bug bounty

HackerOne Bug Bounty Disclosure: passcode-bypass-on-talk-android-appbyctulhu

January 9, 2023

Programme HackerOne Nextcloud Nextcloud Submitted by ctulhu ctulhu Report Passcode bypass on Talk Android app Full Report A considerable amount...

HackerOne Bug Bounty Disclosure: possibility-to-delete-files-attached-to-deck-cards-of-other-usersbysupr4s

January 9, 2023

Programme HackerOne Nextcloud Nextcloud Submitted by supr4s supr4s Report Possibility to delete files attached to deck cards of other users...

HackerOne Bug Bounty Disclosure: race-condition-in-joining-ctf-groupbyzeyu2001

January 8, 2023

Programme HackerOne HackerOne HackerOne Submitted by zeyu2001 zeyu2001 Report Race condition in joining CTF group Full Report A considerable amount...

HackerOne Bug Bounty Disclosure: heic-image-preview-can-be-used-to-invoke-imagickbylukasreschkenc

January 7, 2023

Programme HackerOne Nextcloud Nextcloud Submitted by lukasreschkenc lukasreschkenc Report HEIC image preview can be used to invoke Imagick Full Report...

HackerOne Bug Bounty Disclosure: cve-2022-40127:-rce-in-apache-airflow-<2-4-0-bash-examplebyleixiao

January 5, 2023

Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by leixiao leixiao Report CVE-2022-40127: RCE in Apache Airflow

HackerOne Bug Bounty Disclosure: csv-injection-at-https://assets-paris-demo-codefi-network/bydoosec101

January 4, 2023

Programme HackerOne Consensys Consensys Submitted by doosec101 doosec101 Report CSV Injection at https://assets-paris-demo.codefi.network/ Full Report A considerable amount of time...

HackerOne Bug Bounty Disclosure: address-bar-spoofing-on-tor-browserbysoulhunter

January 2, 2023

Programme HackerOne Tor Tor Submitted by soulhunter soulhunter Report Address Bar Spoofing on TOR Browser Full Report A considerable amount...

HackerOne Bug Bounty Disclosure: redos-(rails::html::permitscrubber-scrub_attribute)byooooooo_q

January 2, 2023

Programme HackerOne Ruby on Rails Ruby on Rails Submitted by ooooooo_q ooooooo_q Report ReDoS (Rails::Html::PermitScrubber.scrub_attribute) Full Report A considerable amount...

HackerOne Bug Bounty Disclosure: disabled-download-shares-still-allow-download-through-preview-imagesbyjuliushaertl

December 31, 2022

Programme HackerOne Nextcloud Nextcloud Submitted by juliushaertl juliushaertl Report Disabled download shares still allow download through preview images Full Report...

HackerOne Bug Bounty Disclosure: no-password-length-limit-when-creating-a-user-as-an-administratorbyhackeronefour

December 31, 2022

Programme HackerOne Nextcloud Nextcloud Submitted by hackeronefour hackeronefour Report No password length limit when creating a user as an administrator...

HackerOne Bug Bounty Disclosure: guests-can-continue-to-receive-video-streams-from-call-after-being-removed-from-a-conversationbydaniel_calvino_sanchez

December 31, 2022

Programme HackerOne Nextcloud Nextcloud Submitted by daniel_calvino_sanchez daniel_calvino_sanchez Report Guests can continue to receive video streams from call after being...

HackerOne Bug Bounty Disclosure: dom-based-xss-on-parameter-?vsid=bydracoludio

December 30, 2022

Programme HackerOne JetBlue JetBlue Submitted by dracoludio dracoludio Report Dom-Based XSS on parameter ?vsid= Full Report A considerable amount of...

HackerOne Bug Bounty Disclosure: chained-open-redirects-and-use-of-ideographic-full-stop-defeat-twitter’s–approach-to-blocking-linksbyjub0bs

December 29, 2022

Programme HackerOne Twitter Twitter Submitted by jub0bs jub0bs Report Chained open redirects and use of Ideographic Full Stop defeat Twitter's...

HackerOne Bug Bounty Disclosure: s3-bucket-takeover-[learn2-khanacademy-org]byfdeleite

December 29, 2022

Programme HackerOne Khan Academy Khan Academy Submitted by fdeleite fdeleite Report S3 bucket takeover Full Report A considerable amount of...

HackerOne Bug Bounty Disclosure: smtp-command-injection-in-appointment-emails-via-newlinesbyspaceraccoon

December 27, 2022

Programme HackerOne Nextcloud Nextcloud Submitted by spaceraccoon spaceraccoon Report SMTP Command Injection in Appointment Emails via Newlines Full Report A...

HackerOne Bug Bounty Disclosure: cve-2022-43552:-http-proxy-deny-use-after-freebybagder

December 26, 2022

Programme HackerOne curl curl Submitted by bagder bagder Report CVE-2022-43552: HTTP Proxy deny use-after-free Full Report A considerable amount of...

HackerOne Bug Bounty Disclosure: account-takeover—improper-validation-of-jwt-signature-(with-regards–to-experiation-date-claim)bytwelvesix

December 26, 2022

Programme HackerOne Linktree Linktree Submitted by twelvesix twelvesix Report Account takeover - improper validation of jwt signature (with regards to...

HackerOne Bug Bounty Disclosure: nextcloudcmd-incorrectly-trusts-bad-tls-certificatesbytobiaskaminsky

December 25, 2022

Programme HackerOne Nextcloud Nextcloud Submitted by tobiaskaminsky tobiaskaminsky Report nextcloudcmd incorrectly trusts bad TLS certificates Full Report A considerable amount...

HackerOne Bug Bounty Disclosure: exposure-of-admin-username-&-passwordbycoyemerald

December 25, 2022

Programme HackerOne MTN Group MTN Group Submitted by coyemerald coyemerald Report Exposure Of Admin Username & Password Full Report A...

HackerOne Bug Bounty Disclosure: developer-mistakebycoyemerald

December 25, 2022

Programme HackerOne MTN Group MTN Group Submitted by coyemerald coyemerald Report Developer Mistake Full Report A considerable amount of time...

HackerOne Bug Bounty Disclosure: talk-android-broadcast-receiver-is-not-protected-by-broadcastpermission-allowing-malicious-apps-to-communicatebyandyscherzinger

December 25, 2022

Programme HackerOne Nextcloud Nextcloud Submitted by andyscherzinger andyscherzinger Report Talk Android broadcast receiver is not protected by broadcastPermission allowing malicious...

bug bounty

HackerOne Bug Bounty Disclosure: passcode-bypass-on-talk-android-appbyctulhu

HackerOne Bug Bounty Disclosure: possibility-to-delete-files-attached-to-deck-cards-of-other-usersbysupr4s

HackerOne Bug Bounty Disclosure: race-condition-in-joining-ctf-groupbyzeyu2001

HackerOne Bug Bounty Disclosure: heic-image-preview-can-be-used-to-invoke-imagickbylukasreschkenc

HackerOne Bug Bounty Disclosure: cve-2022-40127:-rce-in-apache-airflow-<2-4-0-bash-examplebyleixiao

HackerOne Bug Bounty Disclosure: csv-injection-at-https://assets-paris-demo-codefi-network/bydoosec101

HackerOne Bug Bounty Disclosure: address-bar-spoofing-on-tor-browserbysoulhunter

HackerOne Bug Bounty Disclosure: redos-(rails::html::permitscrubber-scrub_attribute)byooooooo_q

HackerOne Bug Bounty Disclosure: disabled-download-shares-still-allow-download-through-preview-imagesbyjuliushaertl

HackerOne Bug Bounty Disclosure: no-password-length-limit-when-creating-a-user-as-an-administratorbyhackeronefour

HackerOne Bug Bounty Disclosure: guests-can-continue-to-receive-video-streams-from-call-after-being-removed-from-a-conversationbydaniel_calvino_sanchez

HackerOne Bug Bounty Disclosure: dom-based-xss-on-parameter-?vsid=bydracoludio

HackerOne Bug Bounty Disclosure: chained-open-redirects-and-use-of-ideographic-full-stop-defeat-twitter’s–approach-to-blocking-linksbyjub0bs

HackerOne Bug Bounty Disclosure: s3-bucket-takeover-[learn2-khanacademy-org]byfdeleite

HackerOne Bug Bounty Disclosure: smtp-command-injection-in-appointment-emails-via-newlinesbyspaceraccoon

HackerOne Bug Bounty Disclosure: cve-2022-43552:-http-proxy-deny-use-after-freebybagder

HackerOne Bug Bounty Disclosure: account-takeover—improper-validation-of-jwt-signature-(with-regards–to-experiation-date-claim)bytwelvesix

HackerOne Bug Bounty Disclosure: nextcloudcmd-incorrectly-trusts-bad-tls-certificatesbytobiaskaminsky

HackerOne Bug Bounty Disclosure: exposure-of-admin-username-&-passwordbycoyemerald

HackerOne Bug Bounty Disclosure: developer-mistakebycoyemerald

HackerOne Bug Bounty Disclosure: talk-android-broadcast-receiver-is-not-protected-by-broadcastpermission-allowing-malicious-apps-to-communicatebyandyscherzinger

HackerOne Bug Bounty Disclosure: information-disclosure-leads-to-user-data-leakbynetboy

HackerOne Bug Bounty Disclosure: mysql-credentials-exposed-on—https://cz-acronis-com/docker-compose-ymlbymelar_dev

HackerOne Bug Bounty Disclosure: secret-api-key-is-logged-in-cleartextbysim4n6

[FOG] – Ransomware Victim: OmniRide (omniride[.]com)

[RANSOMHUB] – Ransomware Victim: xtremmedia[.]com

Cobalt Strike Beacon Detected – 111[.]119[.]217[.]51:8889

Cobalt Strike Beacon Detected – 115[.]120[.]210[.]236:9999

Cobalt Strike Beacon Detected – 23[.]94[.]169[.]124:9090

You may have missed