TikTok Account Creation Date Information Disclosure
π https://hackerone.com/reports/1562020
πΉ Severity: Low | π° 100 USD
πΉ Reported To: TikTok
πΉ Reported By: #f15
πΉ State: π’ Resolved
πΉ Disclosed: October 18, 2022, 8:50pm (UTC)
π https://hackerone.com/reports/1562020
πΉ Severity: Low | π° 100 USD
πΉ Reported To: TikTok
πΉ Reported By: #f15
πΉ State: π’ Resolved
πΉ Disclosed: October 18, 2022, 8:50pm (UTC)
Access to private file's of helpdesk.
π https://hackerone.com/reports/804534
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 18, 2022, 9:05pm (UTC)
π https://hackerone.com/reports/804534
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 18, 2022, 9:05pm (UTC)
Sub-Dept User Can Add User's To Main Department.
π https://hackerone.com/reports/890209
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 18, 2022, 9:08pm (UTC)
π https://hackerone.com/reports/890209
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 18, 2022, 9:08pm (UTC)
Users Without Permission Can Download Restricted Files
π https://hackerone.com/reports/794904
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 18, 2022, 9:10pm (UTC)
π https://hackerone.com/reports/794904
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 18, 2022, 9:10pm (UTC)
DOM XSS at `https://adobedocs.github.io/OAE_PartnerAPI/?configUrl={site}` due to outdated Swagger UI
π https://hackerone.com/reports/1736378
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #dreamer_eh
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 12:07pm (UTC)
π https://hackerone.com/reports/1736378
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #dreamer_eh
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 12:07pm (UTC)
IDOR able to buy a plan with lesser fee
π https://hackerone.com/reports/1679276
πΉ Severity: Medium
πΉ Reported To: Automattic
πΉ Reported By: #ug0x01
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 19, 2022, 4:20pm (UTC)
π https://hackerone.com/reports/1679276
πΉ Severity: Medium
πΉ Reported To: Automattic
πΉ Reported By: #ug0x01
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 19, 2022, 4:20pm (UTC)
Fully TaxJar account control and ability to disclose and modify business account settings Due to Broken Access Control in /current_user_data
π https://hackerone.com/reports/1677541
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: Stripe
πΉ Reported By: #mr_asg
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 6:36pm (UTC)
π https://hackerone.com/reports/1677541
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: Stripe
πΉ Reported By: #mr_asg
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 6:36pm (UTC)
Tomcat Servlet Examples accessible at https://44.240.33.83:38443 and https://52.36.56.155:38443
π https://hackerone.com/reports/1560149
πΉ Severity: Medium | π° 1,500 USD
πΉ Reported To: Stripe
πΉ Reported By: #mustafa_farrag
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 6:45pm (UTC)
π https://hackerone.com/reports/1560149
πΉ Severity: Medium | π° 1,500 USD
πΉ Reported To: Stripe
πΉ Reported By: #mustafa_farrag
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 6:45pm (UTC)
Bypassing domain deny_list rule in Smokescreen via double brackets [[]] which leads to SSRF
π https://hackerone.com/reports/1580495
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Stripe
πΉ Reported By: #sim4n6
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 6:47pm (UTC)
π https://hackerone.com/reports/1580495
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Stripe
πΉ Reported By: #sim4n6
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 6:47pm (UTC)
User information disclosed via API
π https://hackerone.com/reports/1218461
πΉ Severity: High
πΉ Reported To: U.S. General Services Administration
πΉ Reported By: #toormund
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 6:47pm (UTC)
π https://hackerone.com/reports/1218461
πΉ Severity: High
πΉ Reported To: U.S. General Services Administration
πΉ Reported By: #toormund
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 6:47pm (UTC)
Local applications from user's computer can listen for webhooks via insecure gRPC server from stripe-cli
π https://hackerone.com/reports/1369191
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Stripe
πΉ Reported By: #gregxsunday
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 7:03pm (UTC)
π https://hackerone.com/reports/1369191
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Stripe
πΉ Reported By: #gregxsunday
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 7:03pm (UTC)
π1
Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/
π https://hackerone.com/reports/1685970
πΉ Severity: High | π° 13,000 USD
πΉ Reported To: Stripe
πΉ Reported By: #mr_asg
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 7:05pm (UTC)
π https://hackerone.com/reports/1685970
πΉ Severity: High | π° 13,000 USD
πΉ Reported To: Stripe
πΉ Reported By: #mr_asg
πΉ State: π’ Resolved
πΉ Disclosed: October 19, 2022, 7:05pm (UTC)
[CSRF] No Csrf protection against sending invitation to join the team.
π https://hackerone.com/reports/728199
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 12:31am (UTC)
π https://hackerone.com/reports/728199
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 12:31am (UTC)
Ability to View Non-Permitted Admin Log
π https://hackerone.com/reports/1533220
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 12:34am (UTC)
π https://hackerone.com/reports/1533220
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 12:34am (UTC)
Removed user can still view comments on the file/documents.
π https://hackerone.com/reports/1335070
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 12:36am (UTC)
π https://hackerone.com/reports/1335070
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #imran_nisar
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 12:36am (UTC)
POOL_UPGRADE request handler may allow an unauthenticated attacker to remotely execute code on every node in the network.
π https://hackerone.com/reports/1705717
πΉ Severity: Critical | π° 2,000 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #shakedreiner
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 8:07pm (UTC)
π https://hackerone.com/reports/1705717
πΉ Severity: Critical | π° 2,000 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #shakedreiner
πΉ State: π’ Resolved
πΉ Disclosed: October 20, 2022, 8:07pm (UTC)
Card requirement bypass for business trial
π https://hackerone.com/reports/1670304
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Krisp
πΉ Reported By: #n0_m3rcy
πΉ State: π’ Resolved
πΉ Disclosed: October 21, 2022, 4:23pm (UTC)
π https://hackerone.com/reports/1670304
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Krisp
πΉ Reported By: #n0_m3rcy
πΉ State: π’ Resolved
πΉ Disclosed: October 21, 2022, 4:23pm (UTC)
access nagios dashboard using default credentials in ** omon1.fpki.gov, 3.220.248.203**
π https://hackerone.com/reports/1700896
πΉ Severity: Critical
πΉ Reported To: U.S. General Services Administration
πΉ Reported By: #ahmed0x0mahmoud
πΉ State: π’ Resolved
πΉ Disclosed: October 21, 2022, 11:33pm (UTC)
π https://hackerone.com/reports/1700896
πΉ Severity: Critical
πΉ Reported To: U.S. General Services Administration
πΉ Reported By: #ahmed0x0mahmoud
πΉ State: π’ Resolved
πΉ Disclosed: October 21, 2022, 11:33pm (UTC)
installed.json sensitive file was publicly accessible on your web application which discloses information about authors and admins
π https://hackerone.com/reports/1586524
πΉ Severity: Low
πΉ Reported To: Yelp
πΉ Reported By: #whitehacker18
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 22, 2022, 6:39pm (UTC)
π https://hackerone.com/reports/1586524
πΉ Severity: Low
πΉ Reported To: Yelp
πΉ Reported By: #whitehacker18
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 22, 2022, 6:39pm (UTC)
Viewer is able to leak the previous versions of the file
π https://hackerone.com/reports/1080700
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 9:56pm (UTC)
π https://hackerone.com/reports/1080700
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 9:56pm (UTC)
IDOR Allows Viewer to Delete Bin's Files
π https://hackerone.com/reports/1074420
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 9:59pm (UTC)
π https://hackerone.com/reports/1074420
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 9:59pm (UTC)