2022, 1:11pm (UTC)
👉 https://hackerone.com/reports/864783
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #safehacker_2715
🔹 State: 🟢 Resolved
🔹 Disclosed: March 21, 2022, 1:11pm (UTC)
Arbitrary file read via the bulk imports UploadsPipeline
👉 https://hackerone.com/reports/1439593
🔹 Severity: Critical | 💰 29,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: March 21, 2022, 2:46pm (UTC)
👉 https://hackerone.com/reports/1439593
🔹 Severity: Critical | 💰 29,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: March 21, 2022, 2:46pm (UTC)
😱12
Log4j Java RCE in [beta.dev.adobeconnect.com]
👉 https://hackerone.com/reports/1442644
🔹 Severity: Critical
🔹 Reported To: Adobe
🔹 Reported By: #sheikhrishad0
🔹 State: 🟢 Resolved
🔹 Disclosed: March 21, 2022, 4:26pm (UTC)
👉 https://hackerone.com/reports/1442644
🔹 Severity: Critical
🔹 Reported To: Adobe
🔹 Reported By: #sheikhrishad0
🔹 State: 🟢 Resolved
🔹 Disclosed: March 21, 2022, 4:26pm (UTC)
👍3👎1
html injection via invite members can be leads account takeover
👉 https://hackerone.com/reports/1443567
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #rynexxx
🔹 State: 🟢 Resolved
🔹 Disclosed: March 22, 2022, 10:15am (UTC)
👉 https://hackerone.com/reports/1443567
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #rynexxx
🔹 State: 🟢 Resolved
🔹 Disclosed: March 22, 2022, 10:15am (UTC)