NEW BOT Телеграм, страница

Bugpoint

CVE-2022-27776: Auth/cookie leak on redirect

👉 https://hackerone.com/reports/1551591

🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 6:32am (UTC)

267 views06:34

Bugpoint

DoS via large console messages

👉 https://hackerone.com/reports/1243724

🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #thesecuritydev
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 7:11am (UTC)

262 views07:14

Bugpoint

CVE-2022-22576: OAUTH2 bearer bypass in connection re-use

👉 https://hackerone.com/reports/1526328

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #monnerat
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 11:27am (UTC)

262 views11:30

Bugpoint

OAUTH2 bearer not-checked for connection re-use

👉 https://hackerone.com/reports/1552110

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #monnerat
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 11:34am (UTC)

270 views11:36

Bugpoint

Possibility to force an admin to install recommended applications

👉 https://hackerone.com/reports/1403614

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #igorpyan
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 11:50am (UTC)

😁1

258 views11:52

Bugpoint

SQL INJECTION in https://████/██████████

👉 https://hackerone.com/reports/723044

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #mido0x0x
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 1:56pm (UTC)

252 views13:58

Bugpoint

Blind SQL Injection

👉 https://hackerone.com/reports/771215

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #mido0x0x
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 1:57pm (UTC)

253 views14:00

Bugpoint

██████████ vulnerable to CVE-2022-22954

👉 https://hackerone.com/reports/1537543

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #null_bytes
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 1:58pm (UTC)

254 views14:00

Bugpoint

SSRF due to CVE-2021-27905 in www.████████

👉 https://hackerone.com/reports/1183472

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:00pm (UTC)

251 views14:02

Bugpoint

Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████

👉 https://hackerone.com/reports/1278977

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #njmulsqb
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:03pm (UTC)

271 views14:06

Bugpoint

lfi in filePathDownload parameter via ███████

👉 https://hackerone.com/reports/1542734

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #exploitmsf
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:04pm (UTC)

270 views14:06

Bugpoint

Reflected XSS [███]

👉 https://hackerone.com/reports/1309237

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:05pm (UTC)

283 views14:08

Bugpoint

Reflected XSS [██████]

👉 https://hackerone.com/reports/1309385

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:06pm (UTC)

303 views14:08

Bugpoint

Hardcoded AWS credentials in ███████.msi

👉 https://hackerone.com/reports/1368690

🔹 Severity: Critical
🔹 Reported To: 8x8
🔹 Reported By: #chip_sec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 5:01pm (UTC)

315 views17:04

Bugpoint

Reflected XSS due to vulnerable version of sockjs

👉 https://hackerone.com/reports/1100326

🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Automattic
🔹 Reported By: #chip_sec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 5:38pm (UTC)

342 views17:40

Bugpoint

com.nextcloud.client bypass the protection lock in andoid app v 3.18.1 latest version.

👉 https://hackerone.com/reports/1450368

🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #dashingjaved
🔹 State: 🟢 Resolved
🔹 Disclosed: April 30, 2022, 11:56am (UTC)

348 views11:58

Bugpoint

Enumerate class codes via yahoo dork - Can access any course under teacher - Sensitive information leaked

👉 https://hackerone.com/reports/1514356

🔹 Severity: High
🔹 Reported To: Khan Academy
🔹 Reported By: #bughunterpol
🔹 State: 🟢 Resolved
🔹 Disclosed: May 1, 2022, 6:05pm (UTC)

333 views18:08

Bugpoint

XSS at videostore.mtnonline.com/GL/*.aspx via all parameters

👉 https://hackerone.com/reports/1244731

🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 1, 2022, 9:20pm (UTC)

331 views21:22

Bugpoint

XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload}

👉 https://hackerone.com/reports/1244722

🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 1, 2022, 9:20pm (UTC)

355 views21:22

Bugpoint

Self-DoS due to template injection via email field in password reset form on access.acronis.com

👉 https://hackerone.com/reports/1265344

🔹 Severity: No Rating
🔹 Reported To: Acronis
🔹 Reported By: #sudo_bash
🔹 State: ⚪️ Informative
🔹 Disclosed: May 3, 2022, 6:41am (UTC)

343 views06:44

Bugpoint

Blind XSS via Feedback form.

👉 https://hackerone.com/reports/1339034

🔹 Severity: High | 💰 1,250 USD
🔹 Reported To: Judge.me
🔹 Reported By: #b3hlull
🔹 State: 🟢 Resolved
🔹 Disclosed: May 3, 2022, 9:36am (UTC)

356 views09:38

About

Blog

Apps

Platform