F5 BIG-IP TMUI RCE - CVE-2020-5902 (██.packet8.net)
👉 https://hackerone.com/reports/1519841
🔹 Severity: Critical
🔹 Reported To: 8x8
🔹 Reported By: #remonsec
🔹 State: 🟢 Resolved
🔹 Disclosed: March 25, 2022, 11:11am (UTC)
👉 https://hackerone.com/reports/1519841
🔹 Severity: Critical
🔹 Reported To: 8x8
🔹 Reported By: #remonsec
🔹 State: 🟢 Resolved
🔹 Disclosed: March 25, 2022, 11:11am (UTC)
👍1
Misconfigured Rate Limit at app.sign.plus/forgot_password
👉 https://hackerone.com/reports/1472394
🔹 Severity: Low
🔹 Reported To: Alohi
🔹 Reported By: #shamim_12__
🔹 State: 🟢 Resolved
🔹 Disclosed: March 25, 2022, 3:05pm (UTC)
👉 https://hackerone.com/reports/1472394
🔹 Severity: Low
🔹 Reported To: Alohi
🔹 Reported By: #shamim_12__
🔹 State: 🟢 Resolved
🔹 Disclosed: March 25, 2022, 3:05pm (UTC)
No Rate Limiting for Password Reset Email Leads to Email Flooding
👉 https://hackerone.com/reports/1340650
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #bd10ceb041a5297f881137c
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:58pm (UTC)
👉 https://hackerone.com/reports/1340650
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #bd10ceb041a5297f881137c
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:58pm (UTC)
Clickjacking login page of https://hackers.upchieve.org/login
👉 https://hackerone.com/reports/1331485
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #sara346
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:58pm (UTC)
👉 https://hackerone.com/reports/1331485
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #sara346
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:58pm (UTC)
No rate Limit on Password Reset page on upchieve
👉 https://hackerone.com/reports/1320138
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #rupachandransangothi
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:58pm (UTC)
👉 https://hackerone.com/reports/1320138
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #rupachandransangothi
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:58pm (UTC)
Outdated Copyright Message @ Welcome email
👉 https://hackerone.com/reports/1354444
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #ww1
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:59pm (UTC)
👉 https://hackerone.com/reports/1354444
🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #ww1
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:59pm (UTC)
Password Reuse
👉 https://hackerone.com/reports/1354382
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #ww1
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:59pm (UTC)
👉 https://hackerone.com/reports/1354382
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #ww1
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:59pm (UTC)
Missing Validation in editing "Your Phone Number"
👉 https://hackerone.com/reports/1354368
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #ww1
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:59pm (UTC)
👉 https://hackerone.com/reports/1354368
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #ww1
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:59pm (UTC)
Password reset token leakage
👉 https://hackerone.com/reports/1354437
🔹 Severity: High
🔹 Reported To: UPchieve
🔹 Reported By: #ww1
🔹 State: 🟤 Duplicate
🔹 Disclosed: March 26, 2022, 5:59pm (UTC)
👉 https://hackerone.com/reports/1354437
🔹 Severity: High
🔹 Reported To: UPchieve
🔹 Reported By: #ww1
🔹 State: 🟤 Duplicate
🔹 Disclosed: March 26, 2022, 5:59pm (UTC)
No Rate Limit on forgot password page
👉 https://hackerone.com/reports/1317494
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #pranto_0
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 6:00pm (UTC)
👉 https://hackerone.com/reports/1317494
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #pranto_0
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 6:00pm (UTC)
OTP reflecting in response sensitive data exposure leads to account take over
👉 https://hackerone.com/reports/1318087
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #rupachandransangothi
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 6:00pm (UTC)
👉 https://hackerone.com/reports/1318087
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #rupachandransangothi
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 6:00pm (UTC)
Able to steal bearer token from deep link
👉 https://hackerone.com/reports/1372667
🔹 Severity: High | 💰 6,337 USD
🔹 Reported To: Basecamp
🔹 Reported By: #danielllewellyn
🔹 State: 🟢 Resolved
🔹 Disclosed: March 27, 2022, 6:33pm (UTC)
👉 https://hackerone.com/reports/1372667
🔹 Severity: High | 💰 6,337 USD
🔹 Reported To: Basecamp
🔹 Reported By: #danielllewellyn
🔹 State: 🟢 Resolved
🔹 Disclosed: March 27, 2022, 6:33pm (UTC)
👍3🔥2
EC2 Takeover at turn.shopify.com
👉 https://hackerone.com/reports/1295497
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #0xd0m7
🔹 State: 🟢 Resolved
🔹 Disclosed: March 28, 2022, 2:21pm (UTC)
👉 https://hackerone.com/reports/1295497
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #0xd0m7
🔹 State: 🟢 Resolved
🔹 Disclosed: March 28, 2022, 2:21pm (UTC)
Denial of Service vulnerability in curl when parsing MQTT server response
👉 https://hackerone.com/reports/1521610
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #jenny
🔹 State: ⚪️ Informative
🔹 Disclosed: March 28, 2022, 8:00pm (UTC)
👉 https://hackerone.com/reports/1521610
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #jenny
🔹 State: ⚪️ Informative
🔹 Disclosed: March 28, 2022, 8:00pm (UTC)
2 click Remote Code execution in Evernote Android
👉 https://hackerone.com/reports/1377748
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Evernote
🔹 Reported By: #hulkvision_
🔹 State: 🟢 Resolved
🔹 Disclosed: March 29, 2022, 1:54pm (UTC)
👉 https://hackerone.com/reports/1377748
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Evernote
🔹 Reported By: #hulkvision_
🔹 State: 🟢 Resolved
🔹 Disclosed: March 29, 2022, 1:54pm (UTC)
Identify the mobile number of a twitter user
👉 https://hackerone.com/reports/1225164
🔹 Severity: Critical | 💰 560 USD
🔹 Reported To: Twitter
🔹 Reported By: #aymen_mansour
🔹 State: 🟢 Resolved
🔹 Disclosed: March 29, 2022, 6:39pm (UTC)
👉 https://hackerone.com/reports/1225164
🔹 Severity: Critical | 💰 560 USD
🔹 Reported To: Twitter
🔹 Reported By: #aymen_mansour
🔹 State: 🟢 Resolved
🔹 Disclosed: March 29, 2022, 6:39pm (UTC)
👍1
Ability to use premium templates as free user via https://stripo.email/templates/?utm_source=viewstripo&utm_medium=referral
👉 https://hackerone.com/reports/1166993
🔹 Severity: High
🔹 Reported To: Stripo Inc
🔹 Reported By: #0xkira
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 6:18am (UTC)
👉 https://hackerone.com/reports/1166993
🔹 Severity: High
🔹 Reported To: Stripo Inc
🔹 Reported By: #0xkira
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 6:18am (UTC)
Insecure Storage and Overly Permissive API Keys
👉 https://hackerone.com/reports/1283575
🔹 Severity: Medium
🔹 Reported To: Stripo Inc
🔹 Reported By: #andformod
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 6:19am (UTC)
👉 https://hackerone.com/reports/1283575
🔹 Severity: Medium
🔹 Reported To: Stripo Inc
🔹 Reported By: #andformod
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 6:19am (UTC)
Upload Profile Photo in any folder you want with any extension you want
👉 https://hackerone.com/reports/753375
🔹 Severity: Critical
🔹 Reported To: Stripo Inc
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 6:21am (UTC)
👉 https://hackerone.com/reports/753375
🔹 Severity: Critical
🔹 Reported To: Stripo Inc
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 6:21am (UTC)
[Java]: CWE-200 - Query to detect insecure WebResourceResponse implementation
👉 https://hackerone.com/reports/1526609
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:28pm (UTC)
👉 https://hackerone.com/reports/1526609
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:28pm (UTC)
CPP: Add query for CWE-377 Insecure Temporary File
👉 https://hackerone.com/reports/1515139
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:29pm (UTC)
👉 https://hackerone.com/reports/1515139
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:29pm (UTC)