Remote denial of service in HyperLedger Fabric
👉 https://hackerone.com/reports/1635854
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #fatal0
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 2:05pm (UTC)
👉 https://hackerone.com/reports/1635854
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #fatal0
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 2:05pm (UTC)
API Key reported in #1465145 not rotated and thus is still valid and can be used by anyone
👉 https://hackerone.com/reports/1591770
🔹 Severity: Low
🔹 Reported To: Adobe
🔹 Reported By: #aneeeketh
🔹 State: ⚪️ Informative
🔹 Disclosed: September 1, 2022, 4:05pm (UTC)
👉 https://hackerone.com/reports/1591770
🔹 Severity: Low
🔹 Reported To: Adobe
🔹 Reported By: #aneeeketh
🔹 State: ⚪️ Informative
🔹 Disclosed: September 1, 2022, 4:05pm (UTC)
Remote code execution due to unvalidated file upload
👉 https://hackerone.com/reports/1164452
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 5:29pm (UTC)
👉 https://hackerone.com/reports/1164452
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 5:29pm (UTC)
Password reset token leak on third party website via Referer header [cloudivr.mtnbusiness.com.ng]
👉 https://hackerone.com/reports/1320242
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimatix0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 8:21pm (UTC)
👉 https://hackerone.com/reports/1320242
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimatix0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 8:21pm (UTC)
Default Admin Username and Password on remedysso.mtncameroon.net
👉 https://hackerone.com/reports/1397786
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #dh0pe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 8:50pm (UTC)
👉 https://hackerone.com/reports/1397786
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #dh0pe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 8:50pm (UTC)
Sensitive Information Disclosure Through Config File
👉 https://hackerone.com/reports/1397788
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #dh0pe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 8:50pm (UTC)
👉 https://hackerone.com/reports/1397788
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #dh0pe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 8:50pm (UTC)
IDOR on TikTok Ads Endpoint
👉 https://hackerone.com/reports/1527906
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #sinayeganeh
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 9:23pm (UTC)
👉 https://hackerone.com/reports/1527906
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #sinayeganeh
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 9:23pm (UTC)
🔥2
Wordpress users disclosure from json and xml file
👉 https://hackerone.com/reports/1408589
🔹 Severity: Low
🔹 Reported To: MTN Group
🔹 Reported By: #drak3hft7
🔹 State: 🟢 Resolved
🔹 Disclosed: September 2, 2022, 9:25am (UTC)
👉 https://hackerone.com/reports/1408589
🔹 Severity: Low
🔹 Reported To: MTN Group
🔹 Reported By: #drak3hft7
🔹 State: 🟢 Resolved
🔹 Disclosed: September 2, 2022, 9:25am (UTC)
Weak/Auto Fill Password
👉 https://hackerone.com/reports/817331
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #harrisoft
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 12:23am (UTC)
👉 https://hackerone.com/reports/817331
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #harrisoft
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 12:23am (UTC)
Federated share accepting/declining is not logged in audit log
👉 https://hackerone.com/reports/1200815
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:12am (UTC)
👉 https://hackerone.com/reports/1200815
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:12am (UTC)
Password disclosure in initial setup of Mail App
👉 https://hackerone.com/reports/1561471
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #anna_larch
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:23am (UTC)
👉 https://hackerone.com/reports/1561471
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #anna_larch
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:23am (UTC)
Brute force protections don't work
👉 https://hackerone.com/reports/1596918
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #nickvergessen
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:25am (UTC)
👉 https://hackerone.com/reports/1596918
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #nickvergessen
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:25am (UTC)
Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
👉 https://hackerone.com/reports/1595006
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #eg42
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:29am (UTC)
👉 https://hackerone.com/reports/1595006
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #eg42
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:29am (UTC)
path traversal vulnerability in Grafana 8.x allows " local file read "
👉 https://hackerone.com/reports/1427086
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #a-heybati
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 12:14pm (UTC)
👉 https://hackerone.com/reports/1427086
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #a-heybati
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 12:14pm (UTC)
IDOR Leads To Account Takeover Without User Interaction
👉 https://hackerone.com/reports/1272478
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #theranger
🔹 State: 🟢 Resolved
🔹 Disclosed: September 4, 2022, 1:23pm (UTC)
👉 https://hackerone.com/reports/1272478
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #theranger
🔹 State: 🟢 Resolved
🔹 Disclosed: September 4, 2022, 1:23pm (UTC)
API key (api.semrush.com) leak in JS-file
👉 https://hackerone.com/reports/1218754
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Semrush
🔹 Reported By: #a_d_a_m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 12:17pm (UTC)
👉 https://hackerone.com/reports/1218754
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Semrush
🔹 Reported By: #a_d_a_m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 12:17pm (UTC)
Information disclosure through django debug mode
👉 https://hackerone.com/reports/1434276
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:56pm (UTC)
👉 https://hackerone.com/reports/1434276
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:56pm (UTC)
Exposed gitlab repo at https://adammanco.mtn.com/api/v4/projects
👉 https://hackerone.com/reports/1351359
🔹 Severity: Low
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:57pm (UTC)
👉 https://hackerone.com/reports/1351359
🔹 Severity: Low
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:57pm (UTC)
CVE-2021-38314 @ https://www.mtn.co.rw
👉 https://hackerone.com/reports/1351341
🔹 Severity: No Rating
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:58pm (UTC)
👉 https://hackerone.com/reports/1351341
🔹 Severity: No Rating
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:58pm (UTC)
CVE-2021-38314 @ https://www.mtn.ci
👉 https://hackerone.com/reports/1351338
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:58pm (UTC)
👉 https://hackerone.com/reports/1351338
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:58pm (UTC)
firebase credentials leaks @ https://mpulse.mtnonline.com
👉 https://hackerone.com/reports/1351329
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:59pm (UTC)
👉 https://hackerone.com/reports/1351329
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:59pm (UTC)