CVE-2022-27775: Bad local IPv6 connection reuse
π https://hackerone.com/reports/1551588
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 6:32am (UTC)
π https://hackerone.com/reports/1551588
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 6:32am (UTC)
CVE-2022-27776: Auth/cookie leak on redirect
π https://hackerone.com/reports/1551591
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 6:32am (UTC)
π https://hackerone.com/reports/1551591
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 6:32am (UTC)
DoS via large console messages
π https://hackerone.com/reports/1243724
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Mattermost
πΉ Reported By: #thesecuritydev
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 7:11am (UTC)
π https://hackerone.com/reports/1243724
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Mattermost
πΉ Reported By: #thesecuritydev
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 7:11am (UTC)
CVE-2022-22576: OAUTH2 bearer bypass in connection re-use
π https://hackerone.com/reports/1526328
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #monnerat
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 11:27am (UTC)
π https://hackerone.com/reports/1526328
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #monnerat
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 11:27am (UTC)
OAUTH2 bearer not-checked for connection re-use
π https://hackerone.com/reports/1552110
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #monnerat
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 11:34am (UTC)
π https://hackerone.com/reports/1552110
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #monnerat
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 11:34am (UTC)
Possibility to force an admin to install recommended applications
π https://hackerone.com/reports/1403614
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #igorpyan
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 11:50am (UTC)
π https://hackerone.com/reports/1403614
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #igorpyan
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 11:50am (UTC)
π1
SQL INJECTION in https://ββββ/ββββββββββ
π https://hackerone.com/reports/723044
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #mido0x0x
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 1:56pm (UTC)
π https://hackerone.com/reports/723044
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #mido0x0x
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 1:56pm (UTC)
Blind SQL Injection
π https://hackerone.com/reports/771215
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #mido0x0x
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 1:57pm (UTC)
π https://hackerone.com/reports/771215
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #mido0x0x
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 1:57pm (UTC)
ββββββββββ vulnerable to CVE-2022-22954
π https://hackerone.com/reports/1537543
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #null_bytes
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 1:58pm (UTC)
π https://hackerone.com/reports/1537543
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #null_bytes
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 1:58pm (UTC)
SSRF due to CVE-2021-27905 in www.ββββββββ
π https://hackerone.com/reports/1183472
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #fdeleite
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 2:00pm (UTC)
π https://hackerone.com/reports/1183472
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #fdeleite
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 2:00pm (UTC)
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ββββββββ
π https://hackerone.com/reports/1278977
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #njmulsqb
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 2:03pm (UTC)
π https://hackerone.com/reports/1278977
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #njmulsqb
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 2:03pm (UTC)
lfi in filePathDownload parameter via βββββββ
π https://hackerone.com/reports/1542734
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #exploitmsf
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 2:04pm (UTC)
π https://hackerone.com/reports/1542734
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #exploitmsf
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 2:04pm (UTC)
Reflected XSS [βββ]
π https://hackerone.com/reports/1309237
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #fdeleite
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 2:05pm (UTC)
π https://hackerone.com/reports/1309237
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #fdeleite
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 2:05pm (UTC)
Reflected XSS [ββββββ]
π https://hackerone.com/reports/1309385
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #fdeleite
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 2:06pm (UTC)
π https://hackerone.com/reports/1309385
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #fdeleite
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 2:06pm (UTC)
Hardcoded AWS credentials in βββββββ.msi
π https://hackerone.com/reports/1368690
πΉ Severity: Critical
πΉ Reported To: 8x8
πΉ Reported By: #chip_sec
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 5:01pm (UTC)
π https://hackerone.com/reports/1368690
πΉ Severity: Critical
πΉ Reported To: 8x8
πΉ Reported By: #chip_sec
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 5:01pm (UTC)
Reflected XSS due to vulnerable version of sockjs
π https://hackerone.com/reports/1100326
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Automattic
πΉ Reported By: #chip_sec
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 5:38pm (UTC)
π https://hackerone.com/reports/1100326
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Automattic
πΉ Reported By: #chip_sec
πΉ State: π’ Resolved
πΉ Disclosed: April 29, 2022, 5:38pm (UTC)
com.nextcloud.client bypass the protection lock in andoid app v 3.18.1 latest version.
π https://hackerone.com/reports/1450368
πΉ Severity: Low | π° 200 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #dashingjaved
πΉ State: π’ Resolved
πΉ Disclosed: April 30, 2022, 11:56am (UTC)
π https://hackerone.com/reports/1450368
πΉ Severity: Low | π° 200 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #dashingjaved
πΉ State: π’ Resolved
πΉ Disclosed: April 30, 2022, 11:56am (UTC)
Enumerate class codes via yahoo dork - Can access any course under teacher - Sensitive information leaked
π https://hackerone.com/reports/1514356
πΉ Severity: High
πΉ Reported To: Khan Academy
πΉ Reported By: #bughunterpol
πΉ State: π’ Resolved
πΉ Disclosed: May 1, 2022, 6:05pm (UTC)
π https://hackerone.com/reports/1514356
πΉ Severity: High
πΉ Reported To: Khan Academy
πΉ Reported By: #bughunterpol
πΉ State: π’ Resolved
πΉ Disclosed: May 1, 2022, 6:05pm (UTC)
XSS at videostore.mtnonline.com/GL/*.aspx via all parameters
π https://hackerone.com/reports/1244731
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #homosec
πΉ State: π’ Resolved
πΉ Disclosed: May 1, 2022, 9:20pm (UTC)
π https://hackerone.com/reports/1244731
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #homosec
πΉ State: π’ Resolved
πΉ Disclosed: May 1, 2022, 9:20pm (UTC)
XSS at https://nextapps.mtnonline.com/search/suggest/q/{xss payload}
π https://hackerone.com/reports/1244722
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #homosec
πΉ State: π’ Resolved
πΉ Disclosed: May 1, 2022, 9:20pm (UTC)
π https://hackerone.com/reports/1244722
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #homosec
πΉ State: π’ Resolved
πΉ Disclosed: May 1, 2022, 9:20pm (UTC)
Self-DoS due to template injection via email field in password reset form on access.acronis.com
π https://hackerone.com/reports/1265344
πΉ Severity: No Rating
πΉ Reported To: Acronis
πΉ Reported By: #sudo_bash
πΉ State: βͺοΈ Informative
πΉ Disclosed: May 3, 2022, 6:41am (UTC)
π https://hackerone.com/reports/1265344
πΉ Severity: No Rating
πΉ Reported To: Acronis
πΉ Reported By: #sudo_bash
πΉ State: βͺοΈ Informative
πΉ Disclosed: May 3, 2022, 6:41am (UTC)