HackerOne Bug Bounty Disclosure: cors-misconfiguration-on-yelpbyqualwin3001
Programme HackerOne Yelp Yelp Submitted by qualwin3001 qualwin3001 Report CORS Misconfiguration on Yelp Full Report A considerable amount of time...
bug bounty
HackerOne Bug Bounty Disclosure: xss-reflected-on-reddit-com-via-url-pathbycriptex
Programme HackerOne Reddit Reddit Submitted by criptex criptex Report XSS Reflected on reddit.com via url path Full Report A considerable...
HackerOne Bug Bounty Disclosure: main-domain-takeover-at–https://www-marketo-net/bygdattacker
Programme HackerOne Adobe Adobe Submitted by gdattacker gdattacker Report Main Domain Takeover at https://www.marketo.net/ Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: com-basecamp-bc3-webview-javascript-injection-and-js-bridge-takeoverbyfr4via
Programme HackerOne Basecamp Basecamp Submitted by fr4via fr4via Report com.basecamp.bc3 Webview Javascript Injection and JS bridge takeover Full Report A...
HackerOne Bug Bounty Disclosure: dll-search-order-hijacking-vulnerability-in-work-64-exe-v7-16-3-1-exebyis-
Programme HackerOne 8x8 8x8 Submitted by is- is- Report DLL Search-Order Hijacking Vulnerability in work-64-exe-v7.16.3-1.exe Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: xss-in-zentao-integration-affecting-self-hosted-instances-without-strict-cspbyjoaxcar
Programme HackerOne GitLab GitLab Submitted by joaxcar joaxcar Report XSS in ZenTao integration affecting self hosted instances without strict CSP...
HackerOne Bug Bounty Disclosure: dos:-out-of-memory-from-gif-through-upload-apibycatenacyber
Programme HackerOne Mattermost Mattermost Submitted by catenacyber catenacyber Report DOS: out of memory from gif through upload api Full Report...
HackerOne Bug Bounty Disclosure: cors-misconfiguration-on-vanillaforums-combyadmin0x00
Programme HackerOne Vanilla Vanilla Submitted by admin0x00 admin0x00 Report CORS Misconfiguration on vanillaforums.com Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: there-is-no-rate-limit-for-sme-registration-portalbysachinrajput
Programme HackerOne MTN Group MTN Group Submitted by sachinrajput sachinrajput Report There is no rate limit for SME REGISTRATION PORTAL...
HackerOne Bug Bounty Disclosure: html-injection-in-email-via-name-fieldbymega7
Programme HackerOne HackerOne HackerOne Submitted by mega7 mega7 Report HTML Injection in email via Name field Full Report A considerable...
HackerOne Bug Bounty Disclosure: airflow-daemon-mode-insecure-umask-privilege-escalationbynyymi
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by nyymi nyymi Report Airflow Daemon Mode Insecure Umask Privilege Escalation...
HackerOne Bug Bounty Disclosure: information-exposure-in-in-guzzlehttp/guzzle-(https://github-com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle)byro0telqayser
Programme HackerOne Nextcloud Nextcloud Submitted by ro0telqayser ro0telqayser Report Information exposure in in guzzlehttp/guzzle (https://github.com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle) Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: last-video-frame-is-still-sent-after-video-is-disabled-in-a-callbydaniel_calvino_sanchez
Programme HackerOne Nextcloud Nextcloud Submitted by daniel_calvino_sanchez daniel_calvino_sanchez Report Last video frame is still sent after video is disabled in...
HackerOne Bug Bounty Disclosure: ssrf-via-potential-filter-bypass-with-too-lax-local-domain-checkingbytomorrowisnew_
Programme HackerOne Nextcloud Nextcloud Submitted by tomorrowisnew_ tomorrowisnew_ Report SSRF via potential filter bypass with too lax local domain checking...
HackerOne Bug Bounty Disclosure: [hta3]-remote-code-execution-on–https://-via-improper-access-control-to-scorm-zip-upload/importbycdl
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by cdl cdl Report Remote Code Execution on https://...
HackerOne Bug Bounty Disclosure: no-validation-to-image-upload-user-can-upload-(-php-apk-zip-files-and-can-be-used-as-storage-purpose)bybug_vs_me
Programme HackerOne Linktree Linktree Submitted by bug_vs_me bug_vs_me Report No validation to Image upload user can upload ( php APK...
HackerOne Bug Bounty Disclosure: shop—reflected–xss–with–clickjacking-leads-to-steal-user’s-cookie–in-two-domainbyerror201
Programme HackerOne Meredith Meredith Submitted by error201 error201 Report Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie...
HackerOne Bug Bounty Disclosure: abuse-cookie-modification,-toast-html-and-expired-domain-in-csp-form-action-replacing-login-page-at-www-dropbox-com/login-to-submit-creds-externallybyfransrosen
Programme HackerOne Dropbox Dropbox Submitted by fransrosen fransrosen Report Abuse cookie-modification, toast HTML and expired domain in CSP-form-action replacing login-page...
HackerOne Bug Bounty Disclosure: no-restriction-on-passwordbypatronum-m
Programme HackerOne GitLab GitLab Submitted by patronum-m patronum-m Report No Restriction on password Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: web-cache-poisoning-leads-to-xss-and-dosbynokline
Programme HackerOne Glassdoor Glassdoor Submitted by nokline nokline Report Web Cache Poisoning leads to XSS and DoS Full Report A...
HackerOne Bug Bounty Disclosure: rce-via-the-decompressedarchivesizevalidator-and-project-bulkimports-(behind-feature-flag)byvakzz
Programme HackerOne GitLab GitLab Submitted by vakzz vakzz Report RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag) Full...
HackerOne Bug Bounty Disclosure: xss-in-http://www-glassdoor-com/search/results-htm-via-parameter-pollutionbynokline
Programme HackerOne Glassdoor Glassdoor Submitted by nokline nokline Report XSS in http://www.glassdoor.com/Search/results.htm via Parameter Pollution Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: redos-in-net/http-affects-webhooks:-sidekiq-job-stuck-at-100%-cpu-for-a-yearbyafewgoats
Programme HackerOne GitLab GitLab Submitted by afewgoats afewgoats Report ReDoS in net/http affects webhooks: Sidekiq job stuck at 100% CPU...
HackerOne Bug Bounty Disclosure: dos-validator-nodes-of-blockchain-to-block-external-connectionsbycre8
Programme HackerOne Hyperledger Hyperledger Submitted by cre8 cre8 Report DOS validator nodes of blockchain to block external connections Full Report...
