Blind User-Agent SQL Injection to Blind Remote OS Command Execution at βββββββββ
π https://hackerone.com/reports/1339430
πΉ Severity: Critical
πΉ Reported To: Sony
πΉ Reported By: #echidonut
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 5:44pm (UTC)
π https://hackerone.com/reports/1339430
πΉ Severity: Critical
πΉ Reported To: Sony
πΉ Reported By: #echidonut
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 5:44pm (UTC)
Ownership check missing when updating or deleting attachments
π https://hackerone.com/reports/1579820
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #kesselb
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 5:50pm (UTC)
π https://hackerone.com/reports/1579820
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #kesselb
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 5:50pm (UTC)
Privilege escalation possible in dovecot when similar passdbs are used
π https://hackerone.com/reports/1561579
πΉ Severity: Medium | π° 900 USD
πΉ Reported To: Open-Xchange
πΉ Reported By: #julezman
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 10:41pm (UTC)
π https://hackerone.com/reports/1561579
πΉ Severity: Medium | π° 900 USD
πΉ Reported To: Open-Xchange
πΉ Reported By: #julezman
πΉ State: π’ Resolved
πΉ Disclosed: July 6, 2022, 10:41pm (UTC)
Stack Buffer Overflow via `gmp_sprintf`in `BLSSignature` and `BLSSigShare`
π https://hackerone.com/reports/1546935
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: SKALE Network
πΉ Reported By: #voiddy
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 12:17am (UTC)
π https://hackerone.com/reports/1546935
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: SKALE Network
πΉ Reported By: #voiddy
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 12:17am (UTC)
Remote denial of service in HyperLedger Fabric
π https://hackerone.com/reports/1604951
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #fatal0
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 11:55am (UTC)
π https://hackerone.com/reports/1604951
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #fatal0
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 11:55am (UTC)
Brute force of a current password on a disable 2fa leads to guess password and disable 2fa.
π https://hackerone.com/reports/1465277
πΉ Severity: No Rating
πΉ Reported To: Omise
πΉ Reported By: #sachinrajput
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 4:35pm (UTC)
π https://hackerone.com/reports/1465277
πΉ Severity: No Rating
πΉ Reported To: Omise
πΉ Reported By: #sachinrajput
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 4:35pm (UTC)
HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding
π https://hackerone.com/reports/1501679
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:26pm (UTC)
π https://hackerone.com/reports/1501679
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:26pm (UTC)
HTTP Request Smuggling Due To Improper Delimiting of Header Fields
π https://hackerone.com/reports/1524692
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:26pm (UTC)
π https://hackerone.com/reports/1524692
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:26pm (UTC)
HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding
π https://hackerone.com/reports/1524555
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:28pm (UTC)
π https://hackerone.com/reports/1524555
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:28pm (UTC)
Clickjacking Vulnerability In Whole Page Ads Tiktok
π https://hackerone.com/reports/1418857
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #rioncool22
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 11:18pm (UTC)
π https://hackerone.com/reports/1418857
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #rioncool22
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 11:18pm (UTC)
Exposed valid AWS, Mysql, Sendgrid and other secrets
π https://hackerone.com/reports/1580567
πΉ Severity: Critical
πΉ Reported To: Glovo
πΉ Reported By: #mehdisadir
πΉ State: π’ Resolved
πΉ Disclosed: July 8, 2022, 3:48pm (UTC)
π https://hackerone.com/reports/1580567
πΉ Severity: Critical
πΉ Reported To: Glovo
πΉ Reported By: #mehdisadir
πΉ State: π’ Resolved
πΉ Disclosed: July 8, 2022, 3:48pm (UTC)
Open Redirect through POST Request in www.redditinc.com
π https://hackerone.com/reports/1310230
πΉ Severity: Medium
πΉ Reported To: Reddit
πΉ Reported By: #kratul
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 8, 2022, 7:02pm (UTC)
π https://hackerone.com/reports/1310230
πΉ Severity: Medium
πΉ Reported To: Reddit
πΉ Reported By: #kratul
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 8, 2022, 7:02pm (UTC)
Unauthorized packages modification or secrets exfiltration via GitHub actions
π https://hackerone.com/reports/1548870
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #dusty_wormwood
πΉ State: π’ Resolved
πΉ Disclosed: July 8, 2022, 7:51pm (UTC)
π https://hackerone.com/reports/1548870
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #dusty_wormwood
πΉ State: π’ Resolved
πΉ Disclosed: July 8, 2022, 7:51pm (UTC)
π1
Read beyond bounds in ap_strcmp_match() [zhbug_httpd_47.7]
π https://hackerone.com/reports/1595281
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:39pm (UTC)
π https://hackerone.com/reports/1595281
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:39pm (UTC)
Controllable read beyond bounds in lua_websocket_readbytes() [zhbug_httpd_126]
π https://hackerone.com/reports/1595290
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:45pm (UTC)
π https://hackerone.com/reports/1595290
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:45pm (UTC)
π1
Read beyond bounds in mod_isapi.c [zhbug_httpd_41]
π https://hackerone.com/reports/1595296
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:50pm (UTC)
π https://hackerone.com/reports/1595296
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:50pm (UTC)
Read beyond bounds via ap_rwrite() [zhbug_httpd_47.2]
π https://hackerone.com/reports/1595299
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:54pm (UTC)
π https://hackerone.com/reports/1595299
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:54pm (UTC)
Apache HTTP Server: mod_proxy_ajp: Possible request smuggling
π https://hackerone.com/reports/1594627
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #ricterz
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 7:25pm (UTC)
π https://hackerone.com/reports/1594627
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #ricterz
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 7:25pm (UTC)
DoS via lua_read_body() [zhbug_httpd_94]
π https://hackerone.com/reports/1596252
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 8:19pm (UTC)
π https://hackerone.com/reports/1596252
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 8:19pm (UTC)
Blind SSRF at packagist.maximum.nl
π https://hackerone.com/reports/1538056
πΉ Severity: No Rating | π° 75 USD
πΉ Reported To: Radancy
πΉ Reported By: #dk4trin
πΉ State: π’ Resolved
πΉ Disclosed: July 10, 2022, 12:38pm (UTC)
π https://hackerone.com/reports/1538056
πΉ Severity: No Rating | π° 75 USD
πΉ Reported To: Radancy
πΉ Reported By: #dk4trin
πΉ State: π’ Resolved
πΉ Disclosed: July 10, 2022, 12:38pm (UTC)
Homograph attack bypass cause redirection
π https://hackerone.com/reports/1285245
πΉ Severity: No Rating | π° 50 USD
πΉ Reported To: Vanilla
πΉ Reported By: #malek
πΉ State: π’ Resolved
πΉ Disclosed: July 10, 2022, 9:38pm (UTC)
π https://hackerone.com/reports/1285245
πΉ Severity: No Rating | π° 50 USD
πΉ Reported To: Vanilla
πΉ Reported By: #malek
πΉ State: π’ Resolved
πΉ Disclosed: July 10, 2022, 9:38pm (UTC)