[object-path-set] Prototype pollution
π https://hackerone.com/reports/878332
πΉ Severity: High
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:08am (UTC)
π https://hackerone.com/reports/878332
πΉ Severity: High
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:08am (UTC)
[extra-ffmpeg] Command Injection via insecure command formatting
π https://hackerone.com/reports/863944
πΉ Severity: Critical
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:08am (UTC)
π https://hackerone.com/reports/863944
πΉ Severity: Critical
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:08am (UTC)
[supermixer] Prototype pollution
π https://hackerone.com/reports/959987
πΉ Severity: No Rating
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #0x1337r00t
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 11:10am (UTC)
π https://hackerone.com/reports/959987
πΉ Severity: No Rating
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #0x1337r00t
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 11:10am (UTC)
Insufficient validation on Digits bridge
π https://hackerone.com/reports/168116
πΉ Severity: No Rating | π° 5,040 USD
πΉ Reported To: Twitter
πΉ Reported By: #filedescriptor
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 11:20am (UTC)
π https://hackerone.com/reports/168116
πΉ Severity: No Rating | π° 5,040 USD
πΉ Reported To: Twitter
πΉ Reported By: #filedescriptor
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 11:20am (UTC)
API key is not validated for C.R.M integration [Pipedrive] of LOGGED IN USER, A user can use another USER'S API key for this operation.
π https://hackerone.com/reports/962033
πΉ Severity: Medium
πΉ Reported To: Dropcontact
πΉ Reported By: #try___for_impossible
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 2:16pm (UTC)
π https://hackerone.com/reports/962033
πΉ Severity: Medium
πΉ Reported To: Dropcontact
πΉ Reported By: #try___for_impossible
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 2:16pm (UTC)
DOM XSS on duckduckgo.com search
π https://hackerone.com/reports/921635
πΉ Severity: Medium
πΉ Reported To: DuckDuckGo
πΉ Reported By: #sijisu
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 3:49pm (UTC)
π https://hackerone.com/reports/921635
πΉ Severity: Medium
πΉ Reported To: DuckDuckGo
πΉ Reported By: #sijisu
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 3:49pm (UTC)
Dropcontact's disclosed report is exposing Private/Confidential information
π https://hackerone.com/reports/963327
πΉ Severity: High
πΉ Reported To: Dropcontact
πΉ Reported By: #n1m0
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 4:16pm (UTC)
π https://hackerone.com/reports/963327
πΉ Severity: High
πΉ Reported To: Dropcontact
πΉ Reported By: #n1m0
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 4:16pm (UTC)
Java: CWE-522 Insecure basic authentication
π https://hackerone.com/reports/963815
πΉ Severity: High | π° 2,300 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:51pm (UTC)
π https://hackerone.com/reports/963815
πΉ Severity: High | π° 2,300 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:51pm (UTC)
Registering with email [ +70 Chars ] Lead to Disclose some informations [Django Debug Mode ]
π https://hackerone.com/reports/963584
πΉ Severity: Medium
πΉ Reported To: Dropcontact
πΉ Reported By: #elmahdi
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 7:41am (UTC)
π https://hackerone.com/reports/963584
πΉ Severity: Medium
πΉ Reported To: Dropcontact
πΉ Reported By: #elmahdi
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 7:41am (UTC)
Information Disclosure through DEBUG at Subscription [https://app.dropcontact.io/app/subscription?connector=salesforce](CRITICAL)
π https://hackerone.com/reports/963921
πΉ Severity: Critical
πΉ Reported To: Dropcontact
πΉ Reported By: #try___for_impossible
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 7:53am (UTC)
π https://hackerone.com/reports/963921
πΉ Severity: Critical
πΉ Reported To: Dropcontact
πΉ Reported By: #try___for_impossible
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 7:53am (UTC)
[javascript] CWE-117: CodeQL query to detect Log Injection
π https://hackerone.com/reports/963816
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:51pm (UTC)
π https://hackerone.com/reports/963816
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 20, 2020, 9:51pm (UTC)
Django DEBUG mode enabled and leaked system information.
π https://hackerone.com/reports/963542
πΉ Severity: High
πΉ Reported To: Dropcontact
πΉ Reported By: #aungkyawphyo
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 8:12am (UTC)
π https://hackerone.com/reports/963542
πΉ Severity: High
πΉ Reported To: Dropcontact
πΉ Reported By: #aungkyawphyo
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 8:12am (UTC)
Prototype Pollution lodash 4.17.15
π https://hackerone.com/reports/864701
πΉ Severity: High | π° 250 USD
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #awarau
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 10:34am (UTC)
π https://hackerone.com/reports/864701
πΉ Severity: High | π° 250 USD
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #awarau
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 10:34am (UTC)
Sensitive Information Disclosure
π https://hackerone.com/reports/963352
πΉ Severity: Critical
πΉ Reported To: Dropcontact
πΉ Reported By: #exploit_db
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 1:19pm (UTC)
π https://hackerone.com/reports/963352
πΉ Severity: Critical
πΉ Reported To: Dropcontact
πΉ Reported By: #exploit_db
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 1:19pm (UTC)
Django should not have debug mode enabled
π https://hackerone.com/reports/963809
πΉ Severity: Low
πΉ Reported To: Dropcontact
πΉ Reported By: #higbee
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 2:38pm (UTC)
π https://hackerone.com/reports/963809
πΉ Severity: Low
πΉ Reported To: Dropcontact
πΉ Reported By: #higbee
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 2:38pm (UTC)
Django debug enabled showing information about system, database, configuration files.
π https://hackerone.com/reports/963164
πΉ Severity: Low
πΉ Reported To: Dropcontact
πΉ Reported By: #vbdev
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 7:52pm (UTC)
π https://hackerone.com/reports/963164
πΉ Severity: Low
πΉ Reported To: Dropcontact
πΉ Reported By: #vbdev
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 7:52pm (UTC)
Unauthorized Use of Victim Credit Card
π https://hackerone.com/reports/391385
πΉ Severity: High | π° 400 USD
πΉ Reported To: Yelp
πΉ Reported By: #hk755a
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 8:20pm (UTC)
π https://hackerone.com/reports/391385
πΉ Severity: High | π° 400 USD
πΉ Reported To: Yelp
πΉ Reported By: #hk755a
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 8:20pm (UTC)
ClickJacking on IMPORTANT Functions of Yelp
π https://hackerone.com/reports/305128
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Yelp
πΉ Reported By: #hk755a
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 8:41pm (UTC)
π https://hackerone.com/reports/305128
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Yelp
πΉ Reported By: #hk755a
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 8:41pm (UTC)
CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse.
π https://hackerone.com/reports/355859
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Yelp
πΉ Reported By: #hk755a
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 8:51pm (UTC)
π https://hackerone.com/reports/355859
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Yelp
πΉ Reported By: #hk755a
πΉ State: π’ Resolved
πΉ Disclosed: August 21, 2020, 8:51pm (UTC)
[extra-asciinema] Command Injection via insecure command formatting
π https://hackerone.com/reports/863956
πΉ Severity: Critical
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 22, 2020, 8:48am (UTC)
π https://hackerone.com/reports/863956
πΉ Severity: Critical
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 22, 2020, 8:48am (UTC)
[meemo-app] Denial of Service via LDAP Injection
π https://hackerone.com/reports/907311
πΉ Severity: Critical
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 22, 2020, 8:48am (UTC)
π https://hackerone.com/reports/907311
πΉ Severity: Critical
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #d3lla
πΉ State: π’ Resolved
πΉ Disclosed: August 22, 2020, 8:48am (UTC)