Lack of Packet Sanitation in Goflow Results in Multiple DoS Attack Vectors and Bugs

👉 https://hackerone.com/reports/1636320

🔹 Severity: High | 💰 500 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #path_network
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 11:15am (UTC)

Unrestricted File Upload on reddit.secure.force.com

👉 https://hackerone.com/reports/1606957

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #heckintosh
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 2:56pm (UTC)

IDOR allows an attacker to modify the links of any user

👉 https://hackerone.com/reports/1661113

🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #criptex
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 3:09pm (UTC)

Open Redirect on www.redditinc.com via `failed` query param bypass after fixed bug #1257753

👉 https://hackerone.com/reports/1285081

🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Reddit
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 3:11pm (UTC)

Bypassing authorization of linked Instagram account

👉 https://hackerone.com/reports/1199965

🔹 Severity: Low | 💰 170 USD
🔹 Reported To: TikTok
🔹 Reported By: #ckerha
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2022, 9:30pm (UTC)

Generated passwords are not fully validated by HIBPValidator

👉 https://hackerone.com/reports/1606961

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #bjoernv
🔹 State: 🟢 Resolved
🔹 Disclosed: October 1, 2022, 4:50am (UTC)

jira discloser information

👉 https://hackerone.com/reports/994612

🔹 Severity: Low
🔹 Reported To: Informatica
🔹 Reported By: #isumitpatel
🔹 State: 🟢 Resolved
🔹 Disclosed: October 3, 2022, 1:03pm (UTC)

Reddit talk promotion offers don't expire, allowing users to accept them after being demoted

👉 https://hackerone.com/reports/1656380

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #ahacker1
🔹 State: 🟢 Resolved
🔹 Disclosed: October 3, 2022, 3:25pm (UTC)

Bypass two-factor authentication

👉 https://hackerone.com/reports/1664974

🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #ydvanjali
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2022, 12:03pm (UTC)

[CPP]: Add query for CWE-297: Improper Validation of Certificate with Host Mismatch

👉 https://hackerone.com/reports/1710575

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2022, 5:50pm (UTC)

[Java]: CWE-625 - Query to detect regex dot bypass

👉 https://hackerone.com/reports/1690045

🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2022, 5:50pm (UTC)

[JAVA]: Partial Path Traversal

👉 https://hackerone.com/reports/1678405

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #smehta23
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2022, 5:51pm (UTC)

PYTHON: CWE-079 - Add query for email injection

👉 https://hackerone.com/reports/1602237

🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2022, 5:52pm (UTC)

IDOR - Delete technical skill assessment result & Gained Badges result of any user

👉 https://hackerone.com/reports/1592587

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: LinkedIn
🔹 Reported By: #sachin_kumar_
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2022, 7:29pm (UTC)

No rate limit on subscribe form

👉 https://hackerone.com/reports/1708824

🔹 Severity: Medium
🔹 Reported To: Yelp
🔹 Reported By: #happykira0x1
🔹 State: ⚪️ Informative
🔹 Disclosed: October 5, 2022, 8:55pm (UTC)

Blind SSRF in social-plugins.line.me

👉 https://hackerone.com/reports/833758

🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: LINE
🔹 Reported By: #sirleeroyjenkins
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2022, 9:25am (UTC)

SSRF on http://www.███████/crossdomain.php via url parameter

👉 https://hackerone.com/reports/971590

🔹 Severity: Critical
🔹 Reported To: Sony
🔹 Reported By: #n0x496n
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2022, 3:44pm (UTC)

Path Traversal issue at https://████/blaze/

👉 https://hackerone.com/reports/1320084

🔹 Severity: High
🔹 Reported To: Sony
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2022, 3:53pm (UTC)

SQL Injection through /include/findusers.php

👉 https://hackerone.com/reports/1081145

🔹 Severity: Critical
🔹 Reported To: ImpressCMS
🔹 Reported By: #egix
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2022, 6:51pm (UTC)

Remote Command Execution via Github import

👉 https://hackerone.com/reports/1679624

🔹 Severity: Critical | 💰 33,510 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2022, 8:19pm (UTC)

Relative Path Traversal vulnerability in fabric-private-chaincode

👉 https://hackerone.com/reports/1690377

🔹 Severity: No Rating
🔹 Reported To: Hyperledger
🔹 Reported By: #bhaskar_ram
🔹 State: ⚪️ Informative
🔹 Disclosed: October 9, 2022, 7:41am (UTC)