Users who are restricted to use the application because of a "Waiting List" are able to get access to the Beta Application by bypassing the waitlist
π https://hackerone.com/reports/1494308
πΉ Severity: Low
πΉ Reported To: Alohi
πΉ Reported By: #darkknight4688
πΉ State: π’ Resolved
πΉ Disclosed: May 30, 2022, 9:21am (UTC)
π https://hackerone.com/reports/1494308
πΉ Severity: Low
πΉ Reported To: Alohi
πΉ Reported By: #darkknight4688
πΉ State: π’ Resolved
πΉ Disclosed: May 30, 2022, 9:21am (UTC)
Self XSS in attachments name
π https://hackerone.com/reports/1536901
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #mega7
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 9:10am (UTC)
π https://hackerone.com/reports/1536901
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #mega7
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 9:10am (UTC)
π€1
BlIND XSS on https://open.vanillaforums.com
π https://hackerone.com/reports/1189885
πΉ Severity: High | π° 300 USD
πΉ Reported To: Vanilla
πΉ Reported By: #mohit0786
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 10:15am (UTC)
π https://hackerone.com/reports/1189885
πΉ Severity: High | π° 300 USD
πΉ Reported To: Vanilla
πΉ Reported By: #mohit0786
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 10:15am (UTC)
Improper input-size validation on the user new session name can result in server-side DDoS.
π https://hackerone.com/reports/1153138
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #demonia
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 2:37pm (UTC)
π https://hackerone.com/reports/1153138
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #demonia
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 2:37pm (UTC)
CSRF token validation system is disabled on Stripe Dashboard
π https://hackerone.com/reports/1493437
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: Stripe
πΉ Reported By: #rodolfomarianocy
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 5:05pm (UTC)
π https://hackerone.com/reports/1493437
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: Stripe
πΉ Reported By: #rodolfomarianocy
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 5:05pm (UTC)
DOM XSS on www.adobe.com
π https://hackerone.com/reports/1260825
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #saajanbhujel
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 5:14pm (UTC)
π https://hackerone.com/reports/1260825
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #saajanbhujel
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 5:14pm (UTC)
Able to bypass the fix on DOM XSS at [www.adobe.com]
π https://hackerone.com/reports/1398374
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #saajanbhujel
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 5:16pm (UTC)
π https://hackerone.com/reports/1398374
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #saajanbhujel
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 5:16pm (UTC)
Deprecated owners.query API bypasses object view policy
π https://hackerone.com/reports/1584409
πΉ Severity: No Rating | π° 300 USD
πΉ Reported To: Phabricator
πΉ Reported By: #dyls
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 7:14pm (UTC)
π https://hackerone.com/reports/1584409
πΉ Severity: No Rating | π° 300 USD
πΉ Reported To: Phabricator
πΉ Reported By: #dyls
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 7:14pm (UTC)
Django debug enabled showing information about system, database, configuration files
π https://hackerone.com/reports/1561377
πΉ Severity: Medium
πΉ Reported To: Glovo
πΉ Reported By: #omarelfarsaoui
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 9:28pm (UTC)
π https://hackerone.com/reports/1561377
πΉ Severity: Medium
πΉ Reported To: Glovo
πΉ Reported By: #omarelfarsaoui
πΉ State: π’ Resolved
πΉ Disclosed: May 31, 2022, 9:28pm (UTC)
user can bypass password enforcement when federated sharing is enabled
π https://hackerone.com/reports/838510
πΉ Severity: No Rating | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #michag86
πΉ State: π’ Resolved
πΉ Disclosed: June 1, 2022, 1:52pm (UTC)
π https://hackerone.com/reports/838510
πΉ Severity: No Rating | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #michag86
πΉ State: π’ Resolved
πΉ Disclosed: June 1, 2022, 1:52pm (UTC)
Exfiltrate GDrive access token using CSRF
π https://hackerone.com/reports/1468010
πΉ Severity: Medium | π° 1,728 USD
πΉ Reported To: Dropbox
πΉ Reported By: #staz0t
πΉ State: π’ Resolved
πΉ Disclosed: June 1, 2022, 9:04pm (UTC)
π https://hackerone.com/reports/1468010
πΉ Severity: Medium | π° 1,728 USD
πΉ Reported To: Dropbox
πΉ Reported By: #staz0t
πΉ State: π’ Resolved
πΉ Disclosed: June 1, 2022, 9:04pm (UTC)
π₯1
AWS Load Balancer Controller can be used by an attacker to modify rules of any Security Group that they are able to tag
π https://hackerone.com/reports/1238482
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Kubernetes
πΉ Reported By: #t0rr3sp3dr0
πΉ State: π΄ N/A
πΉ Disclosed: June 2, 2022, 12:49am (UTC)
π https://hackerone.com/reports/1238482
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Kubernetes
πΉ Reported By: #t0rr3sp3dr0
πΉ State: π΄ N/A
πΉ Disclosed: June 2, 2022, 12:49am (UTC)
AWS Load Balancer Controller Managed Security Groups can be replaced by an unprivileged attacker
π https://hackerone.com/reports/1238017
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Kubernetes
πΉ Reported By: #t0rr3sp3dr0
πΉ State: π΄ N/A
πΉ Disclosed: June 2, 2022, 12:49am (UTC)
π https://hackerone.com/reports/1238017
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Kubernetes
πΉ Reported By: #t0rr3sp3dr0
πΉ State: π΄ N/A
πΉ Disclosed: June 2, 2022, 12:49am (UTC)
8ybhy85kld9zp9xf84x6.imgur.com Subdomain Takeover
π https://hackerone.com/reports/1527405
πΉ Severity: High | π° 50 USD
πΉ Reported To: Imgur
πΉ Reported By: #mr_baka
πΉ State: π’ Resolved
πΉ Disclosed: June 3, 2022, 5:45pm (UTC)
π https://hackerone.com/reports/1527405
πΉ Severity: High | π° 50 USD
πΉ Reported To: Imgur
πΉ Reported By: #mr_baka
πΉ State: π’ Resolved
πΉ Disclosed: June 3, 2022, 5:45pm (UTC)
Github Account Takeover from Docs page of `kubernetes-csi.github.io`
π https://hackerone.com/reports/1434967
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Kubernetes
πΉ Reported By: #codermak
πΉ State: π’ Resolved
πΉ Disclosed: June 4, 2022, 5:58pm (UTC)
π https://hackerone.com/reports/1434967
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Kubernetes
πΉ Reported By: #codermak
πΉ State: π’ Resolved
πΉ Disclosed: June 4, 2022, 5:58pm (UTC)
KRB-FTP: Security level downgrade
π https://hackerone.com/reports/1590102
πΉ Severity: No Rating
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π΄ N/A
πΉ Disclosed: June 5, 2022, 8:58pm (UTC)
π https://hackerone.com/reports/1590102
πΉ Severity: No Rating
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π΄ N/A
πΉ Disclosed: June 5, 2022, 8:58pm (UTC)
Heap overflow via HTTP/2 PUSH_PROMISE
π https://hackerone.com/reports/1589847
πΉ Severity: Low
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π΄ N/A
πΉ Disclosed: June 5, 2022, 8:59pm (UTC)
π https://hackerone.com/reports/1589847
πΉ Severity: Low
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π΄ N/A
πΉ Disclosed: June 5, 2022, 8:59pm (UTC)
Registered users contact information disclosure on salesforce lightning endpoint https://disposal.gsa.gov
π https://hackerone.com/reports/1443654
πΉ Severity: High
πΉ Reported To: U.S. General Services Administration
πΉ Reported By: #rptl
πΉ State: π’ Resolved
πΉ Disclosed: June 6, 2022, 6:17am (UTC)
π https://hackerone.com/reports/1443654
πΉ Severity: High
πΉ Reported To: U.S. General Services Administration
πΉ Reported By: #rptl
πΉ State: π’ Resolved
πΉ Disclosed: June 6, 2022, 6:17am (UTC)
2 Cache Poisoning Attack Methods Affect Core Functionality www.exodus.com
π https://hackerone.com/reports/1581454
πΉ Severity: High
πΉ Reported To: Exodus
πΉ Reported By: #bismillahfortuner
πΉ State: βͺοΈ Informative
πΉ Disclosed: June 6, 2022, 11:31am (UTC)
π https://hackerone.com/reports/1581454
πΉ Severity: High
πΉ Reported To: Exodus
πΉ Reported By: #bismillahfortuner
πΉ State: βͺοΈ Informative
πΉ Disclosed: June 6, 2022, 11:31am (UTC)
Misconfigurated login page able to lock login action for any account without user interaction
π https://hackerone.com/reports/1582778
πΉ Severity: Critical
πΉ Reported To: Reddit
πΉ Reported By: #h1ugroon
πΉ State: βͺοΈ Informative
πΉ Disclosed: June 6, 2022, 11:10pm (UTC)
π https://hackerone.com/reports/1582778
πΉ Severity: Critical
πΉ Reported To: Reddit
πΉ Reported By: #h1ugroon
πΉ State: βͺοΈ Informative
πΉ Disclosed: June 6, 2022, 11:10pm (UTC)
Stored Cross Site Scripting at https://www.grouplogic.com/ADMIN/store/index.cfm?fa=disprocode
π https://hackerone.com/reports/1164853
πΉ Severity: Medium
πΉ Reported To: Acronis
πΉ Reported By: #ub3rsick
πΉ State: π’ Resolved
πΉ Disclosed: June 7, 2022, 9:25am (UTC)
π https://hackerone.com/reports/1164853
πΉ Severity: Medium
πΉ Reported To: Acronis
πΉ Reported By: #ub3rsick
πΉ State: π’ Resolved
πΉ Disclosed: June 7, 2022, 9:25am (UTC)