Bug Bounty

HackerOne Bug Bounty Disclosure: b-delete-external-storage-of-any-user-b-cx-fa

November 21, 2023

Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'cx75fa'Link to Submitters Profile:https://hackerone.com/b'cx75fa' Report Title:b'Delete external storage of any user'Report Link:https://hackerone.com/reports/2212627Date...

HackerOne Bug Bounty Disclosure: b-user-ldap-app-logs-user-passwords-in-the-log-file-on-level-debug-b-alacn

November 21, 2023

Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'alacn1'Link to Submitters Profile:https://hackerone.com/b'alacn1' Report Title:b'user_ldap app logs user passwords in the...

HackerOne Bug Bounty Disclosure: b-html-injection-in-search-ui-when-selecting-a-circle-with-html-in-the-display-name-b-cx-fa

November 21, 2023

HackerOne Bug Bounty Disclosure: b-xss-in-cisco-endpoint-b-r-tdaddy

November 17, 2023

Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'r00tdaddy'Link to Submitters Profile:https://hackerone.com/b'r00tdaddy' Report Title:b'XSS in Cisco Endpoint'Report...

HackerOne Bug Bounty Disclosure: b-full-account-takeover-of-any-user-through-reset-password-b-maskedpersian

November 17, 2023

Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'maskedpersian'Link to Submitters Profile:https://hackerone.com/b'maskedpersian' Report Title:b'Full account takeover of...

HackerOne Bug Bounty Disclosure: b-unathenticated-file-read-cve-b-r-tdaddy

November 17, 2023

HackerOne Bug Bounty Disclosure: b-unauthorised-cocoapods-auth-via-token-leakage-http-header-injection-b-reefspek

November 16, 2023

Company Name: b'Snowplow' Company HackerOne URL: https://hackerone.com/snowplow Submitted By:b'reefspek'Link to Submitters Profile:https://hackerone.com/b'reefspek' Report Title:b'Unauthorised CocoaPods Auth via Token Leakage &...

HackerOne Bug Bounty Disclosure: b-oauth-client-secret-stored-in-plain-text-in-the-database-b-rullzer

November 15, 2023

Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'rullzer'Link to Submitters Profile:https://hackerone.com/b'rullzer' Report Title:b'OAuth2 client_secret stored in plain text in...

HackerOne Bug Bounty Disclosure: b-csrf-vulnerability-in-royal-canin-website-allows-attackers-to-change-user-profile-picture-at-my-royalcanin-pt-b-bx

November 15, 2023

Company Name: b'Mars' Company HackerOne URL: https://hackerone.com/mars Submitted By:b'bx00'Link to Submitters Profile:https://hackerone.com/b'bx00' Report Title:b'**"CSRF Vulnerability in Royal Canin Website Allows...

HackerOne Bug Bounty Disclosure: b-reflected-xss-in-https-wordpress-com-start-account-user-b-secureighty

November 15, 2023

Company Name: b'Automattic' Company HackerOne URL: https://hackerone.com/automattic Submitted By:b'secureighty'Link to Submitters Profile:https://hackerone.com/b'secureighty' Report Title:b'reflected xss in https://wordpress.com/start/account/user'Report Link:https://hackerone.com/reports/2055132Date Submitted:15 November...

HackerOne Bug Bounty Disclosure: b-buffer-overflow-and-affected-url-https-github-com-curl-curl-blob-master-docs-examples-hsts-preload-c-b-cyberguardianrd

November 15, 2023

Company Name: b'curl' Company HackerOne URL: https://hackerone.com/curl Submitted By:b'cyberguardianrd'Link to Submitters Profile:https://hackerone.com/b'cyberguardianrd' Report Title:b'Buffer overflow and affected url:-https://github.com/curl/curl/blob/master/docs/examples/hsts-preload.c'Report Link:https://hackerone.com/reports/2252307Date Submitted:15...

HackerOne Bug Bounty Disclosure: b-cve-apache-airflow-bypass-permission-verification-to-view-task-instances-of-other-dags-b-balis-ng

November 13, 2023

Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'balis0ng'Link to Submitters Profile:https://hackerone.com/b'balis0ng' Report Title:b'CVE-2023-42663: Apache Airflow: Bypass permission...

HackerOne Bug Bounty Disclosure: b-yet-another-casb-integration-takeover-of-active-integrations-b-suzuka

November 13, 2023

Company Name: b'Cloudflare Public Bug Bounty' Company HackerOne URL: https://hackerone.com/cloudflare Submitted By:b'suzuka'Link to Submitters Profile:https://hackerone.com/b'suzuka' Report Title:b'Yet Another CASB Integration...

HackerOne Bug Bounty Disclosure: b-subdomain-takeover-on-one-of-the-subdomain-under-mozgcp-net-b-d-xing

November 12, 2023

Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'd0xing'Link to Submitters Profile:https://hackerone.com/b'd0xing' Report Title:b'Subdomain takeover on one of...

HackerOne Bug Bounty Disclosure: b-subdomain-takeover-on-one-of-the-subdomain-under-mozgcp-net-b-mikey

November 12, 2023

Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'mikey96'Link to Submitters Profile:https://hackerone.com/b'mikey96' Report Title:b'Subdomain takeover on one of...

HackerOne Bug Bounty Disclosure: b-password-of-talk-conversations-can-be-bruteforced-b-nickvergessen

November 12, 2023

Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'nickvergessen'Link to Submitters Profile:https://hackerone.com/b'nickvergessen' Report Title:b'Password of talk conversations can be bruteforced'Report...

HackerOne Bug Bounty Disclosure: b-subdomain-takeover-on-one-of-the-subdomain-under-mozgcp-net-b-d-xing

November 12, 2023

HackerOne Bug Bounty Disclosure: b-memcached-used-as-ratelimiter-backend-is-no-op-b-nickvergessen

November 12, 2023

Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'nickvergessen'Link to Submitters Profile:https://hackerone.com/b'nickvergessen' Report Title:b'Memcached used as RateLimiter backend is no-op'Report...

HackerOne Bug Bounty Disclosure: b-csrf-xss-reflect-b-smael-liveira

November 10, 2023

Company Name: b'Daimler Truck' Company HackerOne URL: https://hackerone.com/daimler_truck Submitted By:b'1smael0liveira'Link to Submitters Profile:https://hackerone.com/b'1smael0liveira' Report Title:b'CSRF + XSS REFLECT'Report Link:https://hackerone.com/reports/2050122Date Submitted:10...

HackerOne Bug Bounty Disclosure: b-yaml-schema-injection-risk-in-swagger-ui-via-schema-url-parameter-at-developers-cloudflare-com-b-aliend

November 10, 2023

Company Name: b'Cloudflare Public Bug Bounty' Company HackerOne URL: https://hackerone.com/cloudflare Submitted By:b'aliend89'Link to Submitters Profile:https://hackerone.com/b'aliend89' Report Title:b'YAML schema injection risk...

HackerOne Bug Bounty Disclosure: b-bypass-r-payment-screen-b-hacker-t-dog

November 10, 2023

Company Name: b'Cloudflare Public Bug Bounty' Company HackerOne URL: https://hackerone.com/cloudflare Submitted By:b'hacker_t_dog'Link to Submitters Profile:https://hackerone.com/b'hacker_t_dog' Report Title:b'Bypass R2 payment screen'Report...

HackerOne Bug Bounty Disclosure: b-cross-site-request-forgery-b-pascal-geuter

November 5, 2023

Company Name: b'ownCloud' Company HackerOne URL: https://hackerone.com/owncloud Submitted By:b'pascal_geuter'Link to Submitters Profile:https://hackerone.com/b'pascal_geuter' Report Title:b'Cross-Site Request Forgery 'Report Link:https://hackerone.com/reports/2041007Date Submitted:05 November...

HackerOne Bug Bounty Disclosure: b-google-docs-link-in-js-files-allows-editing-reading-survey-information-b-bebiks

November 4, 2023

Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'bebiks'Link to Submitters Profile:https://hackerone.com/b'bebiks' Report Title:b'Google Docs link in JS files allows...

HackerOne Bug Bounty Disclosure: b-user-automatically-logged-in-as-sys-admin-user-on-https-administration-administration-aspx-b-mrr-b-t

November 3, 2023

Company Name: b'U.S. Dept Of Defense' Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:b'mrr0b0t2324'Link to Submitters Profile:https://hackerone.com/b'mrr0b0t2324' Report Title:b'User automatically logged in...

Bug Bounty

HackerOne Bug Bounty Disclosure: b-delete-external-storage-of-any-user-b-cx-fa

HackerOne Bug Bounty Disclosure: b-user-ldap-app-logs-user-passwords-in-the-log-file-on-level-debug-b-alacn

HackerOne Bug Bounty Disclosure: b-html-injection-in-search-ui-when-selecting-a-circle-with-html-in-the-display-name-b-cx-fa

HackerOne Bug Bounty Disclosure: b-xss-in-cisco-endpoint-b-r-tdaddy

HackerOne Bug Bounty Disclosure: b-full-account-takeover-of-any-user-through-reset-password-b-maskedpersian

HackerOne Bug Bounty Disclosure: b-unathenticated-file-read-cve-b-r-tdaddy

HackerOne Bug Bounty Disclosure: b-unauthorised-cocoapods-auth-via-token-leakage-http-header-injection-b-reefspek

HackerOne Bug Bounty Disclosure: b-oauth-client-secret-stored-in-plain-text-in-the-database-b-rullzer

HackerOne Bug Bounty Disclosure: b-csrf-vulnerability-in-royal-canin-website-allows-attackers-to-change-user-profile-picture-at-my-royalcanin-pt-b-bx

HackerOne Bug Bounty Disclosure: b-reflected-xss-in-https-wordpress-com-start-account-user-b-secureighty

HackerOne Bug Bounty Disclosure: b-buffer-overflow-and-affected-url-https-github-com-curl-curl-blob-master-docs-examples-hsts-preload-c-b-cyberguardianrd

HackerOne Bug Bounty Disclosure: b-cve-apache-airflow-bypass-permission-verification-to-view-task-instances-of-other-dags-b-balis-ng

HackerOne Bug Bounty Disclosure: b-yet-another-casb-integration-takeover-of-active-integrations-b-suzuka

HackerOne Bug Bounty Disclosure: b-subdomain-takeover-on-one-of-the-subdomain-under-mozgcp-net-b-d-xing

HackerOne Bug Bounty Disclosure: b-subdomain-takeover-on-one-of-the-subdomain-under-mozgcp-net-b-mikey

HackerOne Bug Bounty Disclosure: b-password-of-talk-conversations-can-be-bruteforced-b-nickvergessen

HackerOne Bug Bounty Disclosure: b-subdomain-takeover-on-one-of-the-subdomain-under-mozgcp-net-b-d-xing

HackerOne Bug Bounty Disclosure: b-memcached-used-as-ratelimiter-backend-is-no-op-b-nickvergessen

HackerOne Bug Bounty Disclosure: b-csrf-xss-reflect-b-smael-liveira

HackerOne Bug Bounty Disclosure: b-yaml-schema-injection-risk-in-swagger-ui-via-schema-url-parameter-at-developers-cloudflare-com-b-aliend

HackerOne Bug Bounty Disclosure: b-bypass-r-payment-screen-b-hacker-t-dog

HackerOne Bug Bounty Disclosure: b-cross-site-request-forgery-b-pascal-geuter

HackerOne Bug Bounty Disclosure: b-google-docs-link-in-js-files-allows-editing-reading-survey-information-b-bebiks

HackerOne Bug Bounty Disclosure: b-user-automatically-logged-in-as-sys-admin-user-on-https-administration-administration-aspx-b-mrr-b-t

[LOCKBIT3] – Ransomware Victim: madison-home[.]com

[CHORT] – Ransomware Victim: sheboyganwi[.]gov

[QILIN] – Ransomware Victim: Zimmerman & Frachtman PA Law Firm

[QILIN] – Ransomware Victim: Calvert Home Mortgage Investment

[QILIN] – Ransomware Victim: LBCO Contracting LTD

You may have missed