LFI via Jolokia at https://█.█.█.█:1293

👉 https://hackerone.com/reports/1641661

🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #shuvam321
🔹 State: 🟢 Resolved
🔹 Disclosed: July 20, 2022, 12:30am (UTC)

Can access the job name, creator name and can report any draft/under review/rejected job

👉 https://hackerone.com/reports/1581528

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: LinkedIn
🔹 Reported By: #sachin_kumar_
🔹 State: 🟢 Resolved
🔹 Disclosed: July 20, 2022, 6:08pm (UTC)

Internal Employee informations Disclosure via TikTok Athena api

👉 https://hackerone.com/reports/1575560

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #hein_thant
🔹 State: 🟢 Resolved
🔹 Disclosed: July 20, 2022, 11:38pm (UTC)

DOM XSS on ads.tiktok.com

👉 https://hackerone.com/reports/1549451

🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #0x7
🔹 State: 🟢 Resolved
🔹 Disclosed: July 20, 2022, 11:42pm (UTC)

fix(cmd-socketio-server): mitigate cross site noscripting attack #2068

👉 https://hackerone.com/reports/1638984

🔹 Severity: High | 💰 100 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #bhaskar_ram
🔹 State: ⚪️ Informative
🔹 Disclosed: July 21, 2022, 8:37pm (UTC)

CVE-2022-32215 - HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding

👉 https://hackerone.com/reports/1630667

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2022, 4:02am (UTC)

CVE-2022-32213 - HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding

👉 https://hackerone.com/reports/1630668

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2022, 4:02am (UTC)

CVE-2022-32214 - HTTP Request Smuggling Due To Improper Delimiting of Header Fields

👉 https://hackerone.com/reports/1630669

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2022, 4:02am (UTC)

IDOR in report download functionality on ads.tiktok.com

👉 https://hackerone.com/reports/1559739

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #f_m
🔹 State: 🟢 Resolved
🔹 Disclosed: July 22, 2022, 11:48pm (UTC)

Rack CVE-2022-30122: Denial of Service Vulnerability in Rack Multipart Parsing

👉 https://hackerone.com/reports/1627159

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #ooooooo_q
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2022, 3:20am (UTC)

reflected XSS on panther.com

👉 https://hackerone.com/reports/1601140

🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Panther Labs
🔹 Reported By: #ibrahimatix0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2022, 5:19am (UTC)

[doc.rt.informaticacloud.com] Arbitrary File Reading via Double URL Encode

👉 https://hackerone.com/reports/232371

🔹 Severity: High
🔹 Reported To: Informatica
🔹 Reported By: #bigbear_
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2022, 11:03am (UTC)

[doc.rt.informaticacloud.com] Reflected XSS via Stack Strace

👉 https://hackerone.com/reports/232320

🔹 Severity: High
🔹 Reported To: Informatica
🔹 Reported By: #bigbear_
🔹 State: 🟢 Resolved
🔹 Disclosed: July 23, 2022, 11:03am (UTC)

CVE-2022-27781: CERTINFO never-ending busy-loop

👉 https://hackerone.com/reports/1606039

🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #sybr
🔹 State: 🟢 Resolved
🔹 Disclosed: July 24, 2022, 7:31pm (UTC)

Node.js - DLL Hijacking on Windows

👉 https://hackerone.com/reports/1636566

🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #yakirka
🔹 State: 🟢 Resolved
🔹 Disclosed: July 25, 2022, 6:30pm (UTC)

Race condition in faucet when using starport

👉 https://hackerone.com/reports/1438052

🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: Cosmos
🔹 Reported By: #cyberboy
🔹 State: 🟢 Resolved
🔹 Disclosed: July 26, 2022, 5:47pm (UTC)

HTML Injection via Email Share

👉 https://hackerone.com/reports/1490311

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: July 27, 2022, 1:46am (UTC)

Off-by-slash vulnerability in nodejs.org and iojs.org

👉 https://hackerone.com/reports/1650273

🔹 Severity: Medium | 💰 1,200 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nagaro
🔹 State: 🟢 Resolved
🔹 Disclosed: July 28, 2022, 8:25am (UTC)

Acronis True Image Local Privilege Escalation Due To Race Condition In Application Verification

👉 https://hackerone.com/reports/1251464

🔹 Severity: High | 💰 250 USD
🔹 Reported To: Acronis
🔹 Reported By: #vkas-afk
🔹 State: 🟢 Resolved
🔹 Disclosed: July 28, 2022, 10:32am (UTC)

Hijack all emails sent to any domain that uses Cloudflare Email Forwarding

👉 https://hackerone.com/reports/1419341

🔹 Severity: Critical | 💰 6,000 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #albertspedersen
🔹 State: 🟢 Resolved
🔹 Disclosed: July 28, 2022, 4:35pm (UTC)

Twitter Account hijack through broken link in https://runpanther.io

👉 https://hackerone.com/reports/1607429

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Panther Labs
🔹 Reported By: #prakash142
🔹 State: 🟢 Resolved
🔹 Disclosed: July 28, 2022, 4:57pm (UTC)