Unauthorized Access to Internal Server Panel without Authentication
π https://hackerone.com/reports/1548067
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ahmd_halabi
πΉ State: π’ Resolved
πΉ Disclosed: June 27, 2022, 7:24pm (UTC)
π https://hackerone.com/reports/1548067
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ahmd_halabi
πΉ State: π’ Resolved
πΉ Disclosed: June 27, 2022, 7:24pm (UTC)
CVE-2022-32207: Unpreserved file permissions
π https://hackerone.com/reports/1614331
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: June 27, 2022, 7:52pm (UTC)
π https://hackerone.com/reports/1614331
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: June 27, 2022, 7:52pm (UTC)
CVE-2022-32205: Set-Cookie denial of service
π https://hackerone.com/reports/1614328
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: June 27, 2022, 7:53pm (UTC)
π https://hackerone.com/reports/1614328
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: June 27, 2022, 7:53pm (UTC)
CVE-2022-32206: HTTP compression denial of service
π https://hackerone.com/reports/1614330
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: June 27, 2022, 7:53pm (UTC)
π https://hackerone.com/reports/1614330
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: June 27, 2022, 7:53pm (UTC)
CVE-2022-32208: FTP-KRB bad message verification
π https://hackerone.com/reports/1614332
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: June 27, 2022, 8:09pm (UTC)
π https://hackerone.com/reports/1614332
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: June 27, 2022, 8:09pm (UTC)
XSS Payload on TikTok Seller Center endpoint
π https://hackerone.com/reports/1554048
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #aidilarf_2000
πΉ State: π’ Resolved
πΉ Disclosed: June 29, 2022, 1:10am (UTC)
π https://hackerone.com/reports/1554048
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #aidilarf_2000
πΉ State: π’ Resolved
πΉ Disclosed: June 29, 2022, 1:10am (UTC)
Browser is not following proper flow for redirection cause open redirect
π https://hackerone.com/reports/1579374
πΉ Severity: High | π° 500 USD
πΉ Reported To: Brave Software
πΉ Reported By: #abhinavsecondary
πΉ State: π’ Resolved
πΉ Disclosed: June 30, 2022, 5:45pm (UTC)
π https://hackerone.com/reports/1579374
πΉ Severity: High | π° 500 USD
πΉ Reported To: Brave Software
πΉ Reported By: #abhinavsecondary
πΉ State: π’ Resolved
πΉ Disclosed: June 30, 2022, 5:45pm (UTC)
Redirecting users to malicious torrent-files/websites using WebTorrent
π https://hackerone.com/reports/968328
πΉ Severity: Medium | π° 200 USD
πΉ Reported To: Brave Software
πΉ Reported By: #d3f4u17
πΉ State: π’ Resolved
πΉ Disclosed: June 30, 2022, 5:46pm (UTC)
π https://hackerone.com/reports/968328
πΉ Severity: Medium | π° 200 USD
πΉ Reported To: Brave Software
πΉ Reported By: #d3f4u17
πΉ State: π’ Resolved
πΉ Disclosed: June 30, 2022, 5:46pm (UTC)
Arbitrary file download due to bad handling of Redirects in WebTorrent
π https://hackerone.com/reports/975514
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Brave Software
πΉ Reported By: #d3f4u17
πΉ State: π’ Resolved
πΉ Disclosed: June 30, 2022, 5:46pm (UTC)
π https://hackerone.com/reports/975514
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Brave Software
πΉ Reported By: #d3f4u17
πΉ State: π’ Resolved
πΉ Disclosed: June 30, 2022, 5:46pm (UTC)
Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS
π https://hackerone.com/reports/963155
πΉ Severity: Medium | π° 200 USD
πΉ Reported To: Brave Software
πΉ Reported By: #d3f4u17
πΉ State: π’ Resolved
πΉ Disclosed: June 30, 2022, 5:46pm (UTC)
π https://hackerone.com/reports/963155
πΉ Severity: Medium | π° 200 USD
πΉ Reported To: Brave Software
πΉ Reported By: #d3f4u17
πΉ State: π’ Resolved
πΉ Disclosed: June 30, 2022, 5:46pm (UTC)
Open redirect found on account.brave.com
π https://hackerone.com/reports/1338437
πΉ Severity: Medium | π° 300 USD
πΉ Reported To: Brave Software
πΉ Reported By: #tabaahi
πΉ State: π’ Resolved
πΉ Disclosed: June 30, 2022, 5:47pm (UTC)
π https://hackerone.com/reports/1338437
πΉ Severity: Medium | π° 300 USD
πΉ Reported To: Brave Software
πΉ Reported By: #tabaahi
πΉ State: π’ Resolved
πΉ Disclosed: June 30, 2022, 5:47pm (UTC)
Unauthorized Access - downgraded admin roles to none can still edit projects through brupsuite
π https://hackerone.com/reports/1607756
πΉ Severity: High
πΉ Reported To: Omise
πΉ Reported By: #zombieesshx
πΉ State: π΄ N/A
πΉ Disclosed: July 1, 2022, 4:48pm (UTC)
π https://hackerone.com/reports/1607756
πΉ Severity: High
πΉ Reported To: Omise
πΉ Reported By: #zombieesshx
πΉ State: π΄ N/A
πΉ Disclosed: July 1, 2022, 4:48pm (UTC)
June 2022 Incident Report
π https://hackerone.com/reports/1622449
πΉ Severity: Critical
πΉ Reported To: HackerOne
πΉ Reported By: #jobert
πΉ State: π’ Resolved
πΉ Disclosed: July 1, 2022, 7:13pm (UTC)
π https://hackerone.com/reports/1622449
πΉ Severity: Critical
πΉ Reported To: HackerOne
πΉ Reported By: #jobert
πΉ State: π’ Resolved
πΉ Disclosed: July 1, 2022, 7:13pm (UTC)
Federated editing allows iframing possibly malicious remotes
π https://hackerone.com/reports/1210424
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #rtod
πΉ State: π’ Resolved
πΉ Disclosed: July 2, 2022, 9:10am (UTC)
π https://hackerone.com/reports/1210424
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #rtod
πΉ State: π’ Resolved
πΉ Disclosed: July 2, 2022, 9:10am (UTC)
Moderators can send messages to users from banned subreddits via `oauth.reddit.com/api/mod/conversations`
π https://hackerone.com/reports/1543770
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Reddit
πΉ Reported By: #zqyzoid
πΉ State: π’ Resolved
πΉ Disclosed: July 4, 2022, 12:59pm (UTC)
π https://hackerone.com/reports/1543770
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Reddit
πΉ Reported By: #zqyzoid
πΉ State: π’ Resolved
πΉ Disclosed: July 4, 2022, 12:59pm (UTC)
SMTP Command Injection in iCalendar Attachments to Emails via Newlines
π https://hackerone.com/reports/1516377
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #spaceraccoon
πΉ State: π’ Resolved
πΉ Disclosed: July 4, 2022, 1:10pm (UTC)
π https://hackerone.com/reports/1516377
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #spaceraccoon
πΉ State: π’ Resolved
πΉ Disclosed: July 4, 2022, 1:10pm (UTC)
Reflected XSS on https://wwwapps.ups.com/ctc/request?loc=
π https://hackerone.com/reports/1536461
πΉ Severity: Medium
πΉ Reported To: UPS VDP
πΉ Reported By: #3amoura
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 12:03pm (UTC)
π https://hackerone.com/reports/1536461
πΉ Severity: Medium
πΉ Reported To: UPS VDP
πΉ Reported By: #3amoura
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 12:03pm (UTC)
Reflected Cross site Scripting (XSS) on https://one.newrelic.com
π https://hackerone.com/reports/1367642
πΉ Severity: High | π° 2,048 USD
πΉ Reported To: New Relic
πΉ Reported By: #sairanga
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 1:55pm (UTC)
π https://hackerone.com/reports/1367642
πΉ Severity: High | π° 2,048 USD
πΉ Reported To: New Relic
πΉ Reported By: #sairanga
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 1:55pm (UTC)
Exposure of a valid Gitlab-Workhorse JWT leading to various bad things
π https://hackerone.com/reports/1040786
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: GitLab
πΉ Reported By: #ledz1996
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 4:28pm (UTC)
π https://hackerone.com/reports/1040786
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: GitLab
πΉ Reported By: #ledz1996
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 4:28pm (UTC)
π3
SSRF via Office file thumbnails
π https://hackerone.com/reports/671935
πΉ Severity: Critical | π° 4,000 USD
πΉ Reported To: Slack
πΉ Reported By: #ziot
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 6:40pm (UTC)
π https://hackerone.com/reports/671935
πΉ Severity: Critical | π° 4,000 USD
πΉ Reported To: Slack
πΉ Reported By: #ziot
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 6:40pm (UTC)
π3
Blind User-Agent SQL Injection to Blind Remote OS Command Execution at βββββββββ
π https://hackerone.com/reports/1339430
πΉ Severity: Critical
πΉ Reported To: Sony
πΉ Reported By: #echidonut
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 5:44pm (UTC)
π https://hackerone.com/reports/1339430
πΉ Severity: Critical
πΉ Reported To: Sony
πΉ Reported By: #echidonut
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 5:44pm (UTC)