Bugpoint

Local file disclosure through SSRF at next.nutanix.com

👉 https://hackerone.com/reports/471520

🔹 Severity: High
🔹 Reported To: Nutanix
🔹 Reported By: #tosun
🔹 State: 🟢 Resolved
🔹 Disclosed: April 25, 2022, 10:27pm (UTC)

328 views22:30

Bugpoint

RCE via exposed JMX server on jabber.37signals.com/jabber.basecamp.com

👉 https://hackerone.com/reports/1456063

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Basecamp
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: April 26, 2022, 7:01am (UTC)

334 views07:04

Bugpoint

Stored XSS in "product type" field executed via product filters

👉 https://hackerone.com/reports/1404770

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Judge.me
🔹 Reported By: #glister
🔹 State: 🟢 Resolved
🔹 Disclosed: April 26, 2022, 4:11pm (UTC)

336 views16:14

Bugpoint

SQL Injection on https://soa-accp.glbx.tva.gov/ via "/api/" path - VI-21-015

👉 https://hackerone.com/reports/1125752

🔹 Severity: Critical
🔹 Reported To: Tennessee Valley Authority
🔹 Reported By: #yassinek3ch
🔹 State: 🟢 Resolved
🔹 Disclosed: April 26, 2022, 7:33pm (UTC)

338 views19:36

Bugpoint

CVE-2022-27774: Credential leak on redirect

👉 https://hackerone.com/reports/1543773

🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: April 27, 2022, 9:58am (UTC)

301 views10:00

Bugpoint

CVE-2022-27775: Bad local IPv6 connection reuse

👉 https://hackerone.com/reports/1546268

🔹 Severity: Low
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: April 27, 2022, 9:58am (UTC)

314 views10:00

Bugpoint

CVE-2022-27776: Auth/cookie leak on redirect

👉 https://hackerone.com/reports/1547048

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: April 27, 2022, 9:58am (UTC)

299 views10:00

Bugpoint

Container escape on public GitLab CI runners

👉 https://hackerone.com/reports/1442118

🔹 Severity: High
🔹 Reported To: GitLab
🔹 Reported By: #ec0
🔹 State: ⚪️ Informative
🔹 Disclosed: April 27, 2022, 11:12am (UTC)

325 views11:14

Bugpoint

subdomain takeover (abandoned Zendesk █.easycontactnow.com)

👉 https://hackerone.com/reports/1486670

🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #bx_1
🔹 State: 🟢 Resolved
🔹 Disclosed: April 28, 2022, 5:59am (UTC)

303 views06:02

Bugpoint

CVE-2022-27774: Credential leak on redirect

👉 https://hackerone.com/reports/1551586

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 6:32am (UTC)

300 views06:34

Bugpoint

CVE-2022-27775: Bad local IPv6 connection reuse

👉 https://hackerone.com/reports/1551588

🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 6:32am (UTC)

294 views06:34

Bugpoint

CVE-2022-27776: Auth/cookie leak on redirect

👉 https://hackerone.com/reports/1551591

🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 6:32am (UTC)

267 views06:34

Bugpoint

DoS via large console messages

👉 https://hackerone.com/reports/1243724

🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #thesecuritydev
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 7:11am (UTC)

262 views07:14

Bugpoint

CVE-2022-22576: OAUTH2 bearer bypass in connection re-use

👉 https://hackerone.com/reports/1526328

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #monnerat
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 11:27am (UTC)

262 views11:30

Bugpoint

OAUTH2 bearer not-checked for connection re-use

👉 https://hackerone.com/reports/1552110

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #monnerat
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 11:34am (UTC)

270 views11:36

Bugpoint

Possibility to force an admin to install recommended applications

👉 https://hackerone.com/reports/1403614

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #igorpyan
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 11:50am (UTC)

😁1

258 views11:52

Bugpoint

SQL INJECTION in https://████/██████████

👉 https://hackerone.com/reports/723044

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #mido0x0x
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 1:56pm (UTC)

253 views13:58

Bugpoint

Blind SQL Injection

👉 https://hackerone.com/reports/771215

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #mido0x0x
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 1:57pm (UTC)

254 views14:00

Bugpoint

██████████ vulnerable to CVE-2022-22954

👉 https://hackerone.com/reports/1537543

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #null_bytes
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 1:58pm (UTC)

254 views14:00

Bugpoint

SSRF due to CVE-2021-27905 in www.████████

👉 https://hackerone.com/reports/1183472

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:00pm (UTC)

251 views14:02

Bugpoint

Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████

👉 https://hackerone.com/reports/1278977

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #njmulsqb
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:03pm (UTC)

271 views14:06

About

Blog

Apps

Platform