Access to arbitrary file of the Nextcloud Android app from within the Nextcloud Android app
π https://hackerone.com/reports/1408692
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: September 11, 2022, 11:41am (UTC)
π https://hackerone.com/reports/1408692
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: September 11, 2022, 11:41am (UTC)
Signup with any Email and Enable 2-FA without verifying Email
π https://hackerone.com/reports/1543259
πΉ Severity: Medium | π° 350 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #imtheking
πΉ State: π’ Resolved
πΉ Disclosed: September 12, 2022, 2:15pm (UTC)
π https://hackerone.com/reports/1543259
πΉ Severity: Medium | π° 350 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #imtheking
πΉ State: π’ Resolved
πΉ Disclosed: September 12, 2022, 2:15pm (UTC)
Response Manipulation leads to Admin Panel Login Bypass at https://admin.indevice.sonymobile.com/
π https://hackerone.com/reports/1508661
πΉ Severity: High
πΉ Reported To: Sony
πΉ Reported By: #0x2374
πΉ State: π’ Resolved
πΉ Disclosed: September 12, 2022, 7:00pm (UTC)
π https://hackerone.com/reports/1508661
πΉ Severity: High
πΉ Reported To: Sony
πΉ Reported By: #0x2374
πΉ State: π’ Resolved
πΉ Disclosed: September 12, 2022, 7:00pm (UTC)
monerod JSON RPC server remote DoS
π https://hackerone.com/reports/1511843
πΉ Severity: Medium
πΉ Reported To: Monero
πΉ Reported By: #m31007
πΉ State: π’ Resolved
πΉ Disclosed: September 12, 2022, 9:50pm (UTC)
π https://hackerone.com/reports/1511843
πΉ Severity: Medium
πΉ Reported To: Monero
πΉ Reported By: #m31007
πΉ State: π’ Resolved
πΉ Disclosed: September 12, 2022, 9:50pm (UTC)
RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag)
π https://hackerone.com/reports/1609965
πΉ Severity: Critical | π° 33,510 USD
πΉ Reported To: GitLab
πΉ Reported By: #vakzz
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 4:40am (UTC)
π https://hackerone.com/reports/1609965
πΉ Severity: Critical | π° 33,510 USD
πΉ Reported To: GitLab
πΉ Reported By: #vakzz
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 4:40am (UTC)
π₯2
ReDoS in net/http affects webhooks: Sidekiq job stuck at 100% CPU for a year
π https://hackerone.com/reports/1531958
πΉ Severity: Medium | π° 1,160 USD
πΉ Reported To: GitLab
πΉ Reported By: #afewgoats
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 4:42am (UTC)
π https://hackerone.com/reports/1531958
πΉ Severity: Medium | π° 1,160 USD
πΉ Reported To: GitLab
πΉ Reported By: #afewgoats
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 4:42am (UTC)
No Restriction on password
π https://hackerone.com/reports/1696814
πΉ Severity: No Rating
πΉ Reported To: GitLab
πΉ Reported By: #patronum-m
πΉ State: π΄ N/A
πΉ Disclosed: September 13, 2022, 5:02am (UTC)
π https://hackerone.com/reports/1696814
πΉ Severity: No Rating
πΉ Reported To: GitLab
πΉ Reported By: #patronum-m
πΉ State: π΄ N/A
πΉ Disclosed: September 13, 2022, 5:02am (UTC)
DOS validator nodes of blockchain to block external connections
π https://hackerone.com/reports/1695472
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #cre8
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 7:56am (UTC)
π https://hackerone.com/reports/1695472
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #cre8
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 7:56am (UTC)
XSS in https://www.glassdoor.com/Search/results.htm via Parameter Pollution
π https://hackerone.com/reports/1632119
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Glassdoor
πΉ Reported By: #nokline
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 1:03pm (UTC)
π https://hackerone.com/reports/1632119
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Glassdoor
πΉ Reported By: #nokline
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 1:03pm (UTC)
Web Cache Poisoning leads to XSS and DoS
π https://hackerone.com/reports/1621540
πΉ Severity: High | π° 1,700 USD
πΉ Reported To: Glassdoor
πΉ Reported By: #nokline
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 1:36pm (UTC)
π https://hackerone.com/reports/1621540
πΉ Severity: High | π° 1,700 USD
πΉ Reported To: Glassdoor
πΉ Reported By: #nokline
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 1:36pm (UTC)
CSRF in Changing User Verification Email
π https://hackerone.com/reports/1531235
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #f_m
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 8:30pm (UTC)
π https://hackerone.com/reports/1531235
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #f_m
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 8:30pm (UTC)
Reflected XSS [ββββββ]
π https://hackerone.com/reports/1309386
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #fdeleite
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 1:58pm (UTC)
π https://hackerone.com/reports/1309386
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #fdeleite
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 1:58pm (UTC)
Abuse cookie-modification, toast HTML and expired domain in CSP-form-action replacing login-page at www.dropbox.com/login to submit creds externally
π https://hackerone.com/reports/1590794
πΉ Severity: High | π° 6,909 USD
πΉ Reported To: Dropbox
πΉ Reported By: #fransrosen
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 3:15pm (UTC)
π https://hackerone.com/reports/1590794
πΉ Severity: High | π° 6,909 USD
πΉ Reported To: Dropbox
πΉ Reported By: #fransrosen
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 3:15pm (UTC)
π₯1
Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie In Two Domain
π https://hackerone.com/reports/1221942
πΉ Severity: High
πΉ Reported To: Meredith
πΉ Reported By: #error201
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 4:12pm (UTC)
π https://hackerone.com/reports/1221942
πΉ Severity: High
πΉ Reported To: Meredith
πΉ Reported By: #error201
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 4:12pm (UTC)
Directory Traversal at βββββ
π https://hackerone.com/reports/1641148
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0x45
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:27pm (UTC)
π https://hackerone.com/reports/1641148
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0x45
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:27pm (UTC)
springboot actuator is leaking internals at ββββββββββ
π https://hackerone.com/reports/1662474
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #thpless
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:29pm (UTC)
π https://hackerone.com/reports/1662474
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #thpless
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:29pm (UTC)
XSS DUE TO CVE-2022-38463 in https://ββββββββ
π https://hackerone.com/reports/1681208
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #shuvam321
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:30pm (UTC)
π https://hackerone.com/reports/1681208
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #shuvam321
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:30pm (UTC)
IDOR Lead To VIEW & DELETE & Create api_key [HtUS]
π https://hackerone.com/reports/1628012
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #bate5a
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:32pm (UTC)
π https://hackerone.com/reports/1628012
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #bate5a
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:32pm (UTC)
SSRF ACCESS AWS METADATA - βββββ
π https://hackerone.com/reports/1623685
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0xr3dhunt
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:35pm (UTC)
π https://hackerone.com/reports/1623685
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0xr3dhunt
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:35pm (UTC)
Unprotected ββββββ and Test site API Exposes Documents, Credentials, and Emails in ββββββββββ Proposal System
π https://hackerone.com/reports/745171
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #byteone
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:40pm (UTC)
π https://hackerone.com/reports/745171
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #byteone
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:40pm (UTC)
Full read SSRF at βββββββββ [HtUS]
π https://hackerone.com/reports/1628102
πΉ Severity: High | π° 500 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:52pm (UTC)
π https://hackerone.com/reports/1628102
πΉ Severity: High | π° 500 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:52pm (UTC)