No password length restriction in reset password endpoint at http://suppliers.mtn.cm
👉 https://hackerone.com/reports/1285694
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 11:00pm (UTC)
👉 https://hackerone.com/reports/1285694
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 11:00pm (UTC)
IDOR Payments Status
👉 https://hackerone.com/reports/1538669
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Omise
🔹 Reported By: #codeslayer137
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 8:58am (UTC)
👉 https://hackerone.com/reports/1538669
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Omise
🔹 Reported By: #codeslayer137
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 8:58am (UTC)
Modifying Sprunk vs eCola crew data
👉 https://hackerone.com/reports/1680818
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #bugstar
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:24pm (UTC)
👉 https://hackerone.com/reports/1680818
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #bugstar
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:24pm (UTC)
Subdomain takeover of █████████
👉 https://hackerone.com/reports/1457928
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #martinvw
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:50pm (UTC)
👉 https://hackerone.com/reports/1457928
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #martinvw
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:50pm (UTC)
The dashboard is exposed in https://███
👉 https://hackerone.com/reports/1566758
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alitoni224
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:53pm (UTC)
👉 https://hackerone.com/reports/1566758
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alitoni224
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:53pm (UTC)
XSS DUE TO CVE-2020-3580
👉 https://hackerone.com/reports/1606068
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cruxn3t
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:55pm (UTC)
👉 https://hackerone.com/reports/1606068
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cruxn3t
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:55pm (UTC)
Access to admininstrative resources/account via path traversal
👉 https://hackerone.com/reports/1326352
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #j4k3d
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:59pm (UTC)
👉 https://hackerone.com/reports/1326352
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #j4k3d
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:59pm (UTC)
RXSS on ███████
👉 https://hackerone.com/reports/1626962
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #tmz900
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:01pm (UTC)
👉 https://hackerone.com/reports/1626962
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #tmz900
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:01pm (UTC)
Stored XSS at https://█████
👉 https://hackerone.com/reports/1620247
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shanekag
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:04pm (UTC)
👉 https://hackerone.com/reports/1620247
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shanekag
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:04pm (UTC)
██████_log4j - https://██████
👉 https://hackerone.com/reports/1631364
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #hachimanxienim
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:07pm (UTC)
👉 https://hackerone.com/reports/1631364
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #hachimanxienim
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:07pm (UTC)
solr_log4j - http://██████████
👉 https://hackerone.com/reports/1631370
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #hachimanxienim
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:10pm (UTC)
👉 https://hackerone.com/reports/1631370
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #hachimanxienim
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:10pm (UTC)
RXSS on █████████
👉 https://hackerone.com/reports/1627616
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #tmz900
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:12pm (UTC)
👉 https://hackerone.com/reports/1627616
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #tmz900
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:12pm (UTC)
Reflected cross site noscripting in https://███████
👉 https://hackerone.com/reports/1636345
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #maskedpersian
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:30pm (UTC)
👉 https://hackerone.com/reports/1636345
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #maskedpersian
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:30pm (UTC)
Reflected Xss in [██████]
👉 https://hackerone.com/reports/1033253
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #s1m0x1
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:32pm (UTC)
👉 https://hackerone.com/reports/1033253
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #s1m0x1
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:32pm (UTC)
String length restriction byepass at https://callerfeel.mtnonline.com/profile/feedback.html
👉 https://hackerone.com/reports/1638347
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2022, 8:48am (UTC)
👉 https://hackerone.com/reports/1638347
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2022, 8:48am (UTC)
👍1
Cleartext storage of sensitive information at https://staging.status.ai-apps-comms.ibm.com/env can lead to account takeover of several IBM employees
👉 https://hackerone.com/reports/1670586
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #zere
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2022, 3:14pm (UTC)
👉 https://hackerone.com/reports/1670586
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #zere
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2022, 3:14pm (UTC)
CVE-2022-21831: Possible code injection vulnerability in Rails / Active Storage
👉 https://hackerone.com/reports/1652042
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #gquadros_
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2022, 7:12pm (UTC)
👉 https://hackerone.com/reports/1652042
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #gquadros_
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2022, 7:12pm (UTC)
Access to arbitrary file of the Nextcloud Android app from within the Nextcloud Android app
👉 https://hackerone.com/reports/1408692
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: September 11, 2022, 11:41am (UTC)
👉 https://hackerone.com/reports/1408692
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: September 11, 2022, 11:41am (UTC)
Signup with any Email and Enable 2-FA without verifying Email
👉 https://hackerone.com/reports/1543259
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #imtheking
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2022, 2:15pm (UTC)
👉 https://hackerone.com/reports/1543259
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #imtheking
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2022, 2:15pm (UTC)
Response Manipulation leads to Admin Panel Login Bypass at https://admin.indevice.sonymobile.com/
👉 https://hackerone.com/reports/1508661
🔹 Severity: High
🔹 Reported To: Sony
🔹 Reported By: #0x2374
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2022, 7:00pm (UTC)
👉 https://hackerone.com/reports/1508661
🔹 Severity: High
🔹 Reported To: Sony
🔹 Reported By: #0x2374
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2022, 7:00pm (UTC)
monerod JSON RPC server remote DoS
👉 https://hackerone.com/reports/1511843
🔹 Severity: Medium
🔹 Reported To: Monero
🔹 Reported By: #m31007
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2022, 9:50pm (UTC)
👉 https://hackerone.com/reports/1511843
🔹 Severity: Medium
🔹 Reported To: Monero
🔹 Reported By: #m31007
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2022, 9:50pm (UTC)