Bugpoint – Telegram
Bugpoint
@bugpoint
1.06K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.06K subscribers
Bugpoint
CVE-2022-32208: FTP-KRB bad message verification

👉 https://hackerone.com/reports/1590071

🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 6:55am (UTC)
257 views
Bugpoint
CVE-2022-32207: Unpreserved file permissions

👉 https://hackerone.com/reports/1573634

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 6:55am (UTC)
254 views
Bugpoint
CVE-2022-32206: HTTP compression denial of service

👉 https://hackerone.com/reports/1570651

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 6:55am (UTC)
255 views
Bugpoint
CVE-2022-32205: Set-Cookie denial of service

👉 https://hackerone.com/reports/1569946

🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 6:56am (UTC)
256 views
Bugpoint
Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag

👉 https://hackerone.com/reports/1599573

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #windshock
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 11:46am (UTC)
246 views
Bugpoint
API docs expose an active token for the sample domain theburritobot.com

👉 https://hackerone.com/reports/1507412

🔹 Severity: High | 💰 500 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #sainaen
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 4:23pm (UTC)
245 views
Bugpoint
Sign in with Apple works on existing accounts, bypasses 2FA

👉 https://hackerone.com/reports/1593404

🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #mattipv4
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 4:24pm (UTC)
👍1
243 views
Bugpoint
Sign in with Apple generates long-life JWTs, seemingly irrevocable, that grant immediate access to accounts

👉 https://hackerone.com/reports/1593413

🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #mattipv4
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 4:25pm (UTC)
239 views
Bugpoint
Bypassing Cache Deception Armor using .avif extension file

👉 https://hackerone.com/reports/1391635

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 4:27pm (UTC)
250 views
Bugpoint
HTTP request smuggling with Origin Rules using newlines in the host_header action parameter

👉 https://hackerone.com/reports/1575912

🔹 Severity: Critical | 💰 3,100 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #albertspedersen
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 4:32pm (UTC)
258 views
Bugpoint
Reflected XSS via `████████` parameter

👉 https://hackerone.com/reports/1536215

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #mdakh404
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 7:23pm (UTC)
243 views
Bugpoint
Unauthorized Access to Internal Server Panel without Authentication

👉 https://hackerone.com/reports/1548067

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 7:24pm (UTC)
237 views
Bugpoint
CVE-2022-32207: Unpreserved file permissions

👉 https://hackerone.com/reports/1614331

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 7:52pm (UTC)
256 views
Bugpoint
CVE-2022-32205: Set-Cookie denial of service

👉 https://hackerone.com/reports/1614328

🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 7:53pm (UTC)
281 views
Bugpoint
CVE-2022-32206: HTTP compression denial of service

👉 https://hackerone.com/reports/1614330

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 7:53pm (UTC)
312 views
Bugpoint
CVE-2022-32208: FTP-KRB bad message verification

👉 https://hackerone.com/reports/1614332

🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 27, 2022, 8:09pm (UTC)
331 views
Bugpoint
XSS Payload on TikTok Seller Center endpoint

👉 https://hackerone.com/reports/1554048

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #aidilarf_2000
🔹 State: 🟢 Resolved
🔹 Disclosed: June 29, 2022, 1:10am (UTC)
324 views
Bugpoint
Browser is not following proper flow for redirection cause open redirect

👉 https://hackerone.com/reports/1579374

🔹 Severity: High | 💰 500 USD
🔹 Reported To: Brave Software
🔹 Reported By: #abhinavsecondary
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2022, 5:45pm (UTC)
290 views
Bugpoint
Redirecting users to malicious torrent-files/websites using WebTorrent

👉 https://hackerone.com/reports/968328

🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Brave Software
🔹 Reported By: #d3f4u17
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2022, 5:46pm (UTC)
279 views
Bugpoint
Arbitrary file download due to bad handling of Redirects in WebTorrent

👉 https://hackerone.com/reports/975514

🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Brave Software
🔹 Reported By: #d3f4u17
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2022, 5:46pm (UTC)
284 views
Bugpoint
Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS

👉 https://hackerone.com/reports/963155

🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Brave Software
🔹 Reported By: #d3f4u17
🔹 State: 🟢 Resolved
🔹 Disclosed: June 30, 2022, 5:46pm (UTC)
317 views