Bugpoint – Telegram
Bugpoint
@bugpoint
1.06K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.06K subscribers
Bugpoint
CVE-2022-27780: percent-encoded path separator in URL host

👉 https://hackerone.com/reports/1565619

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 6:58pm (UTC)
347 views
Bugpoint
CVE-2022-30115: HSTS bypass via trailing dot

👉 https://hackerone.com/reports/1565622

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 6:58pm (UTC)
357 views
Bugpoint
All user password hash can be seen from admin panel

👉 https://hackerone.com/reports/1489892

🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #dark_haxor
🔹 State: 🟢 Resolved
🔹 Disclosed: June 11, 2022, 11:31pm (UTC)
👍1
374 views
Bugpoint
lack of rate limit on athentification login page & forgot password page

👉 https://hackerone.com/reports/1591764

🔹 Severity: Medium
🔹 Reported To: Showmax
🔹 Reported By: #saidkira
🔹 State: ⚪️ Informative
🔹 Disclosed: June 13, 2022, 7:09am (UTC)
354 views
Bugpoint
Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag

👉 https://hackerone.com/reports/1530898

🔹 Severity: Medium
🔹 Reported To: Ruby on Rails
🔹 Reported By: #windshock
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 3:49am (UTC)
351 views
Bugpoint
Reflected Cross Site Scripting at http://www.grouplogic.com/files/glidownload/verify3.asp [Uppercase Filter Bypass]

👉 https://hackerone.com/reports/1167034

🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #ub3rsick
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:20am (UTC)
316 views
Bugpoint
Reflected Cross Site Scripting at ColdFusion Debugging Panel http://www.grouplogic.com/CFIDE/debug/cf_debugFr.cfm

👉 https://hackerone.com/reports/1166918

🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #ub3rsick
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:20am (UTC)
321 views
Bugpoint
HTML Injection in E-mail

👉 https://hackerone.com/reports/1536899

🔹 Severity: Low
🔹 Reported To: Acronis
🔹 Reported By: #mega7
🔹 State: 🟢 Resolved
🔹 Disclosed: June 14, 2022, 10:21am (UTC)
322 views
Bugpoint
Hyper Link Injection while signup

👉 https://hackerone.com/reports/1166073

🔹 Severity: Low
🔹 Reported To: UPchieve
🔹 Reported By: #011alsanosi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 10:04am (UTC)
299 views
Bugpoint
CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory

👉 https://hackerone.com/reports/1582697

🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 2:57pm (UTC)
296 views
Bugpoint
Golang : Hardcoded secret used for signing JWT

👉 https://hackerone.com/reports/1595009

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 2:58pm (UTC)
283 views
Bugpoint
Golang : Add Query To Detect PAM Authorization Bugs

👉 https://hackerone.com/reports/1597437

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 2:58pm (UTC)
284 views
Bugpoint
The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su

👉 https://hackerone.com/reports/1591504

🔹 Severity: Medium
🔹 Reported To: LinkedIn
🔹 Reported By: #suryasnn
🔹 State: 🔴 N/A
🔹 Disclosed: June 15, 2022, 6:18pm (UTC)
277 views
Bugpoint
Remote 0click exfiltration of Safari user's IP address

👉 https://hackerone.com/reports/1392211

🔹 Severity: Medium | 💰 560 USD
🔹 Reported To: Twitter
🔹 Reported By: #max2x
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 8:00pm (UTC)
305 views
Bugpoint
Delete direct message history without access the proper conversation_id

👉 https://hackerone.com/reports/1487804

🔹 Severity: Medium | 💰 560 USD
🔹 Reported To: Twitter
🔹 Reported By: #saiful6601
🔹 State: 🟢 Resolved
🔹 Disclosed: June 15, 2022, 8:01pm (UTC)
314 views
Bugpoint
Rate limit Bypass on contact-us through IP Rotator (burp extension)(https://www.linkedin.com/help/linkedin/solve/contact)

👉 https://hackerone.com/reports/1578121

🔹 Severity: No Rating
🔹 Reported To: LinkedIn
🔹 Reported By: #sachinrajput
🔹 State: 🔴 N/A
🔹 Disclosed: June 15, 2022, 9:10pm (UTC)
331 views
Bugpoint
XSS STORED at https://webcast.tiktokv.com/ Via Create Live Event in `Denoscription` Form

👉 https://hackerone.com/reports/1542703

🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #aidilarf_2000
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2022, 1:58am (UTC)
341 views
Bugpoint
CSRF (protection bypassed) to force a below 18 user into viewing an nsfw subreddit !

👉 https://hackerone.com/reports/1480569

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #marvelmaniac
🔹 State: 🟢 Resolved
🔹 Disclosed: June 16, 2022, 4:27am (UTC)
356 views
Bugpoint
curl "globbing" can lead to denial of service attacks

👉 https://hackerone.com/reports/1572120

🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #iylz
🔹 State: 🔴 N/A
🔹 Disclosed: June 16, 2022, 3:14pm (UTC)
338 views
Bugpoint
xmlrpc file enabled

👉 https://hackerone.com/reports/1575401

🔹 Severity: Low
🔹 Reported To: Yelp
🔹 Reported By: #happykira0x1
🔹 State: 🟤 Duplicate
🔹 Disclosed: June 16, 2022, 7:02pm (UTC)
333 views
Bugpoint
Race condition via project team member invitation system.

👉 https://hackerone.com/reports/1108291

🔹 Severity: Low | 💰 60 USD
🔹 Reported To: Enjin
🔹 Reported By: #akashhamal0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: June 17, 2022, 8:44am (UTC)
343 views