"π" + Unauthenticated Stored XSS in API at https://api.my.games/comments/v1/comments/update/
π https://hackerone.com/reports/853637
πΉ Severity: High
πΉ Reported To: Mail.ru
πΉ Reported By: #samet
πΉ Disclosed: July 28, 2020, 8:34am (UTC)
π https://hackerone.com/reports/853637
πΉ Severity: High
πΉ Reported To: Mail.ru
πΉ Reported By: #samet
πΉ Disclosed: July 28, 2020, 8:34am (UTC)
Possible denial of service when entering a loooong password
π https://hackerone.com/reports/840598
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #xcheater
πΉ Disclosed: July 29, 2020, 10:30am (UTC)
π https://hackerone.com/reports/840598
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #xcheater
πΉ Disclosed: July 29, 2020, 10:30am (UTC)
Fastify uses allErrors: true ajv configuration by default which is susceptible to DoS
π https://hackerone.com/reports/903521
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #chalker
πΉ Disclosed: July 29, 2020, 12:53pm (UTC)
π https://hackerone.com/reports/903521
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #chalker
πΉ Disclosed: July 29, 2020, 12:53pm (UTC)
Stealing the ip addres from users
π https://hackerone.com/reports/672499
πΉ Severity: Low
πΉ Reported To: Vanilla
πΉ Reported By: #minoto
πΉ Disclosed: July 29, 2020, 4:13pm (UTC)
π https://hackerone.com/reports/672499
πΉ Severity: Low
πΉ Reported To: Vanilla
πΉ Reported By: #minoto
πΉ Disclosed: July 29, 2020, 4:13pm (UTC)
SQL injection (stacked queries) in the export to Excel functionality on Vidyo Server
π https://hackerone.com/reports/922567
πΉ Severity: High
πΉ Reported To: 8x8
πΉ Reported By: #b1ackgamba
πΉ State: Resolved
πΉ Disclosed: July 29, 2020, 5:07pm (UTC)
π https://hackerone.com/reports/922567
πΉ Severity: High
πΉ Reported To: 8x8
πΉ Reported By: #b1ackgamba
πΉ State: Resolved
πΉ Disclosed: July 29, 2020, 5:07pm (UTC)
Stored XSS in my staff name fired in another your internal panel
π https://hackerone.com/reports/946053
πΉ Severity: High | π° 5,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #cyber__sec
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2020, 10:06pm (UTC)
π https://hackerone.com/reports/946053
πΉ Severity: High | π° 5,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #cyber__sec
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2020, 10:06pm (UTC)
Bypass Too Many Requests Sign Up
π https://hackerone.com/reports/947349
πΉ Severity: Medium
πΉ Reported To: Courier
πΉ Reported By: #ni4hadpd
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 30, 2020, 6:52am (UTC)
π https://hackerone.com/reports/947349
πΉ Severity: Medium
πΉ Reported To: Courier
πΉ Reported By: #ni4hadpd
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 30, 2020, 6:52am (UTC)
SMTP Header Injection at http://abonement.ucs.ru
π https://hackerone.com/reports/901956
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #killinem_sec
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 9:30am (UTC)
π https://hackerone.com/reports/901956
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #killinem_sec
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 9:30am (UTC)
Stored XSS on ββββββββhelpdesk
π https://hackerone.com/reports/901799
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #atbabers
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:45pm (UTC)
π https://hackerone.com/reports/901799
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #atbabers
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:45pm (UTC)
HTML Injection leads to XSS onβββ
π https://hackerone.com/reports/874228
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #lemonoftroy
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:46pm (UTC)
π https://hackerone.com/reports/874228
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #lemonoftroy
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:46pm (UTC)
RCE (Remote code execution) in one of DoD's websites
π https://hackerone.com/reports/874924
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ilyass01
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:47pm (UTC)
π https://hackerone.com/reports/874924
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ilyass01
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:47pm (UTC)
PulseSSL VPN Site with Compromised Creds @ ββββ
π https://hackerone.com/reports/854049
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #r00tpgp
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:48pm (UTC)
π https://hackerone.com/reports/854049
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #r00tpgp
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:48pm (UTC)
Exposed Docker Registry at https://ββββ
π https://hackerone.com/reports/924487
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #chron0x
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:51pm (UTC)
π https://hackerone.com/reports/924487
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #chron0x
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:51pm (UTC)
Reflected XSS on https://βββββββ/
π https://hackerone.com/reports/804364
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #the_unlucky_guy
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:53pm (UTC)
π https://hackerone.com/reports/804364
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #the_unlucky_guy
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:53pm (UTC)
Reflected XSS on βββββββ page
π https://hackerone.com/reports/915573
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #scraps
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:54pm (UTC)
π https://hackerone.com/reports/915573
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #scraps
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:54pm (UTC)
ajaxgetachievementsforgame is not guarded for unreleased apps
π https://hackerone.com/reports/835087
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Valve
πΉ Reported By: #jameslll
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 8:38pm (UTC)
π https://hackerone.com/reports/835087
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Valve
πΉ Reported By: #jameslll
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 8:38pm (UTC)
Stored self XSS at auto.mail.ru using add_review functionality
π https://hackerone.com/reports/914286
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #avolume
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 7:17am (UTC)
π https://hackerone.com/reports/914286
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #avolume
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 7:17am (UTC)
Sidekiq Dashboard Publicly accessible at http://shopper.staging.instamart.ru/sidekiq/
π https://hackerone.com/reports/890513
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 7:19am (UTC)
π https://hackerone.com/reports/890513
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 7:19am (UTC)
Path traversal in filename in LINE Mac client
π https://hackerone.com/reports/727727
πΉ Severity: High | π° 2,785 USD
πΉ Reported To: LINE
πΉ Reported By: #hackerontwowheels
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 9:32am (UTC)
π https://hackerone.com/reports/727727
πΉ Severity: High | π° 2,785 USD
πΉ Reported To: LINE
πΉ Reported By: #hackerontwowheels
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 9:32am (UTC)
Reverse Tabnabbing in printing source document images
π https://hackerone.com/reports/911123
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Visma Public
πΉ Reported By: #artebels
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 12:40pm (UTC)
π https://hackerone.com/reports/911123
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Visma Public
πΉ Reported By: #artebels
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 12:40pm (UTC)
[is-my-json-valid] ReDoS via 'style' format
π https://hackerone.com/reports/909757
πΉ Severity: High
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #chalker
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 5:13pm (UTC)
π https://hackerone.com/reports/909757
πΉ Severity: High
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #chalker
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 5:13pm (UTC)