SQL injection in URL path processing on www.ibm.com
👉 https://hackerone.com/reports/1527284
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #asterite
🔹 State: 🟢 Resolved
🔹 Disclosed: May 6, 2022, 6:37pm (UTC)
👉 https://hackerone.com/reports/1527284
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #asterite
🔹 State: 🟢 Resolved
🔹 Disclosed: May 6, 2022, 6:37pm (UTC)
🔥1
Multiple IDORs in family pairing api
👉 https://hackerone.com/reports/1286332
🔹 Severity: High | 💰 7,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #s3c
🔹 State: 🟢 Resolved
🔹 Disclosed: May 6, 2022, 9:18pm (UTC)
👉 https://hackerone.com/reports/1286332
🔹 Severity: High | 💰 7,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #s3c
🔹 State: 🟢 Resolved
🔹 Disclosed: May 6, 2022, 9:18pm (UTC)
🔥2👍1
Reflected xss in https://sh.reddit.com
👉 https://hackerone.com/reports/1549206
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #abhiramsita
🔹 State: 🟢 Resolved
🔹 Disclosed: May 8, 2022, 7:36am (UTC)
👉 https://hackerone.com/reports/1549206
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #abhiramsita
🔹 State: 🟢 Resolved
🔹 Disclosed: May 8, 2022, 7:36am (UTC)
🔥5👍2
Slowvote and Countdown can cause Denial of Service due to recursive inclusion
👉 https://hackerone.com/reports/1563142
🔹 Severity: No Rating
🔹 Reported To: Phabricator
🔹 Reported By: #dyls
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2022, 6:37pm (UTC)
👉 https://hackerone.com/reports/1563142
🔹 Severity: No Rating
🔹 Reported To: Phabricator
🔹 Reported By: #dyls
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2022, 6:37pm (UTC)
Global default settings page is accessible to non-administrators
👉 https://hackerone.com/reports/1563139
🔹 Severity: No Rating | 💰 300 USD
🔹 Reported To: Phabricator
🔹 Reported By: #dyls
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2022, 10:25pm (UTC)
👉 https://hackerone.com/reports/1563139
🔹 Severity: No Rating | 💰 300 USD
🔹 Reported To: Phabricator
🔹 Reported By: #dyls
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2022, 10:25pm (UTC)
Misconfigured Rate Limit in Sending Notifications to the Victims Phone Via the Endpoint " /faxes/inbox "
👉 https://hackerone.com/reports/1482919
🔹 Severity: Medium
🔹 Reported To: Alohi
🔹 Reported By: #shamim_12__
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2022, 9:14am (UTC)
👉 https://hackerone.com/reports/1482919
🔹 Severity: Medium
🔹 Reported To: Alohi
🔹 Reported By: #shamim_12__
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2022, 9:14am (UTC)
👍1
Certificate authentication re-use on redirect
👉 https://hackerone.com/reports/1563061
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🔴 N/A
🔹 Disclosed: May 11, 2022, 6:48am (UTC)
👉 https://hackerone.com/reports/1563061
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🔴 N/A
🔹 Disclosed: May 11, 2022, 6:48am (UTC)
CVE-2022-27778: curl removes wrong file on error
👉 https://hackerone.com/reports/1553598
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 7:23am (UTC)
👉 https://hackerone.com/reports/1553598
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 7:23am (UTC)
CVE-2022-27779: cookie for trailing dot TLD
👉 https://hackerone.com/reports/1553301
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 7:59am (UTC)
👉 https://hackerone.com/reports/1553301
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 7:59am (UTC)
Account takeover via Google OneTap
👉 https://hackerone.com/reports/671406
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Priceline
🔹 Reported By: #badca7
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 9:37am (UTC)
👉 https://hackerone.com/reports/671406
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Priceline
🔹 Reported By: #badca7
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 9:37am (UTC)
CVE-2022-27782: TLS and SSH connection too eager reuse
👉 https://hackerone.com/reports/1555796
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 12:40pm (UTC)
👉 https://hackerone.com/reports/1555796
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 12:40pm (UTC)
SQL injextion via vulnerable doctrine/dbal version
👉 https://hackerone.com/reports/1390331
🔹 Severity: High
🔹 Reported To: Nextcloud
🔹 Reported By: #nickvergessen
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 2:08pm (UTC)
👉 https://hackerone.com/reports/1390331
🔹 Severity: High
🔹 Reported To: Nextcloud
🔹 Reported By: #nickvergessen
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 2:08pm (UTC)
CVE-2022-27780: percent-encoded path separator in URL host
👉 https://hackerone.com/reports/1553841
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 3:33pm (UTC)
👉 https://hackerone.com/reports/1553841
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 3:33pm (UTC)
👍1
CVE-2022-30115: HSTS bypass via trailing dot
👉 https://hackerone.com/reports/1557449
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 3:33pm (UTC)
👉 https://hackerone.com/reports/1557449
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 3:33pm (UTC)
Remote kernel heap overflow
👉 https://hackerone.com/reports/1350653
🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #m00nbsd
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 6:09pm (UTC)
👉 https://hackerone.com/reports/1350653
🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #m00nbsd
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 6:09pm (UTC)
👍2🔥2👏2❤1
Storage of old passwords in plain text format
👉 https://hackerone.com/reports/1549217
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Recorded Future
🔹 Reported By: #subuganz
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 1:06pm (UTC)
👉 https://hackerone.com/reports/1549217
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Recorded Future
🔹 Reported By: #subuganz
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 1:06pm (UTC)
SQL Injection on █████
👉 https://hackerone.com/reports/277380
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cdl
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 7:57pm (UTC)
👉 https://hackerone.com/reports/277380
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cdl
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 7:57pm (UTC)
SQL Injection on https://████████/
👉 https://hackerone.com/reports/232378
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cdl
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 7:59pm (UTC)
👉 https://hackerone.com/reports/232378
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cdl
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 7:59pm (UTC)
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion
👉 https://hackerone.com/reports/1555025
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:00pm (UTC)
👉 https://hackerone.com/reports/1555025
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:00pm (UTC)
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion
👉 https://hackerone.com/reports/1555027
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:01pm (UTC)
👉 https://hackerone.com/reports/1555027
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:01pm (UTC)
[CVE-2020-3452] Unauthenticated file read in Cisco ASA
👉 https://hackerone.com/reports/1555021
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:02pm (UTC)
👉 https://hackerone.com/reports/1555021
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:02pm (UTC)