Bug Bounty
HackerOne Bug Bounty Disclosure: stored-cross-site-scripting-at-http://www-grouplogic-com/admin/store/index-cfm?fa=disprocodebyub3rsick
Programme HackerOne Acronis Acronis Submitted by ub3rsick ub3rsick Report Stored Cross Site Scripting at http://www.grouplogic.com/ADMIN/store/index.cfm?fa=disprocode Full Report
HackerOne Bug Bounty Disclosure: private-objects-exposed-through-project-importbysaltyyolk
Programme HackerOne GitLab GitLab Submitted by saltyyolk saltyyolk Report Private objects exposed through project import Full Report
HackerOne Bug Bounty Disclosure: path-traversal,-to-rcebysaltyyolk
Programme HackerOne GitLab GitLab Submitted by saltyyolk saltyyolk Report Path traversal, to RCE Full Report
HackerOne Bug Bounty Disclosure: path-traversal-in-nuget-package-registrybysaltyyolk
Programme HackerOne GitLab GitLab Submitted by saltyyolk saltyyolk Report Path traversal in Nuget Package Registry Full Report
HackerOne Bug Bounty Disclosure: store-admin-page-accessible-without-authentication-at-http://www-grouplogic-com/admin/store/index-cfmbyub3rsick
Programme HackerOne Acronis Acronis Submitted by ub3rsick ub3rsick Report Store Admin Page Accessible Without Authentication at http://www.grouplogic.com/ADMIN/store/index.cfm Full Report
HackerOne Bug Bounty Disclosure: steal-private-objects-of-other-projects-via-project-importbysaltyyolk
Programme HackerOne GitLab GitLab Submitted by saltyyolk saltyyolk Report Steal private objects of other projects via project import Full Report
BugCrowd Bug Bounty Disclosure: P5 – Dangerous RTLO Injection – By nt3c
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: 2-cache-poisoning-attack-methods-affect-core-functionality-www-exodus-combybismillahfortuner
Programme HackerOne Exodus Exodus Submitted by bismillahfortuner bismillahfortuner Report 2 Cache Poisoning Attack Methods Affect Core Functionality www.exodus.com Full Report
HackerOne Bug Bounty Disclosure: registered-users-contact–information-disclosure-on-salesforce-lightning-endpoint-https://disposal-gsa-govbyrptl
Programme HackerOne U.S. General Services Administration U.S. General Services Administration Submitted by rptl rptl Report Registered users contact information disclosure...
BugCrowd Bug Bounty Disclosure: P3 – XSS – By shahzeenkhan00
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: aws-load-balancer-controller-managed-security-groups-can-be-replaced-by-an-unprivileged-attackerbyt0rr3sp3dr0
Programme HackerOne Kubernetes Kubernetes Submitted by t0rr3sp3dr0 t0rr3sp3dr0 Report AWS Load Balancer Controller Managed Security Groups can be replaced by...
HackerOne Bug Bounty Disclosure: aws-load-balancer-controller-can-be-used-by-an-attacker-to-modify-rules-of-any-security-group-that-they-are-able-to-tagbyt0rr3sp3dr0
Programme HackerOne Kubernetes Kubernetes Submitted by t0rr3sp3dr0 t0rr3sp3dr0 Report AWS Load Balancer Controller can be used by an attacker to...
BugCrowd Bug Bounty Disclosure: P5 – RTLO Injection leads to URi Spoofing – By nt3c
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
HackerOne Bug Bounty Disclosure: user-can-bypass-password-enforcement-when-federated-sharing-is-enabledbymichag86
Programme HackerOne Nextcloud Nextcloud Submitted by michag86 michag86 Report user can bypass password enforcement when federated sharing is enabled Full...
HackerOne Bug Bounty Disclosure: improper-input-size-validation-on-the-user-new-session-name-can-result-in-server-side-ddos-bydemonia
Programme HackerOne Nextcloud Nextcloud Submitted by demonia demonia Report Improper input-size validation on the user new session name can result...
HackerOne Bug Bounty Disclosure: blind-xss-on-https://open-vanillaforums-combymohit0786
Programme HackerOne Vanilla Vanilla Submitted by mohit0786 mohit0786 Report BlIND XSS on https://open.vanillaforums.com Full Report
HackerOne Bug Bounty Disclosure: self-xss-in-attachments-namebymega7
Programme HackerOne Acronis Acronis Submitted by mega7 mega7 Report Self XSS in attachments name Full Report
HackerOne Bug Bounty Disclosure: users-who-are-restricted-to-use-the-application-because-of-a-“waiting-list”-are-able-to-get-access-to-the-beta-application-by-bypassing-the-waitlistbydarkknight4688
Programme HackerOne Alohi Alohi Submitted by darkknight4688 darkknight4688 Report Users who are restricted to use the application because of a...
HackerOne Bug Bounty Disclosure: control-character-filtering-misses-leading-and-trailing-whitespace-in-file-and-folder-namesbydavid_h1
Programme HackerOne Nextcloud Nextcloud Submitted by david_h1 david_h1 Report Control character filtering misses leading and trailing whitespace in file and...
HackerOne Bug Bounty Disclosure: notification-implicit-pendingintent-in-com-nextcloud-client-allows-to-access-contactsbyqj_test
Programme HackerOne Nextcloud Nextcloud Submitted by qj_test qj_test Report Notification implicit PendingIntent in com.nextcloud.client allows to access contacts Full Report
HackerOne Bug Bounty Disclosure: read-other-users-reports-through-cloningbyhollaatm3
Programme HackerOne U.S. General Services Administration U.S. General Services Administration Submitted by hollaatm3 hollaatm3 Report Read Other Users Reports Through...
HackerOne Bug Bounty Disclosure: [urgent]-critical-vulnerability-[rce]-on–vulnerable-to-remote-code-execution-by-exploiting-ms15-034,-cve-2015-1635byashutosh7
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by ashutosh7 ashutosh7 Report Critical Vulnerability on vulnerable to...
HackerOne Bug Bounty Disclosure: cross-site-scripting-on-dashboard2-omise-cobyoblivionlight
Programme HackerOne Omise Omise Submitted by oblivionlight oblivionlight Report Cross-site scripting on dashboard2.omise.co Full Report