SSRF on https://www.βββββββ/crossdomain.php via url parameter
π https://hackerone.com/reports/971590
πΉ Severity: Critical
πΉ Reported To: Sony
πΉ Reported By: #n0x496n
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 3:44pm (UTC)
π https://hackerone.com/reports/971590
πΉ Severity: Critical
πΉ Reported To: Sony
πΉ Reported By: #n0x496n
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 3:44pm (UTC)
Path Traversal issue at https://ββββ/blaze/
π https://hackerone.com/reports/1320084
πΉ Severity: High
πΉ Reported To: Sony
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 3:53pm (UTC)
π https://hackerone.com/reports/1320084
πΉ Severity: High
πΉ Reported To: Sony
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 3:53pm (UTC)
SQL Injection through /include/findusers.php
π https://hackerone.com/reports/1081145
πΉ Severity: Critical
πΉ Reported To: ImpressCMS
πΉ Reported By: #egix
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 6:51pm (UTC)
π https://hackerone.com/reports/1081145
πΉ Severity: Critical
πΉ Reported To: ImpressCMS
πΉ Reported By: #egix
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 6:51pm (UTC)
Remote Command Execution via Github import
π https://hackerone.com/reports/1679624
πΉ Severity: Critical | π° 33,510 USD
πΉ Reported To: GitLab
πΉ Reported By: #vakzz
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 8:19pm (UTC)
π https://hackerone.com/reports/1679624
πΉ Severity: Critical | π° 33,510 USD
πΉ Reported To: GitLab
πΉ Reported By: #vakzz
πΉ State: π’ Resolved
πΉ Disclosed: October 6, 2022, 8:19pm (UTC)
Relative Path Traversal vulnerability in fabric-private-chaincode
π https://hackerone.com/reports/1690377
πΉ Severity: No Rating
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 9, 2022, 7:41am (UTC)
π https://hackerone.com/reports/1690377
πΉ Severity: No Rating
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 9, 2022, 7:41am (UTC)
Email Address Exposure via Gratipay Migration Tool
π https://hackerone.com/reports/1727044
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Liberapay
πΉ Reported By: #suprnova
πΉ State: π’ Resolved
πΉ Disclosed: October 9, 2022, 11:50am (UTC)
π https://hackerone.com/reports/1727044
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Liberapay
πΉ Reported By: #suprnova
πΉ State: π’ Resolved
πΉ Disclosed: October 9, 2022, 11:50am (UTC)
CORS Misconfiguration on trust.yelp.com
π https://hackerone.com/reports/1716286
πΉ Severity: Medium
πΉ Reported To: Yelp
πΉ Reported By: #ajayjachak
πΉ State: π΄ N/A
πΉ Disclosed: October 10, 2022, 4:59am (UTC)
π https://hackerone.com/reports/1716286
πΉ Severity: Medium
πΉ Reported To: Yelp
πΉ Reported By: #ajayjachak
πΉ State: π΄ N/A
πΉ Disclosed: October 10, 2022, 4:59am (UTC)
Deny of service via malicious Content-Type
π https://hackerone.com/reports/1715536
πΉ Severity: High
πΉ Reported To: Fastify
πΉ Reported By: #bitk
πΉ State: π’ Resolved
πΉ Disclosed: October 10, 2022, 8:43am (UTC)
π https://hackerone.com/reports/1715536
πΉ Severity: High
πΉ Reported To: Fastify
πΉ Reported By: #bitk
πΉ State: π’ Resolved
πΉ Disclosed: October 10, 2022, 8:43am (UTC)
Stored XSS in the ticketing system
π https://hackerone.com/reports/1694037
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: October 10, 2022, 10:35pm (UTC)
π https://hackerone.com/reports/1694037
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: October 10, 2022, 10:35pm (UTC)
Autofill/Autosave password on login
π https://hackerone.com/reports/1720621
πΉ Severity: Medium
πΉ Reported To: Yelp
πΉ Reported By: #zero_990
πΉ State: π΄ N/A
πΉ Disclosed: October 11, 2022, 5:15pm (UTC)
π https://hackerone.com/reports/1720621
πΉ Severity: Medium
πΉ Reported To: Yelp
πΉ Reported By: #zero_990
πΉ State: π΄ N/A
πΉ Disclosed: October 11, 2022, 5:15pm (UTC)
IDOR [mtnmobad.mtnbusiness.com.ng]
π https://hackerone.com/reports/1698006
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #insomnia_hax
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 7:18am (UTC)
π https://hackerone.com/reports/1698006
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #insomnia_hax
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 7:18am (UTC)
DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation
π https://hackerone.com/reports/1511628
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #shirshak
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 9:52am (UTC)
π https://hackerone.com/reports/1511628
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #shirshak
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 9:52am (UTC)
Misconfigured build on websites "abuse.cloudflare.com"
π https://hackerone.com/reports/1624911
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #paradessia_
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 10:02am (UTC)
π https://hackerone.com/reports/1624911
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #paradessia_
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 10:02am (UTC)
mail.acronis.com is vulnerable to zero day vulnerability CVE-2022-41040
π https://hackerone.com/reports/1719719
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: Acronis
πΉ Reported By: #aplis
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 5:12pm (UTC)
π https://hackerone.com/reports/1719719
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: Acronis
πΉ Reported By: #aplis
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 5:12pm (UTC)
Cross-site scripting on api.collabs.shopify.com
π https://hackerone.com/reports/1672459
πΉ Severity: Medium | π° 1,600 USD
πΉ Reported To: Shopify
πΉ Reported By: #kun_19
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 6:12pm (UTC)
π https://hackerone.com/reports/1672459
πΉ Severity: Medium | π° 1,600 USD
πΉ Reported To: Shopify
πΉ Reported By: #kun_19
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 6:12pm (UTC)
XSS seems to work again after change to linkpop at https://linkpop.com/testnaglinagli
π https://hackerone.com/reports/1569940
πΉ Severity: Medium | π° 1,600 USD
πΉ Reported To: Shopify
πΉ Reported By: #nagli
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 6:22pm (UTC)
π https://hackerone.com/reports/1569940
πΉ Severity: Medium | π° 1,600 USD
πΉ Reported To: Shopify
πΉ Reported By: #nagli
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 6:22pm (UTC)
Staff can create workflows in Shopify Admin without apps permission
π https://hackerone.com/reports/1521336
πΉ Severity: Medium | π° 1,600 USD
πΉ Reported To: Shopify
πΉ Reported By: #jmp_35p
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 6:53pm (UTC)
π https://hackerone.com/reports/1521336
πΉ Severity: Medium | π° 1,600 USD
πΉ Reported To: Shopify
πΉ Reported By: #jmp_35p
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 6:53pm (UTC)
Self XSS in https://linkpop.com/dashboard/admin
π https://hackerone.com/reports/1591403
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #hazemhussien99
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 9:20pm (UTC)
π https://hackerone.com/reports/1591403
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #hazemhussien99
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 9:20pm (UTC)
Account takeover on βββββββ [HtUS]
π https://hackerone.com/reports/1627961
πΉ Severity: High | π° 500 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #nightm4re
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:05pm (UTC)
π https://hackerone.com/reports/1627961
πΉ Severity: High | π° 500 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #nightm4re
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:05pm (UTC)
IDOR leaking PII data via VendorId parameter
π https://hackerone.com/reports/1690044
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0x1int
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:24pm (UTC)
π https://hackerone.com/reports/1690044
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0x1int
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:24pm (UTC)
Account Takeover and Information update due to cross site request forgery via POST βββββββββ/registration/my-account.cfm
π https://hackerone.com/reports/1626356
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #snifyak
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:28pm (UTC)
π https://hackerone.com/reports/1626356
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #snifyak
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:28pm (UTC)