Weak/Auto Fill Password
π https://hackerone.com/reports/817331
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #harrisoft
πΉ State: π’ Resolved
πΉ Disclosed: September 3, 2022, 12:23am (UTC)
π https://hackerone.com/reports/817331
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #harrisoft
πΉ State: π’ Resolved
πΉ Disclosed: September 3, 2022, 12:23am (UTC)
Federated share accepting/declining is not logged in audit log
π https://hackerone.com/reports/1200815
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #rtod
πΉ State: π’ Resolved
πΉ Disclosed: September 3, 2022, 6:12am (UTC)
π https://hackerone.com/reports/1200815
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #rtod
πΉ State: π’ Resolved
πΉ Disclosed: September 3, 2022, 6:12am (UTC)
Password disclosure in initial setup of Mail App
π https://hackerone.com/reports/1561471
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #anna_larch
πΉ State: π’ Resolved
πΉ Disclosed: September 3, 2022, 6:23am (UTC)
π https://hackerone.com/reports/1561471
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #anna_larch
πΉ State: π’ Resolved
πΉ Disclosed: September 3, 2022, 6:23am (UTC)
Brute force protections don't work
π https://hackerone.com/reports/1596918
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #nickvergessen
πΉ State: π’ Resolved
πΉ Disclosed: September 3, 2022, 6:25am (UTC)
π https://hackerone.com/reports/1596918
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #nickvergessen
πΉ State: π’ Resolved
πΉ Disclosed: September 3, 2022, 6:25am (UTC)
Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
π https://hackerone.com/reports/1595006
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #eg42
πΉ State: π’ Resolved
πΉ Disclosed: September 3, 2022, 6:29am (UTC)
π https://hackerone.com/reports/1595006
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #eg42
πΉ State: π’ Resolved
πΉ Disclosed: September 3, 2022, 6:29am (UTC)
path traversal vulnerability in Grafana 8.x allows " local file read "
π https://hackerone.com/reports/1427086
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #a-heybati
πΉ State: π’ Resolved
πΉ Disclosed: September 3, 2022, 12:14pm (UTC)
π https://hackerone.com/reports/1427086
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #a-heybati
πΉ State: π’ Resolved
πΉ Disclosed: September 3, 2022, 12:14pm (UTC)
IDOR Leads To Account Takeover Without User Interaction
π https://hackerone.com/reports/1272478
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #theranger
πΉ State: π’ Resolved
πΉ Disclosed: September 4, 2022, 1:23pm (UTC)
π https://hackerone.com/reports/1272478
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #theranger
πΉ State: π’ Resolved
πΉ Disclosed: September 4, 2022, 1:23pm (UTC)
API key (api.semrush.com) leak in JS-file
π https://hackerone.com/reports/1218754
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Semrush
πΉ Reported By: #a_d_a_m
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 12:17pm (UTC)
π https://hackerone.com/reports/1218754
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Semrush
πΉ Reported By: #a_d_a_m
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 12:17pm (UTC)
Information disclosure through django debug mode
π https://hackerone.com/reports/1434276
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:56pm (UTC)
π https://hackerone.com/reports/1434276
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:56pm (UTC)
Exposed gitlab repo at https://adammanco.mtn.com/api/v4/projects
π https://hackerone.com/reports/1351359
πΉ Severity: Low
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:57pm (UTC)
π https://hackerone.com/reports/1351359
πΉ Severity: Low
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:57pm (UTC)
CVE-2021-38314 @ https://www.mtn.co.rw
π https://hackerone.com/reports/1351341
πΉ Severity: No Rating
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:58pm (UTC)
π https://hackerone.com/reports/1351341
πΉ Severity: No Rating
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:58pm (UTC)
CVE-2021-38314 @ https://www.mtn.ci
π https://hackerone.com/reports/1351338
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:58pm (UTC)
π https://hackerone.com/reports/1351338
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:58pm (UTC)
firebase credentials leaks @ https://mpulse.mtnonline.com
π https://hackerone.com/reports/1351329
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:59pm (UTC)
π https://hackerone.com/reports/1351329
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:59pm (UTC)
firebase credentials leaks @ https://mtnhottseat.mtn.com.gh
π https://hackerone.com/reports/1351326
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:59pm (UTC)
π https://hackerone.com/reports/1351326
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:59pm (UTC)
No password length restriction in reset password endpoint at https://suppliers.mtn.cm
π https://hackerone.com/reports/1285694
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 11:00pm (UTC)
π https://hackerone.com/reports/1285694
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 11:00pm (UTC)
IDOR Payments Status
π https://hackerone.com/reports/1538669
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Omise
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 8:58am (UTC)
π https://hackerone.com/reports/1538669
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Omise
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 8:58am (UTC)
Modifying Sprunk vs eCola crew data
π https://hackerone.com/reports/1680818
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Rockstar Games
πΉ Reported By: #bugstar
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:24pm (UTC)
π https://hackerone.com/reports/1680818
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Rockstar Games
πΉ Reported By: #bugstar
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:24pm (UTC)
Subdomain takeover of βββββββββ
π https://hackerone.com/reports/1457928
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #martinvw
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:50pm (UTC)
π https://hackerone.com/reports/1457928
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #martinvw
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:50pm (UTC)
The dashboard is exposed in https://βββ
π https://hackerone.com/reports/1566758
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #alitoni224
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:53pm (UTC)
π https://hackerone.com/reports/1566758
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #alitoni224
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:53pm (UTC)
XSS DUE TO CVE-2020-3580
π https://hackerone.com/reports/1606068
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #cruxn3t
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:55pm (UTC)
π https://hackerone.com/reports/1606068
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #cruxn3t
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:55pm (UTC)
Access to admininstrative resources/account via path traversal
π https://hackerone.com/reports/1326352
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #j4k3d
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:59pm (UTC)
π https://hackerone.com/reports/1326352
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #j4k3d
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:59pm (UTC)