Bugpoint
@bugpoint
1.04K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties πŸ“£

RateπŸ‘‡
https://cutt.ly/bugpoint_rate
FeedbackπŸ‘‡
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.04K subscribers
Bugpoint
curl "globbing" can lead to denial of service attacks

πŸ‘‰ https://hackerone.com/reports/1572120

πŸ”Ή Severity: Low
πŸ”Ή Reported To: curl
πŸ”Ή Reported By: #iylz
πŸ”Ή State: πŸ”΄ N/A
πŸ”Ή Disclosed: June 16, 2022, 3:14pm (UTC)
338 views
Bugpoint
xmlrpc file enabled

πŸ‘‰ https://hackerone.com/reports/1575401

πŸ”Ή Severity: Low
πŸ”Ή Reported To: Yelp
πŸ”Ή Reported By: #happykira0x1
πŸ”Ή State: 🟀 Duplicate
πŸ”Ή Disclosed: June 16, 2022, 7:02pm (UTC)
333 views
Bugpoint
Race condition via project team member invitation system.

πŸ‘‰ https://hackerone.com/reports/1108291

πŸ”Ή Severity: Low | πŸ’° 60 USD
πŸ”Ή Reported To: Enjin
πŸ”Ή Reported By: #akashhamal0x01
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 17, 2022, 8:44am (UTC)
343 views
Bugpoint
CSRF Bypassed on Logout Endpoint

πŸ‘‰ https://hackerone.com/reports/1091403

πŸ”Ή Severity: Low
πŸ”Ή Reported To: Enjin
πŸ”Ή Reported By: #er_salil
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 17, 2022, 8:50am (UTC)
361 views
Bugpoint
sql injection via https://setup.p2p.ihost.com/

πŸ‘‰ https://hackerone.com/reports/1567516

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: IBM
πŸ”Ή Reported By: #exploitmsf
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 17, 2022, 5:47pm (UTC)
πŸ‘1
372 views
Bugpoint
Broken access control

πŸ‘‰ https://hackerone.com/reports/1539426

πŸ”Ή Severity: High
πŸ”Ή Reported To: UPS VDP
πŸ”Ή Reported By: #nayefhamouda
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 18, 2022, 4:40pm (UTC)
355 views
Bugpoint
bypass forced password protection via circles app

πŸ‘‰ https://hackerone.com/reports/1406926

πŸ”Ή Severity: Low | πŸ’° 100 USD
πŸ”Ή Reported To: Nextcloud
πŸ”Ή Reported By: #michag86
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 19, 2022, 8:10am (UTC)
361 views
Bugpoint
Authentication token and CSRF token bypass

πŸ‘‰ https://hackerone.com/reports/998457

πŸ”Ή Severity: High | πŸ’° 300 USD
πŸ”Ή Reported To: Enjin
πŸ”Ή Reported By: #whiteshadow201
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 19, 2022, 12:11pm (UTC)
366 views
Bugpoint
Admin Authentication Bypass Lead to Admin Account Takeover

πŸ‘‰ https://hackerone.com/reports/1490470

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: UPS VDP
πŸ”Ή Reported By: #7odamo
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 20, 2022, 12:18am (UTC)
347 views
Bugpoint
Add more seats by paying less via PUT /v2/seats request manipulation

πŸ‘‰ https://hackerone.com/reports/1446090

πŸ”Ή Severity: Medium | πŸ’° 500 USD
πŸ”Ή Reported To: Krisp
πŸ”Ή Reported By: #life__001
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 20, 2022, 3:41pm (UTC)
❀1πŸ‘1
336 views
Bugpoint
Authentication CSRF resulting in unauthorized account access on Krisp app

πŸ‘‰ https://hackerone.com/reports/1267476

πŸ”Ή Severity: High | πŸ’° 1,000 USD
πŸ”Ή Reported To: Krisp
πŸ”Ή Reported By: #yassineaboukir
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 20, 2022, 3:51pm (UTC)
361 views
Bugpoint
Weak rate limit for SIGN.PLUS email verification

πŸ‘‰ https://hackerone.com/reports/1584569

πŸ”Ή Severity: Low
πŸ”Ή Reported To: Alohi
πŸ”Ή Reported By: #zeesozee
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 21, 2022, 10:53pm (UTC)
388 views
Bugpoint
Able to approve admin approval and change effective status without adding payment details .

πŸ‘‰ https://hackerone.com/reports/1543159

πŸ”Ή Severity: High | πŸ’° 5,000 USD
πŸ”Ή Reported To: Reddit
πŸ”Ή Reported By: #bisesh
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 22, 2022, 5:05am (UTC)
πŸ‘2
417 views
Bugpoint
Bypass for Domain-level redirects (Unvalidated Redirects and Forwar)

πŸ‘‰ https://hackerone.com/reports/1582160

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #thypon
πŸ”Ή State: βšͺ️ Informative
πŸ”Ή Disclosed: June 22, 2022, 10:57pm (UTC)
453 views
Bugpoint
User can link non-public file attachments, leading to file disclose on edit by higher-privileged user

πŸ‘‰ https://hackerone.com/reports/763177

πŸ”Ή Severity: Medium | πŸ’° 500 USD
πŸ”Ή Reported To: Phabricator
πŸ”Ή Reported By: #foobar7
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 26, 2022, 6:25pm (UTC)
339 views
Bugpoint
Credential leak when use two url

πŸ‘‰ https://hackerone.com/reports/1569926

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: curl
πŸ”Ή Reported By: #chen172
πŸ”Ή State: πŸ”΄ N/A
πŸ”Ή Disclosed: June 27, 2022, 6:55am (UTC)
305 views
Bugpoint
CVE-2022-32208: FTP-KRB bad message verification

πŸ‘‰ https://hackerone.com/reports/1590071

πŸ”Ή Severity: Low
πŸ”Ή Reported To: curl
πŸ”Ή Reported By: #nyymi
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 27, 2022, 6:55am (UTC)
257 views
Bugpoint
CVE-2022-32207: Unpreserved file permissions

πŸ‘‰ https://hackerone.com/reports/1573634

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: curl
πŸ”Ή Reported By: #nyymi
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 27, 2022, 6:55am (UTC)
254 views
Bugpoint
CVE-2022-32206: HTTP compression denial of service

πŸ‘‰ https://hackerone.com/reports/1570651

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: curl
πŸ”Ή Reported By: #nyymi
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 27, 2022, 6:55am (UTC)
255 views
Bugpoint
CVE-2022-32205: Set-Cookie denial of service

πŸ‘‰ https://hackerone.com/reports/1569946

πŸ”Ή Severity: Low
πŸ”Ή Reported To: curl
πŸ”Ή Reported By: #nyymi
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 27, 2022, 6:56am (UTC)
256 views
Bugpoint
Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag

πŸ‘‰ https://hackerone.com/reports/1599573

πŸ”Ή Severity: Medium | πŸ’° 2,400 USD
πŸ”Ή Reported To: Internet Bug Bounty
πŸ”Ή Reported By: #windshock
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 27, 2022, 11:46am (UTC)
246 views