XSS on Videos IA
π https://hackerone.com/reports/910427
πΉ Severity: Medium
πΉ Reported To: DuckDuckGo
πΉ Reported By: #capuzsec
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 7:39pm (UTC)
π https://hackerone.com/reports/910427
πΉ Severity: Medium
πΉ Reported To: DuckDuckGo
πΉ Reported By: #capuzsec
πΉ State: π’ Resolved
πΉ Disclosed: July 31, 2020, 7:39pm (UTC)
curl overwrites local file with -J option if file non-readable, but file writable.
π https://hackerone.com/reports/926638
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #brumbrum
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 1, 2020, 4:46pm (UTC)
π https://hackerone.com/reports/926638
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #brumbrum
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 1, 2020, 4:46pm (UTC)
Get-based SSRF limited to HTTP protocol on https://resizer.line-apps.com/form
π https://hackerone.com/reports/707014
πΉ Severity: Medium | π° 1,350 USD
πΉ Reported To: LINE
πΉ Reported By: #ledz1996
πΉ State: π’ Resolved
πΉ Disclosed: August 2, 2020, 7:10am (UTC)
π https://hackerone.com/reports/707014
πΉ Severity: Medium | π° 1,350 USD
πΉ Reported To: LINE
πΉ Reported By: #ledz1996
πΉ State: π’ Resolved
πΉ Disclosed: August 2, 2020, 7:10am (UTC)
Facebook - Reputation Sync For #267890541047618
π https://hackerone.com/reports/896019
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: Facebook
πΉ Reported By: #yashrs
πΉ State: π’ Resolved
πΉ Disclosed: August 2, 2020, 9:30am (UTC)
π https://hackerone.com/reports/896019
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: Facebook
πΉ Reported By: #yashrs
πΉ State: π’ Resolved
πΉ Disclosed: August 2, 2020, 9:30am (UTC)
Anonymous file drop page ignores user profile visibility restrictions
π https://hackerone.com/reports/752353
πΉ Severity: No Rating
πΉ Reported To: Nextcloud
πΉ Reported By: #pshknst
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 8:27am (UTC)
π https://hackerone.com/reports/752353
πΉ Severity: No Rating
πΉ Reported To: Nextcloud
πΉ Reported By: #pshknst
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 8:27am (UTC)
relap.io IDOR
π https://hackerone.com/reports/749887
πΉ Severity: Low | π° 750 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #shuraros
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 9:39am (UTC)
π https://hackerone.com/reports/749887
πΉ Severity: Low | π° 750 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #shuraros
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 9:39am (UTC)
Account takeover through password reset in cups.mail.ru
π https://hackerone.com/reports/843160
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #weev3kyaw
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 9:53am (UTC)
π https://hackerone.com/reports/843160
πΉ Severity: High | π° 1,500 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #weev3kyaw
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 9:53am (UTC)
Reflected XSS in "keywords" parameter at "https://sbermarket.ru/metro/search"
π https://hackerone.com/reports/898344
πΉ Severity: Medium
πΉ Reported To: Mail.ru
πΉ Reported By: #mehulpanchal007
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 10:05am (UTC)
π https://hackerone.com/reports/898344
πΉ Severity: Medium
πΉ Reported To: Mail.ru
πΉ Reported By: #mehulpanchal007
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 10:05am (UTC)
xss on [storehouse5.ucs.ru]
π https://hackerone.com/reports/900573
πΉ Severity: Low
πΉ Reported To: Mail.ru
πΉ Reported By: #pisarenko
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 10:09am (UTC)
π https://hackerone.com/reports/900573
πΉ Severity: Low
πΉ Reported To: Mail.ru
πΉ Reported By: #pisarenko
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 10:09am (UTC)
xss while uploading a file
π https://hackerone.com/reports/915346
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #aslanemre
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 10:10am (UTC)
π https://hackerone.com/reports/915346
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #aslanemre
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 10:10am (UTC)
Open Redirect at "city-mobil.ru"
π https://hackerone.com/reports/919241
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #kursadalsan
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 10:12am (UTC)
π https://hackerone.com/reports/919241
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #kursadalsan
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 10:12am (UTC)
Insufficient access control on all BCRM instances leading to the ability to create admin accounts using the API
π https://hackerone.com/reports/836081
πΉ Severity: High | π° 4,750 USD
πΉ Reported To: LINE
πΉ Reported By: #j0eii
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 10:48am (UTC)
π https://hackerone.com/reports/836081
πΉ Severity: High | π° 4,750 USD
πΉ Reported To: LINE
πΉ Reported By: #j0eii
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 10:48am (UTC)
Unrestricted file upload leads to Stored XSS
π https://hackerone.com/reports/880099
πΉ Severity: Medium | π° 1,500 USD
πΉ Reported To: GitLab
πΉ Reported By: #semsem123
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 12:26pm (UTC)
π https://hackerone.com/reports/880099
πΉ Severity: Medium | π° 1,500 USD
πΉ Reported To: GitLab
πΉ Reported By: #semsem123
πΉ State: π’ Resolved
πΉ Disclosed: August 3, 2020, 12:26pm (UTC)
Private list members disclosure via GraphQL
π https://hackerone.com/reports/885539
πΉ Severity: Low | π° 2,940 USD
πΉ Reported To: Twitter
πΉ Reported By: #ryotak
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2020, 1:25am (UTC)
π https://hackerone.com/reports/885539
πΉ Severity: Low | π° 2,940 USD
πΉ Reported To: Twitter
πΉ Reported By: #ryotak
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2020, 1:25am (UTC)
Spring Actuator endpoints publicly available, leading to account takeover
π https://hackerone.com/reports/862589
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: LINE
πΉ Reported By: #kazan71p
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2020, 2:52am (UTC)
π https://hackerone.com/reports/862589
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: LINE
πΉ Reported By: #kazan71p
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2020, 2:52am (UTC)
Stored XSS in blob viewer
π https://hackerone.com/reports/806571
πΉ Severity: Medium | π° 2,000 USD
πΉ Reported To: GitLab
πΉ Reported By: #yvvdwf
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2020, 9:46am (UTC)
π https://hackerone.com/reports/806571
πΉ Severity: Medium | π° 2,000 USD
πΉ Reported To: GitLab
πΉ Reported By: #yvvdwf
πΉ State: π’ Resolved
πΉ Disclosed: August 4, 2020, 9:46am (UTC)
Time-base SQL Injection in Search Users
π https://hackerone.com/reports/876800
πΉ Severity: Medium
πΉ Reported To: concrete5
πΉ Reported By: #thiennv
πΉ State: π’ Resolved
πΉ Disclosed: August 5, 2020, 1:08am (UTC)
π https://hackerone.com/reports/876800
πΉ Severity: Medium
πΉ Reported To: concrete5
πΉ Reported By: #thiennv
πΉ State: π’ Resolved
πΉ Disclosed: August 5, 2020, 1:08am (UTC)
XSS in image metadata field
π https://hackerone.com/reports/896511
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #yzy9951
πΉ State: π’ Resolved
πΉ Disclosed: August 5, 2020, 7:04am (UTC)
π https://hackerone.com/reports/896511
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #yzy9951
πΉ State: π’ Resolved
πΉ Disclosed: August 5, 2020, 7:04am (UTC)
Arbitrary code execution in desktop client via OpenSSL config
π https://hackerone.com/reports/622170
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #l00ph0le
πΉ State: π’ Resolved
πΉ Disclosed: August 5, 2020, 8:50am (UTC)
π https://hackerone.com/reports/622170
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #l00ph0le
πΉ State: π’ Resolved
πΉ Disclosed: August 5, 2020, 8:50am (UTC)
S3 bucket data at http://rockset-support.s3-us-west-2.amazonaws.com/ reveals user addresses based on latitudes and longitudes.
π https://hackerone.com/reports/947725
πΉ Severity: High
πΉ Reported To: Rockset
πΉ Reported By: #thatquasar
πΉ State: π’ Resolved
πΉ Disclosed: August 5, 2020, 2:38pm (UTC)
π https://hackerone.com/reports/947725
πΉ Severity: High
πΉ Reported To: Rockset
πΉ Reported By: #thatquasar
πΉ State: π’ Resolved
πΉ Disclosed: August 5, 2020, 2:38pm (UTC)
Send Phishing/Spam email from support@sameroom.io to any email address.
π https://hackerone.com/reports/840688
πΉ Severity: High
πΉ Reported To: 8x8
πΉ Reported By: #wisp
πΉ State: π’ Resolved
πΉ Disclosed: August 5, 2020, 10:34pm (UTC)
π https://hackerone.com/reports/840688
πΉ Severity: High
πΉ Reported To: 8x8
πΉ Reported By: #wisp
πΉ State: π’ Resolved
πΉ Disclosed: August 5, 2020, 10:34pm (UTC)