Bugpoint – Telegram
Bugpoint
@bugpoint
1.06K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.06K subscribers
Bugpoint
DoS via large console messages

👉 https://hackerone.com/reports/1243724

🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #thesecuritydev
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 7:11am (UTC)
262 views
Bugpoint
CVE-2022-22576: OAUTH2 bearer bypass in connection re-use

👉 https://hackerone.com/reports/1526328

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #monnerat
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 11:27am (UTC)
262 views
Bugpoint
OAUTH2 bearer not-checked for connection re-use

👉 https://hackerone.com/reports/1552110

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #monnerat
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 11:34am (UTC)
270 views
Bugpoint
Possibility to force an admin to install recommended applications

👉 https://hackerone.com/reports/1403614

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #igorpyan
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 11:50am (UTC)
😁1
258 views
Bugpoint
SQL INJECTION in https://████/██████████

👉 https://hackerone.com/reports/723044

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #mido0x0x
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 1:56pm (UTC)
252 views
Bugpoint
Blind SQL Injection

👉 https://hackerone.com/reports/771215

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #mido0x0x
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 1:57pm (UTC)
253 views
Bugpoint
██████████ vulnerable to CVE-2022-22954

👉 https://hackerone.com/reports/1537543

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #null_bytes
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 1:58pm (UTC)
254 views
Bugpoint
SSRF due to CVE-2021-27905 in www.████████

👉 https://hackerone.com/reports/1183472

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:00pm (UTC)
251 views
Bugpoint
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████

👉 https://hackerone.com/reports/1278977

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #njmulsqb
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:03pm (UTC)
271 views
Bugpoint
lfi in filePathDownload parameter via ███████

👉 https://hackerone.com/reports/1542734

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #exploitmsf
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:04pm (UTC)
270 views
Bugpoint
Reflected XSS [███]

👉 https://hackerone.com/reports/1309237

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:05pm (UTC)
283 views
Bugpoint
Reflected XSS [██████]

👉 https://hackerone.com/reports/1309385

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:06pm (UTC)
303 views
Bugpoint
Hardcoded AWS credentials in ███████.msi

👉 https://hackerone.com/reports/1368690

🔹 Severity: Critical
🔹 Reported To: 8x8
🔹 Reported By: #chip_sec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 5:01pm (UTC)
315 views
Bugpoint
Reflected XSS due to vulnerable version of sockjs

👉 https://hackerone.com/reports/1100326

🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Automattic
🔹 Reported By: #chip_sec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 5:38pm (UTC)
342 views
Bugpoint
com.nextcloud.client bypass the protection lock in andoid app v 3.18.1 latest version.

👉 https://hackerone.com/reports/1450368

🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #dashingjaved
🔹 State: 🟢 Resolved
🔹 Disclosed: April 30, 2022, 11:56am (UTC)
348 views
Bugpoint
Enumerate class codes via yahoo dork - Can access any course under teacher - Sensitive information leaked

👉 https://hackerone.com/reports/1514356

🔹 Severity: High
🔹 Reported To: Khan Academy
🔹 Reported By: #bughunterpol
🔹 State: 🟢 Resolved
🔹 Disclosed: May 1, 2022, 6:05pm (UTC)
333 views
Bugpoint
XSS at videostore.mtnonline.com/GL/*.aspx via all parameters

👉 https://hackerone.com/reports/1244731

🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 1, 2022, 9:20pm (UTC)
331 views
Bugpoint
XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload}

👉 https://hackerone.com/reports/1244722

🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 1, 2022, 9:20pm (UTC)
355 views
Bugpoint
Self-DoS due to template injection via email field in password reset form on access.acronis.com

👉 https://hackerone.com/reports/1265344

🔹 Severity: No Rating
🔹 Reported To: Acronis
🔹 Reported By: #sudo_bash
🔹 State: ⚪️ Informative
🔹 Disclosed: May 3, 2022, 6:41am (UTC)
343 views
Bugpoint
Blind XSS via Feedback form.

👉 https://hackerone.com/reports/1339034

🔹 Severity: High | 💰 1,250 USD
🔹 Reported To: Judge.me
🔹 Reported By: #b3hlull
🔹 State: 🟢 Resolved
🔹 Disclosed: May 3, 2022, 9:36am (UTC)
356 views
Bugpoint
URL Scheme misconfiguration on TikTok for IOS

👉 https://hackerone.com/reports/1437294

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #glassplant
🔹 State: 🟢 Resolved
🔹 Disclosed: May 4, 2022, 10:17pm (UTC)
342 views