Telegram Web
tgoop.com Β» United States Β» Bugpoint Β» Telegram Web
Bugpoint
Any organization's assets pending review can be downloaded

πŸ‘‰ https://hackerone.com/reports/1787644

πŸ”Ή Severity: High
πŸ”Ή Reported To: HackerOne
πŸ”Ή Reported By: #jobert
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 29, 2022, 6:36pm (UTC)
445 views
Bugpoint
Stored XSS Payload when sending videos

πŸ‘‰ https://hackerone.com/reports/1536046

πŸ”Ή Severity: Low | πŸ’° 500 USD
πŸ”Ή Reported To: TikTok
πŸ”Ή Reported By: #aidilarf_2000
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 29, 2022, 9:30pm (UTC)
397 views
Bugpoint
If the website does not impose additional defense against CSRF attacks, failing to use the 'Lax' or 'Strict' values could increase the risk of exposur

πŸ‘‰ https://hackerone.com/reports/1707680

πŸ”Ή Severity: Low
πŸ”Ή Reported To: Yelp
πŸ”Ή Reported By: #shubhangirathore836
πŸ”Ή State: πŸ”΄ N/A
πŸ”Ή Disclosed: November 30, 2022, 3:15pm (UTC)
389 views
Bugpoint
Campaign Account Balance and History Disclosed in API Response

πŸ‘‰ https://hackerone.com/reports/1587374

πŸ”Ή Severity: Medium | πŸ’° 500 USD
πŸ”Ή Reported To: LinkedIn
πŸ”Ή Reported By: #sachin_kumar_
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 30, 2022, 7:31pm (UTC)
411 views
Bugpoint
Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands

πŸ‘‰ https://hackerone.com/reports/1785378

πŸ”Ή Severity: High | πŸ’° 300 USD
πŸ”Ή Reported To: Ian Dunn
πŸ”Ή Reported By: #ryotak
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 4:00am (UTC)
474 views
Bugpoint
CVE-2022-45402: Apache Airflow: Open redirect during login

πŸ‘‰ https://hackerone.com/reports/1782514

πŸ”Ή Severity: Medium | πŸ’° 2,400 USD
πŸ”Ή Reported To: Internet Bug Bounty
πŸ”Ή Reported By: #bugra
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 9:41am (UTC)
434 views
Bugpoint
Calendar name length not validated before writing to database

πŸ‘‰ https://hackerone.com/reports/1596148

πŸ”Ή Severity: Low
πŸ”Ή Reported To: Nextcloud
πŸ”Ή Reported By: #errorx404
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 9:49am (UTC)
420 views
Bugpoint
Firebase Database Takeover in https://pulseradio.mtn.co.ug/

πŸ‘‰ https://hackerone.com/reports/1447751

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #shuvam321
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 10:52am (UTC)
431 views
Bugpoint
Unprotected Direct Object Reference

πŸ‘‰ https://hackerone.com/reports/1536936

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #coyemerald
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 5:24pm (UTC)
433 views
Bugpoint
Remove Every User, Admin, And Owner Out Of Their Teams on developers.mtn.com via IDOR + Information Disclosure

πŸ‘‰ https://hackerone.com/reports/1448550

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #wallotry
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 5:34pm (UTC)
467 views
Bugpoint
Subdomain Takeover at course.oberlo.com

πŸ‘‰ https://hackerone.com/reports/1690951

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #m7mdharoun
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 7:22pm (UTC)
489 views
Bugpoint
Read/Write arbitrary (non-HttpOnly) cookies on checkout pages via GoogleAnalyticsAdditionalScripts postMessage handler

πŸ‘‰ https://hackerone.com/reports/1081167

πŸ”Ή Severity: Medium | πŸ’° 1,600 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #bored-engineer
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 7:34pm (UTC)
513 views
Bugpoint
Disconnecting an external login provider does not revoke session

πŸ‘‰ https://hackerone.com/reports/1547684

πŸ”Ή Severity: Medium | πŸ’° 1,600 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #attackerbhai
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 7:50pm (UTC)
554 views
Bugpoint
Stored XSS in /admin/product and /admin/collections

πŸ‘‰ https://hackerone.com/reports/1147433

πŸ”Ή Severity: Medium | πŸ’° 5,300 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #ashketchum
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 10:44pm (UTC)
637 views
Bugpoint
Authentication bypass in https://nin.mtn.ng

πŸ‘‰ https://hackerone.com/reports/1747146

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #roland_hack
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 2, 2022, 1:00pm (UTC)
759 views
Bugpoint
XSS in Acronis Cloud Manager Admin Portal

πŸ‘‰ https://hackerone.com/reports/1388788

πŸ”Ή Severity: Medium | πŸ’° 100 USD
πŸ”Ή Reported To: Acronis
πŸ”Ή Reported By: #mooimacow
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 2, 2022, 7:48pm (UTC)
909 views
Bugpoint
POST following PUT confusion

πŸ‘‰ https://hackerone.com/reports/1752146

πŸ”Ή Severity: Medium | πŸ’° 2,400 USD
πŸ”Ή Reported To: Internet Bug Bounty
πŸ”Ή Reported By: #robbotic
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 2, 2022, 9:03pm (UTC)
1.2K views
Bugpoint
Exposed Cortex API at https://cortex-ingest.shopifycloud.com/

πŸ‘‰ https://hackerone.com/reports/1258871

πŸ”Ή Severity: Medium | πŸ’° 6,300 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #ian
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 2, 2022, 10:25pm (UTC)
1.4K views
Bugpoint
CVE-2022-35260: .netrc parser out-of-bounds access

πŸ‘‰ https://hackerone.com/reports/1753224

πŸ”Ή Severity: Low | πŸ’° 480 USD
πŸ”Ή Reported To: Internet Bug Bounty
πŸ”Ή Reported By: #kurohiro
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 3, 2022, 12:20am (UTC)
2.0K views
Bugpoint
IDOR in Stats API Endpoint Allows Viewing Equity or Net Profit of Any MT Account

πŸ‘‰ https://hackerone.com/reports/1644436

πŸ”Ή Severity: No Rating | πŸ’° 1,000 USD
πŸ”Ή Reported To: EXNESS
πŸ”Ή Reported By: #ashwarya
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 5, 2022, 3:50pm (UTC)
2.2K views
2024/11/29 14:49:44
Back to Top
HTML Embed Code: