time based SQL injection at [https://███] [HtUS]
👉 https://hackerone.com/reports/1627970
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #malcolmx
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 9:10pm (UTC)
👉 https://hackerone.com/reports/1627970
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #malcolmx
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 9:10pm (UTC)
🔥1
STORED XSS in █████████/nlc/login.aspx via "edit" GET parameter through markdown editor [HtUS]
👉 https://hackerone.com/reports/1631447
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shreky
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 9:13pm (UTC)
👉 https://hackerone.com/reports/1631447
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shreky
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 9:13pm (UTC)
No validation to Image upload user can upload ( php APK zip files and can be used as storage purpose)
👉 https://hackerone.com/reports/1644062
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Linktree
🔹 Reported By: #bug_vs_me
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2022, 5:38am (UTC)
👉 https://hackerone.com/reports/1644062
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Linktree
🔹 Reported By: #bug_vs_me
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2022, 5:38am (UTC)
[hta3] Remote Code Execution on https://███ via improper access control to SCORM Zip upload/import
👉 https://hackerone.com/reports/1122791
🔹 Severity: Critical | 💰 2,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cdl
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2022, 1:28pm (UTC)
👉 https://hackerone.com/reports/1122791
🔹 Severity: Critical | 💰 2,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cdl
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2022, 1:28pm (UTC)
👍1
store internal email disclosed through shopify-data-exporter
👉 https://hackerone.com/reports/1605962
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #xenx
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2022, 7:21pm (UTC)
👉 https://hackerone.com/reports/1605962
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #xenx
🔹 State: 🟢 Resolved
🔹 Disclosed: September 15, 2022, 7:21pm (UTC)
Information exposure in in guzzlehttp/guzzle (https://github.com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle)
👉 https://hackerone.com/reports/1604606
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #ro0telqayser
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2022, 2:52am (UTC)
👉 https://hackerone.com/reports/1604606
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #ro0telqayser
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2022, 2:52am (UTC)
Last video frame is still sent after video is disabled in a call
👉 https://hackerone.com/reports/1641088
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #daniel_calvino_sanchez
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2022, 4:52am (UTC)
👉 https://hackerone.com/reports/1641088
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #daniel_calvino_sanchez
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2022, 4:52am (UTC)
SSRF via potential filter bypass with too lax local domain checking
👉 https://hackerone.com/reports/1608039
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #tomorrowisnew_
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2022, 5:00am (UTC)
👉 https://hackerone.com/reports/1608039
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #tomorrowisnew_
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2022, 5:00am (UTC)
XSS in www.glassdoor.com
👉 https://hackerone.com/reports/1695989
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #seifelsallamy
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2022, 8:10pm (UTC)
👉 https://hackerone.com/reports/1695989
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #seifelsallamy
🔹 State: 🟢 Resolved
🔹 Disclosed: September 16, 2022, 8:10pm (UTC)
Airflow Daemon Mode Insecure Umask Privilege Escalation
👉 https://hackerone.com/reports/1690093
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: September 17, 2022, 12:23pm (UTC)
👉 https://hackerone.com/reports/1690093
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: September 17, 2022, 12:23pm (UTC)
HTML Injection in email via Name field
👉 https://hackerone.com/reports/1581499
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #mega7
🔹 State: 🟢 Resolved
🔹 Disclosed: September 18, 2022, 9:24am (UTC)
👉 https://hackerone.com/reports/1581499
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #mega7
🔹 State: 🟢 Resolved
🔹 Disclosed: September 18, 2022, 9:24am (UTC)
There is no rate limit for SME REGISTRATION PORTAL
👉 https://hackerone.com/reports/1305766
🔹 Severity: No Rating
🔹 Reported To: MTN Group
🔹 Reported By: #sachinrajput
🔹 State: 🟢 Resolved
🔹 Disclosed: September 19, 2022, 5:41am (UTC)
👉 https://hackerone.com/reports/1305766
🔹 Severity: No Rating
🔹 Reported To: MTN Group
🔹 Reported By: #sachinrajput
🔹 State: 🟢 Resolved
🔹 Disclosed: September 19, 2022, 5:41am (UTC)
CORS Misconfiguration on vanillaforums.com
👉 https://hackerone.com/reports/1527555
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Vanilla
🔹 Reported By: #admin0x00
🔹 State: 🟢 Resolved
🔹 Disclosed: September 20, 2022, 4:34pm (UTC)
👉 https://hackerone.com/reports/1527555
🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Vanilla
🔹 Reported By: #admin0x00
🔹 State: 🟢 Resolved
🔹 Disclosed: September 20, 2022, 4:34pm (UTC)
Use-after-free in setsockopt IPV6_2292PKTOPTIONS (CVE-2020-7457)
👉 https://hackerone.com/reports/1441103
🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #theflow0
🔹 State: 🟢 Resolved
🔹 Disclosed: September 20, 2022, 9:16pm (UTC)
👉 https://hackerone.com/reports/1441103
🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #theflow0
🔹 State: 🟢 Resolved
🔹 Disclosed: September 20, 2022, 9:16pm (UTC)
👍1
IDOR on Tagged People
👉 https://hackerone.com/reports/1555376
🔹 Severity: Medium | 💰 3,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #apapedulimu
🔹 State: 🟢 Resolved
🔹 Disclosed: September 20, 2022, 10:17pm (UTC)
👉 https://hackerone.com/reports/1555376
🔹 Severity: Medium | 💰 3,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #apapedulimu
🔹 State: 🟢 Resolved
🔹 Disclosed: September 20, 2022, 10:17pm (UTC)
👏1
DOS: out of memory from gif through upload api
👉 https://hackerone.com/reports/1620170
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #catenacyber
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2022, 8:49am (UTC)
👉 https://hackerone.com/reports/1620170
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #catenacyber
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2022, 8:49am (UTC)
size_t-to-int vulnerability in exFAT leads to memory corruption via malformed USB flash drives
👉 https://hackerone.com/reports/1340942
🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #theflow0
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2022, 7:06pm (UTC)
👉 https://hackerone.com/reports/1340942
🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: PlayStation
🔹 Reported By: #theflow0
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2022, 7:06pm (UTC)
🔥3
Create product discounts of any shop
👉 https://hackerone.com/reports/1571578
🔹 Severity: Medium | 💰 4,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #datph4m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2022, 10:39pm (UTC)
👉 https://hackerone.com/reports/1571578
🔹 Severity: Medium | 💰 4,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #datph4m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2022, 10:39pm (UTC)
Add products to any livestream.
👉 https://hackerone.com/reports/1654657
🔹 Severity: Medium | 💰 3,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #datph4m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2022, 10:41pm (UTC)
👉 https://hackerone.com/reports/1654657
🔹 Severity: Medium | 💰 3,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #datph4m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2022, 10:41pm (UTC)
DLL Search-Order Hijacking Vulnerability in work-64-exe-v7.16.3-1.exe
👉 https://hackerone.com/reports/1519437
🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #is-
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 3:19am (UTC)
👉 https://hackerone.com/reports/1519437
🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #is-
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 3:19am (UTC)