A sales only user can edit the purchase invoice drafts.
π https://hackerone.com/reports/918938
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Visma Public
πΉ Reported By: #vapour
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 8:44am (UTC)
π https://hackerone.com/reports/918938
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Visma Public
πΉ Reported By: #vapour
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 8:44am (UTC)
information disclosure via IDOR on "https://target.my.com/api/v2/coverage/segment.json?id={id}" endpoint
π https://hackerone.com/reports/763258
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #shuraros
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 9:53am (UTC)
π https://hackerone.com/reports/763258
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #shuraros
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 9:53am (UTC)
tracker.my.com information disclosure via csrf bypass
π https://hackerone.com/reports/748538
πΉ Severity: Low
πΉ Reported To: Mail.ru
πΉ Reported By: #shuraros
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 9:56am (UTC)
π https://hackerone.com/reports/748538
πΉ Severity: Low
πΉ Reported To: Mail.ru
πΉ Reported By: #shuraros
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 9:56am (UTC)
[c-api.city-mobil.ru] IDOR chat messages between driver and customer
π https://hackerone.com/reports/850637
πΉ Severity: No Rating | π° 150 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #anyday
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 10:43am (UTC)
π https://hackerone.com/reports/850637
πΉ Severity: No Rating | π° 150 USD
πΉ Reported To: Mail.ru
πΉ Reported By: #anyday
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 10:43am (UTC)
Vertical Privilege Escalation on {target.my.com}
π https://hackerone.com/reports/854973
πΉ Severity: Medium
πΉ Reported To: Mail.ru
πΉ Reported By: #dedsec69
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 2:44pm (UTC)
π https://hackerone.com/reports/854973
πΉ Severity: Medium
πΉ Reported To: Mail.ru
πΉ Reported By: #dedsec69
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 2:44pm (UTC)
Subdomain takeover at msproject.geekbrains.ru
π https://hackerone.com/reports/922506
πΉ Severity: Medium
πΉ Reported To: Mail.ru
πΉ Reported By: #steal_wart
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 2:46pm (UTC)
π https://hackerone.com/reports/922506
πΉ Severity: Medium
πΉ Reported To: Mail.ru
πΉ Reported By: #steal_wart
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 2:46pm (UTC)
Bypass OTP on contact back request at https://driver.city-mobil.ru/
π https://hackerone.com/reports/926228
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #nitin1205
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 2:48pm (UTC)
π https://hackerone.com/reports/926228
πΉ Severity: No Rating
πΉ Reported To: Mail.ru
πΉ Reported By: #nitin1205
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 2:48pm (UTC)
[performancemarketing.geekbrains.ru] Tilda Subdomain Takeover
π https://hackerone.com/reports/928602
πΉ Severity: Low
πΉ Reported To: Mail.ru
πΉ Reported By: #xaleraf4ra
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 2:49pm (UTC)
π https://hackerone.com/reports/928602
πΉ Severity: Low
πΉ Reported To: Mail.ru
πΉ Reported By: #xaleraf4ra
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 2:49pm (UTC)
DOM based Cross-site Scripting
π https://hackerone.com/reports/954613
πΉ Severity: Medium
πΉ Reported To: BugPoC
πΉ Reported By: #ivarsvids
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 2:58pm (UTC)
π https://hackerone.com/reports/954613
πΉ Severity: Medium
πΉ Reported To: BugPoC
πΉ Reported By: #ivarsvids
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 2:58pm (UTC)
XSS Challenge #2 Solution
π https://hackerone.com/reports/953873
πΉ Severity: No Rating
πΉ Reported To: BugPoC
πΉ Reported By: #bad5ect0r
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 3:11pm (UTC)
π https://hackerone.com/reports/953873
πΉ Severity: No Rating
πΉ Reported To: BugPoC
πΉ Reported By: #bad5ect0r
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 3:11pm (UTC)
Content Spoofing
π https://hackerone.com/reports/841630
πΉ Severity: No Rating
πΉ Reported To: Acronis
πΉ Reported By: #full109tun
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 3:15pm (UTC)
π https://hackerone.com/reports/841630
πΉ Severity: No Rating
πΉ Reported To: Acronis
πΉ Reported By: #full109tun
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 3:15pm (UTC)
Java: CWE-798 - Hardcoded AWS credentials
π https://hackerone.com/reports/956967
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 4:54pm (UTC)
π https://hackerone.com/reports/956967
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 4:54pm (UTC)
Pre-auth Denial-of-Service in Dovecot RPA implementation
π https://hackerone.com/reports/866605
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Open-Xchange
πΉ Reported By: #orange
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:43am (UTC)
π https://hackerone.com/reports/866605
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Open-Xchange
πΉ Reported By: #orange
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:43am (UTC)
Pre-auth buffer over-read in Dovecot NTLM implementation
π https://hackerone.com/reports/866597
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Open-Xchange
πΉ Reported By: #orange
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:43am (UTC)
π https://hackerone.com/reports/866597
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Open-Xchange
πΉ Reported By: #orange
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:43am (UTC)
SSRF in imgur video GIF conversion
π https://hackerone.com/reports/247680
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Imgur
πΉ Reported By: #justchillin
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:15am (UTC)
π https://hackerone.com/reports/247680
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Imgur
πΉ Reported By: #justchillin
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:15am (UTC)
Stored XSS at APM applications listing
π https://hackerone.com/reports/530511
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:45am (UTC)
π https://hackerone.com/reports/530511
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:45am (UTC)
Stored XSS firing if the error occurs when trying to delete the APM app
π https://hackerone.com/reports/530871
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:46am (UTC)
π https://hackerone.com/reports/530871
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:46am (UTC)
User can run monitors at private locations, which he has no access to
π https://hackerone.com/reports/681001
πΉ Severity: High | π° 3,000 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:52am (UTC)
π https://hackerone.com/reports/681001
πΉ Severity: High | π° 3,000 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:52am (UTC)
Stored XSS at APM apps labels autocomplete dropdown (apps listing)
π https://hackerone.com/reports/534711
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:53am (UTC)
π https://hackerone.com/reports/534711
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:53am (UTC)
CSRF at acknowledging an incident
π https://hackerone.com/reports/512102
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:53am (UTC)
π https://hackerone.com/reports/512102
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:53am (UTC)
CSTI fix (#587829) bypass leading to stored XSS at plugins again
π https://hackerone.com/reports/629113
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:57am (UTC)
π https://hackerone.com/reports/629113
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:57am (UTC)