[GoldSrc] RCE via 'spk' Console Command
π https://hackerone.com/reports/769014
πΉ Severity: High | π° 350 USD
πΉ Reported To: Valve
πΉ Reported By: #gamer7112
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 4:37am (UTC)
π https://hackerone.com/reports/769014
πΉ Severity: High | π° 350 USD
πΉ Reported To: Valve
πΉ Reported By: #gamer7112
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 4:37am (UTC)
Denial of Service when entring an Array in email at seetings
π https://hackerone.com/reports/961997
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #ja3far
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 19, 2020, 11:02am (UTC)
π https://hackerone.com/reports/961997
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #ja3far
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 19, 2020, 11:02am (UTC)
Missing SPF Records
π https://hackerone.com/reports/652447
πΉ Severity: Medium
πΉ Reported To: Avito
πΉ Reported By: #harshita174
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 1:15pm (UTC)
π https://hackerone.com/reports/652447
πΉ Severity: Medium
πΉ Reported To: Avito
πΉ Reported By: #harshita174
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 1:15pm (UTC)
IDOR at [https://dropcontact.firstpromote] which allows an UNAUTHORIZED user to ACCESS and EDIT Paypal GMAIL by Changing the ID.
π https://hackerone.com/reports/959697
πΉ Severity: High
πΉ Reported To: Dropcontact
πΉ Reported By: #try___for_impossible
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 10:13am (UTC)
π https://hackerone.com/reports/959697
πΉ Severity: High
πΉ Reported To: Dropcontact
πΉ Reported By: #try___for_impossible
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 10:13am (UTC)
Rate Limit too lenient for endpoint sending emails
π https://hackerone.com/reports/658089
πΉ Severity: No Rating
πΉ Reported To: WakaTime
πΉ Reported By: #harshita174
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 3:11pm (UTC)
π https://hackerone.com/reports/658089
πΉ Severity: No Rating
πΉ Reported To: WakaTime
πΉ Reported By: #harshita174
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 3:11pm (UTC)
Ability to generate shipping labels in another store orders
π https://hackerone.com/reports/884159
πΉ Severity: No Rating | π° 1,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #francisbeaudoin
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 5:58pm (UTC)
π https://hackerone.com/reports/884159
πΉ Severity: No Rating | π° 1,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #francisbeaudoin
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 5:58pm (UTC)
[vboxmanage.js] Command Injection via insecure command concatenation
π https://hackerone.com/reports/864777
πΉ Severity: Critical
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:08am (UTC)
π https://hackerone.com/reports/864777
πΉ Severity: Critical
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:08am (UTC)
[object-path-set] Prototype pollution
π https://hackerone.com/reports/878332
πΉ Severity: High
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:08am (UTC)
π https://hackerone.com/reports/878332
πΉ Severity: High
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:08am (UTC)
[extra-ffmpeg] Command Injection via insecure command formatting
π https://hackerone.com/reports/863944
πΉ Severity: Critical
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:08am (UTC)
π https://hackerone.com/reports/863944
πΉ Severity: Critical
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:08am (UTC)
[supermixer] Prototype pollution
π https://hackerone.com/reports/959987
πΉ Severity: No Rating
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #0x1337r00t
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 11:10am (UTC)
π https://hackerone.com/reports/959987
πΉ Severity: No Rating
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #0x1337r00t
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 11:10am (UTC)
Insufficient validation on Digits bridge
π https://hackerone.com/reports/168116
πΉ Severity: No Rating | π° 5,040 USD
πΉ Reported To: Twitter
πΉ Reported By: #filedescriptor
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 11:20am (UTC)
π https://hackerone.com/reports/168116
πΉ Severity: No Rating | π° 5,040 USD
πΉ Reported To: Twitter
πΉ Reported By: #filedescriptor
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 11:20am (UTC)
API key is not validated for C.R.M integration [Pipedrive] of LOGGED IN USER, A user can use another USER'S API key for this operation.
π https://hackerone.com/reports/962033
πΉ Severity: Medium
πΉ Reported To: Dropcontact
πΉ Reported By: #try___for_impossible
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 2:16pm (UTC)
π https://hackerone.com/reports/962033
πΉ Severity: Medium
πΉ Reported To: Dropcontact
πΉ Reported By: #try___for_impossible
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 2:16pm (UTC)
DOM XSS on duckduckgo.com search
π https://hackerone.com/reports/921635
πΉ Severity: Medium
πΉ Reported To: DuckDuckGo
πΉ Reported By: #sijisu
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 3:49pm (UTC)
π https://hackerone.com/reports/921635
πΉ Severity: Medium
πΉ Reported To: DuckDuckGo
πΉ Reported By: #sijisu
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 3:49pm (UTC)
Dropcontact's disclosed report is exposing Private/Confidential information
π https://hackerone.com/reports/963327
πΉ Severity: High
πΉ Reported To: Dropcontact
πΉ Reported By: #n1m0
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 4:16pm (UTC)
π https://hackerone.com/reports/963327
πΉ Severity: High
πΉ Reported To: Dropcontact
πΉ Reported By: #n1m0
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 4:16pm (UTC)
Java: CWE-522 Insecure basic authentication
π https://hackerone.com/reports/963815
πΉ Severity: High | π° 2,300 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:51pm (UTC)
π https://hackerone.com/reports/963815
πΉ Severity: High | π° 2,300 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:51pm (UTC)
Registering with email [ +70 Chars ] Lead to Disclose some informations [Django Debug Mode ]
π https://hackerone.com/reports/963584
πΉ Severity: Medium
πΉ Reported To: Dropcontact
πΉ Reported By: #elmahdi
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 7:41am (UTC)
π https://hackerone.com/reports/963584
πΉ Severity: Medium
πΉ Reported To: Dropcontact
πΉ Reported By: #elmahdi
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 7:41am (UTC)
Information Disclosure through DEBUG at Subscription [https://app.dropcontact.io/app/subscription?connector=salesforce](CRITICAL)
π https://hackerone.com/reports/963921
πΉ Severity: Critical
πΉ Reported To: Dropcontact
πΉ Reported By: #try___for_impossible
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 7:53am (UTC)
π https://hackerone.com/reports/963921
πΉ Severity: Critical
πΉ Reported To: Dropcontact
πΉ Reported By: #try___for_impossible
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 7:53am (UTC)
[javascript] CWE-117: CodeQL query to detect Log Injection
π https://hackerone.com/reports/963816
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:51pm (UTC)
π https://hackerone.com/reports/963816
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:51pm (UTC)
Django DEBUG mode enabled and leaked system information.
π https://hackerone.com/reports/963542
πΉ Severity: High
πΉ Reported To: Dropcontact
πΉ Reported By: #aungkyawphyo
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 8:12am (UTC)
π https://hackerone.com/reports/963542
πΉ Severity: High
πΉ Reported To: Dropcontact
πΉ Reported By: #aungkyawphyo
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 8:12am (UTC)
Prototype Pollution lodash 4.17.15
π https://hackerone.com/reports/864701
πΉ Severity: High | π° 250 USD
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #awarau
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 10:34am (UTC)
π https://hackerone.com/reports/864701
πΉ Severity: High | π° 250 USD
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #awarau
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 10:34am (UTC)
Sensitive Information Disclosure
π https://hackerone.com/reports/963352
πΉ Severity: Critical
πΉ Reported To: Dropcontact
πΉ Reported By: #exploit_db
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 1:19pm (UTC)
π https://hackerone.com/reports/963352
πΉ Severity: Critical
πΉ Reported To: Dropcontact
πΉ Reported By: #exploit_db
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 1:19pm (UTC)