installed.json sensitive file was publicly accessible on your web application which discloses information about authors and admins
π https://hackerone.com/reports/1586524
πΉ Severity: Low
πΉ Reported To: Yelp
πΉ Reported By: #whitehacker18
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 22, 2022, 6:39pm (UTC)
π https://hackerone.com/reports/1586524
πΉ Severity: Low
πΉ Reported To: Yelp
πΉ Reported By: #whitehacker18
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 22, 2022, 6:39pm (UTC)
Viewer is able to leak the previous versions of the file
π https://hackerone.com/reports/1080700
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 9:56pm (UTC)
π https://hackerone.com/reports/1080700
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 9:56pm (UTC)
IDOR Allows Viewer to Delete Bin's Files
π https://hackerone.com/reports/1074420
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 9:59pm (UTC)
π https://hackerone.com/reports/1074420
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 9:59pm (UTC)
Remotely Accessible Container Advisor exposed performance metrics and resource usage
π https://hackerone.com/reports/1697599
πΉ Severity: Low | π° 100 USD
πΉ Reported To: TikTok
πΉ Reported By: #tw4v3sx
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 10:07pm (UTC)
π https://hackerone.com/reports/1697599
πΉ Severity: Low | π° 100 USD
πΉ Reported To: TikTok
πΉ Reported By: #tw4v3sx
πΉ State: π’ Resolved
πΉ Disclosed: October 24, 2022, 10:07pm (UTC)
A malicious admin can be able to permanently disable a Owner(Admin) to access his account
π https://hackerone.com/reports/1718574
πΉ Severity: Medium | π° 600 USD
πΉ Reported To: Linktree
πΉ Reported By: #dewcode91
πΉ State: π’ Resolved
πΉ Disclosed: October 25, 2022, 12:49am (UTC)
π https://hackerone.com/reports/1718574
πΉ Severity: Medium | π° 600 USD
πΉ Reported To: Linktree
πΉ Reported By: #dewcode91
πΉ State: π’ Resolved
πΉ Disclosed: October 25, 2022, 12:49am (UTC)
Reflected Cross site scripting via Swagger UI
π https://hackerone.com/reports/1656650
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #webcipher101
πΉ State: π’ Resolved
πΉ Disclosed: October 25, 2022, 7:14am (UTC)
π https://hackerone.com/reports/1656650
πΉ Severity: Medium
πΉ Reported To: Adobe
πΉ Reported By: #webcipher101
πΉ State: π’ Resolved
πΉ Disclosed: October 25, 2022, 7:14am (UTC)
Business Logic, currency arbitrage - Possibility to pay less than the price in USD
π https://hackerone.com/reports/1677155
πΉ Severity: Medium
πΉ Reported To: PortSwigger Web Security
πΉ Reported By: #xctzn
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 26, 2022, 6:57am (UTC)
π https://hackerone.com/reports/1677155
πΉ Severity: Medium
πΉ Reported To: PortSwigger Web Security
πΉ Reported By: #xctzn
πΉ State: βͺοΈ Informative
πΉ Disclosed: October 26, 2022, 6:57am (UTC)
HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding (improper fix for CVE-2022-32215)
π https://hackerone.com/reports/1665156
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #shacharm
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
π https://hackerone.com/reports/1665156
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #shacharm
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
Node 18 reads openssl.cnf from /home/iojs/build/... upon startup on MacOS
π https://hackerone.com/reports/1695596
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #mhdawson
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
π https://hackerone.com/reports/1695596
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #mhdawson
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
CVE-2022-32213 bypass via obs-fold mechanic
π https://hackerone.com/reports/1630336
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
π https://hackerone.com/reports/1630336
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
HTTP Request Smuggling Due to Incorrect Parsing of Header Fields
π https://hackerone.com/reports/1675191
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #vvx7
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
π https://hackerone.com/reports/1675191
πΉ Severity: Medium
πΉ Reported To: Node.js
πΉ Reported By: #vvx7
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:17am (UTC)
Weak randomness in WebCrypto keygen
π https://hackerone.com/reports/1690000
πΉ Severity: High
πΉ Reported To: Node.js
πΉ Reported By: #bnoordhuis
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:18am (UTC)
π https://hackerone.com/reports/1690000
πΉ Severity: High
πΉ Reported To: Node.js
πΉ Reported By: #bnoordhuis
πΉ State: π’ Resolved
πΉ Disclosed: October 26, 2022, 8:18am (UTC)
π1
Subdomain takeover on 'de-headless.staging.gymshark.com'
π https://hackerone.com/reports/1711890
πΉ Severity: High
πΉ Reported To: Gymshark
πΉ Reported By: #a-p0c
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 11:14am (UTC)
π https://hackerone.com/reports/1711890
πΉ Severity: High
πΉ Reported To: Gymshark
πΉ Reported By: #a-p0c
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 11:14am (UTC)
CVE-2022-35260: .netrc parser out-of-bounds access
π https://hackerone.com/reports/1721098
πΉ Severity: Low
πΉ Reported To: curl
πΉ Reported By: #kurohiro
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 2:55pm (UTC)
π https://hackerone.com/reports/1721098
πΉ Severity: Low
πΉ Reported To: curl
πΉ Reported By: #kurohiro
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 2:55pm (UTC)
π1
CVE-2022-42916: HSTS bypass via IDN
π https://hackerone.com/reports/1730660
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #kurohiro
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 2:55pm (UTC)
π https://hackerone.com/reports/1730660
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #kurohiro
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 2:55pm (UTC)
π1
Jolokia Reflected XSS
π https://hackerone.com/reports/1714563
πΉ Severity: Medium
πΉ Reported To: Mars
πΉ Reported By: #ramzanrl
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 5:36pm (UTC)
π https://hackerone.com/reports/1714563
πΉ Severity: Medium
πΉ Reported To: Mars
πΉ Reported By: #ramzanrl
πΉ State: π’ Resolved
πΉ Disclosed: October 27, 2022, 5:36pm (UTC)
π1
HTML INJECTION FOUND ON https://adobedocs.github.io/analytics-1.4-apis/swagger-docs.html DUE TO OUTDATED SWAGGER UI
π https://hackerone.com/reports/1736466
πΉ Severity: Low
πΉ Reported To: Adobe
πΉ Reported By: #dreamer_eh
πΉ State: π’ Resolved
πΉ Disclosed: October 28, 2022, 7:18am (UTC)
π https://hackerone.com/reports/1736466
πΉ Severity: Low
πΉ Reported To: Adobe
πΉ Reported By: #dreamer_eh
πΉ State: π’ Resolved
πΉ Disclosed: October 28, 2022, 7:18am (UTC)
π1
Privilege Escalation to All-staff group
π https://hackerone.com/reports/1021460
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 28, 2022, 11:55pm (UTC)
π https://hackerone.com/reports/1021460
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 28, 2022, 11:55pm (UTC)
Accessing/Editing Folders of Other Users in the Orginisation.
π https://hackerone.com/reports/1025881
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 29, 2022, 12:56am (UTC)
π https://hackerone.com/reports/1025881
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Lark Technologies
πΉ Reported By: #snapsec
πΉ State: π’ Resolved
πΉ Disclosed: October 29, 2022, 12:56am (UTC)
Cross-site Scripting (XSS) - Reflected
π https://hackerone.com/reports/1183336
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: October 30, 2022, 9:54pm (UTC)
π https://hackerone.com/reports/1183336
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: October 30, 2022, 9:54pm (UTC)
Cross-Site Request Forgery (CSRF) to xss
π https://hackerone.com/reports/1183241
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: October 30, 2022, 9:54pm (UTC)
π https://hackerone.com/reports/1183241
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: October 30, 2022, 9:54pm (UTC)