Reflected XSS on https://wwwapps.ups.com/ctc/request?loc=
👉 https://hackerone.com/reports/1536461
🔹 Severity: Medium
🔹 Reported To: UPS VDP
🔹 Reported By: #3amoura
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2022, 12:03pm (UTC)
👉 https://hackerone.com/reports/1536461
🔹 Severity: Medium
🔹 Reported To: UPS VDP
🔹 Reported By: #3amoura
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2022, 12:03pm (UTC)
Reflected Cross site Scripting (XSS) on https://one.newrelic.com
👉 https://hackerone.com/reports/1367642
🔹 Severity: High | 💰 2,048 USD
🔹 Reported To: New Relic
🔹 Reported By: #sairanga
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2022, 1:55pm (UTC)
👉 https://hackerone.com/reports/1367642
🔹 Severity: High | 💰 2,048 USD
🔹 Reported To: New Relic
🔹 Reported By: #sairanga
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2022, 1:55pm (UTC)
Exposure of a valid Gitlab-Workhorse JWT leading to various bad things
👉 https://hackerone.com/reports/1040786
🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #ledz1996
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2022, 4:28pm (UTC)
👉 https://hackerone.com/reports/1040786
🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #ledz1996
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2022, 4:28pm (UTC)
👍3
SSRF via Office file thumbnails
👉 https://hackerone.com/reports/671935
🔹 Severity: Critical | 💰 4,000 USD
🔹 Reported To: Slack
🔹 Reported By: #ziot
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2022, 6:40pm (UTC)
👉 https://hackerone.com/reports/671935
🔹 Severity: Critical | 💰 4,000 USD
🔹 Reported To: Slack
🔹 Reported By: #ziot
🔹 State: 🟢 Resolved
🔹 Disclosed: July 5, 2022, 6:40pm (UTC)
👏3
Blind User-Agent SQL Injection to Blind Remote OS Command Execution at █████████
👉 https://hackerone.com/reports/1339430
🔹 Severity: Critical
🔹 Reported To: Sony
🔹 Reported By: #echidonut
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2022, 5:44pm (UTC)
👉 https://hackerone.com/reports/1339430
🔹 Severity: Critical
🔹 Reported To: Sony
🔹 Reported By: #echidonut
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2022, 5:44pm (UTC)
Ownership check missing when updating or deleting attachments
👉 https://hackerone.com/reports/1579820
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2022, 5:50pm (UTC)
👉 https://hackerone.com/reports/1579820
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2022, 5:50pm (UTC)
Privilege escalation possible in dovecot when similar passdbs are used
👉 https://hackerone.com/reports/1561579
🔹 Severity: Medium | 💰 900 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #julezman
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2022, 10:41pm (UTC)
👉 https://hackerone.com/reports/1561579
🔹 Severity: Medium | 💰 900 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #julezman
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2022, 10:41pm (UTC)
Stack Buffer Overflow via `gmp_sprintf`in `BLSSignature` and `BLSSigShare`
👉 https://hackerone.com/reports/1546935
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: SKALE Network
🔹 Reported By: #voiddy
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 12:17am (UTC)
👉 https://hackerone.com/reports/1546935
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: SKALE Network
🔹 Reported By: #voiddy
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 12:17am (UTC)
Remote denial of service in HyperLedger Fabric
👉 https://hackerone.com/reports/1604951
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #fatal0
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 11:55am (UTC)
👉 https://hackerone.com/reports/1604951
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #fatal0
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 11:55am (UTC)
Brute force of a current password on a disable 2fa leads to guess password and disable 2fa.
👉 https://hackerone.com/reports/1465277
🔹 Severity: No Rating
🔹 Reported To: Omise
🔹 Reported By: #sachinrajput
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 4:35pm (UTC)
👉 https://hackerone.com/reports/1465277
🔹 Severity: No Rating
🔹 Reported To: Omise
🔹 Reported By: #sachinrajput
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 4:35pm (UTC)
HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding
👉 https://hackerone.com/reports/1501679
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:26pm (UTC)
👉 https://hackerone.com/reports/1501679
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:26pm (UTC)
HTTP Request Smuggling Due To Improper Delimiting of Header Fields
👉 https://hackerone.com/reports/1524692
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:26pm (UTC)
👉 https://hackerone.com/reports/1524692
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:26pm (UTC)
HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding
👉 https://hackerone.com/reports/1524555
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:28pm (UTC)
👉 https://hackerone.com/reports/1524555
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:28pm (UTC)
Clickjacking Vulnerability In Whole Page Ads Tiktok
👉 https://hackerone.com/reports/1418857
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #rioncool22
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 11:18pm (UTC)
👉 https://hackerone.com/reports/1418857
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #rioncool22
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 11:18pm (UTC)
Exposed valid AWS, Mysql, Sendgrid and other secrets
👉 https://hackerone.com/reports/1580567
🔹 Severity: Critical
🔹 Reported To: Glovo
🔹 Reported By: #mehdisadir
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2022, 3:48pm (UTC)
👉 https://hackerone.com/reports/1580567
🔹 Severity: Critical
🔹 Reported To: Glovo
🔹 Reported By: #mehdisadir
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2022, 3:48pm (UTC)
Open Redirect through POST Request in www.redditinc.com
👉 https://hackerone.com/reports/1310230
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #kratul
🔹 State: ⚪️ Informative
🔹 Disclosed: July 8, 2022, 7:02pm (UTC)
👉 https://hackerone.com/reports/1310230
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #kratul
🔹 State: ⚪️ Informative
🔹 Disclosed: July 8, 2022, 7:02pm (UTC)
Unauthorized packages modification or secrets exfiltration via GitHub actions
👉 https://hackerone.com/reports/1548870
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #dusty_wormwood
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2022, 7:51pm (UTC)
👉 https://hackerone.com/reports/1548870
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #dusty_wormwood
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2022, 7:51pm (UTC)
👍1
Read beyond bounds in ap_strcmp_match() [zhbug_httpd_47.7]
👉 https://hackerone.com/reports/1595281
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:39pm (UTC)
👉 https://hackerone.com/reports/1595281
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:39pm (UTC)
Controllable read beyond bounds in lua_websocket_readbytes() [zhbug_httpd_126]
👉 https://hackerone.com/reports/1595290
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:45pm (UTC)
👉 https://hackerone.com/reports/1595290
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:45pm (UTC)
👍1
Read beyond bounds in mod_isapi.c [zhbug_httpd_41]
👉 https://hackerone.com/reports/1595296
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:50pm (UTC)
👉 https://hackerone.com/reports/1595296
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:50pm (UTC)
Read beyond bounds via ap_rwrite() [zhbug_httpd_47.2]
👉 https://hackerone.com/reports/1595299
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:54pm (UTC)
👉 https://hackerone.com/reports/1595299
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:54pm (UTC)