[doc.rt.informaticacloud.com] Reflected XSS via Stack Strace
π https://hackerone.com/reports/232320
πΉ Severity: High
πΉ Reported To: Informatica
πΉ Reported By: #bigbear_
πΉ State: π’ Resolved
πΉ Disclosed: July 23, 2022, 11:03am (UTC)
π https://hackerone.com/reports/232320
πΉ Severity: High
πΉ Reported To: Informatica
πΉ Reported By: #bigbear_
πΉ State: π’ Resolved
πΉ Disclosed: July 23, 2022, 11:03am (UTC)
CVE-2022-27781: CERTINFO never-ending busy-loop
π https://hackerone.com/reports/1606039
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #sybr
πΉ State: π’ Resolved
πΉ Disclosed: July 24, 2022, 7:31pm (UTC)
π https://hackerone.com/reports/1606039
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #sybr
πΉ State: π’ Resolved
πΉ Disclosed: July 24, 2022, 7:31pm (UTC)
Node.js - DLL Hijacking on Windows
π https://hackerone.com/reports/1636566
πΉ Severity: High | π° 3,000 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #yakirka
πΉ State: π’ Resolved
πΉ Disclosed: July 25, 2022, 6:30pm (UTC)
π https://hackerone.com/reports/1636566
πΉ Severity: High | π° 3,000 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #yakirka
πΉ State: π’ Resolved
πΉ Disclosed: July 25, 2022, 6:30pm (UTC)
Race condition in faucet when using starport
π https://hackerone.com/reports/1438052
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Cosmos
πΉ Reported By: #cyberboy
πΉ State: π’ Resolved
πΉ Disclosed: July 26, 2022, 5:47pm (UTC)
π https://hackerone.com/reports/1438052
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Cosmos
πΉ Reported By: #cyberboy
πΉ State: π’ Resolved
πΉ Disclosed: July 26, 2022, 5:47pm (UTC)
HTML Injection via Email Share
π https://hackerone.com/reports/1490311
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: July 27, 2022, 1:46am (UTC)
π https://hackerone.com/reports/1490311
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: July 27, 2022, 1:46am (UTC)
Off-by-slash vulnerability in nodejs.org and iojs.org
π https://hackerone.com/reports/1650273
πΉ Severity: Medium | π° 1,200 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nagaro
πΉ State: π’ Resolved
πΉ Disclosed: July 28, 2022, 8:25am (UTC)
π https://hackerone.com/reports/1650273
πΉ Severity: Medium | π° 1,200 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nagaro
πΉ State: π’ Resolved
πΉ Disclosed: July 28, 2022, 8:25am (UTC)
Acronis True Image Local Privilege Escalation Due To Race Condition In Application Verification
π https://hackerone.com/reports/1251464
πΉ Severity: High | π° 250 USD
πΉ Reported To: Acronis
πΉ Reported By: #vkas-afk
πΉ State: π’ Resolved
πΉ Disclosed: July 28, 2022, 10:32am (UTC)
π https://hackerone.com/reports/1251464
πΉ Severity: High | π° 250 USD
πΉ Reported To: Acronis
πΉ Reported By: #vkas-afk
πΉ State: π’ Resolved
πΉ Disclosed: July 28, 2022, 10:32am (UTC)
Hijack all emails sent to any domain that uses Cloudflare Email Forwarding
π https://hackerone.com/reports/1419341
πΉ Severity: Critical | π° 6,000 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #albertspedersen
πΉ State: π’ Resolved
πΉ Disclosed: July 28, 2022, 4:35pm (UTC)
π https://hackerone.com/reports/1419341
πΉ Severity: Critical | π° 6,000 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #albertspedersen
πΉ State: π’ Resolved
πΉ Disclosed: July 28, 2022, 4:35pm (UTC)
π₯2
Twitter Account hijack through broken link in https://runpanther.io
π https://hackerone.com/reports/1607429
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Panther Labs
πΉ Reported By: #prakash142
πΉ State: π’ Resolved
πΉ Disclosed: July 28, 2022, 4:57pm (UTC)
π https://hackerone.com/reports/1607429
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Panther Labs
πΉ Reported By: #prakash142
πΉ State: π’ Resolved
πΉ Disclosed: July 28, 2022, 4:57pm (UTC)
Channel statistics up-to-date
π₯Total awarded amount - π°2,994,628
π₯Total bug reports - 3,350
π₯Total reporters - 1,654
Reports counts by severity rating:
π΅ medium - 1333
π high - 689
π’ low - 659
π΄ critical - 359
π€ none - 310
Top 10 participants by vulnerabilities found:
#skavans < 34 < π°68,911
#nyymi < 33 < π°21,320
#rtod < 33 < π°11,200
#jon_bottarini < 32 < π°36,773
#nagli < 31 < π°4,961
#luchua < 26 < π°47,700
#executor < 23 < π°9,100
#ihsinme < 22 < π°25,650
#lu3ky-13 < 21 < π°4,048
#d3lla < 20 < π°9,900
Top 10 teams by resolved reports:
Mail.ru > 305 > π°314,033
U.S. Dept Of Defense > 290 > π°8,000
GitHub Security Lab > 158 > π°203,750
Shopify > 139 > π°256,050
Nextcloud > 128 > π°20,575
GitLab > 97 > π°405,160
curl > 87 > π°16,700
New Relic > 82 > π°104,490
Acronis > 80 > π°12,837
HackerOne > 68 > π°63,501
π₯Total awarded amount - π°2,994,628
π₯Total bug reports - 3,350
π₯Total reporters - 1,654
Reports counts by severity rating:
π΅ medium - 1333
π high - 689
π’ low - 659
π΄ critical - 359
π€ none - 310
Top 10 participants by vulnerabilities found:
#skavans < 34 < π°68,911
#nyymi < 33 < π°21,320
#rtod < 33 < π°11,200
#jon_bottarini < 32 < π°36,773
#nagli < 31 < π°4,961
#luchua < 26 < π°47,700
#executor < 23 < π°9,100
#ihsinme < 22 < π°25,650
#lu3ky-13 < 21 < π°4,048
#d3lla < 20 < π°9,900
Top 10 teams by resolved reports:
Mail.ru > 305 > π°314,033
U.S. Dept Of Defense > 290 > π°8,000
GitHub Security Lab > 158 > π°203,750
Shopify > 139 > π°256,050
Nextcloud > 128 > π°20,575
GitLab > 97 > π°405,160
curl > 87 > π°16,700
New Relic > 82 > π°104,490
Acronis > 80 > π°12,837
HackerOne > 68 > π°63,501
π6π2π₯1
HTML Injection via TikTok Ads Email Share
π https://hackerone.com/reports/1376990
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: July 28, 2022, 10:08pm (UTC)
π https://hackerone.com/reports/1376990
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #lu3ky-13
πΉ State: π’ Resolved
πΉ Disclosed: July 28, 2022, 10:08pm (UTC)
@nextcloud/logger NPM package brings vulnerable ansi-regex version
π https://hackerone.com/reports/1607601
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #ro0telqayser
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2022, 10:18am (UTC)
π https://hackerone.com/reports/1607601
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #ro0telqayser
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2022, 10:18am (UTC)
Send Fax from Anyone's HelloFax Account Due to Misconfigured Email Validation
π https://hackerone.com/reports/1428385
πΉ Severity: High | π° 4,913 USD
πΉ Reported To: Dropbox
πΉ Reported By: #sayaanalam
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2022, 5:18pm (UTC)
π https://hackerone.com/reports/1428385
πΉ Severity: High | π° 4,913 USD
πΉ Reported To: Dropbox
πΉ Reported By: #sayaanalam
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2022, 5:18pm (UTC)
Possible to make restricted files public on Phabricator via Diffusion
π https://hackerone.com/reports/1560717
πΉ Severity: No Rating | π° 2,000 USD
πΉ Reported To: Phabricator
πΉ Reported By: #dyls
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2022, 10:37pm (UTC)
π https://hackerone.com/reports/1560717
πΉ Severity: No Rating | π° 2,000 USD
πΉ Reported To: Phabricator
πΉ Reported By: #dyls
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2022, 10:37pm (UTC)
Open redirection at https://smartreports.mtncameroon.net
π https://hackerone.com/reports/1530396
πΉ Severity: Low
πΉ Reported To: MTN Group
πΉ Reported By: #vulnera
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2022, 1:38am (UTC)
π https://hackerone.com/reports/1530396
πΉ Severity: Low
πΉ Reported To: MTN Group
πΉ Reported By: #vulnera
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2022, 1:38am (UTC)
Corsa Site Scripting Vulnerability (XSS)
π https://hackerone.com/reports/1650210
πΉ Severity: High
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: π΄ N/A
πΉ Disclosed: July 30, 2022, 2:37pm (UTC)
π https://hackerone.com/reports/1650210
πΉ Severity: High
πΉ Reported To: Hyperledger
πΉ Reported By: #bhaskar_ram
πΉ State: π΄ N/A
πΉ Disclosed: July 30, 2022, 2:37pm (UTC)
Open S3 Bucket Accessible by any Aws User
π https://hackerone.com/reports/1654145
πΉ Severity: No Rating
πΉ Reported To: GoCD
πΉ Reported By: #khalidou
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2022, 3:02am (UTC)
π https://hackerone.com/reports/1654145
πΉ Severity: No Rating
πΉ Reported To: GoCD
πΉ Reported By: #khalidou
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2022, 3:02am (UTC)
Race condition on https://judge.me/people
π https://hackerone.com/reports/1566017
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Judge.me
πΉ Reported By: #netboom
πΉ State: π’ Resolved
πΉ Disclosed: August 1, 2022, 5:28am (UTC)
π https://hackerone.com/reports/1566017
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Judge.me
πΉ Reported By: #netboom
πΉ State: π’ Resolved
πΉ Disclosed: August 1, 2022, 5:28am (UTC)
π1
Insecure use of shell.openExternal() in Rocket.Chat Desktop App leading to RCE
π https://hackerone.com/reports/924151
πΉ Severity: Critical
πΉ Reported To: Rocket.Chat
πΉ Reported By: #baltpeter
πΉ State: π’ Resolved
πΉ Disclosed: August 1, 2022, 10:17am (UTC)
π https://hackerone.com/reports/924151
πΉ Severity: Critical
πΉ Reported To: Rocket.Chat
πΉ Reported By: #baltpeter
πΉ State: π’ Resolved
πΉ Disclosed: August 1, 2022, 10:17am (UTC)
delete the subaccount from the user id
π https://hackerone.com/reports/1646340
πΉ Severity: Medium | π° 700 USD
πΉ Reported To: Showmax
πΉ Reported By: #qualwin38000
πΉ State: π’ Resolved
πΉ Disclosed: August 1, 2022, 1:05pm (UTC)
π https://hackerone.com/reports/1646340
πΉ Severity: Medium | π° 700 USD
πΉ Reported To: Showmax
πΉ Reported By: #qualwin38000
πΉ State: π’ Resolved
πΉ Disclosed: August 1, 2022, 1:05pm (UTC)