Internal IP addresses range and AWS cluster region leaked in a Github repository
π https://hackerone.com/reports/877303
πΉ Severity: No Rating
πΉ Reported To: Kubernetes
πΉ Reported By: #cyberhawksec
πΉ Disclosed: July 24, 2020, 12:43am (UTC)
π https://hackerone.com/reports/877303
πΉ Severity: No Rating
πΉ Reported To: Kubernetes
πΉ Reported By: #cyberhawksec
πΉ Disclosed: July 24, 2020, 12:43am (UTC)
No Rate Limiting On Phone Number Login Leads to Login Bypass
π https://hackerone.com/reports/903363
πΉ Severity: Medium
πΉ Reported To: Smule
πΉ Reported By: #done11
πΉ Disclosed: July 24, 2020, 2:19am (UTC)
π https://hackerone.com/reports/903363
πΉ Severity: Medium
πΉ Reported To: Smule
πΉ Reported By: #done11
πΉ Disclosed: July 24, 2020, 2:19am (UTC)
DoS for client-go jsonpath func
π https://hackerone.com/reports/882923
πΉ Severity: Low
πΉ Reported To: Kubernetes
πΉ Reported By: #lazydog
πΉ Disclosed: July 24, 2020, 3:46am (UTC)
π https://hackerone.com/reports/882923
πΉ Severity: Low
πΉ Reported To: Kubernetes
πΉ Reported By: #lazydog
πΉ Disclosed: July 24, 2020, 3:46am (UTC)
Getting SmartDNS for free from - join.nordvpn.com
π https://hackerone.com/reports/925757
πΉ Severity: High
πΉ Reported To: NordVPN
πΉ Reported By: #salahhasoneh
πΉ Disclosed: July 24, 2020, 9:01am (UTC)
π https://hackerone.com/reports/925757
πΉ Severity: High
πΉ Reported To: NordVPN
πΉ Reported By: #salahhasoneh
πΉ Disclosed: July 24, 2020, 9:01am (UTC)
Business Logic Flaw - A non premium user can change/update retailers to get cashback on all the retailers associated with Curve
π https://hackerone.com/reports/672487
πΉ Severity: Medium
πΉ Reported To: Curve
πΉ Reported By: #praseudo7
πΉ Disclosed: July 24, 2020, 12:28pm (UTC)
π https://hackerone.com/reports/672487
πΉ Severity: Medium
πΉ Reported To: Curve
πΉ Reported By: #praseudo7
πΉ Disclosed: July 24, 2020, 12:28pm (UTC)
Stored XSS at [ https://app.lemlist.com/campaigns/cam_QRS5caF2ca7MJtiLS/leads ] in " LINKEDIN URL" Field.
π https://hackerone.com/reports/932557
πΉ Severity: Low
πΉ Reported To: lemlist
πΉ Reported By: #try___for___impossible
πΉ Disclosed: July 24, 2020, 2:01pm (UTC)
π https://hackerone.com/reports/932557
πΉ Severity: Low
πΉ Reported To: lemlist
πΉ Reported By: #try___for___impossible
πΉ Disclosed: July 24, 2020, 2:01pm (UTC)
Grammarly Keyboard for Android "Authorization Code with PKCE" flow implementation vulnerability that allows account takeover
π https://hackerone.com/reports/824931
πΉ Severity: Medium
πΉ Reported To: Grammarly
πΉ Reported By: #tomtenisse
πΉ Disclosed: July 24, 2020, 2:22pm (UTC)
π https://hackerone.com/reports/824931
πΉ Severity: Medium
πΉ Reported To: Grammarly
πΉ Reported By: #tomtenisse
πΉ Disclosed: July 24, 2020, 2:22pm (UTC)
CVE-2019-19935 - DOM based XSS in the froala editor
π https://hackerone.com/reports/938683
πΉ Severity: Low
πΉ Reported To: lemlist
πΉ Reported By: #chackal
πΉ Disclosed: July 24, 2020, 3:33pm (UTC)
π https://hackerone.com/reports/938683
πΉ Severity: Low
πΉ Reported To: lemlist
πΉ Reported By: #chackal
πΉ Disclosed: July 24, 2020, 3:33pm (UTC)
SQL Injection or Denial of Service due to a Prototype Pollution
π https://hackerone.com/reports/869574
πΉ Severity: Critical
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #phra
πΉ Disclosed: July 24, 2020, 5:20pm (UTC)
π https://hackerone.com/reports/869574
πΉ Severity: Critical
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #phra
πΉ Disclosed: July 24, 2020, 5:20pm (UTC)
SAML Response Reuse on hackerone.com/users/saml/auth
π https://hackerone.com/reports/888930
πΉ Severity: Low | π° 500 USD
πΉ Reported To: HackerOne
πΉ Reported By: #samtink
πΉ Disclosed: July 24, 2020, 6:51pm (UTC)
π https://hackerone.com/reports/888930
πΉ Severity: Low | π° 500 USD
πΉ Reported To: HackerOne
πΉ Reported By: #samtink
πΉ Disclosed: July 24, 2020, 6:51pm (UTC)
Denial of Service [Chrome]
π https://hackerone.com/reports/921286
πΉ Severity: Medium | π° 560 USD
πΉ Reported To: Twitter
πΉ Reported By: #cyanpiny
πΉ Disclosed: July 24, 2020, 8:00pm (UTC)
π https://hackerone.com/reports/921286
πΉ Severity: Medium | π° 560 USD
πΉ Reported To: Twitter
πΉ Reported By: #cyanpiny
πΉ Disclosed: July 24, 2020, 8:00pm (UTC)
Untrusted users able to run pending migrations in production
π https://hackerone.com/reports/899069
πΉ Severity: Medium
πΉ Reported To: Ruby on Rails
πΉ Reported By: #tenderlove
πΉ Disclosed: July 24, 2020, 8:07pm (UTC)
π https://hackerone.com/reports/899069
πΉ Severity: Medium
πΉ Reported To: Ruby on Rails
πΉ Reported By: #tenderlove
πΉ Disclosed: July 24, 2020, 8:07pm (UTC)
GraphQL field on Team node can be used to determine if External Program runs invite-only program
π https://hackerone.com/reports/877642
πΉ Severity: Medium
πΉ Reported To: HackerOne
πΉ Reported By: #kunal94
πΉ Disclosed: July 25, 2020, 1:13am (UTC)
π https://hackerone.com/reports/877642
πΉ Severity: Medium
πΉ Reported To: HackerOne
πΉ Reported By: #kunal94
πΉ Disclosed: July 25, 2020, 1:13am (UTC)
Contacts menu (not app) fails to restrict (to local groups) for contacts from federated servers
π https://hackerone.com/reports/895730
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #nursoda
πΉ Disclosed: July 25, 2020, 8:10am (UTC)
π https://hackerone.com/reports/895730
πΉ Severity: Low
πΉ Reported To: Nextcloud
πΉ Reported By: #nursoda
πΉ Disclosed: July 25, 2020, 8:10am (UTC)
Improper validation of unicode characters#2
π https://hackerone.com/reports/279945
πΉ Severity: No Rating
πΉ Reported To: Weblate
πΉ Reported By: #code_monkey
πΉ Disclosed: July 26, 2020, 10:50am (UTC)
π https://hackerone.com/reports/279945
πΉ Severity: No Rating
πΉ Reported To: Weblate
πΉ Reported By: #code_monkey
πΉ Disclosed: July 26, 2020, 10:50am (UTC)
Open Github Repo Leaking WEBLATE SECRET KEY
π https://hackerone.com/reports/942146
πΉ Severity: No Rating
πΉ Reported To: Weblate
πΉ Reported By: #nafisaqil4
πΉ Disclosed: July 26, 2020, 11:24am (UTC)
π https://hackerone.com/reports/942146
πΉ Severity: No Rating
πΉ Reported To: Weblate
πΉ Reported By: #nafisaqil4
πΉ Disclosed: July 26, 2020, 11:24am (UTC)
IDOR with Geolocation data not stripped from images
π https://hackerone.com/reports/906907
πΉ Severity: High | π° 200 USD
πΉ Reported To: IRCCloud
πΉ Reported By: #do_some_hack
πΉ Disclosed: July 26, 2020, 3:36pm (UTC)
π https://hackerone.com/reports/906907
πΉ Severity: High | π° 200 USD
πΉ Reported To: IRCCloud
πΉ Reported By: #do_some_hack
πΉ Disclosed: July 26, 2020, 3:36pm (UTC)
Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify
π https://hackerone.com/reports/810880
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Helium
πΉ Reported By: #w2w
πΉ Disclosed: July 26, 2020, 4:39pm (UTC)
π https://hackerone.com/reports/810880
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Helium
πΉ Reported By: #w2w
πΉ Disclosed: July 26, 2020, 4:39pm (UTC)
Send arbitrary PUT requests when user clicks on a link
π https://hackerone.com/reports/824689
πΉ Severity: Medium | π° 3000 USD
πΉ Reported To: GitLab
πΉ Reported By: #yvvdwf
πΉ Disclosed: July 27, 2020, 8:44am (UTC)
π https://hackerone.com/reports/824689
πΉ Severity: Medium | π° 3000 USD
πΉ Reported To: GitLab
πΉ Reported By: #yvvdwf
πΉ Disclosed: July 27, 2020, 8:44am (UTC)
π July 31 - August 1, 2020
h@cktivitycon is a HackerOne hosted hacker conference built by the community for the community.
h@cktivitycon is a place for hackers to learn, share, and meet friends. Hear talks and panelists exploring offensive hacking techniques, recon skills, target selection and more.
π£ Speakers | β± Schedule
π Register now
h@cktivitycon is a HackerOne hosted hacker conference built by the community for the community.
h@cktivitycon is a place for hackers to learn, share, and meet friends. Hear talks and panelists exploring offensive hacking techniques, recon skills, target selection and more.
π£ Speakers | β± Schedule
π Register now
Cross-Site WebSocket Hijacking Lead to Steal XSRF-TOKEN
π https://hackerone.com/reports/915541
πΉ Severity: No Rating
πΉ Reported To: Stripo Inc
πΉ Reported By: #3x3s
πΉ Disclosed: July 27, 2020, 12:54pm (UTC)
π https://hackerone.com/reports/915541
πΉ Severity: No Rating
πΉ Reported To: Stripo Inc
πΉ Reported By: #3x3s
πΉ Disclosed: July 27, 2020, 12:54pm (UTC)