HackerOne Bug Bounty Disclosure: lfi-in-filepathdownload-parameter-viabyexploitmsf
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by exploitmsf exploitmsf Report lfi in filePathDownload parameter via...
bug bounty
HackerOne Bug Bounty Disclosure: oauth2-bearer-not-checked-for-connection-re-usebymonnerat
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by monnerat monnerat Report OAUTH2 bearer not-checked for connection re-use Full...
HackerOne Bug Bounty Disclosure: dos-via-large-console-messagesbythesecuritydev
Programme HackerOne Mattermost Mattermost Submitted by thesecuritydev thesecuritydev Report DoS via large console messages Full Report
HackerOne Bug Bounty Disclosure: sql-injection–in-https:///bymido0x0x
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by mido0x0x mido0x0x Report SQL INJECTION in https:/// Full...
HackerOne Bug Bounty Disclosure: possibility-to-force-an-admin-to-install-recommended-applicationsbyigorpyan
Programme HackerOne Nextcloud Nextcloud Submitted by igorpyan igorpyan Report Possibility to force an admin to install recommended applications Full Report
HackerOne Bug Bounty Disclosure: sensitive-data-exposure-via-/secure/querycomponent!default-jspa-endpoint-onbynjmulsqb
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by njmulsqb njmulsqb Report Sensitive data exposure via /secure/QueryComponent!Default.jspa...
HackerOne Bug Bounty Disclosure: ssrf-due-to–cve-2021-27905-in-www-byfdeleite
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by fdeleite fdeleite Report SSRF due to CVE-2021-27905 in...
HackerOne Bug Bounty Disclosure: reflected-xss-[]byfdeleite
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by fdeleite fdeleite Report Reflected XSS Full Report
HackerOne Bug Bounty Disclosure: cve-2022-22576:-oauth2-bearer-bypass-in-connection-re-usebymonnerat
Programme HackerOne curl curl Submitted by monnerat monnerat Report CVE-2022-22576: OAUTH2 bearer bypass in connection re-use Full Report
HackerOne Bug Bounty Disclosure: reflected-xss-[]byfdeleite
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by fdeleite fdeleite Report Reflected XSS Full Report
HackerOne Bug Bounty Disclosure: vulnerable-to-cve-2022-22954bynull_bytes
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by null_bytes null_bytes Report vulnerable to CVE-2022-22954 Full Report
HackerOne Bug Bounty Disclosure: blind-sql-injectionbymido0x0x
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by mido0x0x mido0x0x Report Blind SQL Injection Full Report
HackerOne Bug Bounty Disclosure: subdomain-takeover-(abandoned-zendesk–easycontactnow-com)bybx_1
Programme HackerOne 8x8 8x8 Submitted by bx_1 bx_1 Report subdomain takeover (abandoned Zendesk .easycontactnow.com) Full Report
HackerOne Bug Bounty Disclosure: container-escape-on-public-gitlab-ci-runnersbyec0
Programme HackerOne GitLab GitLab Submitted by ec0 ec0 Report Container escape on public GitLab CI runners Full Report
HackerOne Bug Bounty Disclosure: cve-2022-27775:-bad-local-ipv6-connection-reusebynyymi
Programme HackerOne curl curl Submitted by nyymi nyymi Report CVE-2022-27775: Bad local IPv6 connection reuse Full Report
HackerOne Bug Bounty Disclosure: cve-2022-27776:-auth/cookie-leak-on-redirectbynyymi
Programme HackerOne curl curl Submitted by nyymi nyymi Report CVE-2022-27776: Auth/cookie leak on redirect Full Report
HackerOne Bug Bounty Disclosure: cve-2022-27774:-credential-leak-on-redirectbynyymi
Programme HackerOne curl curl Submitted by nyymi nyymi Report CVE-2022-27774: Credential leak on redirect Full Report
HackerOne Bug Bounty Disclosure: rce-via-exposed-jmx-server-on-jabber-37signals-com/jabber-basecamp-combyian
Programme HackerOne Basecamp Basecamp Submitted by ian ian Report RCE via exposed JMX server on jabber.37signals.com/jabber.basecamp.com Full Report
HackerOne Bug Bounty Disclosure: stored-xss-in-“product-type”-field-executed-via-product-filtersbyglister
Programme HackerOne Judge.me Judge.me Submitted by glister glister Report Stored XSS in "product type" field executed via product filters Full...
HackerOne Bug Bounty Disclosure: force-user-to-accept-attacker’s-invite-[-restrict-user-to-create-account]bysammam
Programme HackerOne Krisp Krisp Submitted by sammam sammam Report Force User to Accept Attacker's invite Full Report
HackerOne Bug Bounty Disclosure: xss-triggered-in-your-store-myshopify-com/myshopify-com/admin/apps/shopify-email/editor/****bydanishalkatiri
Programme HackerOne Shopify Shopify Submitted by danishalkatiri danishalkatiri Report Xss triggered in Your-store.myshopify.com/myshopify.com/admin/apps/shopify-email/editor/**** Full Report
HackerOne Bug Bounty Disclosure: curlopt_ssh_host_public_key_md5-bypass-if-string-not-32-charsbynyymi
Programme HackerOne curl curl Submitted by nyymi nyymi Report CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 bypass if string not 32 chars Full Report
HackerOne Bug Bounty Disclosure: curlopt_ssh_host_public_key_sha256-comparison-disasterbynyymi
Programme HackerOne curl curl Submitted by nyymi nyymi Report CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 comparison disaster Full Report
HackerOne Bug Bounty Disclosure: visibility-robots-txt-filebyrazahack
Programme HackerOne Krisp Krisp Submitted by razahack razahack Report Visibility Robots.txt file Full Report
