Bug Bounty

HackerOne Bug Bounty Disclosure: blind-ssrf-vulnerability-on-cz-acronis-com-cabelo

August 27, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:cabeloLink to Submitters Profile:https://hackerone.com/cabelo Report Title:Blind SSRF vulnerability on czacroniscomReport Link:https://hackerone.com/reports/1086206Date Submitted:27...

HackerOne Bug Bounty Disclosure: jitsi-bridge-message-spoofing-due-to-improper-json-handling-leads-to-prototype-pollution-afewgoats

August 26, 2024

Company Name: 8x8 Bounty Company HackerOne URL: https://hackerone.com/8x8-bounty Submitted By:afewgoatsLink to Submitters Profile:https://hackerone.com/afewgoats Report Title:Jitsi: Bridge Message Spoofing due to...

HackerOne Bug Bounty Disclosure: acronis-sync-agent-service-untrusted-dll-search-ordering-lead-to-privilege-escalation-vanitas

August 26, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:vanitasLink to Submitters Profile:https://hackerone.com/vanitas Report Title:Acronis Sync Agent Service - Untrusted DLL...

HackerOne Bug Bounty Disclosure: local-privilege-escalation-when-deleting-a-file-from-quarantine-z-ron

August 26, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:z3ron3Link to Submitters Profile:https://hackerone.com/z3ron3 Report Title:Local Privilege Escalation when deleting a file...

HackerOne Bug Bounty Disclosure: dll-hijacking-when-performing-operations-in-acronis-secure-zone-partition-leading-to-privilege-escalation-z-ron

August 26, 2024

HackerOne Bug Bounty Disclosure: local-privilege-escalation-via-dll-search-order-hijacking-with-cyber-protection-agent-tibxread-exe-utility-mmg

August 26, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:mmgLink to Submitters Profile:https://hackerone.com/mmg Report Title:Local Privilege Escalation via DLL Search-Order Hijacking...

HackerOne Bug Bounty Disclosure: credentials-leaked-via-github-sheikh-chilli

August 26, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:sheikh_chilliLink to Submitters Profile:https://hackerone.com/sheikh_chilli Report Title:Credentials leaked via GithubReport Link:https://hackerone.com/reports/1078373Date Submitted:26 August...

HackerOne Bug Bounty Disclosure: large-amounts-of-back-end-acronis-source-code-is-publicly-accessible-shadowmap

August 26, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:shadowmapLink to Submitters Profile:https://hackerone.com/shadowmap Report Title:Large Amounts of Back-End Acronis Source Code...

HackerOne Bug Bounty Disclosure: xss-in-hxxps-promo-acronis-com-yash

August 26, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:yash_Link to Submitters Profile:https://hackerone.com/yash_ Report Title:XSS in hXXps://promoacroniscom/Report Link:https://hackerone.com/reports/982442Date Submitted:26 August 2024...

HackerOne Bug Bounty Disclosure: cross-site-scripting-reflected-on-hxxps-www-acronis-cz-dotaznik-roadshow-darkdream

August 26, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:darkdreamLink to Submitters Profile:https://hackerone.com/darkdream Report Title:Cross Site Scripting (Reflected) on hXXps://wwwacroniscz/dotaznik/roadshow-2020/Report Link:https://hackerone.com/reports/1081747Date...

HackerOne Bug Bounty Disclosure: csrf-and-xss-on-www-acronis-com-cabelo

August 26, 2024

Company Name: Acronis Company HackerOne URL: https://hackerone.com/acronis Submitted By:cabeloLink to Submitters Profile:https://hackerone.com/cabelo Report Title:CSRF and XSS on wwwacroniscomReport Link:https://hackerone.com/reports/961787Date Submitted:26...

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-on-hxxp-h-b-e-n-ips-mtn-co-ug-via-nginx-module-renzi

August 24, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:renziLink to Submitters Profile:https://hackerone.com/renzi Report Title:Cross-site Scripting (XSS) - Reflected on...

HackerOne Bug Bounty Disclosure: remote-code-injection-in-log-j-on-hxxp-mtn-app-mtncameroon-net-cve-renzi

August 24, 2024

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-on-hxxps-api-mtn-sd-carbon-admin-login-jsp-via-msgid-parameter-cve-renzi

August 24, 2024

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-on-hxxp-callertunez-mtn-com-gh-wap-noauth-sharedetail-ftl-via-callback-parameter-renzi

August 24, 2024

HackerOne Bug Bounty Disclosure: cve-potential-sql-injection-in-queryset-values-and-values-list-eyalgabay

August 24, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:eyalgabayLink to Submitters Profile:https://hackerone.com/eyalgabay Report Title:CVE-2024-42005: Potential SQL injection in...

HackerOne Bug Bounty Disclosure: remote-code-injection-in-log-j-on-hxxps-mymtn-mtncongo-net-cve-renzi

August 24, 2024

HackerOne Bug Bounty Disclosure: reflected-cross-site-scripting-cisco-asa-on-myvpn-mtncameroon-net-cve-renzi

August 23, 2024

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-mersenne

August 21, 2024

Company Name: Drugs.com Company HackerOne URL: https://hackerone.com/drugs_com Submitted By:mersenneLink to Submitters Profile:https://hackerone.com/mersenne Report Title:Cross-site Scripting (XSS) - ReflectedReport Link:https://hackerone.com/reports/1211148Date Submitted:21...

HackerOne Bug Bounty Disclosure: full-account-takeover-impozzible

August 17, 2024

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:impozzibleLink to Submitters Profile:https://hackerone.com/impozzible Report Title:FULL ACCOUNT TAKEOVERReport Link:https://hackerone.com/reports/2542372Date Submitted:17 August...

HackerOne Bug Bounty Disclosure: dod-workstation-exposed-to-internet-via-tinypilot-kvm-with-no-authentication-socpuppet

August 16, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:socpuppetLink to Submitters Profile:https://hackerone.com/socpuppet Report Title:DoD workstation exposed to...

HackerOne Bug Bounty Disclosure: course-registration-form-allowing-an-attacker-to-dump-all-the-candidate-name-who-had-enrolled-for-the-course-steveflex

August 16, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:steveflexLink to Submitters Profile:https://hackerone.com/steveflex Report Title:Course Registration Form Allowing...

HackerOne Bug Bounty Disclosure: cross-site-scripting-prakhar-x

August 16, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:prakhar0x01Link to Submitters Profile:https://hackerone.com/prakhar0x01 Report Title:Cross Site ScriptingReport Link:https://hackerone.com/reports/2587844Date...

HackerOne Bug Bounty Disclosure: blind-stored-xss-on-the-internal-host-sp-d-rs

August 16, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:sp1d3rsLink to Submitters Profile:https://hackerone.com/sp1d3rs Report Title:Blind Stored XSS on...

Bug Bounty

HackerOne Bug Bounty Disclosure: blind-ssrf-vulnerability-on-cz-acronis-com-cabelo

HackerOne Bug Bounty Disclosure: jitsi-bridge-message-spoofing-due-to-improper-json-handling-leads-to-prototype-pollution-afewgoats

HackerOne Bug Bounty Disclosure: acronis-sync-agent-service-untrusted-dll-search-ordering-lead-to-privilege-escalation-vanitas

HackerOne Bug Bounty Disclosure: local-privilege-escalation-when-deleting-a-file-from-quarantine-z-ron

HackerOne Bug Bounty Disclosure: dll-hijacking-when-performing-operations-in-acronis-secure-zone-partition-leading-to-privilege-escalation-z-ron

HackerOne Bug Bounty Disclosure: local-privilege-escalation-via-dll-search-order-hijacking-with-cyber-protection-agent-tibxread-exe-utility-mmg

HackerOne Bug Bounty Disclosure: credentials-leaked-via-github-sheikh-chilli

HackerOne Bug Bounty Disclosure: large-amounts-of-back-end-acronis-source-code-is-publicly-accessible-shadowmap

HackerOne Bug Bounty Disclosure: xss-in-hxxps-promo-acronis-com-yash

HackerOne Bug Bounty Disclosure: cross-site-scripting-reflected-on-hxxps-www-acronis-cz-dotaznik-roadshow-darkdream

HackerOne Bug Bounty Disclosure: csrf-and-xss-on-www-acronis-com-cabelo

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-on-hxxp-h-b-e-n-ips-mtn-co-ug-via-nginx-module-renzi

HackerOne Bug Bounty Disclosure: remote-code-injection-in-log-j-on-hxxp-mtn-app-mtncameroon-net-cve-renzi

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-on-hxxps-api-mtn-sd-carbon-admin-login-jsp-via-msgid-parameter-cve-renzi

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-on-hxxp-callertunez-mtn-com-gh-wap-noauth-sharedetail-ftl-via-callback-parameter-renzi

HackerOne Bug Bounty Disclosure: cve-potential-sql-injection-in-queryset-values-and-values-list-eyalgabay

HackerOne Bug Bounty Disclosure: remote-code-injection-in-log-j-on-hxxps-mymtn-mtncongo-net-cve-renzi

HackerOne Bug Bounty Disclosure: reflected-cross-site-scripting-cisco-asa-on-myvpn-mtncameroon-net-cve-renzi

HackerOne Bug Bounty Disclosure: cross-site-scripting-xss-reflected-mersenne

HackerOne Bug Bounty Disclosure: full-account-takeover-impozzible

HackerOne Bug Bounty Disclosure: dod-workstation-exposed-to-internet-via-tinypilot-kvm-with-no-authentication-socpuppet

HackerOne Bug Bounty Disclosure: course-registration-form-allowing-an-attacker-to-dump-all-the-candidate-name-who-had-enrolled-for-the-course-steveflex

HackerOne Bug Bounty Disclosure: cross-site-scripting-prakhar-x

HackerOne Bug Bounty Disclosure: blind-stored-xss-on-the-internal-host-sp-d-rs

HackerOne Bug Bounty Disclosure: disclosure-of-the-valid-cognizant-credentials-at-the-postman-collection-hellicopter

HackerOne Bug Bounty Disclosure: privilege-escalation-a-non-owner-user-who-does-not-have-access-to-the-user-management-can-invite-other-users-to-the-restaurant-page-vijaysimha-reddy

HackerOne Bug Bounty Disclosure: registration-information-leakage-titanrain

HackerOne Bug Bounty Disclosure: unauthorized-reservation-cancellation-through-idor-vulnerability-no-need

[PLAY] – Ransomware Victim: Marshall & Bruce Printing

You may have missed