DOS via issue preview
π https://hackerone.com/reports/1543718
πΉ Severity: High | π° 7,640 USD
πΉ Reported To: GitLab
πΉ Reported By: #legit-security
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:47am (UTC)
π https://hackerone.com/reports/1543718
πΉ Severity: High | π° 7,640 USD
πΉ Reported To: GitLab
πΉ Reported By: #legit-security
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 3:47am (UTC)
CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud
π https://hackerone.com/reports/1245165
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Acronis
πΉ Reported By: #mr-medi
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 7:38pm (UTC)
π https://hackerone.com/reports/1245165
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Acronis
πΉ Reported By: #mr-medi
πΉ State: π’ Resolved
πΉ Disclosed: November 4, 2022, 7:38pm (UTC)
CVE-2022-35252: control code in cookie denial of service
π https://hackerone.com/reports/1686935
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: November 5, 2022, 2:50pm (UTC)
π https://hackerone.com/reports/1686935
πΉ Severity: Low | π° 480 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: November 5, 2022, 2:50pm (UTC)
Completely remove VPN profile from locked WARP iOS cient.
π https://hackerone.com/reports/1633231
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #joshatmotion
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 10:59am (UTC)
π https://hackerone.com/reports/1633231
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #joshatmotion
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 10:59am (UTC)
Bypass Cloudflare WARP lock on iOS.
π https://hackerone.com/reports/1542450
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #joshatmotion
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 11:02am (UTC)
π https://hackerone.com/reports/1542450
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #joshatmotion
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 11:02am (UTC)
I found another way to bypass Cloudflare Warp lock!
π https://hackerone.com/reports/1605847
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #joshatmotion
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 11:02am (UTC)
π https://hackerone.com/reports/1605847
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #joshatmotion
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 11:02am (UTC)
Exceed photo dimensions, Flickr.com
π https://hackerone.com/reports/1755552
πΉ Severity: Low | π° 50 USD
πΉ Reported To: Flickr
πΉ Reported By: #0xcyborg
πΉ State: βͺοΈ Informative
πΉ Disclosed: November 7, 2022, 5:53pm (UTC)
π https://hackerone.com/reports/1755552
πΉ Severity: Low | π° 50 USD
πΉ Reported To: Flickr
πΉ Reported By: #0xcyborg
πΉ State: βͺοΈ Informative
πΉ Disclosed: November 7, 2022, 5:53pm (UTC)
Subdomain Takeover via Unclaimed Amazon S3 Bucket (Musical.ly)
π https://hackerone.com/reports/1102537
πΉ Severity: Low | π° 200 USD
πΉ Reported To: TikTok
πΉ Reported By: #daik0n
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 9:34pm (UTC)
π https://hackerone.com/reports/1102537
πΉ Severity: Low | π° 200 USD
πΉ Reported To: TikTok
πΉ Reported By: #daik0n
πΉ State: π’ Resolved
πΉ Disclosed: November 7, 2022, 9:34pm (UTC)
Public Github Repo Leaking Internal Credentials
π https://hackerone.com/reports/1763266
πΉ Severity: Critical
πΉ Reported To: Yelp
πΉ Reported By: #xinfohuggerx
πΉ State: βͺοΈ Informative
πΉ Disclosed: November 7, 2022, 11:45pm (UTC)
π https://hackerone.com/reports/1763266
πΉ Severity: Critical
πΉ Reported To: Yelp
πΉ Reported By: #xinfohuggerx
πΉ State: βͺοΈ Informative
πΉ Disclosed: November 7, 2022, 11:45pm (UTC)
[Kafka Connect] [JdbcSinkConnector][HttpSinkConnector] RCE by leveraging file upload via SQLite JDBC driver and SSRF to internal Jolokia
π https://hackerone.com/reports/1547877
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:29am (UTC)
π https://hackerone.com/reports/1547877
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:29am (UTC)
Grafana RCE via SMTP server parameter injection
π https://hackerone.com/reports/1200647
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:29am (UTC)
π https://hackerone.com/reports/1200647
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:29am (UTC)
Kafka Connect RCE via connector SASL JAAS JndiLoginModule configuration
π https://hackerone.com/reports/1529790
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:30am (UTC)
π https://hackerone.com/reports/1529790
πΉ Severity: Critical | π° 5,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:30am (UTC)
Apache Flink RCE via GET jar/plan API Endpoint
π https://hackerone.com/reports/1418891
πΉ Severity: Critical | π° 6,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:30am (UTC)
π https://hackerone.com/reports/1418891
πΉ Severity: Critical | π° 6,000 USD
πΉ Reported To: Aiven Ltd
πΉ Reported By: #jarij
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 6:30am (UTC)
Self-XSS on Suggest Tag dialog box
π https://hackerone.com/reports/1761505
πΉ Severity: Low | π° 50 USD
πΉ Reported To: XVIDEOS
πΉ Reported By: #j3rry4unt
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 7:19pm (UTC)
π https://hackerone.com/reports/1761505
πΉ Severity: Low | π° 50 USD
πΉ Reported To: XVIDEOS
πΉ Reported By: #j3rry4unt
πΉ State: π’ Resolved
πΉ Disclosed: November 8, 2022, 7:19pm (UTC)
Host Header Injection Attack - www.xnxx.com
π https://hackerone.com/reports/1630073
πΉ Severity: No Rating
πΉ Reported To: XVIDEOS
πΉ Reported By: #cyber_anon
πΉ State: βͺοΈ Informative
πΉ Disclosed: November 8, 2022, 7:25pm (UTC)
π https://hackerone.com/reports/1630073
πΉ Severity: No Rating
πΉ Reported To: XVIDEOS
πΉ Reported By: #cyber_anon
πΉ State: βͺοΈ Informative
πΉ Disclosed: November 8, 2022, 7:25pm (UTC)
api keys leaked
π https://hackerone.com/reports/1762927
πΉ Severity: Medium
πΉ Reported To: Reddit
πΉ Reported By: #saibalajis6
πΉ State: βͺοΈ Informative
πΉ Disclosed: November 10, 2022, 2:40pm (UTC)
π https://hackerone.com/reports/1762927
πΉ Severity: Medium
πΉ Reported To: Reddit
πΉ Reported By: #saibalajis6
πΉ State: βͺοΈ Informative
πΉ Disclosed: November 10, 2022, 2:40pm (UTC)
sensitive data exposure
π https://hackerone.com/reports/1716249
πΉ Severity: High
πΉ Reported To: Reddit
πΉ Reported By: #saibalajis6
πΉ State: π΄ N/A
πΉ Disclosed: November 10, 2022, 2:41pm (UTC)
π https://hackerone.com/reports/1716249
πΉ Severity: High
πΉ Reported To: Reddit
πΉ Reported By: #saibalajis6
πΉ State: π΄ N/A
πΉ Disclosed: November 10, 2022, 2:41pm (UTC)
Business Suite "Get Leads" Resulting in Revealing User Email & Phone
π https://hackerone.com/reports/1744194
πΉ Severity: High | π° 5,500 USD
πΉ Reported To: TikTok
πΉ Reported By: #datph4m
πΉ State: π’ Resolved
πΉ Disclosed: November 10, 2022, 11:41pm (UTC)
π https://hackerone.com/reports/1744194
πΉ Severity: High | π° 5,500 USD
πΉ Reported To: TikTok
πΉ Reported By: #datph4m
πΉ State: π’ Resolved
πΉ Disclosed: November 10, 2022, 11:41pm (UTC)
Subdomain Takeover on delivey.yelp.com
π https://hackerone.com/reports/1715538
πΉ Severity: Low
πΉ Reported To: Yelp
πΉ Reported By: #racersaravanaa05
πΉ State: π΄ N/A
πΉ Disclosed: November 12, 2022, 3:49pm (UTC)
π https://hackerone.com/reports/1715538
πΉ Severity: Low
πΉ Reported To: Yelp
πΉ Reported By: #racersaravanaa05
πΉ State: π΄ N/A
πΉ Disclosed: November 12, 2022, 3:49pm (UTC)
Subdomain takeover at http://test.www.midigator.com
π https://hackerone.com/reports/1718371
πΉ Severity: High
πΉ Reported To: Equifax
πΉ Reported By: #valluvarsploit_h1
πΉ State: π’ Resolved
πΉ Disclosed: November 12, 2022, 4:05pm (UTC)
π https://hackerone.com/reports/1718371
πΉ Severity: High
πΉ Reported To: Equifax
πΉ Reported By: #valluvarsploit_h1
πΉ State: π’ Resolved
πΉ Disclosed: November 12, 2022, 4:05pm (UTC)