CVE-2021-40438 on cp-eu2.acronis.com
π https://hackerone.com/reports/1370731
πΉ Severity: High | π° 150 USD
πΉ Reported To: Acronis
πΉ Reported By: #savik
πΉ State: π’ Resolved
πΉ Disclosed: July 13, 2022, 3:17am (UTC)
π https://hackerone.com/reports/1370731
πΉ Severity: High | π° 150 USD
πΉ Reported To: Acronis
πΉ Reported By: #savik
πΉ State: π’ Resolved
πΉ Disclosed: July 13, 2022, 3:17am (UTC)
rubygems.org Batching attack to `confirmation_token` by bypass rate limit
π https://hackerone.com/reports/1559262
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #ooooooo_q
πΉ State: π’ Resolved
πΉ Disclosed: July 13, 2022, 4:04am (UTC)
π https://hackerone.com/reports/1559262
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #ooooooo_q
πΉ State: π’ Resolved
πΉ Disclosed: July 13, 2022, 4:04am (UTC)
One Click XSS in [www.shopify.com]
π https://hackerone.com/reports/1563334
πΉ Severity: No Rating | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #comwrg
πΉ State: π’ Resolved
πΉ Disclosed: July 13, 2022, 6:13am (UTC)
π https://hackerone.com/reports/1563334
πΉ Severity: No Rating | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #comwrg
πΉ State: π’ Resolved
πΉ Disclosed: July 13, 2022, 6:13am (UTC)
Undici ProxyAgent vulnerable to MITM
π https://hackerone.com/reports/1599063
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #pimterry
πΉ State: π’ Resolved
πΉ Disclosed: July 13, 2022, 1:20pm (UTC)
π https://hackerone.com/reports/1599063
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #pimterry
πΉ State: π’ Resolved
πΉ Disclosed: July 13, 2022, 1:20pm (UTC)
Undici does not use CONNECT or otherwise validate upstream HTTPS certificates when using a proxy
π https://hackerone.com/reports/1583680
πΉ Severity: High
πΉ Reported To: Node.js
πΉ Reported By: #pimterry
πΉ State: π’ Resolved
πΉ Disclosed: July 13, 2022, 2:47pm (UTC)
π https://hackerone.com/reports/1583680
πΉ Severity: High
πΉ Reported To: Node.js
πΉ Reported By: #pimterry
πΉ State: π’ Resolved
πΉ Disclosed: July 13, 2022, 2:47pm (UTC)
Stored XSS for Grafana dashboard URL
π https://hackerone.com/reports/684268
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: GitLab
πΉ Reported By: #xanbanx
πΉ State: π’ Resolved
πΉ Disclosed: July 13, 2022, 3:12pm (UTC)
π https://hackerone.com/reports/684268
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: GitLab
πΉ Reported By: #xanbanx
πΉ State: π’ Resolved
πΉ Disclosed: July 13, 2022, 3:12pm (UTC)
π1
[h1-2102] shopApps query from the graphql at /users/api returns all existing created apps, including private ones
π https://hackerone.com/reports/1085332
πΉ Severity: Medium | π° 1,900 USD
πΉ Reported To: Shopify
πΉ Reported By: #inhibitor181
πΉ State: π’ Resolved
πΉ Disclosed: July 15, 2022, 8:23am (UTC)
π https://hackerone.com/reports/1085332
πΉ Severity: Medium | π° 1,900 USD
πΉ Reported To: Shopify
πΉ Reported By: #inhibitor181
πΉ State: π’ Resolved
πΉ Disclosed: July 15, 2022, 8:23am (UTC)
π3
POST BASED REFLECTED XSS IN dailydeals.mtn.co.za
π https://hackerone.com/reports/1451394
πΉ Severity: High
πΉ Reported To: MTN Group
πΉ Reported By: #shuvam321
πΉ State: π’ Resolved
πΉ Disclosed: July 15, 2022, 9:56am (UTC)
π https://hackerone.com/reports/1451394
πΉ Severity: High
πΉ Reported To: MTN Group
πΉ Reported By: #shuvam321
πΉ State: π’ Resolved
πΉ Disclosed: July 15, 2022, 9:56am (UTC)
Add me email address Authentication bypass
π https://hackerone.com/reports/1607645
πΉ Severity: No Rating
πΉ Reported To: LinkedIn
πΉ Reported By: #raajeevrathnam
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 15, 2022, 4:33pm (UTC)
π https://hackerone.com/reports/1607645
πΉ Severity: No Rating
πΉ Reported To: LinkedIn
πΉ Reported By: #raajeevrathnam
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 15, 2022, 4:33pm (UTC)
Insecure Object Permissions for Guest User leads to access to internal documents!
π https://hackerone.com/reports/1089583
πΉ Severity: Critical
πΉ Reported To: IBM
πΉ Reported By: #mocr7
πΉ State: π’ Resolved
πΉ Disclosed: July 15, 2022, 5:40pm (UTC)
π https://hackerone.com/reports/1089583
πΉ Severity: Critical
πΉ Reported To: IBM
πΉ Reported By: #mocr7
πΉ State: π’ Resolved
πΉ Disclosed: July 15, 2022, 5:40pm (UTC)
Can use the Reddit android app as usual even though revoking the access of it from reddit.com
π https://hackerone.com/reports/1632186
πΉ Severity: Critical
πΉ Reported To: Reddit
πΉ Reported By: #sateeshn
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 16, 2022, 11:10am (UTC)
π https://hackerone.com/reports/1632186
πΉ Severity: Critical
πΉ Reported To: Reddit
πΉ Reported By: #sateeshn
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 16, 2022, 11:10am (UTC)
Information disclosure ( Google Sales Channel )
π https://hackerone.com/reports/1584718
πΉ Severity: No Rating | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #hydraxanon82
πΉ State: π’ Resolved
πΉ Disclosed: July 17, 2022, 2:10pm (UTC)
π https://hackerone.com/reports/1584718
πΉ Severity: No Rating | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #hydraxanon82
πΉ State: π’ Resolved
πΉ Disclosed: July 17, 2022, 2:10pm (UTC)
Open Redirect βββ.8x8.com
π https://hackerone.com/reports/1637571
πΉ Severity: Low
πΉ Reported To: 8x8
πΉ Reported By: #mr_k0anti
πΉ State: π’ Resolved
πΉ Disclosed: July 17, 2022, 11:54pm (UTC)
π https://hackerone.com/reports/1637571
πΉ Severity: Low
πΉ Reported To: 8x8
πΉ Reported By: #mr_k0anti
πΉ State: π’ Resolved
πΉ Disclosed: July 17, 2022, 11:54pm (UTC)
Public Apache Tomcat /examples example directory
π https://hackerone.com/reports/1622624
πΉ Severity: Medium
πΉ Reported To: 8x8
πΉ Reported By: #mr_k0anti
πΉ State: π’ Resolved
πΉ Disclosed: July 18, 2022, 12:04am (UTC)
π https://hackerone.com/reports/1622624
πΉ Severity: Medium
πΉ Reported To: 8x8
πΉ Reported By: #mr_k0anti
πΉ State: π’ Resolved
πΉ Disclosed: July 18, 2022, 12:04am (UTC)
CVE-2019-11248 on https://β.β.β.β:9100/debug/pprof/goroutine
π https://hackerone.com/reports/1607940
πΉ Severity: Low
πΉ Reported To: 8x8
πΉ Reported By: #mr_k0anti
πΉ State: π’ Resolved
πΉ Disclosed: July 18, 2022, 12:14am (UTC)
π https://hackerone.com/reports/1607940
πΉ Severity: Low
πΉ Reported To: 8x8
πΉ Reported By: #mr_k0anti
πΉ State: π’ Resolved
πΉ Disclosed: July 18, 2022, 12:14am (UTC)
Cross-site scripting (DOM-based)
π https://hackerone.com/reports/1512644
πΉ Severity: Medium
πΉ Reported To: OneWeb
πΉ Reported By: #thewikiii
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 18, 2022, 9:50am (UTC)
π https://hackerone.com/reports/1512644
πΉ Severity: Medium
πΉ Reported To: OneWeb
πΉ Reported By: #thewikiii
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 18, 2022, 9:50am (UTC)
unauth mosquitto ( client emails, ips, license keys exposure )
π https://hackerone.com/reports/1578574
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Acronis
πΉ Reported By: #second_grade_pentester
πΉ State: π’ Resolved
πΉ Disclosed: July 18, 2022, 11:39am (UTC)
π https://hackerone.com/reports/1578574
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Acronis
πΉ Reported By: #second_grade_pentester
πΉ State: π’ Resolved
πΉ Disclosed: July 18, 2022, 11:39am (UTC)
subdomain takeover at odoo-staging.exness.io
π https://hackerone.com/reports/1540252
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: EXNESS
πΉ Reported By: #omer
πΉ State: π’ Resolved
πΉ Disclosed: July 18, 2022, 2:43pm (UTC)
π https://hackerone.com/reports/1540252
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: EXNESS
πΉ Reported By: #omer
πΉ State: π’ Resolved
πΉ Disclosed: July 18, 2022, 2:43pm (UTC)
Without verifying email and activate account, user can perform all action which are not supposed to be done
π https://hackerone.com/reports/1272305
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Stripe
πΉ Reported By: #tabaahi
πΉ State: π’ Resolved
πΉ Disclosed: July 18, 2022, 3:44pm (UTC)
π https://hackerone.com/reports/1272305
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Stripe
πΉ Reported By: #tabaahi
πΉ State: π’ Resolved
πΉ Disclosed: July 18, 2022, 3:44pm (UTC)
HTML Injection in E-mail Not Resolved ()
π https://hackerone.com/reports/1600720
πΉ Severity: Medium
πΉ Reported To: Acronis
πΉ Reported By: #thewikiii
πΉ State: π’ Resolved
πΉ Disclosed: July 19, 2022, 9:11am (UTC)
π https://hackerone.com/reports/1600720
πΉ Severity: Medium
πΉ Reported To: Acronis
πΉ Reported By: #thewikiii
πΉ State: π’ Resolved
πΉ Disclosed: July 19, 2022, 9:11am (UTC)
LFI via Jolokia at https://β.β.β.β:1293
π https://hackerone.com/reports/1641661
πΉ Severity: Medium
πΉ Reported To: 8x8
πΉ Reported By: #shuvam321
πΉ State: π’ Resolved
πΉ Disclosed: July 20, 2022, 12:30am (UTC)
π https://hackerone.com/reports/1641661
πΉ Severity: Medium
πΉ Reported To: 8x8
πΉ Reported By: #shuvam321
πΉ State: π’ Resolved
πΉ Disclosed: July 20, 2022, 12:30am (UTC)
π1