SSRF ACCESS AWS METADATA - βββββ
π https://hackerone.com/reports/1623685
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0xr3dhunt
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:35pm (UTC)
π https://hackerone.com/reports/1623685
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0xr3dhunt
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:35pm (UTC)
Unprotected ββββββ and Test site API Exposes Documents, Credentials, and Emails in ββββββββββ Proposal System
π https://hackerone.com/reports/745171
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #byteone
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:40pm (UTC)
π https://hackerone.com/reports/745171
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #byteone
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:40pm (UTC)
Full read SSRF at βββββββββ [HtUS]
π https://hackerone.com/reports/1628102
πΉ Severity: High | π° 500 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:52pm (UTC)
π https://hackerone.com/reports/1628102
πΉ Severity: High | π° 500 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:52pm (UTC)
an internel important paths disclosure [HtUS]
π https://hackerone.com/reports/1631471
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ahmed0x0mahmoud
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:54pm (UTC)
π https://hackerone.com/reports/1631471
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ahmed0x0mahmoud
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:54pm (UTC)
SSRF in Functional Administrative Support Tool pdf generator (ββββ) [HtUS]
π https://hackerone.com/reports/1628209
πΉ Severity: Critical | π° 4,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #codeprivate
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:00pm (UTC)
π https://hackerone.com/reports/1628209
πΉ Severity: Critical | π° 4,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #codeprivate
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:00pm (UTC)
SQL injection at [https://βββββββββ] [HtUS]
π https://hackerone.com/reports/1627995
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #malcolmx
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:04pm (UTC)
π https://hackerone.com/reports/1627995
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #malcolmx
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:04pm (UTC)
SQL injection at [βββββββββ] [HtUS]
π https://hackerone.com/reports/1626198
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #malcolmx
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:06pm (UTC)
π https://hackerone.com/reports/1626198
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #malcolmx
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:06pm (UTC)
time based SQL injection at [https://βββ] [HtUS]
π https://hackerone.com/reports/1627970
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #malcolmx
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:10pm (UTC)
π https://hackerone.com/reports/1627970
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #malcolmx
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:10pm (UTC)
π₯1
STORED XSS in βββββββββ/nlc/login.aspx via "edit" GET parameter through markdown editor [HtUS]
π https://hackerone.com/reports/1631447
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #shreky
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:13pm (UTC)
π https://hackerone.com/reports/1631447
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #shreky
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:13pm (UTC)
No validation to Image upload user can upload ( php APK zip files and can be used as storage purpose)
π https://hackerone.com/reports/1644062
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Linktree
πΉ Reported By: #bug_vs_me
πΉ State: π’ Resolved
πΉ Disclosed: September 15, 2022, 5:38am (UTC)
π https://hackerone.com/reports/1644062
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Linktree
πΉ Reported By: #bug_vs_me
πΉ State: π’ Resolved
πΉ Disclosed: September 15, 2022, 5:38am (UTC)
[hta3] Remote Code Execution on https://βββ via improper access control to SCORM Zip upload/import
π https://hackerone.com/reports/1122791
πΉ Severity: Critical | π° 2,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #cdl
πΉ State: π’ Resolved
πΉ Disclosed: September 15, 2022, 1:28pm (UTC)
π https://hackerone.com/reports/1122791
πΉ Severity: Critical | π° 2,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #cdl
πΉ State: π’ Resolved
πΉ Disclosed: September 15, 2022, 1:28pm (UTC)
π1
store internal email disclosed through shopify-data-exporter
π https://hackerone.com/reports/1605962
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #xenx
πΉ State: π’ Resolved
πΉ Disclosed: September 15, 2022, 7:21pm (UTC)
π https://hackerone.com/reports/1605962
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #xenx
πΉ State: π’ Resolved
πΉ Disclosed: September 15, 2022, 7:21pm (UTC)
Information exposure in in guzzlehttp/guzzle (https://github.com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle)
π https://hackerone.com/reports/1604606
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #ro0telqayser
πΉ State: π’ Resolved
πΉ Disclosed: September 16, 2022, 2:52am (UTC)
π https://hackerone.com/reports/1604606
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #ro0telqayser
πΉ State: π’ Resolved
πΉ Disclosed: September 16, 2022, 2:52am (UTC)
Last video frame is still sent after video is disabled in a call
π https://hackerone.com/reports/1641088
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #daniel_calvino_sanchez
πΉ State: π’ Resolved
πΉ Disclosed: September 16, 2022, 4:52am (UTC)
π https://hackerone.com/reports/1641088
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #daniel_calvino_sanchez
πΉ State: π’ Resolved
πΉ Disclosed: September 16, 2022, 4:52am (UTC)
SSRF via potential filter bypass with too lax local domain checking
π https://hackerone.com/reports/1608039
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #tomorrowisnew_
πΉ State: π’ Resolved
πΉ Disclosed: September 16, 2022, 5:00am (UTC)
π https://hackerone.com/reports/1608039
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #tomorrowisnew_
πΉ State: π’ Resolved
πΉ Disclosed: September 16, 2022, 5:00am (UTC)
XSS in www.glassdoor.com
π https://hackerone.com/reports/1695989
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Glassdoor
πΉ Reported By: #seifelsallamy
πΉ State: π’ Resolved
πΉ Disclosed: September 16, 2022, 8:10pm (UTC)
π https://hackerone.com/reports/1695989
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Glassdoor
πΉ Reported By: #seifelsallamy
πΉ State: π’ Resolved
πΉ Disclosed: September 16, 2022, 8:10pm (UTC)
Airflow Daemon Mode Insecure Umask Privilege Escalation
π https://hackerone.com/reports/1690093
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: September 17, 2022, 12:23pm (UTC)
π https://hackerone.com/reports/1690093
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: September 17, 2022, 12:23pm (UTC)
HTML Injection in email via Name field
π https://hackerone.com/reports/1581499
πΉ Severity: Low | π° 500 USD
πΉ Reported To: HackerOne
πΉ Reported By: #mega7
πΉ State: π’ Resolved
πΉ Disclosed: September 18, 2022, 9:24am (UTC)
π https://hackerone.com/reports/1581499
πΉ Severity: Low | π° 500 USD
πΉ Reported To: HackerOne
πΉ Reported By: #mega7
πΉ State: π’ Resolved
πΉ Disclosed: September 18, 2022, 9:24am (UTC)
There is no rate limit for SME REGISTRATION PORTAL
π https://hackerone.com/reports/1305766
πΉ Severity: No Rating
πΉ Reported To: MTN Group
πΉ Reported By: #sachinrajput
πΉ State: π’ Resolved
πΉ Disclosed: September 19, 2022, 5:41am (UTC)
π https://hackerone.com/reports/1305766
πΉ Severity: No Rating
πΉ Reported To: MTN Group
πΉ Reported By: #sachinrajput
πΉ State: π’ Resolved
πΉ Disclosed: September 19, 2022, 5:41am (UTC)
CORS Misconfiguration on vanillaforums.com
π https://hackerone.com/reports/1527555
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Vanilla
πΉ Reported By: #admin0x00
πΉ State: π’ Resolved
πΉ Disclosed: September 20, 2022, 4:34pm (UTC)
π https://hackerone.com/reports/1527555
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Vanilla
πΉ Reported By: #admin0x00
πΉ State: π’ Resolved
πΉ Disclosed: September 20, 2022, 4:34pm (UTC)
Use-after-free in setsockopt IPV6_2292PKTOPTIONS (CVE-2020-7457)
π https://hackerone.com/reports/1441103
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: PlayStation
πΉ Reported By: #theflow0
πΉ State: π’ Resolved
πΉ Disclosed: September 20, 2022, 9:16pm (UTC)
π https://hackerone.com/reports/1441103
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: PlayStation
πΉ Reported By: #theflow0
πΉ State: π’ Resolved
πΉ Disclosed: September 20, 2022, 9:16pm (UTC)
π1