Unauthorized Access - downgraded admin roles to none can still edit projects through brupsuite
π https://hackerone.com/reports/1607756
πΉ Severity: High
πΉ Reported To: Omise
πΉ Reported By: #zombieesshx
πΉ State: π΄ N/A
πΉ Disclosed: July 1, 2022, 4:48pm (UTC)
π https://hackerone.com/reports/1607756
πΉ Severity: High
πΉ Reported To: Omise
πΉ Reported By: #zombieesshx
πΉ State: π΄ N/A
πΉ Disclosed: July 1, 2022, 4:48pm (UTC)
June 2022 Incident Report
π https://hackerone.com/reports/1622449
πΉ Severity: Critical
πΉ Reported To: HackerOne
πΉ Reported By: #jobert
πΉ State: π’ Resolved
πΉ Disclosed: July 1, 2022, 7:13pm (UTC)
π https://hackerone.com/reports/1622449
πΉ Severity: Critical
πΉ Reported To: HackerOne
πΉ Reported By: #jobert
πΉ State: π’ Resolved
πΉ Disclosed: July 1, 2022, 7:13pm (UTC)
Federated editing allows iframing possibly malicious remotes
π https://hackerone.com/reports/1210424
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #rtod
πΉ State: π’ Resolved
πΉ Disclosed: July 2, 2022, 9:10am (UTC)
π https://hackerone.com/reports/1210424
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #rtod
πΉ State: π’ Resolved
πΉ Disclosed: July 2, 2022, 9:10am (UTC)
Moderators can send messages to users from banned subreddits via `oauth.reddit.com/api/mod/conversations`
π https://hackerone.com/reports/1543770
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Reddit
πΉ Reported By: #zqyzoid
πΉ State: π’ Resolved
πΉ Disclosed: July 4, 2022, 12:59pm (UTC)
π https://hackerone.com/reports/1543770
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Reddit
πΉ Reported By: #zqyzoid
πΉ State: π’ Resolved
πΉ Disclosed: July 4, 2022, 12:59pm (UTC)
SMTP Command Injection in iCalendar Attachments to Emails via Newlines
π https://hackerone.com/reports/1516377
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #spaceraccoon
πΉ State: π’ Resolved
πΉ Disclosed: July 4, 2022, 1:10pm (UTC)
π https://hackerone.com/reports/1516377
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #spaceraccoon
πΉ State: π’ Resolved
πΉ Disclosed: July 4, 2022, 1:10pm (UTC)
Reflected XSS on https://wwwapps.ups.com/ctc/request?loc=
π https://hackerone.com/reports/1536461
πΉ Severity: Medium
πΉ Reported To: UPS VDP
πΉ Reported By: #3amoura
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 12:03pm (UTC)
π https://hackerone.com/reports/1536461
πΉ Severity: Medium
πΉ Reported To: UPS VDP
πΉ Reported By: #3amoura
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 12:03pm (UTC)
Reflected Cross site Scripting (XSS) on https://one.newrelic.com
π https://hackerone.com/reports/1367642
πΉ Severity: High | π° 2,048 USD
πΉ Reported To: New Relic
πΉ Reported By: #sairanga
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 1:55pm (UTC)
π https://hackerone.com/reports/1367642
πΉ Severity: High | π° 2,048 USD
πΉ Reported To: New Relic
πΉ Reported By: #sairanga
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 1:55pm (UTC)
Exposure of a valid Gitlab-Workhorse JWT leading to various bad things
π https://hackerone.com/reports/1040786
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: GitLab
πΉ Reported By: #ledz1996
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 4:28pm (UTC)
π https://hackerone.com/reports/1040786
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: GitLab
πΉ Reported By: #ledz1996
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 4:28pm (UTC)
π3
SSRF via Office file thumbnails
π https://hackerone.com/reports/671935
πΉ Severity: Critical | π° 4,000 USD
πΉ Reported To: Slack
πΉ Reported By: #ziot
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 6:40pm (UTC)
π https://hackerone.com/reports/671935
πΉ Severity: Critical | π° 4,000 USD
πΉ Reported To: Slack
πΉ Reported By: #ziot
πΉ State: π’ Resolved
πΉ Disclosed: July 5, 2022, 6:40pm (UTC)
π3
Blind User-Agent SQL Injection to Blind Remote OS Command Execution at βββββββββ
π https://hackerone.com/reports/1339430
πΉ Severity: Critical
πΉ Reported To: Sony
πΉ Reported By: #echidonut
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 5:44pm (UTC)
π https://hackerone.com/reports/1339430
πΉ Severity: Critical
πΉ Reported To: Sony
πΉ Reported By: #echidonut
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 5:44pm (UTC)
Ownership check missing when updating or deleting attachments
π https://hackerone.com/reports/1579820
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #kesselb
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 5:50pm (UTC)
π https://hackerone.com/reports/1579820
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #kesselb
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 5:50pm (UTC)
Privilege escalation possible in dovecot when similar passdbs are used
π https://hackerone.com/reports/1561579
πΉ Severity: Medium | π° 900 USD
πΉ Reported To: Open-Xchange
πΉ Reported By: #julezman
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 10:41pm (UTC)
π https://hackerone.com/reports/1561579
πΉ Severity: Medium | π° 900 USD
πΉ Reported To: Open-Xchange
πΉ Reported By: #julezman
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 10:41pm (UTC)
Stack Buffer Overflow via `gmp_sprintf`in `BLSSignature` and `BLSSigShare`
π https://hackerone.com/reports/1546935
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: SKALE Network
πΉ Reported By: #voiddy
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 12:17am (UTC)
π https://hackerone.com/reports/1546935
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: SKALE Network
πΉ Reported By: #voiddy
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 12:17am (UTC)
Remote denial of service in HyperLedger Fabric
π https://hackerone.com/reports/1604951
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #fatal0
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 11:55am (UTC)
π https://hackerone.com/reports/1604951
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #fatal0
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 11:55am (UTC)
Brute force of a current password on a disable 2fa leads to guess password and disable 2fa.
π https://hackerone.com/reports/1465277
πΉ Severity: No Rating
πΉ Reported To: Omise
πΉ Reported By: #sachinrajput
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 4:35pm (UTC)
π https://hackerone.com/reports/1465277
πΉ Severity: No Rating
πΉ Reported To: Omise
πΉ Reported By: #sachinrajput
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 4:35pm (UTC)
HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding
π https://hackerone.com/reports/1501679
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:26pm (UTC)
π https://hackerone.com/reports/1501679
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:26pm (UTC)
HTTP Request Smuggling Due To Improper Delimiting of Header Fields
π https://hackerone.com/reports/1524692
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:26pm (UTC)
π https://hackerone.com/reports/1524692
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:26pm (UTC)
HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding
π https://hackerone.com/reports/1524555
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:28pm (UTC)
π https://hackerone.com/reports/1524555
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:28pm (UTC)
Clickjacking Vulnerability In Whole Page Ads Tiktok
π https://hackerone.com/reports/1418857
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #rioncool22
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 11:18pm (UTC)
π https://hackerone.com/reports/1418857
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #rioncool22
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 11:18pm (UTC)
Exposed valid AWS, Mysql, Sendgrid and other secrets
π https://hackerone.com/reports/1580567
πΉ Severity: Critical
πΉ Reported To: Glovo
πΉ Reported By: #mehdisadir
πΉ State: π’ Resolved
πΉ Disclosed: July 8, 2022, 3:48pm (UTC)
π https://hackerone.com/reports/1580567
πΉ Severity: Critical
πΉ Reported To: Glovo
πΉ Reported By: #mehdisadir
πΉ State: π’ Resolved
πΉ Disclosed: July 8, 2022, 3:48pm (UTC)
Open Redirect through POST Request in www.redditinc.com
π https://hackerone.com/reports/1310230
πΉ Severity: Medium
πΉ Reported To: Reddit
πΉ Reported By: #kratul
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 8, 2022, 7:02pm (UTC)
π https://hackerone.com/reports/1310230
πΉ Severity: Medium
πΉ Reported To: Reddit
πΉ Reported By: #kratul
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 8, 2022, 7:02pm (UTC)