Unrestricted File Upload Blind Stored Xss in subdomain ads.tiktok.com
👉 https://hackerone.com/reports/1577370
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: TikTok
🔹 Reported By: #mrzheev
🔹 State: 🟢 Resolved
🔹 Disclosed: August 4, 2022, 1:31am (UTC)
👉 https://hackerone.com/reports/1577370
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: TikTok
🔹 Reported By: #mrzheev
🔹 State: 🟢 Resolved
🔹 Disclosed: August 4, 2022, 1:31am (UTC)
👍1
Sensei LMS IDOR to send message
👉 https://hackerone.com/reports/1592596
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Automattic
🔹 Reported By: #ghimire_veshraj
🔹 State: 🟢 Resolved
🔹 Disclosed: August 4, 2022, 10:17am (UTC)
👉 https://hackerone.com/reports/1592596
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Automattic
🔹 Reported By: #ghimire_veshraj
🔹 State: 🟢 Resolved
🔹 Disclosed: August 4, 2022, 10:17am (UTC)
Unauthenticated Private Messages DIsclosure via wordpress Rest API
👉 https://hackerone.com/reports/1590237
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Automattic
🔹 Reported By: #ghimire_veshraj
🔹 State: 🟢 Resolved
🔹 Disclosed: August 4, 2022, 10:45am (UTC)
👉 https://hackerone.com/reports/1590237
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Automattic
🔹 Reported By: #ghimire_veshraj
🔹 State: 🟢 Resolved
🔹 Disclosed: August 4, 2022, 10:45am (UTC)
Getting access of mod logs from any public or restricted subreddit with IDOR vulnerability
👉 https://hackerone.com/reports/1658418
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #high_ping_ninja
🔹 State: 🟢 Resolved
🔹 Disclosed: August 4, 2022, 7:38pm (UTC)
👉 https://hackerone.com/reports/1658418
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #high_ping_ninja
🔹 State: 🟢 Resolved
🔹 Disclosed: August 4, 2022, 7:38pm (UTC)
👏3
Fix : (Security) Mitigate Path Traversal Bug
👉 https://hackerone.com/reports/1635321
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #bhaskar_ram
🔹 State: 🟢 Resolved
🔹 Disclosed: August 5, 2022, 9:41pm (UTC)
👉 https://hackerone.com/reports/1635321
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #bhaskar_ram
🔹 State: 🟢 Resolved
🔹 Disclosed: August 5, 2022, 9:41pm (UTC)
Ingress-nginx path allows retrieval of ingress-nginx serviceaccount token
👉 https://hackerone.com/reports/1382919
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #gaffy
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 7:14am (UTC)
👉 https://hackerone.com/reports/1382919
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #gaffy
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 7:14am (UTC)
👍1
cross site noscripting in : mtn.bj
👉 https://hackerone.com/reports/1264834
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #alimanshester
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 11:19am (UTC)
👉 https://hackerone.com/reports/1264834
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #alimanshester
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 11:19am (UTC)
RCE vulnerability in Hyperledger Fabric SDK for Java
👉 https://hackerone.com/reports/801370
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #freskimo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 5:37pm (UTC)
👉 https://hackerone.com/reports/801370
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #freskimo
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 5:37pm (UTC)
HTTP PUT method is enabled downloader.ratelimited.me
👉 https://hackerone.com/reports/545136
🔹 Severity: High
🔹 Reported To: RATELIMITED
🔹 Reported By: #codeslayer137
🔹 State: 🟢 Resolved
🔹 Disclosed: August 7, 2022, 2:01am (UTC)
👉 https://hackerone.com/reports/545136
🔹 Severity: High
🔹 Reported To: RATELIMITED
🔹 Reported By: #codeslayer137
🔹 State: 🟢 Resolved
🔹 Disclosed: August 7, 2022, 2:01am (UTC)
Brute Force of fabric-ca server admin account
👉 https://hackerone.com/reports/411364
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #xiaoc
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 5:36pm (UTC)
👉 https://hackerone.com/reports/411364
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #xiaoc
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 5:36pm (UTC)
Enrolling to a CA that returns an empty response crashes the node process
👉 https://hackerone.com/reports/506412
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #mttrbrts
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 5:37pm (UTC)
👉 https://hackerone.com/reports/506412
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #mttrbrts
🔹 State: 🟢 Resolved
🔹 Disclosed: August 6, 2022, 5:37pm (UTC)
Anonymous access control - Payments Status
👉 https://hackerone.com/reports/1546726
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Omise
🔹 Reported By: #codeslayer137
🔹 State: 🟢 Resolved
🔹 Disclosed: August 7, 2022, 1:59am (UTC)
👉 https://hackerone.com/reports/1546726
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Omise
🔹 Reported By: #codeslayer137
🔹 State: 🟢 Resolved
🔹 Disclosed: August 7, 2022, 1:59am (UTC)
Lack of Rate limit while joining video call in talk section which is password protected
👉 https://hackerone.com/reports/1596673
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #error2001
🔹 State: 🟢 Resolved
🔹 Disclosed: August 8, 2022, 6:58am (UTC)
👉 https://hackerone.com/reports/1596673
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #error2001
🔹 State: 🟢 Resolved
🔹 Disclosed: August 8, 2022, 6:58am (UTC)
xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)
👉 https://hackerone.com/reports/1622867
🔹 Severity: Medium
🔹 Reported To: Top Echelon Software
🔹 Reported By: #anonymmert12
🔹 State: 🟢 Resolved
🔹 Disclosed: August 8, 2022, 1:35pm (UTC)
👉 https://hackerone.com/reports/1622867
🔹 Severity: Medium
🔹 Reported To: Top Echelon Software
🔹 Reported By: #anonymmert12
🔹 State: 🟢 Resolved
🔹 Disclosed: August 8, 2022, 1:35pm (UTC)
Ability to escape database transaction through SQL injection, leading to arbitrary code execution
👉 https://hackerone.com/reports/1663299
🔹 Severity: High
🔹 Reported To: HackerOne
🔹 Reported By: #jobert
🔹 State: 🟢 Resolved
🔹 Disclosed: August 9, 2022, 6:58pm (UTC)
👉 https://hackerone.com/reports/1663299
🔹 Severity: High
🔹 Reported To: HackerOne
🔹 Reported By: #jobert
🔹 State: 🟢 Resolved
🔹 Disclosed: August 9, 2022, 6:58pm (UTC)
[CRITICAL] Full account takeover without user interaction on sign with Apple flow
👉 https://hackerone.com/reports/1639802
🔹 Severity: Critical | 💰 3,000 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #emanelyazji
🔹 State: 🟢 Resolved
🔹 Disclosed: August 9, 2022, 7:26pm (UTC)
👉 https://hackerone.com/reports/1639802
🔹 Severity: Critical | 💰 3,000 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #emanelyazji
🔹 State: 🟢 Resolved
🔹 Disclosed: August 9, 2022, 7:26pm (UTC)
🔥3
Read-only administrator can change agent update settings
👉 https://hackerone.com/reports/1538004
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Acronis
🔹 Reported By: #mega7
🔹 State: 🟢 Resolved
🔹 Disclosed: August 10, 2022, 9:38am (UTC)
👉 https://hackerone.com/reports/1538004
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Acronis
🔹 Reported By: #mega7
🔹 State: 🟢 Resolved
🔹 Disclosed: August 10, 2022, 9:38am (UTC)
👍1
many commands can be manipulated to delete identities or affiliations
👉 https://hackerone.com/reports/348090
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #cet2000
🔹 State: 🟢 Resolved
🔹 Disclosed: August 10, 2022, 2:23pm (UTC)
👉 https://hackerone.com/reports/348090
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #cet2000
🔹 State: 🟢 Resolved
🔹 Disclosed: August 10, 2022, 2:23pm (UTC)
Redirection in Repeater & Intruder Tab
👉 https://hackerone.com/reports/1541301
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: PortSwigger Web Security
🔹 Reported By: #mr_vrush
🔹 State: 🟢 Resolved
🔹 Disclosed: August 11, 2022, 11:09am (UTC)
👉 https://hackerone.com/reports/1541301
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: PortSwigger Web Security
🔹 Reported By: #mr_vrush
🔹 State: 🟢 Resolved
🔹 Disclosed: August 11, 2022, 11:09am (UTC)
Disable xmlrpc.php file
👉 https://hackerone.com/reports/712321
🔹 Severity: Low
🔹 Reported To: Top Echelon Software
🔹 Reported By: #sohelahmed786
🔹 State: 🟢 Resolved
🔹 Disclosed: August 11, 2022, 12:50pm (UTC)
👉 https://hackerone.com/reports/712321
🔹 Severity: Low
🔹 Reported To: Top Echelon Software
🔹 Reported By: #sohelahmed786
🔹 State: 🟢 Resolved
🔹 Disclosed: August 11, 2022, 12:50pm (UTC)
fix(security):Path Traversal Bug
👉 https://hackerone.com/reports/1664244
🔹 Severity: High
🔹 Reported To: Hyperledger
🔹 Reported By: #bhaskar_ram
🔹 State: 🔴 N/A
🔹 Disclosed: August 11, 2022, 7:53pm (UTC)
👉 https://hackerone.com/reports/1664244
🔹 Severity: High
🔹 Reported To: Hyperledger
🔹 Reported By: #bhaskar_ram
🔹 State: 🔴 N/A
🔹 Disclosed: August 11, 2022, 7:53pm (UTC)