Bugpoint

Support Portal Takeover via Leaked API KEY

👉 https://hackerone.com/reports/1766228

🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: AMBER AI
🔹 Reported By: #khizer47
🔹 State: 🟢 Resolved
🔹 Disclosed: November 22, 2022, 9:55am (UTC)

284 views18:31

Bugpoint

DoS via Automatic Response Message

👉 https://hackerone.com/reports/1680241

🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Mattermost
🔹 Reported By: #vultza
🔹 State: 🟢 Resolved
🔹 Disclosed: November 23, 2022, 2:55pm (UTC)

264 views19:25

Bugpoint

DoS via Playbook

👉 https://hackerone.com/reports/1685979

🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Mattermost
🔹 Reported By: #vultza
🔹 State: 🟢 Resolved
🔹 Disclosed: November 23, 2022, 2:55pm (UTC)

247 views19:25

Bugpoint

RubyのCGIライブラリにHTTPレスポンス分割（HTTPヘッダインジェクション）があり、秘密情報が漏洩する

👉 https://hackerone.com/reports/1204695

🔹 Severity: High
🔹 Reported To: Ruby
🔹 Reported By: #htokumaru
🔹 State: 🟢 Resolved
🔹 Disclosed: November 24, 2022, 1:46am (UTC)

254 views04:58

Bugpoint

CGI::Cookieクラスにおけるセキュリティ上好ましくない仕様および実装

👉 https://hackerone.com/reports/1204977

🔹 Severity: Low
🔹 Reported To: Ruby
🔹 Reported By: #htokumaru
🔹 State: 🟢 Resolved
🔹 Disclosed: November 24, 2022, 1:47am (UTC)

269 views04:58

Bugpoint

XSS in Desktop Client in the notifications

👉 https://hackerone.com/reports/1668028

🔹 Severity: Low | 💰 750 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 11:29am (UTC)

250 views18:34

Bugpoint

XSS in Desktop Client via user status and information

👉 https://hackerone.com/reports/1707977

🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 3:44pm (UTC)

250 views18:34

Bugpoint

XSS in Desktop Client in call notification popup

👉 https://hackerone.com/reports/1711847

🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 3:45pm (UTC)

238 views18:34

Bugpoint

SSRF - pivoting in the private LAN

👉 https://hackerone.com/reports/1364797

🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #adrian_t
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 5:20pm (UTC)

246 views18:34

Bugpoint

open redirect to a remote website which can phish users

👉 https://hackerone.com/reports/1397804

🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #adrian_t
🔹 State: ⚪️ Informative
🔹 Disclosed: November 25, 2022, 6:08pm (UTC)

279 views18:34

Bugpoint

SSRF mitigation bypass using DNS Rebind attack

👉 https://hackerone.com/reports/1369312

🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #adrian_t
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 6:11pm (UTC)

307 views18:34

Bugpoint

Database resource exhaustion for logged-in users via sharee recommendations with circles

👉 https://hackerone.com/reports/1688199

🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #michag86
🔹 State: 🟢 Resolved
🔹 Disclosed: November 26, 2022, 6:52am (UTC)

264 views07:04

Bugpoint

Profile of disabled user stays accessible

👉 https://hackerone.com/reports/1675014

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #mikaelgundersen
🔹 State: 🟢 Resolved
🔹 Disclosed: November 26, 2022, 6:53am (UTC)

279 views07:04

Bugpoint

CVE-2022-32221: POST following PUT confusion

👉 https://hackerone.com/reports/1704017

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #robbotic
🔹 State: 🟢 Resolved
🔹 Disclosed: November 26, 2022, 12:02pm (UTC)

297 views18:52

Bugpoint

CVE-2022-42915: HTTP proxy double-free

👉 https://hackerone.com/reports/1722065

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #bagder
🔹 State: 🟢 Resolved
🔹 Disclosed: November 26, 2022, 12:04pm (UTC)

326 views18:52

Bugpoint

Exception logging in Sharepoint app reveals clear-text connection details

👉 https://hackerone.com/reports/1652903

🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kichernde_erbse
🔹 State: 🟢 Resolved
🔹 Disclosed: November 26, 2022, 12:46pm (UTC)

366 views18:52

Bugpoint

Wordpress users Disclosure [ /wp-json/wp/v2/users/ ]

👉 https://hackerone.com/reports/1735586

🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #shubham_srt
🔹 State: 🟢 Resolved
🔹 Disclosed: November 27, 2022, 3:25am (UTC)

386 views09:31

Bugpoint

potential denial of service attack via the locale parameter

👉 https://hackerone.com/reports/1746098

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #benjaoming_realone
🔹 State: 🟢 Resolved
🔹 Disclosed: November 28, 2022, 6:31pm (UTC)

369 views19:31

Bugpoint

I found some api keys in js files ,huge leak of token addresses and huge amount of js files are not forbidden

👉 https://hackerone.com/reports/1787121

🔹 Severity: No Rating
🔹 Reported To: AMBER AI
🔹 Reported By: #orange_h
🔹 State: 🔴 N/A
🔹 Disclosed: November 29, 2022, 10:46am (UTC)

377 views10:55

Bugpoint

Stored XSS in Dovetale by application of creator

👉 https://hackerone.com/reports/1652046

🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #kun_19
🔹 State: 🟢 Resolved
🔹 Disclosed: November 29, 2022, 5:34pm (UTC)

413 views19:22

2025/02/27 16:48:11
Back to Top

HTML Embed Code:

<iframe width="100%" src="https://www.tgoop.com/buyppe/web?embed=1" title="Telegram Web" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>