ReDoS in net/http affects webhooks: Sidekiq job stuck at 100% CPU for a year
π https://hackerone.com/reports/1531958
πΉ Severity: Medium | π° 1,160 USD
πΉ Reported To: GitLab
πΉ Reported By: #afewgoats
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 4:42am (UTC)
π https://hackerone.com/reports/1531958
πΉ Severity: Medium | π° 1,160 USD
πΉ Reported To: GitLab
πΉ Reported By: #afewgoats
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 4:42am (UTC)
No Restriction on password
π https://hackerone.com/reports/1696814
πΉ Severity: No Rating
πΉ Reported To: GitLab
πΉ Reported By: #patronum-m
πΉ State: π΄ N/A
πΉ Disclosed: September 13, 2022, 5:02am (UTC)
π https://hackerone.com/reports/1696814
πΉ Severity: No Rating
πΉ Reported To: GitLab
πΉ Reported By: #patronum-m
πΉ State: π΄ N/A
πΉ Disclosed: September 13, 2022, 5:02am (UTC)
DOS validator nodes of blockchain to block external connections
π https://hackerone.com/reports/1695472
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #cre8
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 7:56am (UTC)
π https://hackerone.com/reports/1695472
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Hyperledger
πΉ Reported By: #cre8
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 7:56am (UTC)
XSS in http://www.glassdoor.com/Search/results.htm via Parameter Pollution
π https://hackerone.com/reports/1632119
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Glassdoor
πΉ Reported By: #nokline
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 1:03pm (UTC)
π https://hackerone.com/reports/1632119
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Glassdoor
πΉ Reported By: #nokline
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 1:03pm (UTC)
Web Cache Poisoning leads to XSS and DoS
π https://hackerone.com/reports/1621540
πΉ Severity: High | π° 1,700 USD
πΉ Reported To: Glassdoor
πΉ Reported By: #nokline
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 1:36pm (UTC)
π https://hackerone.com/reports/1621540
πΉ Severity: High | π° 1,700 USD
πΉ Reported To: Glassdoor
πΉ Reported By: #nokline
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 1:36pm (UTC)
CSRF in Changing User Verification Email
π https://hackerone.com/reports/1531235
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #f_m
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 8:30pm (UTC)
π https://hackerone.com/reports/1531235
πΉ Severity: Low | π° 500 USD
πΉ Reported To: TikTok
πΉ Reported By: #f_m
πΉ State: π’ Resolved
πΉ Disclosed: September 13, 2022, 8:30pm (UTC)
Reflected XSS [ββββββ]
π https://hackerone.com/reports/1309386
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #fdeleite
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 1:58pm (UTC)
π https://hackerone.com/reports/1309386
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #fdeleite
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 1:58pm (UTC)
Abuse cookie-modification, toast HTML and expired domain in CSP-form-action replacing login-page at www.dropbox.com/login to submit creds externally
π https://hackerone.com/reports/1590794
πΉ Severity: High | π° 6,909 USD
πΉ Reported To: Dropbox
πΉ Reported By: #fransrosen
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 3:15pm (UTC)
π https://hackerone.com/reports/1590794
πΉ Severity: High | π° 6,909 USD
πΉ Reported To: Dropbox
πΉ Reported By: #fransrosen
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 3:15pm (UTC)
π₯1
Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie In Two Domain
π https://hackerone.com/reports/1221942
πΉ Severity: High
πΉ Reported To: Meredith
πΉ Reported By: #error201
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 4:12pm (UTC)
π https://hackerone.com/reports/1221942
πΉ Severity: High
πΉ Reported To: Meredith
πΉ Reported By: #error201
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 4:12pm (UTC)
Directory Traversal at βββββ
π https://hackerone.com/reports/1641148
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0x45
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:27pm (UTC)
π https://hackerone.com/reports/1641148
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0x45
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:27pm (UTC)
springboot actuator is leaking internals at ββββββββββ
π https://hackerone.com/reports/1662474
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #thpless
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:29pm (UTC)
π https://hackerone.com/reports/1662474
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #thpless
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:29pm (UTC)
XSS DUE TO CVE-2022-38463 in https://ββββββββ
π https://hackerone.com/reports/1681208
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #shuvam321
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:30pm (UTC)
π https://hackerone.com/reports/1681208
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #shuvam321
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:30pm (UTC)
IDOR Lead To VIEW & DELETE & Create api_key [HtUS]
π https://hackerone.com/reports/1628012
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #bate5a
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:32pm (UTC)
π https://hackerone.com/reports/1628012
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #bate5a
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:32pm (UTC)
SSRF ACCESS AWS METADATA - βββββ
π https://hackerone.com/reports/1623685
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0xr3dhunt
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:35pm (UTC)
π https://hackerone.com/reports/1623685
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0xr3dhunt
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:35pm (UTC)
Unprotected ββββββ and Test site API Exposes Documents, Credentials, and Emails in ββββββββββ Proposal System
π https://hackerone.com/reports/745171
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #byteone
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:40pm (UTC)
π https://hackerone.com/reports/745171
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #byteone
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:40pm (UTC)
Full read SSRF at βββββββββ [HtUS]
π https://hackerone.com/reports/1628102
πΉ Severity: High | π° 500 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:52pm (UTC)
π https://hackerone.com/reports/1628102
πΉ Severity: High | π° 500 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:52pm (UTC)
an internel important paths disclosure [HtUS]
π https://hackerone.com/reports/1631471
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ahmed0x0mahmoud
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:54pm (UTC)
π https://hackerone.com/reports/1631471
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ahmed0x0mahmoud
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 8:54pm (UTC)
SSRF in Functional Administrative Support Tool pdf generator (ββββ) [HtUS]
π https://hackerone.com/reports/1628209
πΉ Severity: Critical | π° 4,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #codeprivate
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:00pm (UTC)
π https://hackerone.com/reports/1628209
πΉ Severity: Critical | π° 4,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #codeprivate
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:00pm (UTC)
SQL injection at [https://βββββββββ] [HtUS]
π https://hackerone.com/reports/1627995
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #malcolmx
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:04pm (UTC)
π https://hackerone.com/reports/1627995
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #malcolmx
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:04pm (UTC)
SQL injection at [βββββββββ] [HtUS]
π https://hackerone.com/reports/1626198
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #malcolmx
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:06pm (UTC)
π https://hackerone.com/reports/1626198
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #malcolmx
πΉ State: π’ Resolved
πΉ Disclosed: September 14, 2022, 9:06pm (UTC)