Security misconfiguration
👉 https://hackerone.com/reports/1486327
🔹 Severity: High
🔹 Reported To: lemlist
🔹 Reported By: #mr23r0
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 9:41am (UTC)
👉 https://hackerone.com/reports/1486327
🔹 Severity: High
🔹 Reported To: lemlist
🔹 Reported By: #mr23r0
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 9:41am (UTC)
Site information's Display Name section vulnerable for XSS attacks and HTML Injections.
👉 https://hackerone.com/reports/1554888
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Automattic
🔹 Reported By: #sawrav-chowdhury
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 1:59pm (UTC)
👉 https://hackerone.com/reports/1554888
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Automattic
🔹 Reported By: #sawrav-chowdhury
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 1:59pm (UTC)
Privilege Escalation on TikTok for Business
👉 https://hackerone.com/reports/1505567
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #naaash
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 8:06pm (UTC)
👉 https://hackerone.com/reports/1505567
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #naaash
🔹 State: 🟢 Resolved
🔹 Disclosed: May 16, 2022, 8:06pm (UTC)
👍1
[app.lemlist.com] Improper handling of payment lead to bypass payment
👉 https://hackerone.com/reports/1420697
🔹 Severity: High
🔹 Reported To: lemlist
🔹 Reported By: #omarelfarsaoui
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2022, 8:54am (UTC)
👉 https://hackerone.com/reports/1420697
🔹 Severity: High
🔹 Reported To: lemlist
🔹 Reported By: #omarelfarsaoui
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2022, 8:54am (UTC)
Integer overflow vulnerability
👉 https://hackerone.com/reports/1562515
🔹 Severity: Critical
🔹 Reported To: Glovo
🔹 Reported By: #0f1c3r
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2022, 1:46pm (UTC)
👉 https://hackerone.com/reports/1562515
🔹 Severity: Critical
🔹 Reported To: Glovo
🔹 Reported By: #0f1c3r
🔹 State: 🟢 Resolved
🔹 Disclosed: May 17, 2022, 1:46pm (UTC)
Conduit feed.publish API allows you to spoof other users or make it look like you have access to a restricted object
👉 https://hackerone.com/reports/1566325
🔹 Severity: No Rating | 💰 300 USD
🔹 Reported To: Phabricator
🔹 Reported By: #dyls
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2022, 12:14pm (UTC)
👉 https://hackerone.com/reports/1566325
🔹 Severity: No Rating | 💰 300 USD
🔹 Reported To: Phabricator
🔹 Reported By: #dyls
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2022, 12:14pm (UTC)
Bypass global deny-lists by wrapping domains using "[]" in https://github.com/stripe/smokescreen
👉 https://hackerone.com/reports/1528242
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Stripe
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2022, 6:59pm (UTC)
👉 https://hackerone.com/reports/1528242
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Stripe
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 18, 2022, 6:59pm (UTC)
XSS and iframe injection on tiktok ads portal using redirect params
👉 https://hackerone.com/reports/1514554
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #cancerz
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 2:49am (UTC)
👉 https://hackerone.com/reports/1514554
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #cancerz
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 2:49am (UTC)
Email html Injection
👉 https://hackerone.com/reports/1461194
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Slack
🔹 Reported By: #smitgharat0001
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 1:03pm (UTC)
👉 https://hackerone.com/reports/1461194
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Slack
🔹 Reported By: #smitgharat0001
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 1:03pm (UTC)
👍2
Stored XSS in repository file viewer
👉 https://hackerone.com/reports/1072868
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #kannthu
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 3:19pm (UTC)
👉 https://hackerone.com/reports/1072868
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #kannthu
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 3:19pm (UTC)
8x8pilot.com: Reflected XSS in Apache Tomcat /jsp-examples example directory
👉 https://hackerone.com/reports/1400357
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #huntinex
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 5:01pm (UTC)
👉 https://hackerone.com/reports/1400357
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #huntinex
🔹 State: 🟢 Resolved
🔹 Disclosed: May 19, 2022, 5:01pm (UTC)
Sensitive files/ data exists post deletion of user account
👉 https://hackerone.com/reports/1222873
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #geekysherlock
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 9:25am (UTC)
👉 https://hackerone.com/reports/1222873
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #geekysherlock
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 9:25am (UTC)
👍2
Nextcloud Deck : Possibility for anyone to add a stack with existing tasks on anyone's board
👉 https://hackerone.com/reports/1450117
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #supr4s
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 10:37am (UTC)
👉 https://hackerone.com/reports/1450117
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #supr4s
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 10:37am (UTC)
Error in Deleting Deck cards attachment reveals the full path of the website
👉 https://hackerone.com/reports/1354334
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #ctulhu
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 2:04pm (UTC)
👉 https://hackerone.com/reports/1354334
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #ctulhu
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 2:04pm (UTC)
Arbitrary POST request as victim user from HTML injection in Jupyter notebooks
👉 https://hackerone.com/reports/1409788
🔹 Severity: High | 💰 8,690 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 2:32pm (UTC)
👉 https://hackerone.com/reports/1409788
🔹 Severity: High | 💰 8,690 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 2:32pm (UTC)
👍2
Clickjacking at app.lemlist.com
👉 https://hackerone.com/reports/1574017
🔹 Severity: High
🔹 Reported To: lemlist
🔹 Reported By: #ondermedia
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 3:04pm (UTC)
👉 https://hackerone.com/reports/1574017
🔹 Severity: High
🔹 Reported To: lemlist
🔹 Reported By: #ondermedia
🔹 State: 🟢 Resolved
🔹 Disclosed: May 20, 2022, 3:04pm (UTC)
👍1
Possible Domain Takeover on AWS Instance.
👉 https://hackerone.com/reports/1390782
🔹 Severity: Low
🔹 Reported To: Rocket.Chat
🔹 Reported By: #samuelsiv
🔹 State: 🟢 Resolved
🔹 Disclosed: May 22, 2022, 8:18pm (UTC)
👉 https://hackerone.com/reports/1390782
🔹 Severity: Low
🔹 Reported To: Rocket.Chat
🔹 Reported By: #samuelsiv
🔹 State: 🟢 Resolved
🔹 Disclosed: May 22, 2022, 8:18pm (UTC)
👍1
Email Verification Bypass by bruteforcing when setting up 2FA
👉 https://hackerone.com/reports/1394984
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Evernote
🔹 Reported By: #cyberworlcload
🔹 State: 🟢 Resolved
🔹 Disclosed: May 22, 2022, 9:41pm (UTC)
👉 https://hackerone.com/reports/1394984
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Evernote
🔹 Reported By: #cyberworlcload
🔹 State: 🟢 Resolved
🔹 Disclosed: May 22, 2022, 9:41pm (UTC)
[Java]: Flow sources and steps for JMS and RabbitMQ
👉 https://hackerone.com/reports/1579235
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2022, 8:45pm (UTC)
👉 https://hackerone.com/reports/1579235
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2022, 8:45pm (UTC)
[python]: Zip Slip Vulnerability
👉 https://hackerone.com/reports/1572496
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #farid_hunter
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2022, 8:46pm (UTC)
👉 https://hackerone.com/reports/1572496
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #farid_hunter
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2022, 8:46pm (UTC)
❤2
Stored XSS in photos_user_map.gne
👉 https://hackerone.com/reports/1534636
🔹 Severity: High | 💰 3,263 USD
🔹 Reported To: Flickr
🔹 Reported By: #keer0k
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2022, 11:21pm (UTC)
👉 https://hackerone.com/reports/1534636
🔹 Severity: High | 💰 3,263 USD
🔹 Reported To: Flickr
🔹 Reported By: #keer0k
🔹 State: 🟢 Resolved
🔹 Disclosed: May 23, 2022, 11:21pm (UTC)