HackerOne Bug Bounty Disclosure: adding-h1_analyst_*-to-username-for-normal-usersbyrefaat01
Programme HackerOne HackerOne HackerOne Submitted by refaat01 refaat01 Report adding h1_analyst_* to username for normal users Full Report A...
Bug Bounty
HackerOne Bug Bounty Disclosure: github-security-lab-(ghsl)-vulnerability-report:-sqlinjection-in-filecontentprovider-kt-(ghsl-2022-059)byatorralba
Programme HackerOne ownCloud ownCloud Submitted by atorralba atorralba Report GitHub Security Lab (GHSL) Vulnerability Report: SQLInjection in FileContentProvider.kt (GHSL-2022-059) Full...
HackerOne Bug Bounty Disclosure: can-delete-other-user’s-post-and-company-page-postbyanandpingsafe
Programme HackerOne LinkedIn LinkedIn Submitted by anandpingsafe anandpingsafe Report Can delete other user's post and company page post Full Report...
HackerOne Bug Bounty Disclosure: testing-flow-includes-a-deepsource-secretbytriplesided
Programme HackerOne Weblate Weblate Submitted by triplesided triplesided Report Testing flow includes a DeepSource secret Full Report A considerable...
HackerOne Bug Bounty Disclosure: sensitive-information-for-phpinfo-php-at-https://products-ean-com/byexploitmsf
Programme HackerOne Expedia Group Bug Bounty Expedia Group Bug Bounty Submitted by exploitmsf exploitmsf Report Sensitive information for phpinfo.php at...
HackerOne Bug Bounty Disclosure: idor-in-talentmap-api-can-be-abused-to-enumerate-personal-information-of-all-the-usersbynepalihacker0x01
Programme HackerOne U.S. Department of State U.S. Department of State Submitted by nepalihacker0x01 nepalihacker0x01 Report IDOR in TalentMAP API can...
BugCrowd Bug Bounty Disclosure: – Linux client – command injection – local privilege escalation – By mmmdspl
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: session-mismatch-leading-to-potential-account-takeover-(local-access-required)byostracize
Programme HackerOne Cloudflare Public Bug Bounty Cloudflare Public Bug Bounty Submitted by ostracize ostracize Report Session mismatch leading to potential...
HackerOne Bug Bounty Disclosure: website-php-source-code-returned-in-javascriptbymdfarhanchowdhuryhasin
Programme HackerOne Nextcloud Nextcloud Submitted by mdfarhanchowdhuryhasin mdfarhanchowdhuryhasin Report Website PHP source code returned in javascript Full Report A...
HackerOne Bug Bounty Disclosure: ability-to-control-the-filename-when-uploading-a-logo-or-favicon-on-themingbyctulhu
Programme HackerOne Nextcloud Nextcloud Submitted by ctulhu ctulhu Report Ability to control the filename when uploading a logo or favicon...
HackerOne Bug Bounty Disclosure: full-passcode-bypass-on-nextcloud-app-iosbyctulhu
Programme HackerOne Nextcloud Nextcloud Submitted by ctulhu ctulhu Report Full Passcode bypass on Nextcloud App iOS Full Report A...
HackerOne Bug Bounty Disclosure: use-of-cryptographically-weak-pseudo-random-number-generator-in-webcrypto-keygenbybn00rdhuis
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by bn00rdhuis bn00rdhuis Report Use of Cryptographically Weak Pseudo-Random Number Generator...
HackerOne Bug Bounty Disclosure: inadequate-encryption-strength-in-nodejs-current-reads-openssl-cnf-from-/home/iojs/build/—-upon-startup-on-macosbymhdawson_
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by mhdawson_ mhdawson_ Report Inadequate Encryption Strength in nodejs-current reads openssl.cnf...
HackerOne Bug Bounty Disclosure: http-request-smuggling-due-to-incorrect-parsing-of-header-fieldsbyvwx7
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by vwx7 vwx7 Report HTTP Request Smuggling Due to Incorrect Parsing...
HackerOne Bug Bounty Disclosure: [shop-resmed-com]csrf-leads-to–unsubscribe-victim-from-communication-and–reward-membershipbypranav-pranayx01
Programme HackerOne ResMed ResMed Submitted by pranav-pranayx01 pranav-pranayx01 Report CSRF leads to Unsubscribe victim from Communication and Reward Membership Full...
BugCrowd Bug Bounty Disclosure: – Clickjacking with reflected xss and redirected to google – By Orange_hacker
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: – Auth.Tesla.com Account Takeover of Internal Tesla Accounts – By evanconnelly
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: csrf-protection-on-oidc-login-is-brokenbymikaelgundersen
Programme HackerOne Nextcloud Nextcloud Submitted by mikaelgundersen mikaelgundersen Report CSRF protection on OIDC login is broken Full Report A...
HackerOne Bug Bounty Disclosure: [www-32red-com]-reverse-proxy-misconfiguration-leads-to-1-click-account-takeoverbysw33tlie
Programme HackerOne Kindred Group Kindred Group Submitted by sw33tlie sw33tlie Report Reverse proxy misconfiguration leads to 1-click account takeover Full...
HackerOne Bug Bounty Disclosure: dangling-dns-record-docs-jitsi-net-(unsuccessful-gsuite-takeover)bybababounty99
Programme HackerOne 8x8 Bounty 8x8 Bounty Submitted by bababounty99 bababounty99 Report Dangling DNS Record docs.jitsi.net (unsuccessful GSuite takeover) Full Report...
HackerOne Bug Bounty Disclosure: full-account-takeover-on-*-unibet-com-due-to-crossdomain-xml-and-akamaiplayer-loadercontextbyfransrosen
Programme HackerOne Kindred Group Kindred Group Submitted by fransrosen fransrosen Report Full Account Takeover on *.unibet.com due to crossdomain.xml and...
HackerOne Bug Bounty Disclosure: [unibet-com]-delete-messages-via-idor-at-/mom-api/messages/unibet_@unibet/bynaaash
Programme HackerOne Kindred Group Kindred Group Submitted by naaash naaash Report Delete messages via IDOR at /mom-api/messages/unibet_@unibet/ Full Report ...
BugCrowd Bug Bounty Disclosure: – Linux client – Lack of certificate validation leading to RCE – By mmmdspl
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: unauthorized-user-can-view-subscribers-of-other-users-newslettersbytushar6378
Programme HackerOne LinkedIn LinkedIn Submitted by tushar6378 tushar6378 Report Unauthorized User can View Subscribers of Other Users Newsletters Full Report...
