Log files Leaked In mcsblog.ru

👉 https://hackerone.com/reports/909166

🔹 Severity: Medium | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #sniper302
🔹 State: 🟢 Resolved
🔹 Disclosed: September 18, 2020, 3:25pm (UTC)

Broken twitter link hijacking at https://games.mail.ru/pc/search/

👉 https://hackerone.com/reports/975653

🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: September 18, 2020, 3:30pm (UTC)

Java : add MongoDB injection sinks

👉 https://hackerone.com/reports/983867

🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: September 17, 2020, 7:30pm (UTC)

Stored XSS in collabora via user name

👉 https://hackerone.com/reports/968232

🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #meliodas19
🔹 State: 🟢 Resolved
🔹 Disclosed: September 19, 2020, 2:00am (UTC)

Buffer over read from `smtp_command_parse_parameters`

👉 https://hackerone.com/reports/900548

🔹 Severity: No Rating | 💰 50 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #catenacyber
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2020, 9:15am (UTC)

Sensitive information about a ██████

👉 https://hackerone.com/reports/893970

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x9747
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2020, 2:49pm (UTC)

CVE-2020-3187 - Unauthenticated Arbitrary File Deletion

👉 https://hackerone.com/reports/960330

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #oucast-
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2020, 2:50pm (UTC)

Reflected Xss

👉 https://hackerone.com/reports/758854

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: September 21, 2020, 2:52pm (UTC)

DOM Based XSS at docs.8x8.com

👉 https://hackerone.com/reports/895917

🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #wh0ru
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2020, 3:07pm (UTC)

"Basic user" which can only access a limited subset of the platform can access certain pages which are restricted to the user by the account owner.

👉 https://hackerone.com/reports/966531

🔹 Severity: No Rating
🔹 Reported To: New Relic
🔹 Reported By: #jhimansh
🔹 State: ⚪️ Informative
🔹 Disclosed: September 22, 2020, 4:33pm (UTC)

[Half-Life 1] Malformed map name leads to memory corruption and code execution

👉 https://hackerone.com/reports/402566

🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Valve
🔹 Reported By: #kbeckmann
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2020, 5:28pm (UTC)

[steam client] Opening a specific steam:// url overwrites files at an arbitrary location

👉 https://hackerone.com/reports/667242

🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Valve
🔹 Reported By: #kbeckmann
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2020, 6:48pm (UTC)

Public and secret api key leaked via Solana BBP github repo

👉 https://hackerone.com/reports/987084

🔹 Severity: High
🔹 Reported To: Solana BBP
🔹 Reported By: #0x4_aulia
🔹 State: 🟤 Duplicate
🔹 Disclosed: September 22, 2020, 6:57pm (UTC)

Stored-Xss at connect.topcoder.com/projects/ affected on project chat members

👉 https://hackerone.com/reports/779908

🔹 Severity: High
🔹 Reported To: Topcoder
🔹 Reported By: #sodium_
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2020, 7:41pm (UTC)

China - IDOR on Reservation Staging/Non Production Site - https://reservation.stg.starbucks.com.cn

👉 https://hackerone.com/reports/715054

🔹 Severity: Medium
🔹 Reported To: Starbucks
🔹 Reported By: #xmfc
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2020, 9:04pm (UTC)

property-expr - Prototype pollution

👉 https://hackerone.com/reports/910206

🔹 Severity: High
🔹 Reported To: Node.js third-party modules
🔹 Reported By: #ahihi
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2020, 4:00am (UTC)

Bypassing Business ID/VAT # validation during registration to create accounts with duplicate Business ID/VAT #

👉 https://hackerone.com/reports/980898

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Visma Public
🔹 Reported By: #zeop
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2020, 4:04pm (UTC)

[git-lib] RCE via insecure command formatting

👉 https://hackerone.com/reports/718241

🔹 Severity: Medium
🔹 Reported To: Node.js third-party modules
🔹 Reported By: #mik317
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2020, 4:17pm (UTC)

[hnzserver] Path Traversal allowing to read any files on the server

👉 https://hackerone.com/reports/579517

🔹 Severity: High
🔹 Reported To: Node.js third-party modules
🔹 Reported By: #lightangel1412
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2020, 7:08pm (UTC)

Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506

👉 https://hackerone.com/reports/906433

🔹 Severity: High | 💰 560 USD
🔹 Reported To: Twitter
🔹 Reported By: #alesandroortiz
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2020, 7:11pm (UTC)

[http_server] Path Traversal allowing to read any files on the server

👉 https://hackerone.com/reports/579523

🔹 Severity: High
🔹 Reported To: Node.js third-party modules
🔹 Reported By: #lightangel1412
🔹 State: 🟢 Resolved
🔹 Disclosed: September 24, 2020, 7:21pm (UTC)