DOM-Based XSS in tumblr.com
π https://hackerone.com/reports/882546
πΉ Severity: Medium | π° 350 USD
πΉ Reported To: Automattic
πΉ Reported By: #keer0k
πΉ Disclosed: July 27, 2020, 3:24pm (UTC)
π https://hackerone.com/reports/882546
πΉ Severity: Medium | π° 350 USD
πΉ Reported To: Automattic
πΉ Reported By: #keer0k
πΉ Disclosed: July 27, 2020, 3:24pm (UTC)
JDBC credentials leaked via github
π https://hackerone.com/reports/935573
πΉ Severity: No Rating
πΉ Reported To: Yelp
πΉ Reported By: #walidhossain
πΉ Disclosed: July 27, 2020, 4:44pm (UTC)
π https://hackerone.com/reports/935573
πΉ Severity: No Rating
πΉ Reported To: Yelp
πΉ Reported By: #walidhossain
πΉ Disclosed: July 27, 2020, 4:44pm (UTC)
IDOR: Adding Contacts to Other User Groups
π https://hackerone.com/reports/879960
πΉ Severity: Low
πΉ Reported To: 8x8
πΉ Reported By: #ameyanekar
πΉ Disclosed: July 27, 2020, 4:50pm (UTC)
π https://hackerone.com/reports/879960
πΉ Severity: Low
πΉ Reported To: 8x8
πΉ Reported By: #ameyanekar
πΉ Disclosed: July 27, 2020, 4:50pm (UTC)
Python : Add query to detect Server Side Template Injection
π https://hackerone.com/reports/944359
πΉ Severity: High | π° 2300 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #porcupineyhairs
πΉ Disclosed: July 27, 2020, 9:45pm (UTC)
π https://hackerone.com/reports/944359
πΉ Severity: High | π° 2300 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #porcupineyhairs
πΉ Disclosed: July 27, 2020, 9:45pm (UTC)
Wordpress Users Disclosure (/wp-json/wp/v2/users/) on data.gov
π https://hackerone.com/reports/942481
πΉ Severity: Medium
πΉ Reported To: TTS Bug Bounty
πΉ Reported By: #nagli
πΉ Disclosed: July 28, 2020, 12:12am (UTC)
π https://hackerone.com/reports/942481
πΉ Severity: Medium
πΉ Reported To: TTS Bug Bounty
πΉ Reported By: #nagli
πΉ Disclosed: July 28, 2020, 12:12am (UTC)
Stored XSS In mlbootcamp.ru
π https://hackerone.com/reports/820217
πΉ Severity: High
πΉ Reported To: Mail.ru
πΉ Reported By: #sniper302
πΉ Disclosed: July 28, 2020, 8:28am (UTC)
π https://hackerone.com/reports/820217
πΉ Severity: High
πΉ Reported To: Mail.ru
πΉ Reported By: #sniper302
πΉ Disclosed: July 28, 2020, 8:28am (UTC)
Content injection on shared event (calendar.mail.ru)
π https://hackerone.com/reports/847473
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #urban_tramp
πΉ Disclosed: July 28, 2020, 8:31am (UTC)
π https://hackerone.com/reports/847473
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #urban_tramp
πΉ Disclosed: July 28, 2020, 8:31am (UTC)
Blindy Replace User's Session with Attacker's Session
π https://hackerone.com/reports/892986
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #sayaanalam
πΉ Disclosed: July 28, 2020, 8:37am (UTC)
π https://hackerone.com/reports/892986
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #sayaanalam
πΉ Disclosed: July 28, 2020, 8:37am (UTC)
HTML/iframe/XSS injection on https://www.ucs.ru/online/shelter/settings/check/
π https://hackerone.com/reports/907867
πΉ Severity: Medium
πΉ Reported To: Mail.ru
πΉ Reported By: #hunter_py
πΉ Disclosed: July 28, 2020, 8:41am (UTC)
π https://hackerone.com/reports/907867
πΉ Severity: Medium
πΉ Reported To: Mail.ru
πΉ Reported By: #hunter_py
πΉ Disclosed: July 28, 2020, 8:41am (UTC)
Test-scripts for postgis in mason-repository using unsafe unzip of content from unclaimed bucket creates potential RCE-issues
π https://hackerone.com/reports/329689
πΉ Severity: Critical | π° 12500 USD
πΉ Reported To: Mapbox
πΉ Reported By: #fransrosen
πΉ Disclosed: July 28, 2020, 7:37pm (UTC)
π https://hackerone.com/reports/329689
πΉ Severity: Critical | π° 12500 USD
πΉ Reported To: Mapbox
πΉ Reported By: #fransrosen
πΉ Disclosed: July 28, 2020, 7:37pm (UTC)
Singapore - Account Takeover via IDOR
π https://hackerone.com/reports/876300
πΉ Severity: Critical
πΉ Reported To: Starbucks
πΉ Reported By: #ko2sec
πΉ Disclosed: July 28, 2020, 7:44pm (UTC)
π https://hackerone.com/reports/876300
πΉ Severity: Critical
πΉ Reported To: Starbucks
πΉ Reported By: #ko2sec
πΉ Disclosed: July 28, 2020, 7:44pm (UTC)
SQL injection in Razer Gold List Admin at /lists/index.php via the `list[]` parameter.
π https://hackerone.com/reports/824307
πΉ Severity: Critical | π° 2000 USD
πΉ Reported To: Razer
πΉ Reported By: #stealthy
πΉ Disclosed: July 28, 2020, 9:59pm (UTC)
π https://hackerone.com/reports/824307
πΉ Severity: Critical | π° 2000 USD
πΉ Reported To: Razer
πΉ Reported By: #stealthy
πΉ Disclosed: July 28, 2020, 9:59pm (UTC)
User Access Control Bypass Via Razer elevated service ( RzKLService.exe ) which loads exe in misconfigured way.
π https://hackerone.com/reports/769684
πΉ Severity: High | π° 750 USD
πΉ Reported To: Razer
πΉ Reported By: #dredd_589
πΉ Disclosed: July 28, 2020, 10:01pm (UTC)
π https://hackerone.com/reports/769684
πΉ Severity: High | π° 750 USD
πΉ Reported To: Razer
πΉ Reported By: #dredd_589
πΉ Disclosed: July 28, 2020, 10:01pm (UTC)
Missing rate limit in signup Form
π https://hackerone.com/reports/905692
πΉ Severity: Medium
πΉ Reported To: Courier
πΉ Reported By: #ahmed_almalky
πΉ Disclosed: July 28, 2020, 10:51pm (UTC)
π https://hackerone.com/reports/905692
πΉ Severity: Medium
πΉ Reported To: Courier
πΉ Reported By: #ahmed_almalky
πΉ Disclosed: July 28, 2020, 10:51pm (UTC)
"π" + Unauthenticated Stored XSS in API at https://api.my.games/comments/v1/comments/update/
π https://hackerone.com/reports/853637
πΉ Severity: High
πΉ Reported To: Mail.ru
πΉ Reported By: #samet
πΉ Disclosed: July 28, 2020, 8:34am (UTC)
π https://hackerone.com/reports/853637
πΉ Severity: High
πΉ Reported To: Mail.ru
πΉ Reported By: #samet
πΉ Disclosed: July 28, 2020, 8:34am (UTC)
Possible denial of service when entering a loooong password
π https://hackerone.com/reports/840598
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #xcheater
πΉ Disclosed: July 29, 2020, 10:30am (UTC)
π https://hackerone.com/reports/840598
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #xcheater
πΉ Disclosed: July 29, 2020, 10:30am (UTC)
Fastify uses allErrors: true ajv configuration by default which is susceptible to DoS
π https://hackerone.com/reports/903521
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #chalker
πΉ Disclosed: July 29, 2020, 12:53pm (UTC)
π https://hackerone.com/reports/903521
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #chalker
πΉ Disclosed: July 29, 2020, 12:53pm (UTC)
Stealing the ip addres from users
π https://hackerone.com/reports/672499
πΉ Severity: Low
πΉ Reported To: Vanilla
πΉ Reported By: #minoto
πΉ Disclosed: July 29, 2020, 4:13pm (UTC)
π https://hackerone.com/reports/672499
πΉ Severity: Low
πΉ Reported To: Vanilla
πΉ Reported By: #minoto
πΉ Disclosed: July 29, 2020, 4:13pm (UTC)
SQL injection (stacked queries) in the export to Excel functionality on Vidyo Server
π https://hackerone.com/reports/922567
πΉ Severity: High
πΉ Reported To: 8x8
πΉ Reported By: #b1ackgamba
πΉ State: Resolved
πΉ Disclosed: July 29, 2020, 5:07pm (UTC)
π https://hackerone.com/reports/922567
πΉ Severity: High
πΉ Reported To: 8x8
πΉ Reported By: #b1ackgamba
πΉ State: Resolved
πΉ Disclosed: July 29, 2020, 5:07pm (UTC)
Stored XSS in my staff name fired in another your internal panel
π https://hackerone.com/reports/946053
πΉ Severity: High | π° 5,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #cyber__sec
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2020, 10:06pm (UTC)
π https://hackerone.com/reports/946053
πΉ Severity: High | π° 5,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #cyber__sec
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2020, 10:06pm (UTC)
Bypass Too Many Requests Sign Up
π https://hackerone.com/reports/947349
πΉ Severity: Medium
πΉ Reported To: Courier
πΉ Reported By: #ni4hadpd
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 30, 2020, 6:52am (UTC)
π https://hackerone.com/reports/947349
πΉ Severity: Medium
πΉ Reported To: Courier
πΉ Reported By: #ni4hadpd
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 30, 2020, 6:52am (UTC)