RXSS on █████████
👉 https://hackerone.com/reports/1627616
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #tmz900
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:12pm (UTC)
👉 https://hackerone.com/reports/1627616
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #tmz900
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:12pm (UTC)
Reflected cross site noscripting in https://███████
👉 https://hackerone.com/reports/1636345
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #maskedpersian
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:30pm (UTC)
👉 https://hackerone.com/reports/1636345
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #maskedpersian
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:30pm (UTC)
Reflected Xss in [██████]
👉 https://hackerone.com/reports/1033253
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #s1m0x1
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:32pm (UTC)
👉 https://hackerone.com/reports/1033253
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #s1m0x1
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:32pm (UTC)
String length restriction byepass at https://callerfeel.mtnonline.com/profile/feedback.html
👉 https://hackerone.com/reports/1638347
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2022, 8:48am (UTC)
👉 https://hackerone.com/reports/1638347
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 7, 2022, 8:48am (UTC)
👍1
Cleartext storage of sensitive information at https://staging.status.ai-apps-comms.ibm.com/env can lead to account takeover of several IBM employees
👉 https://hackerone.com/reports/1670586
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #zere
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2022, 3:14pm (UTC)
👉 https://hackerone.com/reports/1670586
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #zere
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2022, 3:14pm (UTC)
CVE-2022-21831: Possible code injection vulnerability in Rails / Active Storage
👉 https://hackerone.com/reports/1652042
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #gquadros_
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2022, 7:12pm (UTC)
👉 https://hackerone.com/reports/1652042
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #gquadros_
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2022, 7:12pm (UTC)
Access to arbitrary file of the Nextcloud Android app from within the Nextcloud Android app
👉 https://hackerone.com/reports/1408692
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: September 11, 2022, 11:41am (UTC)
👉 https://hackerone.com/reports/1408692
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: September 11, 2022, 11:41am (UTC)
Signup with any Email and Enable 2-FA without verifying Email
👉 https://hackerone.com/reports/1543259
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #imtheking
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2022, 2:15pm (UTC)
👉 https://hackerone.com/reports/1543259
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #imtheking
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2022, 2:15pm (UTC)
Response Manipulation leads to Admin Panel Login Bypass at https://admin.indevice.sonymobile.com/
👉 https://hackerone.com/reports/1508661
🔹 Severity: High
🔹 Reported To: Sony
🔹 Reported By: #0x2374
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2022, 7:00pm (UTC)
👉 https://hackerone.com/reports/1508661
🔹 Severity: High
🔹 Reported To: Sony
🔹 Reported By: #0x2374
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2022, 7:00pm (UTC)
monerod JSON RPC server remote DoS
👉 https://hackerone.com/reports/1511843
🔹 Severity: Medium
🔹 Reported To: Monero
🔹 Reported By: #m31007
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2022, 9:50pm (UTC)
👉 https://hackerone.com/reports/1511843
🔹 Severity: Medium
🔹 Reported To: Monero
🔹 Reported By: #m31007
🔹 State: 🟢 Resolved
🔹 Disclosed: September 12, 2022, 9:50pm (UTC)
RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag)
👉 https://hackerone.com/reports/1609965
🔹 Severity: Critical | 💰 33,510 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 4:40am (UTC)
👉 https://hackerone.com/reports/1609965
🔹 Severity: Critical | 💰 33,510 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 4:40am (UTC)
🔥2
ReDoS in net/http affects webhooks: Sidekiq job stuck at 100% CPU for a year
👉 https://hackerone.com/reports/1531958
🔹 Severity: Medium | 💰 1,160 USD
🔹 Reported To: GitLab
🔹 Reported By: #afewgoats
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 4:42am (UTC)
👉 https://hackerone.com/reports/1531958
🔹 Severity: Medium | 💰 1,160 USD
🔹 Reported To: GitLab
🔹 Reported By: #afewgoats
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 4:42am (UTC)
No Restriction on password
👉 https://hackerone.com/reports/1696814
🔹 Severity: No Rating
🔹 Reported To: GitLab
🔹 Reported By: #patronum-m
🔹 State: 🔴 N/A
🔹 Disclosed: September 13, 2022, 5:02am (UTC)
👉 https://hackerone.com/reports/1696814
🔹 Severity: No Rating
🔹 Reported To: GitLab
🔹 Reported By: #patronum-m
🔹 State: 🔴 N/A
🔹 Disclosed: September 13, 2022, 5:02am (UTC)
DOS validator nodes of blockchain to block external connections
👉 https://hackerone.com/reports/1695472
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #cre8
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 7:56am (UTC)
👉 https://hackerone.com/reports/1695472
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #cre8
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 7:56am (UTC)
XSS in http://www.glassdoor.com/Search/results.htm via Parameter Pollution
👉 https://hackerone.com/reports/1632119
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #nokline
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 1:03pm (UTC)
👉 https://hackerone.com/reports/1632119
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #nokline
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 1:03pm (UTC)
Web Cache Poisoning leads to XSS and DoS
👉 https://hackerone.com/reports/1621540
🔹 Severity: High | 💰 1,700 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #nokline
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 1:36pm (UTC)
👉 https://hackerone.com/reports/1621540
🔹 Severity: High | 💰 1,700 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #nokline
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 1:36pm (UTC)
CSRF in Changing User Verification Email
👉 https://hackerone.com/reports/1531235
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #f_m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 8:30pm (UTC)
👉 https://hackerone.com/reports/1531235
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #f_m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 13, 2022, 8:30pm (UTC)
Reflected XSS [██████]
👉 https://hackerone.com/reports/1309386
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 1:58pm (UTC)
👉 https://hackerone.com/reports/1309386
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 1:58pm (UTC)
Abuse cookie-modification, toast HTML and expired domain in CSP-form-action replacing login-page at www.dropbox.com/login to submit creds externally
👉 https://hackerone.com/reports/1590794
🔹 Severity: High | 💰 6,909 USD
🔹 Reported To: Dropbox
🔹 Reported By: #fransrosen
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 3:15pm (UTC)
👉 https://hackerone.com/reports/1590794
🔹 Severity: High | 💰 6,909 USD
🔹 Reported To: Dropbox
🔹 Reported By: #fransrosen
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 3:15pm (UTC)
🔥1
Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie In Two Domain
👉 https://hackerone.com/reports/1221942
🔹 Severity: High
🔹 Reported To: Meredith
🔹 Reported By: #error201
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 4:12pm (UTC)
👉 https://hackerone.com/reports/1221942
🔹 Severity: High
🔹 Reported To: Meredith
🔹 Reported By: #error201
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 4:12pm (UTC)
Directory Traversal at █████
👉 https://hackerone.com/reports/1641148
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x45
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 8:27pm (UTC)
👉 https://hackerone.com/reports/1641148
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x45
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 8:27pm (UTC)