Can use the Reddit android app as usual even though revoking the access of it from reddit.com
👉 https://hackerone.com/reports/1632186
🔹 Severity: Critical
🔹 Reported To: Reddit
🔹 Reported By: #sateeshn
🔹 State: ⚪️ Informative
🔹 Disclosed: July 16, 2022, 11:10am (UTC)
👉 https://hackerone.com/reports/1632186
🔹 Severity: Critical
🔹 Reported To: Reddit
🔹 Reported By: #sateeshn
🔹 State: ⚪️ Informative
🔹 Disclosed: July 16, 2022, 11:10am (UTC)
Information disclosure ( Google Sales Channel )
👉 https://hackerone.com/reports/1584718
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #hydraxanon82
🔹 State: 🟢 Resolved
🔹 Disclosed: July 17, 2022, 2:10pm (UTC)
👉 https://hackerone.com/reports/1584718
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #hydraxanon82
🔹 State: 🟢 Resolved
🔹 Disclosed: July 17, 2022, 2:10pm (UTC)
Open Redirect ███.8x8.com
👉 https://hackerone.com/reports/1637571
🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #mr_k0anti
🔹 State: 🟢 Resolved
🔹 Disclosed: July 17, 2022, 11:54pm (UTC)
👉 https://hackerone.com/reports/1637571
🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #mr_k0anti
🔹 State: 🟢 Resolved
🔹 Disclosed: July 17, 2022, 11:54pm (UTC)
Public Apache Tomcat /examples example directory
👉 https://hackerone.com/reports/1622624
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #mr_k0anti
🔹 State: 🟢 Resolved
🔹 Disclosed: July 18, 2022, 12:04am (UTC)
👉 https://hackerone.com/reports/1622624
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #mr_k0anti
🔹 State: 🟢 Resolved
🔹 Disclosed: July 18, 2022, 12:04am (UTC)
CVE-2019-11248 on http://█.█.█.█:9100/debug/pprof/goroutine
👉 https://hackerone.com/reports/1607940
🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #mr_k0anti
🔹 State: 🟢 Resolved
🔹 Disclosed: July 18, 2022, 12:14am (UTC)
👉 https://hackerone.com/reports/1607940
🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #mr_k0anti
🔹 State: 🟢 Resolved
🔹 Disclosed: July 18, 2022, 12:14am (UTC)
Cross-site noscripting (DOM-based)
👉 https://hackerone.com/reports/1512644
🔹 Severity: Medium
🔹 Reported To: OneWeb
🔹 Reported By: #thewikiii
🔹 State: ⚪️ Informative
🔹 Disclosed: July 18, 2022, 9:50am (UTC)
👉 https://hackerone.com/reports/1512644
🔹 Severity: Medium
🔹 Reported To: OneWeb
🔹 Reported By: #thewikiii
🔹 State: ⚪️ Informative
🔹 Disclosed: July 18, 2022, 9:50am (UTC)
unauth mosquitto ( client emails, ips, license keys exposure )
👉 https://hackerone.com/reports/1578574
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Acronis
🔹 Reported By: #second_grade_pentester
🔹 State: 🟢 Resolved
🔹 Disclosed: July 18, 2022, 11:39am (UTC)
👉 https://hackerone.com/reports/1578574
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Acronis
🔹 Reported By: #second_grade_pentester
🔹 State: 🟢 Resolved
🔹 Disclosed: July 18, 2022, 11:39am (UTC)
subdomain takeover at odoo-staging.exness.io
👉 https://hackerone.com/reports/1540252
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: EXNESS
🔹 Reported By: #omer
🔹 State: 🟢 Resolved
🔹 Disclosed: July 18, 2022, 2:43pm (UTC)
👉 https://hackerone.com/reports/1540252
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: EXNESS
🔹 Reported By: #omer
🔹 State: 🟢 Resolved
🔹 Disclosed: July 18, 2022, 2:43pm (UTC)
Without verifying email and activate account, user can perform all action which are not supposed to be done
👉 https://hackerone.com/reports/1272305
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Stripe
🔹 Reported By: #tabaahi
🔹 State: 🟢 Resolved
🔹 Disclosed: July 18, 2022, 3:44pm (UTC)
👉 https://hackerone.com/reports/1272305
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Stripe
🔹 Reported By: #tabaahi
🔹 State: 🟢 Resolved
🔹 Disclosed: July 18, 2022, 3:44pm (UTC)
HTML Injection in E-mail Not Resolved ()
👉 https://hackerone.com/reports/1600720
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #thewikiii
🔹 State: 🟢 Resolved
🔹 Disclosed: July 19, 2022, 9:11am (UTC)
👉 https://hackerone.com/reports/1600720
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #thewikiii
🔹 State: 🟢 Resolved
🔹 Disclosed: July 19, 2022, 9:11am (UTC)
LFI via Jolokia at https://█.█.█.█:1293
👉 https://hackerone.com/reports/1641661
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #shuvam321
🔹 State: 🟢 Resolved
🔹 Disclosed: July 20, 2022, 12:30am (UTC)
👉 https://hackerone.com/reports/1641661
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #shuvam321
🔹 State: 🟢 Resolved
🔹 Disclosed: July 20, 2022, 12:30am (UTC)
👍1
Can access the job name, creator name and can report any draft/under review/rejected job
👉 https://hackerone.com/reports/1581528
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: LinkedIn
🔹 Reported By: #sachin_kumar_
🔹 State: 🟢 Resolved
🔹 Disclosed: July 20, 2022, 6:08pm (UTC)
👉 https://hackerone.com/reports/1581528
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: LinkedIn
🔹 Reported By: #sachin_kumar_
🔹 State: 🟢 Resolved
🔹 Disclosed: July 20, 2022, 6:08pm (UTC)
Internal Employee informations Disclosure via TikTok Athena api
👉 https://hackerone.com/reports/1575560
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #hein_thant
🔹 State: 🟢 Resolved
🔹 Disclosed: July 20, 2022, 11:38pm (UTC)
👉 https://hackerone.com/reports/1575560
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #hein_thant
🔹 State: 🟢 Resolved
🔹 Disclosed: July 20, 2022, 11:38pm (UTC)
DOM XSS on ads.tiktok.com
👉 https://hackerone.com/reports/1549451
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #0x7
🔹 State: 🟢 Resolved
🔹 Disclosed: July 20, 2022, 11:42pm (UTC)
👉 https://hackerone.com/reports/1549451
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #0x7
🔹 State: 🟢 Resolved
🔹 Disclosed: July 20, 2022, 11:42pm (UTC)
fix(cmd-socketio-server): mitigate cross site noscripting attack #2068
👉 https://hackerone.com/reports/1638984
🔹 Severity: High | 💰 100 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #bhaskar_ram
🔹 State: ⚪️ Informative
🔹 Disclosed: July 21, 2022, 8:37pm (UTC)
👉 https://hackerone.com/reports/1638984
🔹 Severity: High | 💰 100 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #bhaskar_ram
🔹 State: ⚪️ Informative
🔹 Disclosed: July 21, 2022, 8:37pm (UTC)
👍1
CVE-2022-32215 - HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding
👉 https://hackerone.com/reports/1630667
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2022, 4:02am (UTC)
👉 https://hackerone.com/reports/1630667
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2022, 4:02am (UTC)
CVE-2022-32213 - HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding
👉 https://hackerone.com/reports/1630668
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2022, 4:02am (UTC)
👉 https://hackerone.com/reports/1630668
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2022, 4:02am (UTC)
CVE-2022-32214 - HTTP Request Smuggling Due To Improper Delimiting of Header Fields
👉 https://hackerone.com/reports/1630669
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2022, 4:02am (UTC)
👉 https://hackerone.com/reports/1630669
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2022, 4:02am (UTC)
IDOR in report download functionality on ads.tiktok.com
👉 https://hackerone.com/reports/1559739
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #f_m
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2022, 11:48pm (UTC)
👉 https://hackerone.com/reports/1559739
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #f_m
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2022, 11:48pm (UTC)
👍1
Rack CVE-2022-30122: Denial of Service Vulnerability in Rack Multipart Parsing
👉 https://hackerone.com/reports/1627159
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #ooooooo_q
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2022, 3:20am (UTC)
👉 https://hackerone.com/reports/1627159
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #ooooooo_q
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2022, 3:20am (UTC)
reflected XSS on panther.com
👉 https://hackerone.com/reports/1601140
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Panther Labs
🔹 Reported By: #ibrahimatix0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2022, 5:19am (UTC)
👉 https://hackerone.com/reports/1601140
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Panther Labs
🔹 Reported By: #ibrahimatix0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2022, 5:19am (UTC)