Possible to make restricted files public on Phabricator via Diffusion
π https://hackerone.com/reports/1560717
πΉ Severity: No Rating | π° 2,000 USD
πΉ Reported To: Phabricator
πΉ Reported By: #dyls
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2022, 10:37pm (UTC)
π https://hackerone.com/reports/1560717
πΉ Severity: No Rating | π° 2,000 USD
πΉ Reported To: Phabricator
πΉ Reported By: #dyls
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2022, 10:37pm (UTC)
Open redirection at https://smartreports.mtncameroon.net
π https://hackerone.com/reports/1530396
πΉ Severity: Low
πΉ Reported To: MTN Group
πΉ Reported By: #vulnera
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2022, 1:38am (UTC)
π https://hackerone.com/reports/1530396
πΉ Severity: Low
πΉ Reported To: MTN Group
πΉ Reported By: #vulnera
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2022, 1:38am (UTC)
Corsa Site Scripting Vulnerability (XSS)
π https://hackerone.com/reports/1650210
πΉ Severity: High
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: π΄ N/A
πΉ Disclosed: July 30, 2022, 2:37pm (UTC)
π https://hackerone.com/reports/1650210
πΉ Severity: High
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: π΄ N/A
πΉ Disclosed: July 30, 2022, 2:37pm (UTC)
Open S3 Bucket Accessible by any Aws User
π https://hackerone.com/reports/1654145
πΉ Severity: No Rating
πΉ Reported To: GoCD
πΉ Reported By: #khalidou
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2022, 3:02am (UTC)
π https://hackerone.com/reports/1654145
πΉ Severity: No Rating
πΉ Reported To: GoCD
πΉ Reported By: #khalidou
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2022, 3:02am (UTC)
Race condition on https://judge.me/people
π https://hackerone.com/reports/1566017
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Judge.me
πΉ Reported By: #netboom
πΉ State: π’ Resolved
πΉ Disclosed: August 1, 2022, 5:28am (UTC)
π https://hackerone.com/reports/1566017
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Judge.me
πΉ Reported By: #netboom
πΉ State: π’ Resolved
πΉ Disclosed: August 1, 2022, 5:28am (UTC)
π1
Insecure use of shell.openExternal() in Rocket.Chat Desktop App leading to RCE
π https://hackerone.com/reports/924151
πΉ Severity: Critical
πΉ Reported To: Rocket.Chat
πΉ Reported By: #baltpeter
πΉ State: π’ Resolved
πΉ Disclosed: August 1, 2022, 10:17am (UTC)
π https://hackerone.com/reports/924151
πΉ Severity: Critical
πΉ Reported To: Rocket.Chat
πΉ Reported By: #baltpeter
πΉ State: π’ Resolved
πΉ Disclosed: August 1, 2022, 10:17am (UTC)
delete the subaccount from the user id
π https://hackerone.com/reports/1646340
πΉ Severity: Medium | π° 700 USD
πΉ Reported To: Showmax
πΉ Reported By: #qualwin38000
πΉ State: π’ Resolved
πΉ Disclosed: August 1, 2022, 1:05pm (UTC)
π https://hackerone.com/reports/1646340
πΉ Severity: Medium | π° 700 USD
πΉ Reported To: Showmax
πΉ Reported By: #qualwin38000
πΉ State: π’ Resolved
πΉ Disclosed: August 1, 2022, 1:05pm (UTC)
Insecure TLS Configuration #3530
π https://hackerone.com/reports/1639423
πΉ Severity: Low
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: π΄ N/A
πΉ Disclosed: August 1, 2022, 2:04pm (UTC)
π https://hackerone.com/reports/1639423
πΉ Severity: Low
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: π΄ N/A
πΉ Disclosed: August 1, 2022, 2:04pm (UTC)
Found Origin IP's lead to access to gitlab
π https://hackerone.com/reports/1637577
πΉ Severity: Medium
πΉ Reported To: GitLab
πΉ Reported By: #m-narayanan
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 2, 2022, 4:51am (UTC)
π https://hackerone.com/reports/1637577
πΉ Severity: Medium
πΉ Reported To: GitLab
πΉ Reported By: #m-narayanan
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 2, 2022, 4:51am (UTC)
One-click account hijack for anyone using Apple sign-in with Reddit, due to response-type switch + leaking href to XSS on www.redditmedia.com
π https://hackerone.com/reports/1567186
πΉ Severity: Critical | π° 10,000 USD
πΉ Reported To: Reddit
πΉ Reported By: #fransrosen
πΉ State: π’ Resolved
πΉ Disclosed: August 2, 2022, 3:13pm (UTC)
π https://hackerone.com/reports/1567186
πΉ Severity: Critical | π° 10,000 USD
πΉ Reported To: Reddit
πΉ Reported By: #fransrosen
πΉ State: π’ Resolved
πΉ Disclosed: August 2, 2022, 3:13pm (UTC)
π₯8π3
XSS in redditmedia.com can compromise data of reddit.com
π https://hackerone.com/reports/862882
πΉ Severity: Medium
πΉ Reported To: Reddit
πΉ Reported By: #keer0k
πΉ State: π΄ N/A
πΉ Disclosed: August 3, 2022, 3:40pm (UTC)
π https://hackerone.com/reports/862882
πΉ Severity: Medium
πΉ Reported To: Reddit
πΉ Reported By: #keer0k
πΉ State: π΄ N/A
πΉ Disclosed: August 3, 2022, 3:40pm (UTC)
Unrestricted File Upload Blind Stored Xss in subdomain ads.tiktok.com
π https://hackerone.com/reports/1577370
πΉ Severity: Low | π° 250 USD
πΉ Reported To: TikTok
πΉ Reported By: #mrzheev
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2022, 1:31am (UTC)
π https://hackerone.com/reports/1577370
πΉ Severity: Low | π° 250 USD
πΉ Reported To: TikTok
πΉ Reported By: #mrzheev
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2022, 1:31am (UTC)
π1
Sensei LMS IDOR to send message
π https://hackerone.com/reports/1592596
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Automattic
πΉ Reported By: #ghimire_veshraj
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2022, 10:17am (UTC)
π https://hackerone.com/reports/1592596
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Automattic
πΉ Reported By: #ghimire_veshraj
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2022, 10:17am (UTC)
Unauthenticated Private Messages DIsclosure via wordpress Rest API
π https://hackerone.com/reports/1590237
πΉ Severity: Medium | π° 350 USD
πΉ Reported To: Automattic
πΉ Reported By: #ghimire_veshraj
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2022, 10:45am (UTC)
π https://hackerone.com/reports/1590237
πΉ Severity: Medium | π° 350 USD
πΉ Reported To: Automattic
πΉ Reported By: #ghimire_veshraj
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2022, 10:45am (UTC)
Getting access of mod logs from any public or restricted subreddit with IDOR vulnerability
π https://hackerone.com/reports/1658418
πΉ Severity: High | π° 5,000 USD
πΉ Reported To: Reddit
πΉ Reported By: #high_ping_ninja
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2022, 7:38pm (UTC)
π https://hackerone.com/reports/1658418
πΉ Severity: High | π° 5,000 USD
πΉ Reported To: Reddit
πΉ Reported By: #high_ping_ninja
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2022, 7:38pm (UTC)
π3
Fix : (Security) Mitigate Path Traversal Bug
π https://hackerone.com/reports/1635321
πΉ Severity: Low | π° 200 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: π’ Resolved
πΉ Disclosed: August 5, 2022, 9:41pm (UTC)
π https://hackerone.com/reports/1635321
πΉ Severity: Low | π° 200 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: π’ Resolved
πΉ Disclosed: August 5, 2022, 9:41pm (UTC)
Ingress-nginx path allows retrieval of ingress-nginx serviceaccount token
π https://hackerone.com/reports/1382919
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: Kubernetes
πΉ Reported By: #gaffy
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 7:14am (UTC)
π https://hackerone.com/reports/1382919
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: Kubernetes
πΉ Reported By: #gaffy
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 7:14am (UTC)
π1
cross site scripting in : mtn.bj
π https://hackerone.com/reports/1264834
πΉ Severity: High
πΉ Reported To: MTN Group
πΉ Reported By: #alimanshester
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 11:19am (UTC)
π https://hackerone.com/reports/1264834
πΉ Severity: High
πΉ Reported To: MTN Group
πΉ Reported By: #alimanshester
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 11:19am (UTC)
RCE vulnerability in Hyperledger Fabric SDK for Java
π https://hackerone.com/reports/801370
πΉ Severity: Medium | π° 200 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #freskimo
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 5:37pm (UTC)
π https://hackerone.com/reports/801370
πΉ Severity: Medium | π° 200 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #freskimo
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 5:37pm (UTC)
HTTP PUT method is enabled downloader.ratelimited.me
π https://hackerone.com/reports/545136
πΉ Severity: High
πΉ Reported To: RATELIMITED
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: August 7, 2022, 2:01am (UTC)
π https://hackerone.com/reports/545136
πΉ Severity: High
πΉ Reported To: RATELIMITED
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: August 7, 2022, 2:01am (UTC)
Brute Force of fabric-ca server admin account
π https://hackerone.com/reports/411364
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #xiaoc
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 5:36pm (UTC)
π https://hackerone.com/reports/411364
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #xiaoc
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 5:36pm (UTC)