Admin panel Exposure without credential at https://plus-website.shopifycloud.com/admin.php
π https://hackerone.com/reports/1417288
πΉ Severity: Medium | π° 2,900 USD
πΉ Reported To: Shopify
πΉ Reported By: #0x50d
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 10:21pm (UTC)
π https://hackerone.com/reports/1417288
πΉ Severity: Medium | π° 2,900 USD
πΉ Reported To: Shopify
πΉ Reported By: #0x50d
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 10:21pm (UTC)
π1
Wordpress Users Disclosure (/wp-json/wp/v2/users/)
π https://hackerone.com/reports/1663363
πΉ Severity: Medium
πΉ Reported To: Top Echelon Software
πΉ Reported By: #hammodmt
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 8:46pm (UTC)
π https://hackerone.com/reports/1663363
πΉ Severity: Medium
πΉ Reported To: Top Echelon Software
πΉ Reported By: #hammodmt
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 8:46pm (UTC)
π₯1
Disabling context isolation, nodeIntegrationInSubFrames using an unauthorised frame.
π https://hackerone.com/reports/1647287
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #s1r1u5
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 11:08pm (UTC)
π https://hackerone.com/reports/1647287
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #s1r1u5
πΉ State: π’ Resolved
πΉ Disclosed: August 11, 2022, 11:08pm (UTC)
Reflected XSS at https://stories.showmax.com/wp-content/themes/theme-internal_ss/blocks/ajax/a.php via `ss_country_filter` param
π https://hackerone.com/reports/1663202
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Showmax
πΉ Reported By: #miron666
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2022, 12:51pm (UTC)
π https://hackerone.com/reports/1663202
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Showmax
πΉ Reported By: #miron666
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2022, 12:51pm (UTC)
π1
Cross Site Scripting Vulnerability in fabric-sdk-py source code
π https://hackerone.com/reports/1670187
πΉ Severity: No Rating
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 17, 2022, 2:53pm (UTC)
π https://hackerone.com/reports/1670187
πΉ Severity: No Rating
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 17, 2022, 2:53pm (UTC)
Delimiter injection in GitHub Actions core.exportVariable
π https://hackerone.com/reports/1625652
πΉ Severity: Medium | π° 4,617 USD
πΉ Reported To: GitHub
πΉ Reported By: #jupenur
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2022, 7:44pm (UTC)
π https://hackerone.com/reports/1625652
πΉ Severity: Medium | π° 4,617 USD
πΉ Reported To: GitHub
πΉ Reported By: #jupenur
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2022, 7:44pm (UTC)
CSRF Account Takeover
π https://hackerone.com/reports/1253462
πΉ Severity: High | π° 2,373 USD
πΉ Reported To: TikTok
πΉ Reported By: #s3c
πΉ State: π’ Resolved
πΉ Disclosed: August 16, 2022, 9:04pm (UTC)
π https://hackerone.com/reports/1253462
πΉ Severity: High | π° 2,373 USD
πΉ Reported To: TikTok
πΉ Reported By: #s3c
πΉ State: π’ Resolved
πΉ Disclosed: August 16, 2022, 9:04pm (UTC)
π₯2π±1
IDOR on TikTok Seller
π https://hackerone.com/reports/1509057
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #aidilarf_2000
πΉ State: π’ Resolved
πΉ Disclosed: August 16, 2022, 9:07pm (UTC)
π https://hackerone.com/reports/1509057
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #aidilarf_2000
πΉ State: π’ Resolved
πΉ Disclosed: August 16, 2022, 9:07pm (UTC)
π2
IDOR allowing to read another user's token on the Social Media Ads service
π https://hackerone.com/reports/1464168
πΉ Severity: High | π° 2,000 USD
πΉ Reported To: Semrush
πΉ Reported By: #a_d_a_m
πΉ State: π’ Resolved
πΉ Disclosed: August 16, 2022, 7:47am (UTC)
π https://hackerone.com/reports/1464168
πΉ Severity: High | π° 2,000 USD
πΉ Reported To: Semrush
πΉ Reported By: #a_d_a_m
πΉ State: π’ Resolved
πΉ Disclosed: August 16, 2022, 7:47am (UTC)
π1
Ingress-nginx annotation injection allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
π https://hackerone.com/reports/1378175
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: Kubernetes
πΉ Reported By: #amlweems
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2022, 6:13pm (UTC)
π https://hackerone.com/reports/1378175
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: Kubernetes
πΉ Reported By: #amlweems
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2022, 6:13pm (UTC)
Stored XSS on TikTok Ads
π https://hackerone.com/reports/1504202
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: TikTok
πΉ Reported By: #sinayeganeh
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2022, 1:14am (UTC)
π https://hackerone.com/reports/1504202
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: TikTok
πΉ Reported By: #sinayeganeh
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2022, 1:14am (UTC)
π1
RPC call crashes node
π https://hackerone.com/reports/1379707
πΉ Severity: High
πΉ Reported To: Monero
πΉ Reported By: #xfang
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2022, 3:41am (UTC)
π https://hackerone.com/reports/1379707
πΉ Severity: High
πΉ Reported To: Monero
πΉ Reported By: #xfang
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2022, 3:41am (UTC)
π1
Blind SSRF External Interaction on https://mtngbissau.com/
π https://hackerone.com/reports/1220688
πΉ Severity: High
πΉ Reported To: MTN Group
πΉ Reported By: #error201
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2022, 8:40am (UTC)
π https://hackerone.com/reports/1220688
πΉ Severity: High
πΉ Reported To: MTN Group
πΉ Reported By: #error201
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2022, 8:40am (UTC)
XSS and HTML Injection on the pressable.com search box
π https://hackerone.com/reports/1537149
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Automattic
πΉ Reported By: #sawrav-chowdhury
πΉ State: π’ Resolved
πΉ Disclosed: August 23, 2022, 6:30pm (UTC)
π https://hackerone.com/reports/1537149
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Automattic
πΉ Reported By: #sawrav-chowdhury
πΉ State: π’ Resolved
πΉ Disclosed: August 23, 2022, 6:30pm (UTC)
support.invisionpower.com takeover the subdomain with Zendesk
π https://hackerone.com/reports/1646554
πΉ Severity: Medium
πΉ Reported To: Invision Power Services, Inc.
πΉ Reported By: #fthacker101
πΉ State: π’ Resolved
πΉ Disclosed: August 24, 2022, 1:10pm (UTC)
π https://hackerone.com/reports/1646554
πΉ Severity: Medium
πΉ Reported To: Invision Power Services, Inc.
πΉ Reported By: #fthacker101
πΉ State: π’ Resolved
πΉ Disclosed: August 24, 2022, 1:10pm (UTC)
Off-by-slash vulnerability in nodejs.org and iojs.org
π https://hackerone.com/reports/1631350
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #nagaro
πΉ State: π’ Resolved
πΉ Disclosed: August 24, 2022, 2:11pm (UTC)
π https://hackerone.com/reports/1631350
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #nagaro
πΉ State: π’ Resolved
πΉ Disclosed: August 24, 2022, 2:11pm (UTC)
Golang expvar Information Disclosure
π https://hackerone.com/reports/1650035
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Uber
πΉ Reported By: #mustafa_farrag
πΉ State: π’ Resolved
πΉ Disclosed: August 24, 2022, 3:44pm (UTC)
π https://hackerone.com/reports/1650035
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Uber
πΉ Reported By: #mustafa_farrag
πΉ State: π’ Resolved
πΉ Disclosed: August 24, 2022, 3:44pm (UTC)
Reflected XSS on pages.email.sel.sony.com/page.aspx via jobid parameter
π https://hackerone.com/reports/1309949
πΉ Severity: Medium
πΉ Reported To: Sony
πΉ Reported By: #leo_rac
πΉ State: π’ Resolved
πΉ Disclosed: August 24, 2022, 5:59pm (UTC)
π https://hackerone.com/reports/1309949
πΉ Severity: Medium
πΉ Reported To: Sony
πΉ Reported By: #leo_rac
πΉ State: π’ Resolved
πΉ Disclosed: August 24, 2022, 5:59pm (UTC)
NordVPN Linux Client - Unsafe service file permissions leads to Local Privilege Escalation
π https://hackerone.com/reports/1218523
πΉ Severity: Medium | π° 700 USD
πΉ Reported To: Nord Security
πΉ Reported By: #bashketchum
πΉ State: π’ Resolved
πΉ Disclosed: August 24, 2022, 6:48pm (UTC)
π https://hackerone.com/reports/1218523
πΉ Severity: Medium | π° 700 USD
πΉ Reported To: Nord Security
πΉ Reported By: #bashketchum
πΉ State: π’ Resolved
πΉ Disclosed: August 24, 2022, 6:48pm (UTC)
Pause-based desync in Apache HTTPD
π https://hackerone.com/reports/1667974
πΉ Severity: High | π° 4,000 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #albinowax
πΉ State: π’ Resolved
πΉ Disclosed: August 25, 2022, 7:02am (UTC)
π https://hackerone.com/reports/1667974
πΉ Severity: High | π° 4,000 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #albinowax
πΉ State: π’ Resolved
πΉ Disclosed: August 25, 2022, 7:02am (UTC)
π₯4π1
Default Login Credentials on https://broadbandmaps.mtn.com.gh/
π https://hackerone.com/reports/1297480
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #theranger
πΉ State: π’ Resolved
πΉ Disclosed: August 25, 2022, 11:05am (UTC)
π https://hackerone.com/reports/1297480
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #theranger
πΉ State: π’ Resolved
πΉ Disclosed: August 25, 2022, 11:05am (UTC)