RXSS on βββββββββ
π https://hackerone.com/reports/1555582
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #tmz900
πΉ State: π’ Resolved
πΉ Disclosed: June 10, 2022, 2:44pm (UTC)
π https://hackerone.com/reports/1555582
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #tmz900
πΉ State: π’ Resolved
πΉ Disclosed: June 10, 2022, 2:44pm (UTC)
bd-j exploit chain
π https://hackerone.com/reports/1379975
πΉ Severity: High | π° 20,000 USD
πΉ Reported To: PlayStation
πΉ Reported By: #theflow0
πΉ State: π’ Resolved
πΉ Disclosed: June 10, 2022, 8:26pm (UTC)
π https://hackerone.com/reports/1379975
πΉ Severity: High | π° 20,000 USD
πΉ Reported To: PlayStation
πΉ Reported By: #theflow0
πΉ State: π’ Resolved
πΉ Disclosed: June 10, 2022, 8:26pm (UTC)
π3
Email address disclosure via invite token validatiion
π https://hackerone.com/reports/1560072
πΉ Severity: Low | π° 250 USD
πΉ Reported To: TikTok
πΉ Reported By: #noob_but_cut3
πΉ State: π’ Resolved
πΉ Disclosed: June 11, 2022, 12:28am (UTC)
π https://hackerone.com/reports/1560072
πΉ Severity: Low | π° 250 USD
πΉ Reported To: TikTok
πΉ Reported By: #noob_but_cut3
πΉ State: π’ Resolved
πΉ Disclosed: June 11, 2022, 12:28am (UTC)
disclosure the live_analytics information of any livestream.
π https://hackerone.com/reports/1561299
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #datph4m
πΉ State: π’ Resolved
πΉ Disclosed: June 11, 2022, 12:33am (UTC)
π https://hackerone.com/reports/1561299
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #datph4m
πΉ State: π’ Resolved
πΉ Disclosed: June 11, 2022, 12:33am (UTC)
CVE-2022-27779: cookie for trailing dot TLD
π https://hackerone.com/reports/1565615
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: June 11, 2022, 6:58pm (UTC)
π https://hackerone.com/reports/1565615
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: June 11, 2022, 6:58pm (UTC)
π1
CVE-2022-27780: percent-encoded path separator in URL host
π https://hackerone.com/reports/1565619
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: June 11, 2022, 6:58pm (UTC)
π https://hackerone.com/reports/1565619
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: June 11, 2022, 6:58pm (UTC)
CVE-2022-30115: HSTS bypass via trailing dot
π https://hackerone.com/reports/1565622
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: June 11, 2022, 6:58pm (UTC)
π https://hackerone.com/reports/1565622
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: June 11, 2022, 6:58pm (UTC)
All user password hash can be seen from admin panel
π https://hackerone.com/reports/1489892
πΉ Severity: Medium
πΉ Reported To: UPchieve
πΉ Reported By: #dark_haxor
πΉ State: π’ Resolved
πΉ Disclosed: June 11, 2022, 11:31pm (UTC)
π https://hackerone.com/reports/1489892
πΉ Severity: Medium
πΉ Reported To: UPchieve
πΉ Reported By: #dark_haxor
πΉ State: π’ Resolved
πΉ Disclosed: June 11, 2022, 11:31pm (UTC)
π1
lack of rate limit on athentification login page & forgot password page
π https://hackerone.com/reports/1591764
πΉ Severity: Medium
πΉ Reported To: Showmax
πΉ Reported By: #saidkira
πΉ State: βͺοΈ Informative
πΉ Disclosed: June 13, 2022, 7:09am (UTC)
π https://hackerone.com/reports/1591764
πΉ Severity: Medium
πΉ Reported To: Showmax
πΉ Reported By: #saidkira
πΉ State: βͺοΈ Informative
πΉ Disclosed: June 13, 2022, 7:09am (UTC)
Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag
π https://hackerone.com/reports/1530898
πΉ Severity: Medium
πΉ Reported To: Ruby on Rails
πΉ Reported By: #windshock
πΉ State: π’ Resolved
πΉ Disclosed: June 14, 2022, 3:49am (UTC)
π https://hackerone.com/reports/1530898
πΉ Severity: Medium
πΉ Reported To: Ruby on Rails
πΉ Reported By: #windshock
πΉ State: π’ Resolved
πΉ Disclosed: June 14, 2022, 3:49am (UTC)
Reflected Cross Site Scripting at https://www.grouplogic.com/files/glidownload/verify3.asp [Uppercase Filter Bypass]
π https://hackerone.com/reports/1167034
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #ub3rsick
πΉ State: π’ Resolved
πΉ Disclosed: June 14, 2022, 10:20am (UTC)
π https://hackerone.com/reports/1167034
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #ub3rsick
πΉ State: π’ Resolved
πΉ Disclosed: June 14, 2022, 10:20am (UTC)
Reflected Cross Site Scripting at ColdFusion Debugging Panel https://www.grouplogic.com/CFIDE/debug/cf_debugFr.cfm
π https://hackerone.com/reports/1166918
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #ub3rsick
πΉ State: π’ Resolved
πΉ Disclosed: June 14, 2022, 10:20am (UTC)
π https://hackerone.com/reports/1166918
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #ub3rsick
πΉ State: π’ Resolved
πΉ Disclosed: June 14, 2022, 10:20am (UTC)
HTML Injection in E-mail
π https://hackerone.com/reports/1536899
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #mega7
πΉ State: π’ Resolved
πΉ Disclosed: June 14, 2022, 10:21am (UTC)
π https://hackerone.com/reports/1536899
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #mega7
πΉ State: π’ Resolved
πΉ Disclosed: June 14, 2022, 10:21am (UTC)
Hyper Link Injection while signup
π https://hackerone.com/reports/1166073
πΉ Severity: Low
πΉ Reported To: UPchieve
πΉ Reported By: #011alsanosi
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 10:04am (UTC)
π https://hackerone.com/reports/1166073
πΉ Severity: Low
πΉ Reported To: UPchieve
πΉ Reported By: #011alsanosi
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 10:04am (UTC)
CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory
π https://hackerone.com/reports/1582697
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 2:57pm (UTC)
π https://hackerone.com/reports/1582697
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 2:57pm (UTC)
Golang : Hardcoded secret used for signing JWT
π https://hackerone.com/reports/1595009
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #porcupineyhairs
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 2:58pm (UTC)
π https://hackerone.com/reports/1595009
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #porcupineyhairs
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 2:58pm (UTC)
Golang : Add Query To Detect PAM Authorization Bugs
π https://hackerone.com/reports/1597437
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #porcupineyhairs
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 2:58pm (UTC)
π https://hackerone.com/reports/1597437
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #porcupineyhairs
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 2:58pm (UTC)
The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su
π https://hackerone.com/reports/1591504
πΉ Severity: Medium
πΉ Reported To: LinkedIn
πΉ Reported By: #suryasnn
πΉ State: π΄ N/A
πΉ Disclosed: June 15, 2022, 6:18pm (UTC)
π https://hackerone.com/reports/1591504
πΉ Severity: Medium
πΉ Reported To: LinkedIn
πΉ Reported By: #suryasnn
πΉ State: π΄ N/A
πΉ Disclosed: June 15, 2022, 6:18pm (UTC)
Remote 0click exfiltration of Safari user's IP address
π https://hackerone.com/reports/1392211
πΉ Severity: Medium | π° 560 USD
πΉ Reported To: Twitter
πΉ Reported By: #max2x
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 8:00pm (UTC)
π https://hackerone.com/reports/1392211
πΉ Severity: Medium | π° 560 USD
πΉ Reported To: Twitter
πΉ Reported By: #max2x
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 8:00pm (UTC)
Delete direct message history without access the proper conversation_id
π https://hackerone.com/reports/1487804
πΉ Severity: Medium | π° 560 USD
πΉ Reported To: Twitter
πΉ Reported By: #saiful6601
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 8:01pm (UTC)
π https://hackerone.com/reports/1487804
πΉ Severity: Medium | π° 560 USD
πΉ Reported To: Twitter
πΉ Reported By: #saiful6601
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 8:01pm (UTC)
Rate limit Bypass on contact-us through IP Rotator (burp extension)(https://www.linkedin.com/help/linkedin/solve/contact)
π https://hackerone.com/reports/1578121
πΉ Severity: No Rating
πΉ Reported To: LinkedIn
πΉ Reported By: #sachinrajput
πΉ State: π΄ N/A
πΉ Disclosed: June 15, 2022, 9:10pm (UTC)
π https://hackerone.com/reports/1578121
πΉ Severity: No Rating
πΉ Reported To: LinkedIn
πΉ Reported By: #sachinrajput
πΉ State: π΄ N/A
πΉ Disclosed: June 15, 2022, 9:10pm (UTC)