Regular Expression Denial of Service vulnerability

👉 https://hackerone.com/reports/1538157

🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #dingleberryfarts
🔹 State: ⚪️ Informative
🔹 Disclosed: April 12, 2022, 1:24pm (UTC)

Open S3 Bucket Accessible by any User

👉 https://hackerone.com/reports/1474017

🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: Omise
🔹 Reported By: #ravansurya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 7:12am (UTC)

Taking position in a discontinued forex pair without executing any trades

👉 https://hackerone.com/reports/1509211

🔹 Severity: High | 💰 2,337 USD
🔹 Reported To: EXNESS
🔹 Reported By: #a_ashwarya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:40am (UTC)

Access control vulnerability (read-only)

👉 https://hackerone.com/reports/1159367

🔹 Severity: Critical | 💰 2,250 USD
🔹 Reported To: EXNESS
🔹 Reported By: #a_ashwarya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:49am (UTC)

Access control vulnerability (read/write)

👉 https://hackerone.com/reports/1174734

🔹 Severity: Critical | 💰 2,500 USD
🔹 Reported To: EXNESS
🔹 Reported By: #a_ashwarya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:51am (UTC)

Acess control vulnerability (read/write)

👉 https://hackerone.com/reports/1174387

🔹 Severity: No Rating | 💰 1,000 USD
🔹 Reported To: EXNESS
🔹 Reported By: #a_ashwarya
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:52am (UTC)

CRLF Injection - Http Response Splitting

👉 https://hackerone.com/reports/1514359

🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: EXNESS
🔹 Reported By: #socialcodia
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 10:53am (UTC)

Ability to connect an external login service for unverified emails/accounts at accounts.shopify.com

👉 https://hackerone.com/reports/1018489

🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #saltymermaid
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 1:11pm (UTC)

Improper Implementation of SDK Allows Universal XSS in Webview Leading to Account Takeover

👉 https://hackerone.com/reports/1455987

🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: EXNESS
🔹 Reported By: #holyfield
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 3:36pm (UTC)

Stored XSS on the "www.intensedebate.com/extras-widgets" url at "Recent comments by" module with malicious blog url

👉 https://hackerone.com/reports/1083734

🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Automattic
🔹 Reported By: #superpan
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 6:04pm (UTC)

CSRF protection bypass in GitHub Enterprise management console

👉 https://hackerone.com/reports/1497169

🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: GitHub
🔹 Reported By: #bitquark
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 7:16pm (UTC)

Reflected XSS on TikTok Website

👉 https://hackerone.com/reports/1378413

🔹 Severity: Medium | 💰 3,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 13, 2022, 9:25pm (UTC)

[Bypass] Ability to invite a new member in sandbox Organization

👉 https://hackerone.com/reports/1486417

🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #0619
🔹 State: 🟢 Resolved
🔹 Disclosed: April 14, 2022, 5:11pm (UTC)

Read and write beyond bounds in mod_sed

👉 https://hackerone.com/reports/1511619

🔹 Severity: High | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: April 14, 2022, 6:07pm (UTC)

Account takeover leading to PII chained with stored XSS

👉 https://hackerone.com/reports/1483201

🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #hollaatm3
🔹 State: 🟢 Resolved
🔹 Disclosed: April 16, 2022, 8:20am (UTC)

[https://shipit-sox-staging.shopifycloud.com] Presence of multiple vulnerabilities present in Ruby On Rails

👉 https://hackerone.com/reports/1400309

🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #beastglatisant
🔹 State: 🟢 Resolved
🔹 Disclosed: April 16, 2022, 5:19pm (UTC)

SSRF restricted to HTTP/HTML on LINE Social Plugins (https://social-plugins.line.me/)

👉 https://hackerone.com/reports/860939

🔹 Severity: Medium | 💰 1,350 USD
🔹 Reported To: LINE
🔹 Reported By: #duahaubadao
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:08am (UTC)

Use of unreleased features in programming education service (https://entry.line.me)

👉 https://hackerone.com/reports/975428

🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: LINE
🔹 Reported By: #tosun
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:11am (UTC)

Deleting someone else's profile image with a GraphQL query in programming education service (https://entry.line.me)

👉 https://hackerone.com/reports/952095

🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: LINE
🔹 Reported By: #tosun
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:13am (UTC)

SSRF occurrence in website preview used by LINE Official Account Manager (https://manager.line.biz)

👉 https://hackerone.com/reports/1131608

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: LINE
🔹 Reported By: #jafarakhondali
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:15am (UTC)

Archive Any Scope of a Program

👉 https://hackerone.com/reports/1501611

🔹 Severity: High | 💰 12,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #ahacker1
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:22pm (UTC)