Bug Bounty

HackerOne Bug Bounty Disclosure: remote-code-execution-cve-m-lc-lmx

October 9, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:m4lc0lmxLink to Submitters Profile:https://hackerone.com/m4lc0lmx Report Title:Remote code execution Report Link:https://hackerone.com/reports/2182202Date Submitted:09...

HackerOne Bug Bounty Disclosure: change-phone-number-otp-flaw-leads-to-any-phone-number-takeover-polem-rch

October 9, 2024

Company Name: inDrive Company HackerOne URL: https://hackerone.com/indrive Submitted By:polem4rchLink to Submitters Profile:https://hackerone.com/polem4rch Report Title:Change phone number OTP flaw leads to...

HackerOne Bug Bounty Disclosure: maintainer-can-leak-sentry-token-by-changing-the-configured-url-fix-bypass–rpedo

October 8, 2024

Company Name: GitLab Company HackerOne URL: https://hackerone.com/gitlab Submitted By:70rpedoLink to Submitters Profile:https://hackerone.com/70rpedo Report Title:Maintainer can leak sentry token by changing...

HackerOne Bug Bounty Disclosure: redos-due-to-device-detector-parsing-user-agents-afewgoats

October 8, 2024

Company Name: GitLab Company HackerOne URL: https://hackerone.com/gitlab Submitted By:afewgoatsLink to Submitters Profile:https://hackerone.com/afewgoats Report Title:ReDoS due to device-detector parsing user agentsReport...

HackerOne Bug Bounty Disclosure: html-injection-possible-with-soft-email-confirmations-when-administrator-manually-confirms-attacker-email-address-cryptopone

October 8, 2024

Company Name: GitLab Company HackerOne URL: https://hackerone.com/gitlab Submitted By:cryptoponeLink to Submitters Profile:https://hackerone.com/cryptopone Report Title:HTML injection possible with soft email confirmations...

HackerOne Bug Bounty Disclosure: user-api-key-leakage-in-github-commit-leads-to-unauthorized-access-to-sql-telemetry-mozilla-org-anhchangmutrang

October 8, 2024

Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:anhchangmutrangLink to Submitters Profile:https://hackerone.com/anhchangmutrang Report Title:User API Key leakage in Github commit...

HackerOne Bug Bounty Disclosure: reflected-xss-in-hxxps-nin-mtn-ng-nin-success-message-lol-nin-vulnerable-hazemhussien

October 5, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:hazemhussien99Link to Submitters Profile:https://hackerone.com/hazemhussien99 Report Title:Reflected XSS in hXXps://ninmtnng/nin/success?message=lol&nin=Report Link:https://hackerone.com/reports/2039384Date Submitted:05...

HackerOne Bug Bounty Disclosure: idor-at-mtnmobad-mtnbusiness-com-ng-leads-to-pii-leakage-hazemhussien

October 5, 2024

HackerOne Bug Bounty Disclosure: external-service-interaction-http-hesham-elsheme

October 4, 2024

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:hesham_elshemeLink to Submitters Profile:https://hackerone.com/hesham_elsheme Report Title:External service interaction (HTTP)Report Link:https://hackerone.com/reports/2731133Date Submitted:04...

HackerOne Bug Bounty Disclosure: stored-xss-ads-tiktok-com-ahmed-xyz

October 2, 2024

Company Name: TikTok Company HackerOne URL: https://hackerone.com/tiktok Submitted By:ahmed_xyzLink to Submitters Profile:https://hackerone.com/ahmed_xyz Report Title:Stored-XSS-adstiktokcomReport Link:https://hackerone.com/reports/2306491Date Submitted:02 October 2024 A considerable...

HackerOne Bug Bounty Disclosure: the-initial-e-ee-password-generated-by-rocket-chat-mobile-can-be-recovered-in-a-practical-timescale-h

October 1, 2024

Company Name: Rocket.Chat Company HackerOne URL: https://hackerone.com/rocket_chat Submitted By:h0011Link to Submitters Profile:https://hackerone.com/h0011 Report Title:The initial E2EE password generated by RocketChat...

HackerOne Bug Bounty Disclosure: xss-when-using-translate-in-action-controller-rails-ooooooo-q

October 1, 2024

Company Name: Ruby on Rails Company HackerOne URL: https://hackerone.com/rails Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:XSS when using `translate` in...

HackerOne Bug Bounty Disclosure: idor-exposes-all-machine-learning-models-moblig

October 1, 2024

Company Name: GitLab Company HackerOne URL: https://hackerone.com/gitlab Submitted By:mobligLink to Submitters Profile:https://hackerone.com/moblig Report Title:IDOR Exposes All Machine Learning ModelsReport Link:https://hackerone.com/reports/2528293Date...

HackerOne Bug Bounty Disclosure: posts-sent-via-websockets-aren-t-sanitized-properly-c-rydoras

October 1, 2024

Company Name: Mattermost Company HackerOne URL: https://hackerone.com/mattermost Submitted By:c0rydorasLink to Submitters Profile:https://hackerone.com/c0rydoras Report Title:Posts sent via websockets aren't sanitized properlyReport...

HackerOne Bug Bounty Disclosure: ibm-openpages-vulnerable-to-exposure-of-sensitive-information–xhassan

October 1, 2024

Company Name: IBM Company HackerOne URL: https://hackerone.com/ibm Submitted By:0xhassanLink to Submitters Profile:https://hackerone.com/0xhassan Report Title:IBM OpenPages vulnerable to exposure of sensitive...

HackerOne Bug Bounty Disclosure: remove-obsolete-domain-from-handbook-subdomain-tefa

October 1, 2024

Company Name: GitLab Company HackerOne URL: https://hackerone.com/gitlab Submitted By:tefa_Link to Submitters Profile:https://hackerone.com/tefa_ Report Title:Remove obsolete domain from handbook subdomainReport Link:https://hackerone.com/reports/2599840Date...

HackerOne Bug Bounty Disclosure: -switch-pia-mk-dx-stack-buffer-overflow-and-potential-rce-in-pia-lan-ldn-possibly-nex-room-info-deserialization-regginator

September 30, 2024

Company Name: Nintendo Company HackerOne URL: https://hackerone.com/nintendo Submitted By:regginatorLink to Submitters Profile:https://hackerone.com/regginator Report Title: Stack buffer overflow and potential RCE...

HackerOne Bug Bounty Disclosure: ssrf-keycloak-before-cve-on-hxxps-sponsoredata-mtn-ci-renzi

September 26, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:renziLink to Submitters Profile:https://hackerone.com/renzi Report Title:SSRF Keycloak before 1300 - CVE-2020-10770...

HackerOne Bug Bounty Disclosure: client-side-path-traversal-on-line-developers-console-never-die

September 26, 2024

Company Name: LY Corporation Company HackerOne URL: https://hackerone.com/line Submitted By:never_dieLink to Submitters Profile:https://hackerone.com/never_die Report Title:Client-Side Path Traversal on LINE Developers...

HackerOne Bug Bounty Disclosure: possible-xss-vulnerability-in-action-controller-ooooooo-q

September 25, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:ooooooo_qLink to Submitters Profile:https://hackerone.com/ooooooo_q Report Title:Possible XSS Vulnerability in Action...

HackerOne Bug Bounty Disclosure: possible-dos-vulnerability-with-range-header-in-rack-ooooooo-q

September 25, 2024

HackerOne Bug Bounty Disclosure: able-to-see-location-coordinates-in-any-event-without-permission-to-do-so-ezzra

September 25, 2024

Company Name: FetLife Company HackerOne URL: https://hackerone.com/fetlife Submitted By:ezzraLink to Submitters Profile:https://hackerone.com/ezzra Report Title:Able to see location coordinates in any...

HackerOne Bug Bounty Disclosure: dom-xss-in-tiktok-com-login-via-the-redirect-url-parameter-sh-yo

September 21, 2024

Company Name: TikTok Company HackerOne URL: https://hackerone.com/tiktok Submitted By:sh1yoLink to Submitters Profile:https://hackerone.com/sh1yo Report Title:DOM XSS in tiktokcom/login via the redirect_url...

HackerOne Bug Bounty Disclosure: inviting-collaborator-using-email-disclose-the-hackerone-account-related-to-the-user-raymatp

September 19, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:raymatpLink to Submitters Profile:https://hackerone.com/raymatp Report Title:inviting collaborator using email disclose the hackerone...

Bug Bounty

HackerOne Bug Bounty Disclosure: remote-code-execution-cve-m-lc-lmx

HackerOne Bug Bounty Disclosure: change-phone-number-otp-flaw-leads-to-any-phone-number-takeover-polem-rch

HackerOne Bug Bounty Disclosure: maintainer-can-leak-sentry-token-by-changing-the-configured-url-fix-bypass–rpedo

HackerOne Bug Bounty Disclosure: redos-due-to-device-detector-parsing-user-agents-afewgoats

HackerOne Bug Bounty Disclosure: html-injection-possible-with-soft-email-confirmations-when-administrator-manually-confirms-attacker-email-address-cryptopone

HackerOne Bug Bounty Disclosure: user-api-key-leakage-in-github-commit-leads-to-unauthorized-access-to-sql-telemetry-mozilla-org-anhchangmutrang

HackerOne Bug Bounty Disclosure: reflected-xss-in-hxxps-nin-mtn-ng-nin-success-message-lol-nin-vulnerable-hazemhussien

HackerOne Bug Bounty Disclosure: idor-at-mtnmobad-mtnbusiness-com-ng-leads-to-pii-leakage-hazemhussien

HackerOne Bug Bounty Disclosure: external-service-interaction-http-hesham-elsheme

HackerOne Bug Bounty Disclosure: stored-xss-ads-tiktok-com-ahmed-xyz

HackerOne Bug Bounty Disclosure: the-initial-e-ee-password-generated-by-rocket-chat-mobile-can-be-recovered-in-a-practical-timescale-h

HackerOne Bug Bounty Disclosure: xss-when-using-translate-in-action-controller-rails-ooooooo-q

HackerOne Bug Bounty Disclosure: idor-exposes-all-machine-learning-models-moblig

HackerOne Bug Bounty Disclosure: posts-sent-via-websockets-aren-t-sanitized-properly-c-rydoras

HackerOne Bug Bounty Disclosure: ibm-openpages-vulnerable-to-exposure-of-sensitive-information–xhassan

HackerOne Bug Bounty Disclosure: remove-obsolete-domain-from-handbook-subdomain-tefa

HackerOne Bug Bounty Disclosure: -switch-pia-mk-dx-stack-buffer-overflow-and-potential-rce-in-pia-lan-ldn-possibly-nex-room-info-deserialization-regginator

HackerOne Bug Bounty Disclosure: ssrf-keycloak-before-cve-on-hxxps-sponsoredata-mtn-ci-renzi

HackerOne Bug Bounty Disclosure: client-side-path-traversal-on-line-developers-console-never-die

HackerOne Bug Bounty Disclosure: possible-xss-vulnerability-in-action-controller-ooooooo-q

HackerOne Bug Bounty Disclosure: possible-dos-vulnerability-with-range-header-in-rack-ooooooo-q

HackerOne Bug Bounty Disclosure: able-to-see-location-coordinates-in-any-event-without-permission-to-do-so-ezzra

HackerOne Bug Bounty Disclosure: dom-xss-in-tiktok-com-login-via-the-redirect-url-parameter-sh-yo

HackerOne Bug Bounty Disclosure: inviting-collaborator-using-email-disclose-the-hackerone-account-related-to-the-user-raymatp

[LYNX] – Ransomware Victim: La Unión

[FLOCKER] – Ransomware Victim: K**d[.]edu

[FOG] – Ransomware Victim: Central McGowan (centralmcgowan[.]com)

[FLOCKER] – Ransomware Victim: S********e[.]com

[FOG] – Ransomware Victim: Klesk Metal Stamping Co (kleskmetalstamping[.]com)

You may have missed