SQL injection (stacked queries) in the export to Excel functionality on Vidyo Server
π https://hackerone.com/reports/922567
πΉ Severity: High
πΉ Reported To: 8x8
πΉ Reported By: #b1ackgamba
πΉ State: Resolved
πΉ Disclosed: July 29, 2020, 5:07pm (UTC)
π https://hackerone.com/reports/922567
πΉ Severity: High
πΉ Reported To: 8x8
πΉ Reported By: #b1ackgamba
πΉ State: Resolved
πΉ Disclosed: July 29, 2020, 5:07pm (UTC)
Stored XSS in my staff name fired in another your internal panel
π https://hackerone.com/reports/946053
πΉ Severity: High | π° 5,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #cyber__sec
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2020, 10:06pm (UTC)
π https://hackerone.com/reports/946053
πΉ Severity: High | π° 5,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #cyber__sec
πΉ State: π’ Resolved
πΉ Disclosed: July 29, 2020, 10:06pm (UTC)
Bypass Too Many Requests Sign Up
π https://hackerone.com/reports/947349
πΉ Severity: Medium
πΉ Reported To: Courier
πΉ Reported By: #ni4hadpd
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 30, 2020, 6:52am (UTC)
π https://hackerone.com/reports/947349
πΉ Severity: Medium
πΉ Reported To: Courier
πΉ Reported By: #ni4hadpd
πΉ State: βͺοΈ Informative
πΉ Disclosed: July 30, 2020, 6:52am (UTC)
SMTP Header Injection at http://abonement.ucs.ru
π https://hackerone.com/reports/901956
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #killinem_sec
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 9:30am (UTC)
π https://hackerone.com/reports/901956
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #killinem_sec
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 9:30am (UTC)
Stored XSS on ββββββββhelpdesk
π https://hackerone.com/reports/901799
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #atbabers
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:45pm (UTC)
π https://hackerone.com/reports/901799
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #atbabers
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:45pm (UTC)
HTML Injection leads to XSS onβββ
π https://hackerone.com/reports/874228
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #lemonoftroy
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:46pm (UTC)
π https://hackerone.com/reports/874228
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #lemonoftroy
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:46pm (UTC)
RCE (Remote code execution) in one of DoD's websites
π https://hackerone.com/reports/874924
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ilyass01
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:47pm (UTC)
π https://hackerone.com/reports/874924
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ilyass01
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:47pm (UTC)
PulseSSL VPN Site with Compromised Creds @ ββββ
π https://hackerone.com/reports/854049
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #r00tpgp
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:48pm (UTC)
π https://hackerone.com/reports/854049
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #r00tpgp
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:48pm (UTC)
Exposed Docker Registry at https://ββββ
π https://hackerone.com/reports/924487
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #chron0x
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:51pm (UTC)
π https://hackerone.com/reports/924487
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #chron0x
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:51pm (UTC)
Reflected XSS on https://βββββββ/
π https://hackerone.com/reports/804364
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #the_unlucky_guy
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:53pm (UTC)
π https://hackerone.com/reports/804364
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #the_unlucky_guy
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:53pm (UTC)
Reflected XSS on βββββββ page
π https://hackerone.com/reports/915573
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #scraps
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:54pm (UTC)
π https://hackerone.com/reports/915573
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #scraps
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 5:54pm (UTC)
ajaxgetachievementsforgame is not guarded for unreleased apps
π https://hackerone.com/reports/835087
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Valve
πΉ Reported By: #jameslll
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 8:38pm (UTC)
π https://hackerone.com/reports/835087
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Valve
πΉ Reported By: #jameslll
πΉ State: π’ Resolved
πΉ Disclosed: July 30, 2020, 8:38pm (UTC)
Stored self XSS at auto.mail.ru using add_review functionality
π https://hackerone.com/reports/914286
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #avolume
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 7:17am (UTC)
π https://hackerone.com/reports/914286
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #avolume
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 7:17am (UTC)
Sidekiq Dashboard Publicly accessible at http://shopper.staging.instamart.ru/sidekiq/
π https://hackerone.com/reports/890513
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 7:19am (UTC)
π https://hackerone.com/reports/890513
πΉ Severity: Medium | π° 150 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 7:19am (UTC)
Path traversal in filename in LINE Mac client
π https://hackerone.com/reports/727727
πΉ Severity: High | π° 2,785 USD
πΉ Reported To: LINE
πΉ Reported By: #hackerontwowheels
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 9:32am (UTC)
π https://hackerone.com/reports/727727
πΉ Severity: High | π° 2,785 USD
πΉ Reported To: LINE
πΉ Reported By: #hackerontwowheels
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 9:32am (UTC)
Reverse Tabnabbing in printing source document images
π https://hackerone.com/reports/911123
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Visma Public
πΉ Reported By: #artebels
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 12:40pm (UTC)
π https://hackerone.com/reports/911123
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Visma Public
πΉ Reported By: #artebels
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 12:40pm (UTC)
[is-my-json-valid] ReDoS via 'style' format
π https://hackerone.com/reports/909757
πΉ Severity: High
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #chalker
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 5:13pm (UTC)
π https://hackerone.com/reports/909757
πΉ Severity: High
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #chalker
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 5:13pm (UTC)
Arbitrary code execution via untrusted schemas in is-my-json-valid
π https://hackerone.com/reports/894308
πΉ Severity: Medium
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #chalker
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 5:14pm (UTC)
π https://hackerone.com/reports/894308
πΉ Severity: Medium
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #chalker
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 5:14pm (UTC)
Awesome XSS in Google docs via postMessage()
π¬ https://www.youtube.com/watch?v=aCexqB9qi70
πΉ Severity: Medium | π° 4,133.70 USD
πΉ Reported To: Google
πΉ Reported By: #nikolay
πΉ State: π’ Resolved
π¬ https://www.youtube.com/watch?v=aCexqB9qi70
πΉ Severity: Medium | π° 4,133.70 USD
πΉ Reported To: Google
πΉ Reported By: #nikolay
πΉ State: π’ Resolved
XSS on Videos IA
π https://hackerone.com/reports/910427
πΉ Severity: Medium
πΉ Reported To: DuckDuckGo
πΉ Reported By: #capuzsec
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 7:39pm (UTC)
π https://hackerone.com/reports/910427
πΉ Severity: Medium
πΉ Reported To: DuckDuckGo
πΉ Reported By: #capuzsec
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 7:39pm (UTC)
curl overwrites local file with -J option if file non-readable, but file writable.
π https://hackerone.com/reports/926638
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #brumbrum
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 1, 2020, 4:46pm (UTC)
π https://hackerone.com/reports/926638
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #brumbrum
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 1, 2020, 4:46pm (UTC)