Remote denial of service in HyperLedger Fabric
π https://hackerone.com/reports/1604951
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #fatal0
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 11:55am (UTC)
π https://hackerone.com/reports/1604951
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #fatal0
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 11:55am (UTC)
Brute force of a current password on a disable 2fa leads to guess password and disable 2fa.
π https://hackerone.com/reports/1465277
πΉ Severity: No Rating
πΉ Reported To: Omise
πΉ Reported By: #sachinrajput
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 4:35pm (UTC)
π https://hackerone.com/reports/1465277
πΉ Severity: No Rating
πΉ Reported To: Omise
πΉ Reported By: #sachinrajput
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 4:35pm (UTC)
HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding
π https://hackerone.com/reports/1501679
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:26pm (UTC)
π https://hackerone.com/reports/1501679
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:26pm (UTC)
HTTP Request Smuggling Due To Improper Delimiting of Header Fields
π https://hackerone.com/reports/1524692
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:26pm (UTC)
π https://hackerone.com/reports/1524692
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:26pm (UTC)
HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding
π https://hackerone.com/reports/1524555
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:28pm (UTC)
π https://hackerone.com/reports/1524555
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #zeyu2001
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 5:28pm (UTC)
Clickjacking Vulnerability In Whole Page Ads Tiktok
π https://hackerone.com/reports/1418857
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #rioncool22
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 11:18pm (UTC)
π https://hackerone.com/reports/1418857
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #rioncool22
πΉ State: π’ Resolved
πΉ Disclosed: July 7, 2022, 11:18pm (UTC)
Exposed valid AWS, Mysql, Sendgrid and other secrets
π https://hackerone.com/reports/1580567
πΉ Severity: Critical
πΉ Reported To: Glovo
πΉ Reported By: #mehdisadir
πΉ State: π’ Resolved
πΉ Disclosed: July 8, 2022, 3:48pm (UTC)
π https://hackerone.com/reports/1580567
πΉ Severity: Critical
πΉ Reported To: Glovo
πΉ Reported By: #mehdisadir
πΉ State: π’ Resolved
πΉ Disclosed: July 8, 2022, 3:48pm (UTC)
Open Redirect through POST Request in www.redditinc.com
π https://hackerone.com/reports/1310230
πΉ Severity: Medium
πΉ Reported To: Reddit
πΉ Reported By: #kratul
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 8, 2022, 7:02pm (UTC)
π https://hackerone.com/reports/1310230
πΉ Severity: Medium
πΉ Reported To: Reddit
πΉ Reported By: #kratul
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 8, 2022, 7:02pm (UTC)
Unauthorized packages modification or secrets exfiltration via GitHub actions
π https://hackerone.com/reports/1548870
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #dusty_wormwood
πΉ State: π’ Resolved
πΉ Disclosed: July 8, 2022, 7:51pm (UTC)
π https://hackerone.com/reports/1548870
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #dusty_wormwood
πΉ State: π’ Resolved
πΉ Disclosed: July 8, 2022, 7:51pm (UTC)
π1
Read beyond bounds in ap_strcmp_match() [zhbug_httpd_47.7]
π https://hackerone.com/reports/1595281
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:39pm (UTC)
π https://hackerone.com/reports/1595281
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:39pm (UTC)
Controllable read beyond bounds in lua_websocket_readbytes() [zhbug_httpd_126]
π https://hackerone.com/reports/1595290
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:45pm (UTC)
π https://hackerone.com/reports/1595290
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:45pm (UTC)
π1
Read beyond bounds in mod_isapi.c [zhbug_httpd_41]
π https://hackerone.com/reports/1595296
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:50pm (UTC)
π https://hackerone.com/reports/1595296
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:50pm (UTC)
Read beyond bounds via ap_rwrite() [zhbug_httpd_47.2]
π https://hackerone.com/reports/1595299
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:54pm (UTC)
π https://hackerone.com/reports/1595299
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 1:54pm (UTC)
Apache HTTP Server: mod_proxy_ajp: Possible request smuggling
π https://hackerone.com/reports/1594627
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #ricterz
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 7:25pm (UTC)
π https://hackerone.com/reports/1594627
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #ricterz
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 7:25pm (UTC)
DoS via lua_read_body() [zhbug_httpd_94]
π https://hackerone.com/reports/1596252
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 8:19pm (UTC)
π https://hackerone.com/reports/1596252
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #tdp3kel9g
πΉ State: π’ Resolved
πΉ Disclosed: July 9, 2022, 8:19pm (UTC)
Blind SSRF at packagist.maximum.nl
π https://hackerone.com/reports/1538056
πΉ Severity: No Rating | π° 75 USD
πΉ Reported To: Radancy
πΉ Reported By: #dk4trin
πΉ State: π’ Resolved
πΉ Disclosed: July 10, 2022, 12:38pm (UTC)
π https://hackerone.com/reports/1538056
πΉ Severity: No Rating | π° 75 USD
πΉ Reported To: Radancy
πΉ Reported By: #dk4trin
πΉ State: π’ Resolved
πΉ Disclosed: July 10, 2022, 12:38pm (UTC)
Homograph attack bypass cause redirection
π https://hackerone.com/reports/1285245
πΉ Severity: No Rating | π° 50 USD
πΉ Reported To: Vanilla
πΉ Reported By: #malek
πΉ State: π’ Resolved
πΉ Disclosed: July 10, 2022, 9:38pm (UTC)
π https://hackerone.com/reports/1285245
πΉ Severity: No Rating | π° 50 USD
πΉ Reported To: Vanilla
πΉ Reported By: #malek
πΉ State: π’ Resolved
πΉ Disclosed: July 10, 2022, 9:38pm (UTC)
Server Side Template Injection on Name parameter during Sign Up process
π https://hackerone.com/reports/1104349
πΉ Severity: High
πΉ Reported To: Glovo
πΉ Reported By: #battle_angel
πΉ State: π’ Resolved
πΉ Disclosed: July 11, 2022, 8:42am (UTC)
π https://hackerone.com/reports/1104349
πΉ Severity: High
πΉ Reported To: Glovo
πΉ Reported By: #battle_angel
πΉ State: π’ Resolved
πΉ Disclosed: July 11, 2022, 8:42am (UTC)
Getting a free delivery by singing up from "[email protected]"
π https://hackerone.com/reports/1296584
πΉ Severity: Medium
πΉ Reported To: Glovo
πΉ Reported By: #cmuppin
πΉ State: π’ Resolved
πΉ Disclosed: July 11, 2022, 8:42am (UTC)
π https://hackerone.com/reports/1296584
πΉ Severity: Medium
πΉ Reported To: Glovo
πΉ Reported By: #cmuppin
πΉ State: π’ Resolved
πΉ Disclosed: July 11, 2022, 8:42am (UTC)
Mass Account Takeover at https://app.taxjar.com/ - No user Interaction
π https://hackerone.com/reports/1581240
πΉ Severity: Critical | π° 11,500 USD
πΉ Reported To: Stripe
πΉ Reported By: #beerboy_ankit
πΉ State: π’ Resolved
πΉ Disclosed: July 11, 2022, 1:50pm (UTC)
π https://hackerone.com/reports/1581240
πΉ Severity: Critical | π° 11,500 USD
πΉ Reported To: Stripe
πΉ Reported By: #beerboy_ankit
πΉ State: π’ Resolved
πΉ Disclosed: July 11, 2022, 1:50pm (UTC)
π3π2
Able to view hackerone reports attachments
π https://hackerone.com/reports/979787
πΉ Severity: Critical | π° 12,000 USD
πΉ Reported To: GitLab
πΉ Reported By: #sateeshn
πΉ State: π’ Resolved
πΉ Disclosed: July 11, 2022, 4:00pm (UTC)
π https://hackerone.com/reports/979787
πΉ Severity: Critical | π° 12,000 USD
πΉ Reported To: GitLab
πΉ Reported By: #sateeshn
πΉ State: π’ Resolved
πΉ Disclosed: July 11, 2022, 4:00pm (UTC)
π€―3π1