CVE-2020-3187 - Unauthenticated Arbitrary File Deletion
👉 https://hackerone.com/reports/1555027
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:01pm (UTC)
👉 https://hackerone.com/reports/1555027
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:01pm (UTC)
[CVE-2020-3452] Unauthenticated file read in Cisco ASA
👉 https://hackerone.com/reports/1555021
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:02pm (UTC)
👉 https://hackerone.com/reports/1555021
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:02pm (UTC)
[CVE-2020-3452] Unauthenticated file read in Cisco ASA
👉 https://hackerone.com/reports/1555015
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:03pm (UTC)
👉 https://hackerone.com/reports/1555015
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ghostxsec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:03pm (UTC)
CVE-2022-27782: TLS and SSH connection too eager reuse
👉 https://hackerone.com/reports/1565624
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:31pm (UTC)
👉 https://hackerone.com/reports/1565624
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:31pm (UTC)
CVE-2022-27778: curl removes wrong file on error
👉 https://hackerone.com/reports/1565623
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:32pm (UTC)
👉 https://hackerone.com/reports/1565623
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2022, 8:32pm (UTC)
[Java]: CWE-321 - Query to detect hardcoded JWT secret keys
👉 https://hackerone.com/reports/1567588
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:30am (UTC)
👉 https://hackerone.com/reports/1567588
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:30am (UTC)
[CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
👉 https://hackerone.com/reports/1564100
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:31am (UTC)
👉 https://hackerone.com/reports/1564100
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:31am (UTC)
[Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications
👉 https://hackerone.com/reports/1564099
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:31am (UTC)
👉 https://hackerone.com/reports/1564099
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:31am (UTC)
[CPP]: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf
👉 https://hackerone.com/reports/1549073
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:31am (UTC)
👉 https://hackerone.com/reports/1549073
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:31am (UTC)
[Java] CWE-016: Query to detect insecure configuration of Spring Boot Actuator
👉 https://hackerone.com/reports/1137966
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:32am (UTC)
👉 https://hackerone.com/reports/1137966
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2022, 12:32am (UTC)
Cookie injection from non-secure context
👉 https://hackerone.com/reports/1560324
🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🔴 N/A
🔹 Disclosed: May 13, 2022, 6:44am (UTC)
👉 https://hackerone.com/reports/1560324
🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🔴 N/A
🔹 Disclosed: May 13, 2022, 6:44am (UTC)
Memory leak in CURLOPT_XOAUTH2_BEARER
👉 https://hackerone.com/reports/1567257
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #pappacoda
🔹 State: ⚪️ Informative
🔹 Disclosed: May 13, 2022, 7:51am (UTC)
👉 https://hackerone.com/reports/1567257
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #pappacoda
🔹 State: ⚪️ Informative
🔹 Disclosed: May 13, 2022, 7:51am (UTC)
error parse uri path in curl
👉 https://hackerone.com/reports/1566462
🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #iylz
🔹 State: 🔴 N/A
🔹 Disclosed: May 13, 2022, 8:34pm (UTC)
👉 https://hackerone.com/reports/1566462
🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #iylz
🔹 State: 🔴 N/A
🔹 Disclosed: May 13, 2022, 8:34pm (UTC)
Download full backup [Mtn.co.rw]
👉 https://hackerone.com/reports/1516520
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimatix0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 9:54am (UTC)
👉 https://hackerone.com/reports/1516520
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimatix0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 9:54am (UTC)
Public Postman Api Collection Leaks Internal access to https://assets-paris-dev.codefi.network/
👉 https://hackerone.com/reports/1523651
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Consensys
🔹 Reported By: #polem4rch
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 1:44pm (UTC)
👉 https://hackerone.com/reports/1523651
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Consensys
🔹 Reported By: #polem4rch
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 1:44pm (UTC)
Disclose customer orders details by shopify chat application.
👉 https://hackerone.com/reports/968165
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #zambo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 2:33pm (UTC)
👉 https://hackerone.com/reports/968165
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #zambo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 2:33pm (UTC)
Disclose STUFF member name and make actions.
👉 https://hackerone.com/reports/968174
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #zambo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 2:34pm (UTC)
👉 https://hackerone.com/reports/968174
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #zambo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2022, 2:34pm (UTC)
Credential leak on redirect
👉 https://hackerone.com/reports/1568175
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #iylz
🔹 State: 🔴 N/A
🔹 Disclosed: May 14, 2022, 4:06pm (UTC)
👉 https://hackerone.com/reports/1568175
🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #iylz
🔹 State: 🔴 N/A
🔹 Disclosed: May 14, 2022, 4:06pm (UTC)
Origin IP found, WAF Cloudflare Bypass
👉 https://hackerone.com/reports/1536299
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: SMTP2GO BBP
🔹 Reported By: #mrrobot2050
🔹 State: 🟢 Resolved
🔹 Disclosed: May 15, 2022, 10:20am (UTC)
👉 https://hackerone.com/reports/1536299
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: SMTP2GO BBP
🔹 Reported By: #mrrobot2050
🔹 State: 🟢 Resolved
🔹 Disclosed: May 15, 2022, 10:20am (UTC)
HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences in the concat() function
👉 https://hackerone.com/reports/1478633
🔹 Severity: Critical | 💰 6,000 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #albertspedersen
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 8:57am (UTC)
👉 https://hackerone.com/reports/1478633
🔹 Severity: Critical | 💰 6,000 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #albertspedersen
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 8:57am (UTC)
CVE-2022-27781: CERTINFO never-ending busy-loop
👉 https://hackerone.com/reports/1555441
🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #sybr
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 9:01am (UTC)
👉 https://hackerone.com/reports/1555441
🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #sybr
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 9:01am (UTC)