Bugpoint

XSS in Desktop Client via user status and information

👉 https://hackerone.com/reports/1707977

🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 3:44pm (UTC)

264 views18:34

Bugpoint

XSS in Desktop Client in call notification popup

👉 https://hackerone.com/reports/1711847

🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 3:45pm (UTC)

252 views18:34

Bugpoint

SSRF - pivoting in the private LAN

👉 https://hackerone.com/reports/1364797

🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #adrian_t
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 5:20pm (UTC)

262 views18:34

Bugpoint

open redirect to a remote website which can phish users

👉 https://hackerone.com/reports/1397804

🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #adrian_t
🔹 State: ⚪️ Informative
🔹 Disclosed: November 25, 2022, 6:08pm (UTC)

297 views18:34

Bugpoint

SSRF mitigation bypass using DNS Rebind attack

👉 https://hackerone.com/reports/1369312

🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #adrian_t
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 6:11pm (UTC)

👍1

327 views18:34

Bugpoint

Database resource exhaustion for logged-in users via sharee recommendations with circles

👉 https://hackerone.com/reports/1688199

🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #michag86
🔹 State: 🟢 Resolved
🔹 Disclosed: November 26, 2022, 6:52am (UTC)

279 views07:04

Bugpoint

Profile of disabled user stays accessible

👉 https://hackerone.com/reports/1675014

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #mikaelgundersen
🔹 State: 🟢 Resolved
🔹 Disclosed: November 26, 2022, 6:53am (UTC)

295 views07:04

Bugpoint

CVE-2022-32221: POST following PUT confusion

👉 https://hackerone.com/reports/1704017

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #robbotic
🔹 State: 🟢 Resolved
🔹 Disclosed: November 26, 2022, 12:02pm (UTC)

320 views18:52

Bugpoint

CVE-2022-42915: HTTP proxy double-free

👉 https://hackerone.com/reports/1722065

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #bagder
🔹 State: 🟢 Resolved
🔹 Disclosed: November 26, 2022, 12:04pm (UTC)

350 views18:52

Bugpoint

Exception logging in Sharepoint app reveals clear-text connection details

👉 https://hackerone.com/reports/1652903

🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kichernde_erbse
🔹 State: 🟢 Resolved
🔹 Disclosed: November 26, 2022, 12:46pm (UTC)

389 views18:52

Bugpoint

Wordpress users Disclosure [ /wp-json/wp/v2/users/ ]

👉 https://hackerone.com/reports/1735586

🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #shubham_srt
🔹 State: 🟢 Resolved
🔹 Disclosed: November 27, 2022, 3:25am (UTC)

410 views09:31

Bugpoint

potential denial of service attack via the locale parameter

👉 https://hackerone.com/reports/1746098

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #benjaoming_realone
🔹 State: 🟢 Resolved
🔹 Disclosed: November 28, 2022, 6:31pm (UTC)

394 views19:31

Bugpoint

I found some api keys in js files ,huge leak of token addresses and huge amount of js files are not forbidden

👉 https://hackerone.com/reports/1787121

🔹 Severity: No Rating
🔹 Reported To: AMBER AI
🔹 Reported By: #orange_h
🔹 State: 🔴 N/A
🔹 Disclosed: November 29, 2022, 10:46am (UTC)

🤔3👍2

413 views10:55

Bugpoint

Stored XSS in Dovetale by application of creator

👉 https://hackerone.com/reports/1652046

🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #kun_19
🔹 State: 🟢 Resolved
🔹 Disclosed: November 29, 2022, 5:34pm (UTC)

479 views19:22

Bugpoint

Any organization's assets pending review can be downloaded

👉 https://hackerone.com/reports/1787644

🔹 Severity: High
🔹 Reported To: HackerOne
🔹 Reported By: #jobert
🔹 State: 🟢 Resolved
🔹 Disclosed: November 29, 2022, 6:36pm (UTC)

534 views19:22

Bugpoint

Stored XSS Payload when sending videos

👉 https://hackerone.com/reports/1536046

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #aidilarf_2000
🔹 State: 🟢 Resolved
🔹 Disclosed: November 29, 2022, 9:30pm (UTC)

445 views02:52

Bugpoint

If the website does not impose additional defense against CSRF attacks, failing to use the 'Lax' or 'Strict' values could increase the risk of exposur

👉 https://hackerone.com/reports/1707680

🔹 Severity: Low
🔹 Reported To: Yelp
🔹 Reported By: #shubhangirathore836
🔹 State: 🔴 N/A
🔹 Disclosed: November 30, 2022, 3:15pm (UTC)

434 views18:43

Bugpoint

Campaign Account Balance and History Disclosed in API Response

👉 https://hackerone.com/reports/1587374

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: LinkedIn
🔹 Reported By: #sachin_kumar_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 30, 2022, 7:31pm (UTC)

477 views19:40

Bugpoint

Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands

👉 https://hackerone.com/reports/1785378

🔹 Severity: High | 💰 300 USD
🔹 Reported To: Ian Dunn
🔹 Reported By: #ryotak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2022, 4:00am (UTC)

🔥2

576 views04:31

Bugpoint

CVE-2022-45402: Apache Airflow: Open redirect during login

👉 https://hackerone.com/reports/1782514

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #bugra
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2022, 9:41am (UTC)

518 views12:13

Bugpoint

Calendar name length not validated before writing to database

👉 https://hackerone.com/reports/1596148

🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #errorx404
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2022, 9:49am (UTC)

485 views12:13

About

Blog

Apps

Platform