HackerOne Bug Bounty Disclosure: vulnerable-to-cve-2022-22954bynull_bytes
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by null_bytes null_bytes Report vulnerable to CVE-2022-22954 Full Report
Bug Bounty
HackerOne Bug Bounty Disclosure: subdomain-takeover-(abandoned-zendesk–easycontactnow-com)bybx_1
Programme HackerOne 8x8 8x8 Submitted by bx_1 bx_1 Report subdomain takeover (abandoned Zendesk .easycontactnow.com) Full Report
HackerOne Bug Bounty Disclosure: container-escape-on-public-gitlab-ci-runnersbyec0
Programme HackerOne GitLab GitLab Submitted by ec0 ec0 Report Container escape on public GitLab CI runners Full Report
HackerOne Bug Bounty Disclosure: cve-2022-27775:-bad-local-ipv6-connection-reusebynyymi
Programme HackerOne curl curl Submitted by nyymi nyymi Report CVE-2022-27775: Bad local IPv6 connection reuse Full Report
HackerOne Bug Bounty Disclosure: cve-2022-27776:-auth/cookie-leak-on-redirectbynyymi
Programme HackerOne curl curl Submitted by nyymi nyymi Report CVE-2022-27776: Auth/cookie leak on redirect Full Report
HackerOne Bug Bounty Disclosure: cve-2022-27774:-credential-leak-on-redirectbynyymi
Programme HackerOne curl curl Submitted by nyymi nyymi Report CVE-2022-27774: Credential leak on redirect Full Report
HackerOne Bug Bounty Disclosure: rce-via-exposed-jmx-server-on-jabber-37signals-com/jabber-basecamp-combyian
Programme HackerOne Basecamp Basecamp Submitted by ian ian Report RCE via exposed JMX server on jabber.37signals.com/jabber.basecamp.com Full Report
HackerOne Bug Bounty Disclosure: stored-xss-in-“product-type”-field-executed-via-product-filtersbyglister
Programme HackerOne Judge.me Judge.me Submitted by glister glister Report Stored XSS in "product type" field executed via product filters Full...
HackerOne Bug Bounty Disclosure: force-user-to-accept-attacker’s-invite-[-restrict-user-to-create-account]bysammam
Programme HackerOne Krisp Krisp Submitted by sammam sammam Report Force User to Accept Attacker's invite Full Report
HackerOne Bug Bounty Disclosure: xss-triggered-in-your-store-myshopify-com/myshopify-com/admin/apps/shopify-email/editor/****bydanishalkatiri
Programme HackerOne Shopify Shopify Submitted by danishalkatiri danishalkatiri Report Xss triggered in Your-store.myshopify.com/myshopify.com/admin/apps/shopify-email/editor/**** Full Report
HackerOne Bug Bounty Disclosure: curlopt_ssh_host_public_key_md5-bypass-if-string-not-32-charsbynyymi
Programme HackerOne curl curl Submitted by nyymi nyymi Report CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 bypass if string not 32 chars Full Report
HackerOne Bug Bounty Disclosure: curlopt_ssh_host_public_key_sha256-comparison-disasterbynyymi
Programme HackerOne curl curl Submitted by nyymi nyymi Report CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 comparison disaster Full Report
HackerOne Bug Bounty Disclosure: visibility-robots-txt-filebyrazahack
Programme HackerOne Krisp Krisp Submitted by razahack razahack Report Visibility Robots.txt file Full Report
BugCrowd Bug Bounty Disclosure: P5 – Critical information disclosure at https://www.doi.gov/ – By tejaspawar172000
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P1 – Local file read (CVE2020-3452 in CISCO ASA) – By _Sparrow
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P5 – Clickjacking – By m4v3r1ck101
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P3 – Stored XSS [doi.gov/iacb/indian-arts-and-crafts-board-potential-violation-report ] – By Xml_
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P3 – Able to change other publishers’ payment details – By AlWaYsHuNt
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P1 – RCE in Bitbucket DataCenter via HazelCastPort – By SnowyOwl
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P5 – Broken Access Control Issue. – By jeetbhdr
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P3 – postMessage XSS in Tesla Payment page – By TheTime
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P4 – Xss on – employers.indeed.com – By ig420_vrush
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P5 – Information Disclosure via url tampering – By murderfalcon
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
BugCrowd Bug Bounty Disclosure: P4 – #2 BLIND XSS ON CONTACT PAGE .doi.gov/contact-us – By Msjsoi323_
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
