XSS by clicking Jira's link
👉 https://hackerone.com/reports/1194254
🔹 Severity: Medium | 💰 1,130 USD
🔹 Reported To: GitLab
🔹 Reported By: #ooooooo_q
🔹 State: 🟢 Resolved
🔹 Disclosed: June 8, 2022, 2:07pm (UTC)
👉 https://hackerone.com/reports/1194254
🔹 Severity: Medium | 💰 1,130 USD
🔹 Reported To: GitLab
🔹 Reported By: #ooooooo_q
🔹 State: 🟢 Resolved
🔹 Disclosed: June 8, 2022, 2:07pm (UTC)
Several Subdomains Takeover
👉 https://hackerone.com/reports/1591085
🔹 Severity: High
🔹 Reported To: Reddit
🔹 Reported By: #3amii
🔹 State: 🔴 N/A
🔹 Disclosed: June 8, 2022, 8:36pm (UTC)
👉 https://hackerone.com/reports/1591085
🔹 Severity: High
🔹 Reported To: Reddit
🔹 Reported By: #3amii
🔹 State: 🔴 N/A
🔹 Disclosed: June 8, 2022, 8:36pm (UTC)
match
👉 https://hackerone.com/reports/1555440
🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #maslahhunter
🔹 State: 🔴 N/A
🔹 Disclosed: June 9, 2022, 7:09am (UTC)
👉 https://hackerone.com/reports/1555440
🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #maslahhunter
🔹 State: 🔴 N/A
🔹 Disclosed: June 9, 2022, 7:09am (UTC)
Integer overflows in unescape_word()
👉 https://hackerone.com/reports/1564922
🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #ddme
🔹 State: 🔴 N/A
🔹 Disclosed: June 9, 2022, 7:10am (UTC)
👉 https://hackerone.com/reports/1564922
🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #ddme
🔹 State: 🔴 N/A
🔹 Disclosed: June 9, 2022, 7:10am (UTC)
Moderator can enable cam/mic remotely if cam/mic-permission was disabled while user has activated cam/mic
👉 https://hackerone.com/reports/1520685
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #michag86
🔹 State: 🟢 Resolved
🔹 Disclosed: June 9, 2022, 12:42pm (UTC)
👉 https://hackerone.com/reports/1520685
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #michag86
🔹 State: 🟢 Resolved
🔹 Disclosed: June 9, 2022, 12:42pm (UTC)
RXSS on █████████
👉 https://hackerone.com/reports/1555582
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #tmz900
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2022, 2:44pm (UTC)
👉 https://hackerone.com/reports/1555582
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #tmz900
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2022, 2:44pm (UTC)
bd-j exploit chain
👉 https://hackerone.com/reports/1379975
🔹 Severity: High | 💰 20,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #theflow0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2022, 8:26pm (UTC)
👉 https://hackerone.com/reports/1379975
🔹 Severity: High | 💰 20,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #theflow0
🔹 State: 🟢 Resolved
🔹 Disclosed: June 10, 2022, 8:26pm (UTC)
👏3
Email address disclosure via invite token validatiion
👉 https://hackerone.com/reports/1560072
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: TikTok
🔹 Reported By: #noob_but_cut3
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 12:28am (UTC)
👉 https://hackerone.com/reports/1560072
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: TikTok
🔹 Reported By: #noob_but_cut3
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 12:28am (UTC)
disclosure the live_analytics information of any livestream.
👉 https://hackerone.com/reports/1561299
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #datph4m
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 12:33am (UTC)
👉 https://hackerone.com/reports/1561299
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #datph4m
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 12:33am (UTC)
CVE-2022-27779: cookie for trailing dot TLD
👉 https://hackerone.com/reports/1565615
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 6:58pm (UTC)
👉 https://hackerone.com/reports/1565615
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 6:58pm (UTC)
👍1
CVE-2022-27780: percent-encoded path separator in URL host
👉 https://hackerone.com/reports/1565619
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 6:58pm (UTC)
👉 https://hackerone.com/reports/1565619
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 6:58pm (UTC)
CVE-2022-30115: HSTS bypass via trailing dot
👉 https://hackerone.com/reports/1565622
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 6:58pm (UTC)
👉 https://hackerone.com/reports/1565622
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 6:58pm (UTC)
All user password hash can be seen from admin panel
👉 https://hackerone.com/reports/1489892
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #dark_haxor
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 11:31pm (UTC)
👉 https://hackerone.com/reports/1489892
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #dark_haxor
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 11:31pm (UTC)
👍1
lack of rate limit on athentification login page & forgot password page
👉 https://hackerone.com/reports/1591764
🔹 Severity: Medium
🔹 Reported To: Showmax
🔹 Reported By: #saidkira
🔹 State: ⚪️ Informative
🔹 Disclosed: June 13, 2022, 7:09am (UTC)
👉 https://hackerone.com/reports/1591764
🔹 Severity: Medium
🔹 Reported To: Showmax
🔹 Reported By: #saidkira
🔹 State: ⚪️ Informative
🔹 Disclosed: June 13, 2022, 7:09am (UTC)
Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag
👉 https://hackerone.com/reports/1530898
🔹 Severity: Medium
🔹 Reported To: Ruby on Rails
🔹 Reported By: #windshock
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 3:49am (UTC)
👉 https://hackerone.com/reports/1530898
🔹 Severity: Medium
🔹 Reported To: Ruby on Rails
🔹 Reported By: #windshock
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 3:49am (UTC)
Reflected Cross Site Scripting at http://www.grouplogic.com/files/glidownload/verify3.asp [Uppercase Filter Bypass]
👉 https://hackerone.com/reports/1167034
🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #ub3rsick
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:20am (UTC)
👉 https://hackerone.com/reports/1167034
🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #ub3rsick
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:20am (UTC)
Reflected Cross Site Scripting at ColdFusion Debugging Panel http://www.grouplogic.com/CFIDE/debug/cf_debugFr.cfm
👉 https://hackerone.com/reports/1166918
🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #ub3rsick
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:20am (UTC)
👉 https://hackerone.com/reports/1166918
🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #ub3rsick
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:20am (UTC)
HTML Injection in E-mail
👉 https://hackerone.com/reports/1536899
🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #mega7
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:21am (UTC)
👉 https://hackerone.com/reports/1536899
🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #mega7
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:21am (UTC)
Hyper Link Injection while signup
👉 https://hackerone.com/reports/1166073
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #011alsanosi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 10:04am (UTC)
👉 https://hackerone.com/reports/1166073
🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #011alsanosi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 10:04am (UTC)
CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory
👉 https://hackerone.com/reports/1582697
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 2:57pm (UTC)
👉 https://hackerone.com/reports/1582697
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 2:57pm (UTC)
Golang : Hardcoded secret used for signing JWT
👉 https://hackerone.com/reports/1595009
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 2:58pm (UTC)
👉 https://hackerone.com/reports/1595009
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 2:58pm (UTC)