Bug Bounty

HackerOne Bug Bounty Disclosure: csrf-and-xss-on-www-acronis-com-cabelo

August 26, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:cabeloLink to Submitters Profile:https://hackerone.com/cabelo Report Title:CSRF and XSS on wwwacroniscomReport Link:https://hackerone.com/reports/961787Date Submitted:26...

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-on-hxxp-h-b-e-n-ips-mtn-co-ug-via-nginx-module-renzi

August 24, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:renziLink to Submitters Profile:https://hackerone.com/renzi Report Title:Cross-site Scripting (XSS) - Reflected on...

HackerOne Bug Bounty Disclosure: cve-potential-sql-injection-in-queryset-values-and-values-list-eyalgabay

August 24, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:eyalgabayLink to Submitters Profile:https://hackerone.com/eyalgabay Report Title:CVE-2024-42005: Potential SQL injection in...

HackerOne Bug Bounty Disclosure: remote-code-injection-in-log-j-on-hxxps-mymtn-mtncongo-net-cve-renzi

August 24, 2024

HackerOne Bug Bounty Disclosure: remote-code-injection-in-log-j-on-hxxp-mtn-app-mtncameroon-net-cve-renzi

August 24, 2024

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-on-hxxps-api-mtn-sd-carbon-admin-login-jsp-via-msgid-parameter-cve-renzi

August 24, 2024

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-on-hxxp-callertunez-mtn-com-gh-wap-noauth-sharedetail-ftl-via-callback-parameter-renzi

August 24, 2024

HackerOne Bug Bounty Disclosure: reflected-cross-site-scripting-cisco-asa-on-myvpn-mtncameroon-net-cve-renzi

August 23, 2024

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-mersenne

August 21, 2024

Company Name: Drugs.com Company HackerOne URL: https://hackerone.com/drugs_com Submitted By:mersenneLink to Submitters Profile:https://hackerone.com/mersenne Report Title:Cross-site Scripting (XSS) - ReflectedReport Link:https://hackerone.com/reports/1211148Date Submitted:21...

HackerOne Bug Bounty Disclosure: full-account-takeover-impozzible

August 17, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:impozzibleLink to Submitters Profile:https://hackerone.com/impozzible Report Title:FULL ACCOUNT TAKEOVERReport Link:https://hackerone.com/reports/2542372Date Submitted:17 August...

HackerOne Bug Bounty Disclosure: dod-workstation-exposed-to-internet-via-tinypilot-kvm-with-no-authentication-socpuppet

August 16, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:socpuppetLink to Submitters Profile:https://hackerone.com/socpuppet Report Title:DoD workstation exposed to...

HackerOne Bug Bounty Disclosure: course-registration-form-allowing-an-attacker-to-dump-all-the-candidate-name-who-had-enrolled-for-the-course-steveflex

August 16, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:steveflexLink to Submitters Profile:https://hackerone.com/steveflex Report Title:Course Registration Form Allowing...

HackerOne Bug Bounty Disclosure: cross-site-scripting-prakhar-x

August 16, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:prakhar0x01Link to Submitters Profile:https://hackerone.com/prakhar0x01 Report Title:Cross Site ScriptingReport Link:https://hackerone.com/reports/2587844Date...

HackerOne Bug Bounty Disclosure: blind-stored-xss-on-the-internal-host-sp-d-rs

August 16, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:sp1d3rsLink to Submitters Profile:https://hackerone.com/sp1d3rs Report Title:Blind Stored XSS on...

HackerOne Bug Bounty Disclosure: unauthenticated-arbitrary-file-upload-on-the-hxxps-sp-d-rs

August 16, 2024

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-mod-rewrite-proxy-handler-substitution-cve-cwe-improper-input-validation-orange

August 12, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:orangeLink to Submitters Profile:https://hackerone.com/orange Report Title:moderate: Apache HTTP Server: mod_rewrite...

HackerOne Bug Bounty Disclosure: leaking-usernames-through-endpoints-wordpress-alitoni

August 10, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:alitoni224Link to Submitters Profile:https://hackerone.com/alitoni224 Report Title:Leaking usernames through endpoints WordpressReport Link:https://hackerone.com/reports/1785021Date...

HackerOne Bug Bounty Disclosure: idor-lets-a-malicious-user-reveal-the-unpinned-achievement-badges-of-any-reddit-user-saurabhb

August 9, 2024

Company Name: Reddit Company HackerOne URL: https://hackerone.com/reddit Submitted By:saurabhbLink to Submitters Profile:https://hackerone.com/saurabhb Report Title:IDOR lets a malicious user reveal the...

HackerOne Bug Bounty Disclosure: permissions-can-be-bypassed-via-arbitrary-code-execution-through-abusing-libuv-signal-pipes-xion

August 8, 2024

Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:xionLink to Submitters Profile:https://hackerone.com/xion Report Title:Permissions can be bypassed via arbitrary code...

HackerOne Bug Bounty Disclosure: possible-subdomain-takeover-for-inbound-emails-cryptic

August 7, 2024

Company Name: Smule Company HackerOne URL: https://hackerone.com/smule Submitted By:cryptic_Link to Submitters Profile:https://hackerone.com/cryptic_ Report Title:Possible Subdomain Takeover For Inbound EmailsReport Link:https://hackerone.com/reports/2567048Date...

HackerOne Bug Bounty Disclosure: unauthenticated-full-read-ssrf-via-twilio-integration-mokusou

August 4, 2024

Company Name: Rocket.Chat Company HackerOne URL: https://hackerone.com/rocket_chat Submitted By:mokusouLink to Submitters Profile:https://hackerone.com/mokusou Report Title:Unauthenticated full-read SSRF via Twilio integrationReport Link:https://hackerone.com/reports/1886954Date...

HackerOne Bug Bounty Disclosure: otp-bypass-via-response-manipulation-suryesh

July 30, 2024

Company Name: Zomato Company HackerOne URL: https://hackerone.com/zomato Submitted By:suryesh_92Link to Submitters Profile:https://hackerone.com/suryesh_92 Report Title:OTP Bypass via Response ManipulationReport Link:https://hackerone.com/reports/2630032Date Submitted:30...

HackerOne Bug Bounty Disclosure: exposure-of-shopify-employee-summit-page-allows-anonymous-user-to-place-orders-for-free-books-g-lden

July 29, 2024

Company Name: Shopify Company HackerOne URL: https://hackerone.com/shopify Submitted By:g0lden1Link to Submitters Profile:https://hackerone.com/g0lden1 Report Title:Exposure of shopify employee summit page allows...

HackerOne Bug Bounty Disclosure: open-akamai-arl-xss-on-hxxp-master-config-renzi

July 26, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:renziLink to Submitters Profile:https://hackerone.com/renzi Report Title:Open Akamai ARL XSS...

Bug Bounty

HackerOne Bug Bounty Disclosure: csrf-and-xss-on-www-acronis-com-cabelo

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-on-hxxp-h-b-e-n-ips-mtn-co-ug-via-nginx-module-renzi

HackerOne Bug Bounty Disclosure: cve-potential-sql-injection-in-queryset-values-and-values-list-eyalgabay

HackerOne Bug Bounty Disclosure: remote-code-injection-in-log-j-on-hxxps-mymtn-mtncongo-net-cve-renzi

HackerOne Bug Bounty Disclosure: remote-code-injection-in-log-j-on-hxxp-mtn-app-mtncameroon-net-cve-renzi

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-on-hxxps-api-mtn-sd-carbon-admin-login-jsp-via-msgid-parameter-cve-renzi

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-on-hxxp-callertunez-mtn-com-gh-wap-noauth-sharedetail-ftl-via-callback-parameter-renzi

HackerOne Bug Bounty Disclosure: reflected-cross-site-scripting-cisco-asa-on-myvpn-mtncameroon-net-cve-renzi

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-mersenne

HackerOne Bug Bounty Disclosure: full-account-takeover-impozzible

HackerOne Bug Bounty Disclosure: dod-workstation-exposed-to-internet-via-tinypilot-kvm-with-no-authentication-socpuppet

HackerOne Bug Bounty Disclosure: course-registration-form-allowing-an-attacker-to-dump-all-the-candidate-name-who-had-enrolled-for-the-course-steveflex

HackerOne Bug Bounty Disclosure: cross-site-scripting-prakhar-x

HackerOne Bug Bounty Disclosure: blind-stored-xss-on-the-internal-host-sp-d-rs

HackerOne Bug Bounty Disclosure: unauthenticated-arbitrary-file-upload-on-the-hxxps-sp-d-rs

HackerOne Bug Bounty Disclosure: moderate-apache-http-server-mod-rewrite-proxy-handler-substitution-cve-cwe-improper-input-validation-orange

HackerOne Bug Bounty Disclosure: leaking-usernames-through-endpoints-wordpress-alitoni

HackerOne Bug Bounty Disclosure: idor-lets-a-malicious-user-reveal-the-unpinned-achievement-badges-of-any-reddit-user-saurabhb

HackerOne Bug Bounty Disclosure: permissions-can-be-bypassed-via-arbitrary-code-execution-through-abusing-libuv-signal-pipes-xion

HackerOne Bug Bounty Disclosure: possible-subdomain-takeover-for-inbound-emails-cryptic

HackerOne Bug Bounty Disclosure: unauthenticated-full-read-ssrf-via-twilio-integration-mokusou

HackerOne Bug Bounty Disclosure: otp-bypass-via-response-manipulation-suryesh

HackerOne Bug Bounty Disclosure: exposure-of-shopify-employee-summit-page-allows-anonymous-user-to-place-orders-for-free-books-g-lden

HackerOne Bug Bounty Disclosure: open-akamai-arl-xss-on-hxxp-master-config-renzi

[RANSOMHUB] – Ransomware Victim: andreyevengineering[.]com

[RANSOMHUB] – Ransomware Victim: familychc[.]com

US-CERT Vulnerability Summary for the Week of February 24, 2025

[KAIROS] – Ransomware Victim: usarice[.]com

[ARCUSMEDIA] – Ransomware Victim: Itapeseg

You may have missed