RCE vulnerability in Hyperledger Fabric SDK for Java
π https://hackerone.com/reports/801370
πΉ Severity: Medium | π° 200 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #freskimo
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 5:37pm (UTC)
π https://hackerone.com/reports/801370
πΉ Severity: Medium | π° 200 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #freskimo
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 5:37pm (UTC)
HTTP PUT method is enabled downloader.ratelimited.me
π https://hackerone.com/reports/545136
πΉ Severity: High
πΉ Reported To: RATELIMITED
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: August 7, 2022, 2:01am (UTC)
π https://hackerone.com/reports/545136
πΉ Severity: High
πΉ Reported To: RATELIMITED
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: August 7, 2022, 2:01am (UTC)
Brute Force of fabric-ca server admin account
π https://hackerone.com/reports/411364
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #xiaoc
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 5:36pm (UTC)
π https://hackerone.com/reports/411364
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #xiaoc
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 5:36pm (UTC)
Enrolling to a CA that returns an empty response crashes the node process
π https://hackerone.com/reports/506412
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #mttrbrts
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 5:37pm (UTC)
π https://hackerone.com/reports/506412
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #mttrbrts
πΉ State: π’ Resolved
πΉ Disclosed: August 6, 2022, 5:37pm (UTC)
Anonymous access control - Payments Status
π https://hackerone.com/reports/1546726
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Omise
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: August 7, 2022, 1:59am (UTC)
π https://hackerone.com/reports/1546726
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Omise
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: August 7, 2022, 1:59am (UTC)
Lack of Rate limit while joining video call in talk section which is password protected
π https://hackerone.com/reports/1596673
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #error2001
πΉ State: π’ Resolved
πΉ Disclosed: August 8, 2022, 6:58am (UTC)
π https://hackerone.com/reports/1596673
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #error2001
πΉ State: π’ Resolved
πΉ Disclosed: August 8, 2022, 6:58am (UTC)
xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)
π https://hackerone.com/reports/1622867
πΉ Severity: Medium
πΉ Reported To: Top Echelon Software
πΉ Reported By: #anonymmert12
πΉ State: π’ Resolved
πΉ Disclosed: August 8, 2022, 1:35pm (UTC)
π https://hackerone.com/reports/1622867
πΉ Severity: Medium
πΉ Reported To: Top Echelon Software
πΉ Reported By: #anonymmert12
πΉ State: π’ Resolved
πΉ Disclosed: August 8, 2022, 1:35pm (UTC)
Ability to escape database transaction through SQL injection, leading to arbitrary code execution
π https://hackerone.com/reports/1663299
πΉ Severity: High
πΉ Reported To: HackerOne
πΉ Reported By: #jobert
πΉ State: π’ Resolved
πΉ Disclosed: August 9, 2022, 6:58pm (UTC)
π https://hackerone.com/reports/1663299
πΉ Severity: High
πΉ Reported To: HackerOne
πΉ Reported By: #jobert
πΉ State: π’ Resolved
πΉ Disclosed: August 9, 2022, 6:58pm (UTC)
[CRITICAL] Full account takeover without user interaction on sign with Apple flow
π https://hackerone.com/reports/1639802
πΉ Severity: Critical | π° 3,000 USD
πΉ Reported To: Glassdoor
πΉ Reported By: #emanelyazji
πΉ State: π’ Resolved
πΉ Disclosed: August 9, 2022, 7:26pm (UTC)
π https://hackerone.com/reports/1639802
πΉ Severity: Critical | π° 3,000 USD
πΉ Reported To: Glassdoor
πΉ Reported By: #emanelyazji
πΉ State: π’ Resolved
πΉ Disclosed: August 9, 2022, 7:26pm (UTC)
π₯3
Read-only administrator can change agent update settings
π https://hackerone.com/reports/1538004
πΉ Severity: Medium | π° 200 USD
πΉ Reported To: Acronis
πΉ Reported By: #mega7
πΉ State: π’ Resolved
πΉ Disclosed: August 10, 2022, 9:38am (UTC)
π https://hackerone.com/reports/1538004
πΉ Severity: Medium | π° 200 USD
πΉ Reported To: Acronis
πΉ Reported By: #mega7
πΉ State: π’ Resolved
πΉ Disclosed: August 10, 2022, 9:38am (UTC)
π1
many commands can be manipulated to delete identities or affiliations
π https://hackerone.com/reports/348090
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #cet2000
πΉ State: π’ Resolved
πΉ Disclosed: August 10, 2022, 2:23pm (UTC)
π https://hackerone.com/reports/348090
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #cet2000
πΉ State: π’ Resolved
πΉ Disclosed: August 10, 2022, 2:23pm (UTC)
Redirection in Repeater & Intruder Tab
π https://hackerone.com/reports/1541301
πΉ Severity: Low | π° 150 USD
πΉ Reported To: PortSwigger Web Security
πΉ Reported By: #mr_vrush
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 11:09am (UTC)
π https://hackerone.com/reports/1541301
πΉ Severity: Low | π° 150 USD
πΉ Reported To: PortSwigger Web Security
πΉ Reported By: #mr_vrush
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 11:09am (UTC)
Disable xmlrpc.php file
π https://hackerone.com/reports/712321
πΉ Severity: Low
πΉ Reported To: Top Echelon Software
πΉ Reported By: #sohelahmed786
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 12:50pm (UTC)
π https://hackerone.com/reports/712321
πΉ Severity: Low
πΉ Reported To: Top Echelon Software
πΉ Reported By: #sohelahmed786
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 12:50pm (UTC)
fix(security):Path Traversal Bug
π https://hackerone.com/reports/1664244
πΉ Severity: High
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: π΄ N/A
πΉ Disclosed: August 11, 2022, 7:53pm (UTC)
π https://hackerone.com/reports/1664244
πΉ Severity: High
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: π΄ N/A
πΉ Disclosed: August 11, 2022, 7:53pm (UTC)
Admin panel Exposure without credential at https://plus-website.shopifycloud.com/admin.php
π https://hackerone.com/reports/1417288
πΉ Severity: Medium | π° 2,900 USD
πΉ Reported To: Shopify
πΉ Reported By: #0x50d
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 10:21pm (UTC)
π https://hackerone.com/reports/1417288
πΉ Severity: Medium | π° 2,900 USD
πΉ Reported To: Shopify
πΉ Reported By: #0x50d
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 10:21pm (UTC)
π1
Wordpress Users Disclosure (/wp-json/wp/v2/users/)
π https://hackerone.com/reports/1663363
πΉ Severity: Medium
πΉ Reported To: Top Echelon Software
πΉ Reported By: #hammodmt
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 8:46pm (UTC)
π https://hackerone.com/reports/1663363
πΉ Severity: Medium
πΉ Reported To: Top Echelon Software
πΉ Reported By: #hammodmt
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 8:46pm (UTC)
π₯1
Disabling context isolation, nodeIntegrationInSubFrames using an unauthorised frame.
π https://hackerone.com/reports/1647287
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #s1r1u5
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 11:08pm (UTC)
π https://hackerone.com/reports/1647287
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #s1r1u5
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 11:08pm (UTC)
Reflected XSS at https://stories.showmax.com/wp-content/themes/theme-internal_ss/blocks/ajax/a.php via `ss_country_filter` param
π https://hackerone.com/reports/1663202
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Showmax
πΉ Reported By: #miron666
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2022, 12:51pm (UTC)
π https://hackerone.com/reports/1663202
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Showmax
πΉ Reported By: #miron666
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2022, 12:51pm (UTC)
π1
Cross Site Scripting Vulnerability in fabric-sdk-py source code
π https://hackerone.com/reports/1670187
πΉ Severity: No Rating
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 17, 2022, 2:53pm (UTC)
π https://hackerone.com/reports/1670187
πΉ Severity: No Rating
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 17, 2022, 2:53pm (UTC)
Delimiter injection in GitHub Actions core.exportVariable
π https://hackerone.com/reports/1625652
πΉ Severity: Medium | π° 4,617 USD
πΉ Reported To: GitHub
πΉ Reported By: #jupenur
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2022, 7:44pm (UTC)
π https://hackerone.com/reports/1625652
πΉ Severity: Medium | π° 4,617 USD
πΉ Reported To: GitHub
πΉ Reported By: #jupenur
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2022, 7:44pm (UTC)
CSRF Account Takeover
π https://hackerone.com/reports/1253462
πΉ Severity: High | π° 2,373 USD
πΉ Reported To: TikTok
πΉ Reported By: #s3c
πΉ State: π’ Resolved
πΉ Disclosed: August 16, 2022, 9:04pm (UTC)
π https://hackerone.com/reports/1253462
πΉ Severity: High | π° 2,373 USD
πΉ Reported To: TikTok
πΉ Reported By: #s3c
πΉ State: π’ Resolved
πΉ Disclosed: August 16, 2022, 9:04pm (UTC)
π₯2π±1