Bug Bounty

HackerOne Bug Bounty Disclosure: nextcloud-tables-app-inserting-rows-to-an-arbitrary-table-possible-tuyenee

November 17, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:tuyeneeLink to Submitters Profile:https://hackerone.com/tuyenee Report Title:Nextcloud Tables app - inserting rows to...

HackerOne Bug Bounty Disclosure: open-redirect-via-x-forwarded-host-ndizon

November 17, 2024

Company Name: Omise Company HackerOne URL: https://hackerone.com/omise Submitted By:ndizon_Link to Submitters Profile:https://hackerone.com/ndizon_ Report Title:Open redirect Via X-Forwarded-HostReport Link:https://hackerone.com/reports/1479889Date Submitted:17 November...

HackerOne Bug Bounty Disclosure: user-can-copy-locked-folders-and-gain-access-to-the-contents-maccs

November 16, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:maccsLink to Submitters Profile:https://hackerone.com/maccs Report Title:User can copy locked folders and gain...

HackerOne Bug Bounty Disclosure: unauthenticated-phpinfo-files-could-lead-to-ability-file-read-at-h-f-n-ips-mtn-co-ug-offensiveops

November 15, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:offensiveopsLink to Submitters Profile:https://hackerone.com/offensiveops Report Title:Unauthenticated phpinfo()files could lead to ability...

HackerOne Bug Bounty Disclosure: mail-auto-configurator-can-be-tricked-into-sending-account-information-to-wrong-servers-shushangw

November 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:shushangwLink to Submitters Profile:https://hackerone.com/shushangw Report Title:Mail auto configurator can be tricked into...

HackerOne Bug Bounty Disclosure: attachments-folder-for-text-app-is-accessible-on-files-drop-password-protected-shares-lukasreschke

November 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:lukasreschkeLink to Submitters Profile:https://hackerone.com/lukasreschke Report Title:Attachments folder for Text app is accessible...

HackerOne Bug Bounty Disclosure: open-redirect-when-logging-in-with-user-oidc-kesselb

November 15, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:kesselbLink to Submitters Profile:https://hackerone.com/kesselb Report Title:Open redirect when logging in with user_oidcReport...

HackerOne Bug Bounty Disclosure: takeover-of-hackerone-engineering-via-medium-raditz

November 14, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:raditzLink to Submitters Profile:https://hackerone.com/raditz Report Title:Takeover of hackeroneengineering via Medium Report Link:https://hackerone.com/reports/2709660Date...

HackerOne Bug Bounty Disclosure: can-see-phone-numbers-of-others-by-providing-mail-address-sevada

November 13, 2024

Company Name: LinkedIn Company HackerOne URL: https://hackerone.com/linkedin Submitted By:sevada797Link to Submitters Profile:https://hackerone.com/sevada797 Report Title:Can see phone numbers of others by...

HackerOne Bug Bounty Disclosure: idor-in-backup-recovery-functionality-theelgo

November 13, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:theelgo64Link to Submitters Profile:https://hackerone.com/theelgo64 Report Title:IDOR in backup recovery functionalityReport Link:https://hackerone.com/reports/1901713Date Submitted:13...

HackerOne Bug Bounty Disclosure: availability-impact-from-exploiting-project-name-vulnerabilities-mr-root

November 13, 2024

Company Name: Doppler Company HackerOne URL: https://hackerone.com/doppler Submitted By:mr_root_0101Link to Submitters Profile:https://hackerone.com/mr_root_0101 Report Title:Availability Impact from Exploiting Project Name VulnerabilitiesReport...

HackerOne Bug Bounty Disclosure: leakage-of-traffic-in-plaintext-towards-the-ip-address-of-vpn-server-vanhoefm

November 8, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:vanhoefmLink to Submitters Profile:https://hackerone.com/vanhoefm Report Title:Leakage of traffic in plaintext towards the...

HackerOne Bug Bounty Disclosure: leaking-vpn-traffic-through-non-rfc-local-ip-addresses-vanhoefm

November 8, 2024

HackerOne Bug Bounty Disclosure: buffer-overflow-in-strcpy-rootgh-st

November 7, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:rootgh0stLink to Submitters Profile:https://hackerone.com/rootgh0st Report Title:Buffer overflow in strcpyReport Link:https://hackerone.com/reports/2823554Date Submitted:07 November...

HackerOne Bug Bounty Disclosure: -potential-xss-vulnerability-in-acronis-login-callback-url-kindone

November 6, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:kindoneLink to Submitters Profile:https://hackerone.com/kindone Report Title: Potential XSS Vulnerability in Acronis Login...

HackerOne Bug Bounty Disclosure: exploitable-format-string-vulnerability-in-curl-mfprintf-function-reterix

November 6, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:reterixLink to Submitters Profile:https://hackerone.com/reterix Report Title:Exploitable Format String Vulnerability in curl_mfprintf FunctionReport...

HackerOne Bug Bounty Disclosure: potential-xss-in-redirect-url-parameter-kindone

November 6, 2024

HackerOne Bug Bounty Disclosure: cve-hsts-subdomain-overwrites-parent-cache-entry-newfunction

November 6, 2024

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:newfunctionLink to Submitters Profile:https://hackerone.com/newfunction Report Title:CVE-2024-9681: HSTS subdomain overwrites parent cache entryReport...

HackerOne Bug Bounty Disclosure: open-redirect-via-redirect-to-parameter-in-tumblr-com-shivangmauryaa

November 5, 2024

Company Name: Automattic Company HackerOne URL: https://hackerone.com/automattic Submitted By:shivangmauryaaLink to Submitters Profile:https://hackerone.com/shivangmauryaa Report Title:Open redirect via redirect_to parameter in tumblrcomReport...

HackerOne Bug Bounty Disclosure: overwrite-any-file-of-the-web-server-goedix

November 5, 2024

Company Name: MacTaggart Scott Company HackerOne URL: https://hackerone.com/mactaggart_scott Submitted By:goedixLink to Submitters Profile:https://hackerone.com/goedix Report Title:Overwrite any file of the web...

HackerOne Bug Bounty Disclosure: stored-xss-on-trix-editor-version-thwin-htet

November 4, 2024

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:thwin_htetLink to Submitters Profile:https://hackerone.com/thwin_htet Report Title:Stored XSS on trix editor version 211Report...

HackerOne Bug Bounty Disclosure: social-media-account-takeover-haythem

November 3, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:haythem02Link to Submitters Profile:https://hackerone.com/haythem02 Report Title:Social media account takeover Report Link:https://hackerone.com/reports/2682974Date...

HackerOne Bug Bounty Disclosure: insecure-invitation-link-handling-mous-haxk

October 31, 2024

Company Name: ProductBoard, Inc. Company HackerOne URL: https://hackerone.com/productboard Submitted By:mous_haxkLink to Submitters Profile:https://hackerone.com/mous_haxk Report Title:Insecure Invitation Link HandlingReport Link:https://hackerone.com/reports/2586433Date Submitted:31...

HackerOne Bug Bounty Disclosure: redos-vulnerability-in-http-accept-headers-parsing-dwisiswant

October 30, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:dwisiswant0Link to Submitters Profile:https://hackerone.com/dwisiswant0 Report Title:ReDoS Vulnerability in HTTP Accept...

Bug Bounty

HackerOne Bug Bounty Disclosure: nextcloud-tables-app-inserting-rows-to-an-arbitrary-table-possible-tuyenee

HackerOne Bug Bounty Disclosure: open-redirect-via-x-forwarded-host-ndizon

HackerOne Bug Bounty Disclosure: user-can-copy-locked-folders-and-gain-access-to-the-contents-maccs

HackerOne Bug Bounty Disclosure: unauthenticated-phpinfo-files-could-lead-to-ability-file-read-at-h-f-n-ips-mtn-co-ug-offensiveops

HackerOne Bug Bounty Disclosure: mail-auto-configurator-can-be-tricked-into-sending-account-information-to-wrong-servers-shushangw

HackerOne Bug Bounty Disclosure: attachments-folder-for-text-app-is-accessible-on-files-drop-password-protected-shares-lukasreschke

HackerOne Bug Bounty Disclosure: open-redirect-when-logging-in-with-user-oidc-kesselb

HackerOne Bug Bounty Disclosure: takeover-of-hackerone-engineering-via-medium-raditz

HackerOne Bug Bounty Disclosure: can-see-phone-numbers-of-others-by-providing-mail-address-sevada

HackerOne Bug Bounty Disclosure: idor-in-backup-recovery-functionality-theelgo

HackerOne Bug Bounty Disclosure: availability-impact-from-exploiting-project-name-vulnerabilities-mr-root

HackerOne Bug Bounty Disclosure: leakage-of-traffic-in-plaintext-towards-the-ip-address-of-vpn-server-vanhoefm

HackerOne Bug Bounty Disclosure: leaking-vpn-traffic-through-non-rfc-local-ip-addresses-vanhoefm

HackerOne Bug Bounty Disclosure: buffer-overflow-in-strcpy-rootgh-st

HackerOne Bug Bounty Disclosure: -potential-xss-vulnerability-in-acronis-login-callback-url-kindone

HackerOne Bug Bounty Disclosure: exploitable-format-string-vulnerability-in-curl-mfprintf-function-reterix

HackerOne Bug Bounty Disclosure: potential-xss-in-redirect-url-parameter-kindone

HackerOne Bug Bounty Disclosure: cve-hsts-subdomain-overwrites-parent-cache-entry-newfunction

HackerOne Bug Bounty Disclosure: open-redirect-via-redirect-to-parameter-in-tumblr-com-shivangmauryaa

HackerOne Bug Bounty Disclosure: overwrite-any-file-of-the-web-server-goedix

HackerOne Bug Bounty Disclosure: stored-xss-on-trix-editor-version-thwin-htet

HackerOne Bug Bounty Disclosure: social-media-account-takeover-haythem

HackerOne Bug Bounty Disclosure: insecure-invitation-link-handling-mous-haxk

HackerOne Bug Bounty Disclosure: redos-vulnerability-in-http-accept-headers-parsing-dwisiswant

[LYNX] – Ransomware Victim: La Unión

[FLOCKER] – Ransomware Victim: K**d[.]edu

[FOG] – Ransomware Victim: Central McGowan (centralmcgowan[.]com)

[FLOCKER] – Ransomware Victim: S********e[.]com

[FOG] – Ransomware Victim: Klesk Metal Stamping Co (kleskmetalstamping[.]com)

You may have missed