HackerOne Bug Bounty Disclosure: lfi-via-jolokia-at-https://—:1293byshuvam321
Programme HackerOne 8x8 8x8 Submitted by shuvam321 shuvam321 Report LFI via Jolokia at https://...:1293 Full Report A considerable amount of...
bug bounty
HackerOne Bug Bounty Disclosure: html-injection-in-e-mail-not-resolved-()bythewikiii
Programme HackerOne Acronis Acronis Submitted by thewikiii thewikiii Report HTML Injection in E-mail Not Resolved () Full Report A considerable...
HackerOne Bug Bounty Disclosure: without-verifying-email-and-activate-account,-user-can-perform-all-action-which-are-not-supposed-to-be-donebytabaahi
Programme HackerOne Stripe Stripe Submitted by tabaahi tabaahi Report Without verifying email and activate account, user can perform all action...
HackerOne Bug Bounty Disclosure: subdomain-takeover-at-odoo-staging-exness-iobyomer
Programme HackerOne EXNESS EXNESS Submitted by omer omer Report subdomain takeover at odoo-staging.exness.io Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: cve-2019-11248-on-http://—:9100/debug/pprof/goroutinebymr_k0anti
Programme HackerOne 8x8 8x8 Submitted by mr_k0anti mr_k0anti Report CVE-2019-11248 on http://...:9100/debug/pprof/goroutine Full Report A considerable amount of time and...
HackerOne Bug Bounty Disclosure: unauth-mosquitto-(-client-emails,-ips,-license-keys-exposure-)bysecond_grade_pentester
Programme HackerOne Acronis Acronis Submitted by second_grade_pentester second_grade_pentester Report unauth mosquitto ( client emails, ips, license keys exposure ) Full...
HackerOne Bug Bounty Disclosure: cross-site-scripting-(dom-based)bythewikiii
Programme HackerOne OneWeb OneWeb Submitted by thewikiii thewikiii Report Cross-site scripting (DOM-based) Full Report A considerable amount of time and...
HackerOne Bug Bounty Disclosure: public-apache-tomcat-/examples-example-directorybymr_k0anti
Programme HackerOne 8x8 8x8 Submitted by mr_k0anti mr_k0anti Report Public Apache Tomcat /examples example directory Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: information-disclosure-(-google-sales-channel-)byhydraxanon82
Programme HackerOne Shopify Shopify Submitted by hydraxanon82 hydraxanon82 Report Information disclosure ( Google Sales Channel ) Full Report A considerable...
HackerOne Bug Bounty Disclosure: can-use-the-reddit-android-app-as-usual-even-though-revoking-the-access-of-it-from-reddit-combysateeshn
Programme HackerOne Reddit Reddit Submitted by sateeshn sateeshn Report Can use the Reddit android app as usual even though revoking...
HackerOne Bug Bounty Disclosure: post-based-reflected-xss-in-dailydeals-mtn-co-zabyshuvam321
Programme HackerOne MTN Group MTN Group Submitted by shuvam321 shuvam321 Report POST BASED REFLECTED XSS IN dailydeals.mtn.co.za Full Report A...
HackerOne Bug Bounty Disclosure: [h1-2102]-shopapps-query-from-the-graphql-at-/users/api-returns-all-existing-created-apps,-including-private-onesbyinhibitor181
Programme HackerOne Shopify Shopify Submitted by inhibitor181 inhibitor181 Report shopApps query from the graphql at /users/api returns all existing created...
HackerOne Bug Bounty Disclosure: add-me-email-address-authentication-bypassbyraajeevrathnam
Programme HackerOne LinkedIn LinkedIn Submitted by raajeevrathnam raajeevrathnam Report Add me email address Authentication bypass Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: stored-xss-for-grafana-dashboard-urlbyxanbanx
Programme HackerOne GitLab GitLab Submitted by xanbanx xanbanx Report Stored XSS for Grafana dashboard URL Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: rubygems-org-batching-attack-to-`confirmation_token`-by-bypass-rate-limitbyooooooo_q
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by ooooooo_q ooooooo_q Report rubygems.org Batching attack to `confirmation_token` by bypass...
HackerOne Bug Bounty Disclosure: undici-proxyagent-vulnerable-to-mitmbypimterry
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by pimterry pimterry Report Undici ProxyAgent vulnerable to MITM Full Report...
HackerOne Bug Bounty Disclosure: cve-2021-40438-on-cp-eu2-acronis-combysavik
Programme HackerOne Acronis Acronis Submitted by savik savik Report CVE-2021-40438 on cp-eu2.acronis.com Full Report A considerable amount of time and...
HackerOne Bug Bounty Disclosure: undici-does-not-use-connect-or-otherwise-validate-upstream-https-certificates-when-using-a-proxybypimterry
Programme HackerOne Node.js Node.js Submitted by pimterry pimterry Report Undici does not use CONNECT or otherwise validate upstream HTTPS certificates...
HackerOne Bug Bounty Disclosure: one-click-xss-in-[www-shopify-com]bycomwrg
Programme HackerOne Shopify Shopify Submitted by comwrg comwrg Report One Click XSS in Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: [cve-2021-44228]-nps-acronis-com-is-vulnerable-to-the-recent-log4shell-0-daybyrhinestonecowboy
Programme HackerOne Acronis Acronis Submitted by rhinestonecowboy rhinestonecowboy Report nps.acronis.com is vulnerable to the recent log4shell 0-day Full Report A...
HackerOne Bug Bounty Disclosure: github-base-action-takeover-which-is-used-in-`github-com/shopify/unity-buy-sdk`bycodermak
Programme HackerOne Shopify Shopify Submitted by codermak codermak Report Github base action takeover which is used in `github.com/Shopify/unity-buy-sdk` Full Report...
HackerOne Bug Bounty Disclosure: able-to-view-hackerone-reports-attachmentsbysateeshn
Programme HackerOne GitLab GitLab Submitted by sateeshn sateeshn Report Able to view hackerone reports attachments Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: server-side-template-injection-on-name-parameter-during-sign-up-processbybattle_angel
Programme HackerOne Glovo Glovo Submitted by battle_angel battle_angel Report Server Side Template Injection on Name parameter during Sign Up process...
HackerOne Bug Bounty Disclosure: mass-account-takeover-at-https://app-taxjar-com/—no-user-interactionbybeerboy_ankit
Programme HackerOne Stripe Stripe Submitted by beerboy_ankit beerboy_ankit Report Mass Account Takeover at https://app.taxjar.com/ - No user Interaction Full Report...
