Found Origin IP's Lead To Access To kraden.com
👉 https://hackerone.com/reports/1531183
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: Kraden
🔹 Reported By: #4bhin8v
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 10:04am (UTC)
👉 https://hackerone.com/reports/1531183
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: Kraden
🔹 Reported By: #4bhin8v
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 10:04am (UTC)
Folder architecture and Filesizes of private file drop shares can be getten
👉 https://hackerone.com/reports/1337422
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #shakierbellows
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 1:08pm (UTC)
👉 https://hackerone.com/reports/1337422
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #shakierbellows
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 1:08pm (UTC)
HTML injection through Invite Teammate email
👉 https://hackerone.com/reports/1482057
🔹 Severity: Low
🔹 Reported To: SecurityScorecard
🔹 Reported By: #cryptoknight028
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 5:25pm (UTC)
👉 https://hackerone.com/reports/1482057
🔹 Severity: Low
🔹 Reported To: SecurityScorecard
🔹 Reported By: #cryptoknight028
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 5:25pm (UTC)
Insecure Storage of Sensitive Information on lonestarcell.com server
👉 https://hackerone.com/reports/1482830
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #muhnad
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 6:58pm (UTC)
👉 https://hackerone.com/reports/1482830
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #muhnad
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 6:58pm (UTC)
[Python]: Add Server-side Request Forgery sinks
👉 https://hackerone.com/reports/1538144
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: April 11, 2022, 11:52pm (UTC)
👉 https://hackerone.com/reports/1538144
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: April 11, 2022, 11:52pm (UTC)
RCE via WikiCloth markdown rendering if the `rubyluabridge` gem is installed
👉 https://hackerone.com/reports/1401444
🔹 Severity: No Rating | 💰 3,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: April 12, 2022, 10:10am (UTC)
👉 https://hackerone.com/reports/1401444
🔹 Severity: No Rating | 💰 3,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: April 12, 2022, 10:10am (UTC)
🔥3
Regular Expression Denial of Service vulnerability
👉 https://hackerone.com/reports/1538157
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #dingleberryfarts
🔹 State: ⚪️ Informative
🔹 Disclosed: April 12, 2022, 1:24pm (UTC)
👉 https://hackerone.com/reports/1538157
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #dingleberryfarts
🔹 State: ⚪️ Informative
🔹 Disclosed: April 12, 2022, 1:24pm (UTC)
Open S3 Bucket Accessible by any User
👉 https://hackerone.com/reports/1474017
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: Omise
🔹 Reported By: #ravansurya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 7:12am (UTC)
👉 https://hackerone.com/reports/1474017
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: Omise
🔹 Reported By: #ravansurya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 7:12am (UTC)
Taking position in a discontinued forex pair without executing any trades
👉 https://hackerone.com/reports/1509211
🔹 Severity: High | 💰 2,337 USD
🔹 Reported To: EXNESS
🔹 Reported By: #a_ashwarya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:40am (UTC)
👉 https://hackerone.com/reports/1509211
🔹 Severity: High | 💰 2,337 USD
🔹 Reported To: EXNESS
🔹 Reported By: #a_ashwarya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:40am (UTC)
Access control vulnerability (read-only)
👉 https://hackerone.com/reports/1159367
🔹 Severity: Critical | 💰 2,250 USD
🔹 Reported To: EXNESS
🔹 Reported By: #a_ashwarya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:49am (UTC)
👉 https://hackerone.com/reports/1159367
🔹 Severity: Critical | 💰 2,250 USD
🔹 Reported To: EXNESS
🔹 Reported By: #a_ashwarya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:49am (UTC)
Access control vulnerability (read/write)
👉 https://hackerone.com/reports/1174734
🔹 Severity: Critical | 💰 2,500 USD
🔹 Reported To: EXNESS
🔹 Reported By: #a_ashwarya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:51am (UTC)
👉 https://hackerone.com/reports/1174734
🔹 Severity: Critical | 💰 2,500 USD
🔹 Reported To: EXNESS
🔹 Reported By: #a_ashwarya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:51am (UTC)
Acess control vulnerability (read/write)
👉 https://hackerone.com/reports/1174387
🔹 Severity: No Rating | 💰 1,000 USD
🔹 Reported To: EXNESS
🔹 Reported By: #a_ashwarya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:52am (UTC)
👉 https://hackerone.com/reports/1174387
🔹 Severity: No Rating | 💰 1,000 USD
🔹 Reported To: EXNESS
🔹 Reported By: #a_ashwarya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:52am (UTC)
CRLF Injection - Http Response Splitting
👉 https://hackerone.com/reports/1514359
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: EXNESS
🔹 Reported By: #socialcodia
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:53am (UTC)
👉 https://hackerone.com/reports/1514359
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: EXNESS
🔹 Reported By: #socialcodia
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:53am (UTC)
Ability to connect an external login service for unverified emails/accounts at accounts.shopify.com
👉 https://hackerone.com/reports/1018489
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #saltymermaid
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 1:11pm (UTC)
👉 https://hackerone.com/reports/1018489
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #saltymermaid
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 1:11pm (UTC)
Improper Implementation of SDK Allows Universal XSS in Webview Leading to Account Takeover
👉 https://hackerone.com/reports/1455987
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: EXNESS
🔹 Reported By: #holyfield
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 3:36pm (UTC)
👉 https://hackerone.com/reports/1455987
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: EXNESS
🔹 Reported By: #holyfield
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 3:36pm (UTC)
Stored XSS on the "www.intensedebate.com/extras-widgets" url at "Recent comments by" module with malicious blog url
👉 https://hackerone.com/reports/1083734
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Automattic
🔹 Reported By: #superpan
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 6:04pm (UTC)
👉 https://hackerone.com/reports/1083734
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Automattic
🔹 Reported By: #superpan
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 6:04pm (UTC)
CSRF protection bypass in GitHub Enterprise management console
👉 https://hackerone.com/reports/1497169
🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: GitHub
🔹 Reported By: #bitquark
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 7:16pm (UTC)
👉 https://hackerone.com/reports/1497169
🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: GitHub
🔹 Reported By: #bitquark
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 7:16pm (UTC)
👍4🔥1
Reflected XSS on TikTok Website
👉 https://hackerone.com/reports/1378413
🔹 Severity: Medium | 💰 3,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 9:25pm (UTC)
👉 https://hackerone.com/reports/1378413
🔹 Severity: Medium | 💰 3,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 9:25pm (UTC)
🔥1
[Bypass] Ability to invite a new member in sandbox Organization
👉 https://hackerone.com/reports/1486417
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #0619
🔹 State: 🟢 Resolved
🔹 Disclosed: April 14, 2022, 5:11pm (UTC)
👉 https://hackerone.com/reports/1486417
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #0619
🔹 State: 🟢 Resolved
🔹 Disclosed: April 14, 2022, 5:11pm (UTC)
Read and write beyond bounds in mod_sed
👉 https://hackerone.com/reports/1511619
🔹 Severity: High | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: April 14, 2022, 6:07pm (UTC)
👉 https://hackerone.com/reports/1511619
🔹 Severity: High | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: April 14, 2022, 6:07pm (UTC)
Account takeover leading to PII chained with stored XSS
👉 https://hackerone.com/reports/1483201
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #hollaatm3
🔹 State: 🟢 Resolved
🔹 Disclosed: April 16, 2022, 8:20am (UTC)
👉 https://hackerone.com/reports/1483201
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #hollaatm3
🔹 State: 🟢 Resolved
🔹 Disclosed: April 16, 2022, 8:20am (UTC)