Telegram Web
Any organization's assets pending review can be downloaded

πŸ‘‰ https://hackerone.com/reports/1787644

πŸ”Ή Severity: High
πŸ”Ή Reported To: HackerOne
πŸ”Ή Reported By: #jobert
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 29, 2022, 6:36pm (UTC)
Stored XSS Payload when sending videos

πŸ‘‰ https://hackerone.com/reports/1536046

πŸ”Ή Severity: Low | πŸ’° 500 USD
πŸ”Ή Reported To: TikTok
πŸ”Ή Reported By: #aidilarf_2000
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 29, 2022, 9:30pm (UTC)
If the website does not impose additional defense against CSRF attacks, failing to use the 'Lax' or 'Strict' values could increase the risk of exposur

πŸ‘‰ https://hackerone.com/reports/1707680

πŸ”Ή Severity: Low
πŸ”Ή Reported To: Yelp
πŸ”Ή Reported By: #shubhangirathore836
πŸ”Ή State: πŸ”΄ N/A
πŸ”Ή Disclosed: November 30, 2022, 3:15pm (UTC)
Campaign Account Balance and History Disclosed in API Response

πŸ‘‰ https://hackerone.com/reports/1587374

πŸ”Ή Severity: Medium | πŸ’° 500 USD
πŸ”Ή Reported To: LinkedIn
πŸ”Ή Reported By: #sachin_kumar_
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: November 30, 2022, 7:31pm (UTC)
Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands

πŸ‘‰ https://hackerone.com/reports/1785378

πŸ”Ή Severity: High | πŸ’° 300 USD
πŸ”Ή Reported To: Ian Dunn
πŸ”Ή Reported By: #ryotak
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 4:00am (UTC)
CVE-2022-45402: Apache Airflow: Open redirect during login

πŸ‘‰ https://hackerone.com/reports/1782514

πŸ”Ή Severity: Medium | πŸ’° 2,400 USD
πŸ”Ή Reported To: Internet Bug Bounty
πŸ”Ή Reported By: #bugra
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 9:41am (UTC)
Calendar name length not validated before writing to database

πŸ‘‰ https://hackerone.com/reports/1596148

πŸ”Ή Severity: Low
πŸ”Ή Reported To: Nextcloud
πŸ”Ή Reported By: #errorx404
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 9:49am (UTC)
Firebase Database Takeover in https://pulseradio.mtn.co.ug/

πŸ‘‰ https://hackerone.com/reports/1447751

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #shuvam321
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 10:52am (UTC)
Unprotected Direct Object Reference

πŸ‘‰ https://hackerone.com/reports/1536936

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #coyemerald
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 5:24pm (UTC)
Remove Every User, Admin, And Owner Out Of Their Teams on developers.mtn.com via IDOR + Information Disclosure

πŸ‘‰ https://hackerone.com/reports/1448550

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #wallotry
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 5:34pm (UTC)
Subdomain Takeover at course.oberlo.com

πŸ‘‰ https://hackerone.com/reports/1690951

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #m7mdharoun
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 7:22pm (UTC)
Read/Write arbitrary (non-HttpOnly) cookies on checkout pages via GoogleAnalyticsAdditionalScripts postMessage handler

πŸ‘‰ https://hackerone.com/reports/1081167

πŸ”Ή Severity: Medium | πŸ’° 1,600 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #bored-engineer
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 7:34pm (UTC)
Disconnecting an external login provider does not revoke session

πŸ‘‰ https://hackerone.com/reports/1547684

πŸ”Ή Severity: Medium | πŸ’° 1,600 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #attackerbhai
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 7:50pm (UTC)
Stored XSS in /admin/product and /admin/collections

πŸ‘‰ https://hackerone.com/reports/1147433

πŸ”Ή Severity: Medium | πŸ’° 5,300 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #ashketchum
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 1, 2022, 10:44pm (UTC)
Authentication bypass in https://nin.mtn.ng

πŸ‘‰ https://hackerone.com/reports/1747146

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #roland_hack
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 2, 2022, 1:00pm (UTC)
XSS in Acronis Cloud Manager Admin Portal

πŸ‘‰ https://hackerone.com/reports/1388788

πŸ”Ή Severity: Medium | πŸ’° 100 USD
πŸ”Ή Reported To: Acronis
πŸ”Ή Reported By: #mooimacow
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 2, 2022, 7:48pm (UTC)
POST following PUT confusion

πŸ‘‰ https://hackerone.com/reports/1752146

πŸ”Ή Severity: Medium | πŸ’° 2,400 USD
πŸ”Ή Reported To: Internet Bug Bounty
πŸ”Ή Reported By: #robbotic
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 2, 2022, 9:03pm (UTC)
Exposed Cortex API at https://cortex-ingest.shopifycloud.com/

πŸ‘‰ https://hackerone.com/reports/1258871

πŸ”Ή Severity: Medium | πŸ’° 6,300 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #ian
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 2, 2022, 10:25pm (UTC)
CVE-2022-35260: .netrc parser out-of-bounds access

πŸ‘‰ https://hackerone.com/reports/1753224

πŸ”Ή Severity: Low | πŸ’° 480 USD
πŸ”Ή Reported To: Internet Bug Bounty
πŸ”Ή Reported By: #kurohiro
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 3, 2022, 12:20am (UTC)
IDOR in Stats API Endpoint Allows Viewing Equity or Net Profit of Any MT Account

πŸ‘‰ https://hackerone.com/reports/1644436

πŸ”Ή Severity: No Rating | πŸ’° 1,000 USD
πŸ”Ή Reported To: EXNESS
πŸ”Ή Reported By: #ashwarya
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: December 5, 2022, 3:50pm (UTC)
2024/12/01 06:48:53
Back to Top
HTML Embed Code: