Reflected Cross Site Scripting at ColdFusion Debugging Panel https://www.grouplogic.com/CFIDE/debug/cf_debugFr.cfm
π https://hackerone.com/reports/1166918
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #ub3rsick
πΉ State: π’ Resolved
πΉ Disclosed: June 14, 2022, 10:20am (UTC)
π https://hackerone.com/reports/1166918
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #ub3rsick
πΉ State: π’ Resolved
πΉ Disclosed: June 14, 2022, 10:20am (UTC)
HTML Injection in E-mail
π https://hackerone.com/reports/1536899
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #mega7
πΉ State: π’ Resolved
πΉ Disclosed: June 14, 2022, 10:21am (UTC)
π https://hackerone.com/reports/1536899
πΉ Severity: Low
πΉ Reported To: Acronis
πΉ Reported By: #mega7
πΉ State: π’ Resolved
πΉ Disclosed: June 14, 2022, 10:21am (UTC)
Hyper Link Injection while signup
π https://hackerone.com/reports/1166073
πΉ Severity: Low
πΉ Reported To: UPchieve
πΉ Reported By: #011alsanosi
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 10:04am (UTC)
π https://hackerone.com/reports/1166073
πΉ Severity: Low
πΉ Reported To: UPchieve
πΉ Reported By: #011alsanosi
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 10:04am (UTC)
CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory
π https://hackerone.com/reports/1582697
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 2:57pm (UTC)
π https://hackerone.com/reports/1582697
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 2:57pm (UTC)
Golang : Hardcoded secret used for signing JWT
π https://hackerone.com/reports/1595009
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #porcupineyhairs
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 2:58pm (UTC)
π https://hackerone.com/reports/1595009
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #porcupineyhairs
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 2:58pm (UTC)
Golang : Add Query To Detect PAM Authorization Bugs
π https://hackerone.com/reports/1597437
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #porcupineyhairs
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 2:58pm (UTC)
π https://hackerone.com/reports/1597437
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #porcupineyhairs
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 2:58pm (UTC)
The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su
π https://hackerone.com/reports/1591504
πΉ Severity: Medium
πΉ Reported To: LinkedIn
πΉ Reported By: #suryasnn
πΉ State: π΄ N/A
πΉ Disclosed: June 15, 2022, 6:18pm (UTC)
π https://hackerone.com/reports/1591504
πΉ Severity: Medium
πΉ Reported To: LinkedIn
πΉ Reported By: #suryasnn
πΉ State: π΄ N/A
πΉ Disclosed: June 15, 2022, 6:18pm (UTC)
Remote 0click exfiltration of Safari user's IP address
π https://hackerone.com/reports/1392211
πΉ Severity: Medium | π° 560 USD
πΉ Reported To: Twitter
πΉ Reported By: #max2x
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 8:00pm (UTC)
π https://hackerone.com/reports/1392211
πΉ Severity: Medium | π° 560 USD
πΉ Reported To: Twitter
πΉ Reported By: #max2x
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 8:00pm (UTC)
Delete direct message history without access the proper conversation_id
π https://hackerone.com/reports/1487804
πΉ Severity: Medium | π° 560 USD
πΉ Reported To: Twitter
πΉ Reported By: #saiful6601
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 8:01pm (UTC)
π https://hackerone.com/reports/1487804
πΉ Severity: Medium | π° 560 USD
πΉ Reported To: Twitter
πΉ Reported By: #saiful6601
πΉ State: π’ Resolved
πΉ Disclosed: June 15, 2022, 8:01pm (UTC)
Rate limit Bypass on contact-us through IP Rotator (burp extension)(https://www.linkedin.com/help/linkedin/solve/contact)
π https://hackerone.com/reports/1578121
πΉ Severity: No Rating
πΉ Reported To: LinkedIn
πΉ Reported By: #sachinrajput
πΉ State: π΄ N/A
πΉ Disclosed: June 15, 2022, 9:10pm (UTC)
π https://hackerone.com/reports/1578121
πΉ Severity: No Rating
πΉ Reported To: LinkedIn
πΉ Reported By: #sachinrajput
πΉ State: π΄ N/A
πΉ Disclosed: June 15, 2022, 9:10pm (UTC)
XSS STORED at https://webcast.tiktokv.com/ Via Create Live Event in `Description` Form
π https://hackerone.com/reports/1542703
πΉ Severity: Medium | π° 1,500 USD
πΉ Reported To: TikTok
πΉ Reported By: #aidilarf_2000
πΉ State: π’ Resolved
πΉ Disclosed: June 16, 2022, 1:58am (UTC)
π https://hackerone.com/reports/1542703
πΉ Severity: Medium | π° 1,500 USD
πΉ Reported To: TikTok
πΉ Reported By: #aidilarf_2000
πΉ State: π’ Resolved
πΉ Disclosed: June 16, 2022, 1:58am (UTC)
CSRF (protection bypassed) to force a below 18 user into viewing an nsfw subreddit !
π https://hackerone.com/reports/1480569
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Reddit
πΉ Reported By: #marvelmaniac
πΉ State: π’ Resolved
πΉ Disclosed: June 16, 2022, 4:27am (UTC)
π https://hackerone.com/reports/1480569
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Reddit
πΉ Reported By: #marvelmaniac
πΉ State: π’ Resolved
πΉ Disclosed: June 16, 2022, 4:27am (UTC)
curl "globbing" can lead to denial of service attacks
π https://hackerone.com/reports/1572120
πΉ Severity: Low
πΉ Reported To: curl
πΉ Reported By: #iylz
πΉ State: π΄ N/A
πΉ Disclosed: June 16, 2022, 3:14pm (UTC)
π https://hackerone.com/reports/1572120
πΉ Severity: Low
πΉ Reported To: curl
πΉ Reported By: #iylz
πΉ State: π΄ N/A
πΉ Disclosed: June 16, 2022, 3:14pm (UTC)
xmlrpc file enabled
π https://hackerone.com/reports/1575401
πΉ Severity: Low
πΉ Reported To: Yelp
πΉ Reported By: #happykira0x1
πΉ State: π€ Duplicate
πΉ Disclosed: June 16, 2022, 7:02pm (UTC)
π https://hackerone.com/reports/1575401
πΉ Severity: Low
πΉ Reported To: Yelp
πΉ Reported By: #happykira0x1
πΉ State: π€ Duplicate
πΉ Disclosed: June 16, 2022, 7:02pm (UTC)
Race condition via project team member invitation system.
π https://hackerone.com/reports/1108291
πΉ Severity: Low | π° 60 USD
πΉ Reported To: Enjin
πΉ Reported By: #akashhamal0x01
πΉ State: π’ Resolved
πΉ Disclosed: June 17, 2022, 8:44am (UTC)
π https://hackerone.com/reports/1108291
πΉ Severity: Low | π° 60 USD
πΉ Reported To: Enjin
πΉ Reported By: #akashhamal0x01
πΉ State: π’ Resolved
πΉ Disclosed: June 17, 2022, 8:44am (UTC)
CSRF Bypassed on Logout Endpoint
π https://hackerone.com/reports/1091403
πΉ Severity: Low
πΉ Reported To: Enjin
πΉ Reported By: #er_salil
πΉ State: π’ Resolved
πΉ Disclosed: June 17, 2022, 8:50am (UTC)
π https://hackerone.com/reports/1091403
πΉ Severity: Low
πΉ Reported To: Enjin
πΉ Reported By: #er_salil
πΉ State: π’ Resolved
πΉ Disclosed: June 17, 2022, 8:50am (UTC)
sql injection via https://setup.p2p.ihost.com/
π https://hackerone.com/reports/1567516
πΉ Severity: Critical
πΉ Reported To: IBM
πΉ Reported By: #exploitmsf
πΉ State: π’ Resolved
πΉ Disclosed: June 17, 2022, 5:47pm (UTC)
π https://hackerone.com/reports/1567516
πΉ Severity: Critical
πΉ Reported To: IBM
πΉ Reported By: #exploitmsf
πΉ State: π’ Resolved
πΉ Disclosed: June 17, 2022, 5:47pm (UTC)
π1
Broken access control
π https://hackerone.com/reports/1539426
πΉ Severity: High
πΉ Reported To: UPS VDP
πΉ Reported By: #nayefhamouda
πΉ State: π’ Resolved
πΉ Disclosed: June 18, 2022, 4:40pm (UTC)
π https://hackerone.com/reports/1539426
πΉ Severity: High
πΉ Reported To: UPS VDP
πΉ Reported By: #nayefhamouda
πΉ State: π’ Resolved
πΉ Disclosed: June 18, 2022, 4:40pm (UTC)
bypass forced password protection via circles app
π https://hackerone.com/reports/1406926
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #michag86
πΉ State: π’ Resolved
πΉ Disclosed: June 19, 2022, 8:10am (UTC)
π https://hackerone.com/reports/1406926
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #michag86
πΉ State: π’ Resolved
πΉ Disclosed: June 19, 2022, 8:10am (UTC)
Authentication token and CSRF token bypass
π https://hackerone.com/reports/998457
πΉ Severity: High | π° 300 USD
πΉ Reported To: Enjin
πΉ Reported By: #whiteshadow201
πΉ State: π’ Resolved
πΉ Disclosed: June 19, 2022, 12:11pm (UTC)
π https://hackerone.com/reports/998457
πΉ Severity: High | π° 300 USD
πΉ Reported To: Enjin
πΉ Reported By: #whiteshadow201
πΉ State: π’ Resolved
πΉ Disclosed: June 19, 2022, 12:11pm (UTC)
Admin Authentication Bypass Lead to Admin Account Takeover
π https://hackerone.com/reports/1490470
πΉ Severity: Medium
πΉ Reported To: UPS VDP
πΉ Reported By: #7odamo
πΉ State: π’ Resolved
πΉ Disclosed: June 20, 2022, 12:18am (UTC)
π https://hackerone.com/reports/1490470
πΉ Severity: Medium
πΉ Reported To: UPS VDP
πΉ Reported By: #7odamo
πΉ State: π’ Resolved
πΉ Disclosed: June 20, 2022, 12:18am (UTC)