Light

rcluex / hackerone-reports Goto Github PK

View Code? Open in Web Editor NEW

1.0 1.0 0.0 245 KB

hackerone-reports's Introduction

#Hackerone-Reports

https://hackerone.com/reports/120 | Missing SPF for hackerone.com
https://hackerone.com/reports/280 | Real impersonation
https://hackerone.com/reports/284 | Broken Authentication and session management OWASP A2
https://hackerone.com/reports/288 | Session Management
https://hackerone.com/reports/298 | RTL override symbol not stripped from file names
https://hackerone.com/reports/321 | CSP not consistently applied
https://hackerone.com/reports/353 | Session not expired on logout
https://hackerone.com/reports/390 | Pixel flood attack
https://hackerone.com/reports/400 | GIF flooding
https://hackerone.com/reports/454 | PNG compression DoS
https://hackerone.com/reports/477 | Flawed account creation process allows registration of usernames corresponding to existing file names
https://hackerone.com/reports/487 | DNS Cache Poisoning
https://hackerone.com/reports/499 | Ruby: Heap Overflow in Floating Point Parsing
https://hackerone.com/reports/500 | OpenSSH: Memory corruption in AES-GCM support
https://hackerone.com/reports/501 | TLS Virtual Host Confusion
https://hackerone.com/reports/523 | PHP openssl_x509_parse() Memory Corruption Vulnerability
https://hackerone.com/reports/546 | Logical issues with account settings
https://hackerone.com/reports/547 | CSRF login
https://hackerone.com/reports/575 | Email spoofing
https://hackerone.com/reports/713 | Upload profile photo from URL
https://hackerone.com/reports/727 | Switching the user to the attacker's account
https://hackerone.com/reports/737 | Improper session management
https://hackerone.com/reports/738 | Information disclosure (reset password token) and changing the user's password
https://hackerone.com/reports/742 | A password reset page does not properly validate the authenticity token at the server side.
https://hackerone.com/reports/774 | Log in a user to another account
https://hackerone.com/reports/809 | Improperly implemented password recovery link functionality
https://hackerone.com/reports/842 | Autocomplete enabled in Paypal preferences
https://hackerone.com/reports/1356 | PHP Heap Overflow Vulnerability in imagecrop()
https://hackerone.com/reports/1509 | DNS Misconfiguration
https://hackerone.com/reports/2106 | Flash type confusion vulnerability leads to code execution
https://hackerone.com/reports/2107 | Handling of jar: URIs bypasses AllowScriptAccess=never
https://hackerone.com/reports/2140 | Flash local-with-fileaccess Sandbox Bypass
https://hackerone.com/reports/2170 | Flash double free vulnerability leads to code execution
https://hackerone.com/reports/2221 | CSS leaks SCSS debug info
https://hackerone.com/reports/2224 | Bypass auth.email-domains
https://hackerone.com/reports/2228 | Login CSRF using Twitter OAuth
https://hackerone.com/reports/2233 | Bypass auth.email-domains (2)
https://hackerone.com/reports/2421 | Value of JSESSIONID and XSRF token parameter in cookie remains same before and after login
https://hackerone.com/reports/2427 | XSRF token problem
https://hackerone.com/reports/2439 | Cross Site Scripting (XSS) - app.relateiq.com
https://hackerone.com/reports/2497 | Reflective XSS can be triggered in IE
https://hackerone.com/reports/2559 | Broken Authentication (including Slack OAuth bugs)
https://hackerone.com/reports/2575 | Slack OAuth2 "redirect_uri" Bypass
https://hackerone.com/reports/2584 | Weird Bug - Ability to see partial of other user's notification
https://hackerone.com/reports/2617 | Stored XSS in www.slack-files.com
https://hackerone.com/reports/2622 | URL redirection flaw
https://hackerone.com/reports/2625 | Stored XSS in username.slack.com
https://hackerone.com/reports/2628 | CSRF vulnerability on https://sehacure.slack.com/account/settings
https://hackerone.com/reports/2652 | Stored XSS in Channel Chat
https://hackerone.com/reports/2735 | HTML injection in "Invite Collaborators"
https://hackerone.com/reports/2777 | Reflected Xss
https://hackerone.com/reports/3227 | Control Characters Not Stripped From Username on Signup
https://hackerone.com/reports/3356 | UnAuthorized Editorial Publishing to Blogs
https://hackerone.com/reports/3370 | Directory traversal attack in view resolver
https://hackerone.com/reports/3441 | Captcha Bypass With Extension
https://hackerone.com/reports/3455 | flash content type sniff vulnerability in api.slack.com
https://hackerone.com/reports/3596 | OAuth access_token stealing in Phabricator
https://hackerone.com/reports/3921 | Control character allowed in username
https://hackerone.com/reports/3930 | OAuth Stealing Attack (New)
https://hackerone.com/reports/3986 | Securing sensitive pages from SearchBots
https://hackerone.com/reports/4114 | Persistent XSS: Editor link
https://hackerone.com/reports/4409 | TRACE disclosure attack may be possible
https://hackerone.com/reports/4561 | Stored XSS in Slackbot Direct Messages
https://hackerone.com/reports/4638 | Duplicate of #4550
https://hackerone.com/reports/4689 | SPDY memory corruption
https://hackerone.com/reports/4690 | SPDY heap buffer overflow
https://hackerone.com/reports/5314 | Coinbase Android Application - Bitcoin Wallet Leaks OAuth Response Code
https://hackerone.com/reports/5786 | Coinbase Android Security Vulnerabilities
https://hackerone.com/reports/5928 | Uncontrolled Resource Consumption with XMPP-Layer Compression
https://hackerone.com/reports/5933 | Multiple Issues related to registering applications
https://hackerone.com/reports/5946 | Marking notifications as read CSRF bug
https://hackerone.com/reports/6002 | Stored XSS in Slack.com
https://hackerone.com/reports/6017 | Facebook Takeover using Slack using 302 from files.slack.com with access_token
https://hackerone.com/reports/6350 | creating titleless and non-closable bugs
https://hackerone.com/reports/6353 | Wildcard DNS in website
https://hackerone.com/reports/6380 | Same Origin Security Bypass Vulnerability
https://hackerone.com/reports/6389 | Integer overflow in strop.expandtabs
https://hackerone.com/reports/6626 | TLS heartbeat read overrun
https://hackerone.com/reports/6871 | Login CSRF
https://hackerone.com/reports/6872 | Sign up CSRF
https://hackerone.com/reports/6877 | Unsecure cookies, cookie flag secure not set
https://hackerone.com/reports/6883 | Bruteforcing irccloud login
https://hackerone.com/reports/6884 | Leaking Referrer in Reset Password Link
https://hackerone.com/reports/6907 | Session Token is not Verified while changing Account Setting's which Result In account Takeover
https://hackerone.com/reports/6910 | Full account takeover using CSRF and password reset
https://hackerone.com/reports/6935 | Missing X-Content-Type-Options
https://hackerone.com/reports/7036 | Bug in iOS application which could lead to unauthorised access.
https://hackerone.com/reports/7041 | iOS application does not destroy session upon logout.
https://hackerone.com/reports/7121 | Persistent Cross Site Scripting within the IRCCloud Pastebin
https://hackerone.com/reports/7277 | TLS Triple Handshake Attack
https://hackerone.com/reports/7357 | Host Header is not validated resulting in Open Redirect
https://hackerone.com/reports/7369 | 2 factor authentication design flaw
https://hackerone.com/reports/7441 | Dangerous Persistent xss
https://hackerone.com/reports/7531 | Login CSRF can be bypassed (Similar approach to previous one).
https://hackerone.com/reports/7803 | Security bypass could lead to information disclosure
https://hackerone.com/reports/7931 | Issue with remember_user_token
https://hackerone.com/reports/8082 | Password Reset Bug
https://hackerone.com/reports/8724 | Clickjacking
https://hackerone.com/reports/8846 | localStorage Ğ½Ğµ Ñ‡Ğ¸Ñ�Ñ‚Ğ¸Ñ‚Ñ�Ñ� Ğ¿Ğ¾Ñ�Ğ»Ğµ Ğ²Ñ‹Ñ…Ğ¾Ğ´Ğ°
https://hackerone.com/reports/9318 | Home page reflected XSS
https://hackerone.com/reports/9375 | Stored XSS in all fields in Basic Google Maps Placemarks Settings
https://hackerone.com/reports/9391 | Xss in CampTix Event Ticketing
https://hackerone.com/reports/9479 | Anti-MIME-Sniffing header X-Content-Type-Options header has not been set.
https://hackerone.com/reports/9774 | Stored XSS Found
https://hackerone.com/reports/9919 | SQL injection [Ğ´Ñ‹Ñ€ĞºĞ° Ğ² Ğ´Ğ²Ğ¸Ğ¶ĞºĞµ Ñ„Ğ¾Ñ€ÑƒĞ¼Ğ°]
https://hackerone.com/reports/9921 | Time based sql injection
https://hackerone.com/reports/10037 | SQL inj
https://hackerone.com/reports/10081 | SQL
https://hackerone.com/reports/10297 | Stored XSS in slack.com (integrations)
https://hackerone.com/reports/10373 | Bypassing Same Origin Policy With JSONP APIs and Flash
https://hackerone.com/reports/10468 | SQL inj
https://hackerone.com/reports/10554 | Bypassing 2FA for BTC transfers
https://hackerone.com/reports/10563 | CSRF on "Set as primary" option on the accounts page
https://hackerone.com/reports/10829 | CSRF in function "Set as primary" on accounts page
https://hackerone.com/reports/11073 | XSS in gist integration
https://hackerone.com/reports/11410 | XSS in https://e.mail.ru/cgi-bin/lstatic (Limited use)
https://hackerone.com/reports/11861 | SQL injection update.mail.ru
https://hackerone.com/reports/11919 | Stored XSS on http://top.mail.ru
https://hackerone.com/reports/11927 | Stored XSS on http://cards.mail.ru
https://hackerone.com/reports/12297 | Python vulnerability: reading arbitrary process memory
https://hackerone.com/reports/12497 | Adobe Flash Player FileReference Use-after-Free Vulnerability
https://hackerone.com/reports/12583 | XXE and SSRF on webmaster.mail.ru
https://hackerone.com/reports/12588 | XSS in a file or folder name
https://hackerone.com/reports/13195 | auth.mail.ru: XSS in login form
https://hackerone.com/reports/13286 | Host Header Injection - irccloud.com
https://hackerone.com/reports/13748 | Potential denial of service in hackerone.com/teams/new
https://hackerone.com/reports/13959 | privilege escalation
https://hackerone.com/reports/14033 | connect.mail.ru: SSRF
https://hackerone.com/reports/14127 | SSRF on https://whitehataudit.slack.com/account/photo
https://hackerone.com/reports/14570 | Login password guessing attack
https://hackerone.com/reports/14631 | Clickjacking at https://www.mavenlink.com/ main website
https://hackerone.com/reports/15166 | Password reset token not expiring
https://hackerone.com/reports/15362 | Flash Sandbox Bypass
https://hackerone.com/reports/15412 | Leaking CSRF token over HTTP resulting in CSRF protection bypass
https://hackerone.com/reports/15762 | SQL Injection on 11x11.mail.ru
https://hackerone.com/reports/15785 | Session not invalidated after password reset
https://hackerone.com/reports/15852 | Non Validation of session after password reset
https://hackerone.com/reports/16315 | Abusing VCS control on phabricator
https://hackerone.com/reports/16330 | Multiple issues in looking-glass software (aka from web to BGP injections)
https://hackerone.com/reports/16392 | Abusing daemon logs for Privilege escalation under certain scenarios
https://hackerone.com/reports/16568 | Failed Certificate Validation On Custom Server (Register)
https://hackerone.com/reports/16571 | SSRF (Portscan) via Register Function (Custom Server)
https://hackerone.com/reports/16718 | Open Redirect login account
https://hackerone.com/reports/16935 | e.mail.ru: SMS spam with custom content
https://hackerone.com/reports/17160 | Password Policy issue (Weak Protect)
https://hackerone.com/reports/17383 | Category- Broken Authentication and Session Management (leads to account compromise if some conditions are met)
https://hackerone.com/reports/17474 | Broken Authentication and Session Management
https://hackerone.com/reports/17540 | Reflected XSS in Pastebin-view
https://hackerone.com/reports/17688 | LZ4 Core
https://hackerone.com/reports/17785 | Denial of Service
https://hackerone.com/reports/18691 | XSS in editor by any user
https://hackerone.com/reports/18698 | Resubmitted with POC #18685 Password reset CSRF
https://hackerone.com/reports/18843 | use-after-free vulnerability in Flash Player
https://hackerone.com/reports/18992 | Possibility to attach any mobile number to any email
https://hackerone.com/reports/20049 | Cross-site Scripting in mailing (username)
https://hackerone.com/reports/20391 | m.agent.mail.ru: ĞŸĞ¾Ğ´Ğ´ĞµĞ»Ñ‹Ğ²Ğ°ĞµĞ¼ j2me app-descriptor
https://hackerone.com/reports/20616 | e.mail.ru: File upload "Chapito" circus
https://hackerone.com/reports/20671 | integer overflow in 'buffer' type allows reading memory
https://hackerone.com/reports/20720 | cloud.mail.ru: File upload XSS using Content-Type header
https://hackerone.com/reports/20861 | moderate: mod_deflate denial of service
https://hackerone.com/reports/20873 | rsync hash collisions may allow an attacker to corrupt or modify files
https://hackerone.com/reports/21034 | Invoice Details activate JS that filled in
https://hackerone.com/reports/21069 | Login CSRF
https://hackerone.com/reports/21110 | Clickjacking
https://hackerone.com/reports/21150 | Flash XSS on swfupload.swf showing at app.mavenlink.com
https://hackerone.com/reports/21210 | privilege escalation
https://hackerone.com/reports/21248 | Content spoofing at Stripe Integrations
https://hackerone.com/reports/22093 | Content Spoofing all Integrations in https://team.slack.com/services/new/
https://hackerone.com/reports/23363 | Forgot Password Issue
https://hackerone.com/reports/23386 | Redirect while opening links in new tabs
https://hackerone.com/reports/23852 | money.mail.ru: Ğ¡Ñ‚Ñ€Ğ°Ğ½Ğ½Ğ¾Ğµ Ğ¿Ğ¾Ğ²ĞµĞ´ĞµĞ½Ğ¸Ğµ SMS
https://hackerone.com/reports/25160 | Open redirection on secure.phabricator.com
https://hackerone.com/reports/25281 | Change Any username and profile link in hackerone
https://hackerone.com/reports/26647 | CSRF protection bypass on any Django powered site via Google Analytics
https://hackerone.com/reports/26825 | Full path disclosure at ads.twitter.com
https://hackerone.com/reports/26935 | XSS via .eml file
https://hackerone.com/reports/26962 | open redirect in rfc6749
https://hackerone.com/reports/27166 | Missing Rate Limiting on https://twitter.com/account/complete
https://hackerone.com/reports/27404 | Delete Credit Cards from any Twitter Account in ads.twitter.com [New Vulnerability]
https://hackerone.com/reports/27511 | ads.twitter.com xss
https://hackerone.com/reports/27651 | Flash Local Sandbox Bypass
https://hackerone.com/reports/27846 | Stored xss
https://hackerone.com/reports/27987 | Window Opener Property Bug
https://hackerone.com/reports/28150 | Cross site scripting on ads.twitter.com
https://hackerone.com/reports/28445 | SPL ArrayObject/SPLObjectStorage Unserialization Type Confusion Vulnerabilities
https://hackerone.com/reports/28449 | Active Record SQL Injection Vulnerability Affecting PostgreSQL
https://hackerone.com/reports/28450 | Active Record SQL Injection Vulnerability Affecting PostgreSQL
https://hackerone.com/reports/28500 | iOS App can establish Facetime calls without user's permission
https://hackerone.com/reports/28832 | touch.mail.ru XSS via message id
https://hackerone.com/reports/28865 | Redirect FILTER bypass in report/comment
https://hackerone.com/reports/29234 | Credit Card Validation Issue
https://hackerone.com/reports/29328 | XSS platform.twitter.com
https://hackerone.com/reports/29331 | No email verification on username change
https://hackerone.com/reports/29360 | XSS platform.twitter.com | video-js metadata
https://hackerone.com/reports/29480 | Unvalidated Channel names causes IRC Command Injection
https://hackerone.com/reports/29491 | homograph attack. IDNs displayed in unicode in bug reports and on external link warning page
https://hackerone.com/reports/29835 | Profile Pic padding (Length-hiding) fails due to use of GZIP
https://hackerone.com/reports/29839 | GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability
https://hackerone.com/reports/30238 | New Device confirmation tokens are not properly validated.
https://hackerone.com/reports/30567 | Adobe Flash Player MP4 Use-After-Free Vulnerability
https://hackerone.com/reports/30852 | Relateiq SSLv3 deprecated protocol vulnerability.
https://hackerone.com/reports/30975 | Improper Verification of email address while saving Account Settings
https://hackerone.com/reports/31082 | Unauthorized Tweeting on behalf of Account Owners
https://hackerone.com/reports/31168 | Cryptographic Side Channel in OAuth Library
https://hackerone.com/reports/31383 | Ability to see common response titles of other teams (limited)
https://hackerone.com/reports/31408 | Adobe Flash Player Out-of-Bound Read/Write Vulnerability
https://hackerone.com/reports/31415 | PoodleBleed
https://hackerone.com/reports/31554 | Singup Page HTML Injection Vulnerability
https://hackerone.com/reports/31756 | Drupal 7 pre auth sql injection and remote code execution
https://hackerone.com/reports/32519 | XSS in fabric.io
https://hackerone.com/reports/32570 | OpenSSL HeartBleed (CVE-2014-0160)
https://hackerone.com/reports/32825 | URGENT - Subdomain Takeover on media.vine.co due to unclaimed domain pointing to AWS
https://hackerone.com/reports/33018 | a stored xss in slack integration https://onerror.slack.com/services/import
https://hackerone.com/reports/33091 | DOM Cross-Site Scripting ( XSS )
https://hackerone.com/reports/33935 | File Name Enumeration
https://hackerone.com/reports/34084 | Bad extended ascii handling in HTTP 301 redirects of t.co
https://hackerone.com/reports/34112 | SMPT Protection not used, I can hijack your email server.
https://hackerone.com/reports/34686 | Ğ�ÑˆĞ¸Ğ±ĞºĞ° Ñ„Ğ¸Ğ»ÑŒÑ‚Ñ€Ğ°Ñ†Ğ¸Ğ¸
https://hackerone.com/reports/34725 | XSS via Fabrico Account Name
https://hackerone.com/reports/35102 | Locale::parseLocale Double Free
https://hackerone.com/reports/35237 | Gain reputation by creating a duplicate of an existing report
https://hackerone.com/reports/35287 | getting emails of users/removing them from victims account [using typical attack]
https://hackerone.com/reports/35363 | [static.qiwi.com] XSS proxy.html
https://hackerone.com/reports/35413 | [send.qiwi.ru] XSS at auth?login=
https://hackerone.com/reports/36105 | CRLF Injection [ishop.qiwi.com]
https://hackerone.com/reports/36211 | Logic Issue with Reputation: Boost Reputation Points
https://hackerone.com/reports/36264 | mod_proxy_fcgi buffer overflow
https://hackerone.com/reports/36279 | Adobe Flash Player MP4 Use-After-Free Vulnerability
https://hackerone.com/reports/36319 | [qiwi.com] /oauth/confirm.action XSS
https://hackerone.com/reports/36450 | [send.qiwi.ru] Soap-based XXE vulnerability /soapserver/
https://hackerone.com/reports/36594 | New Device Confirmation, token is valid until not used.
https://hackerone.com/reports/36986 | [Stored XSS] vine.co - profile page
https://hackerone.com/reports/37240 | Race condition in Flash workers may cause an exploitablâ€‹e double free
https://hackerone.com/reports/38007 | Subdomain Takeover using blog.greenhouse.io pointing to Hubspot
https://hackerone.com/reports/38157 | [qiwi.com] Open Redirect
https://hackerone.com/reports/38170 | Misc Python bugs (Memory Corruption & Use After Free)
https://hackerone.com/reports/38189 | xss in /browse/contacts/
https://hackerone.com/reports/38232 | Breaking Bugs as team member
https://hackerone.com/reports/38343 | Issue with password change
https://hackerone.com/reports/38345 | [sms.qiwi.ru] XSS via Request-URI
https://hackerone.com/reports/38615 | [connect.mail.ru] Memory Disclosure / IE XSS
https://hackerone.com/reports/38965 | Phabricator Diffusion application allows unauthorized users to delete mirrors
https://hackerone.com/reports/39181 | [vimeopro.com] CRLF Injection
https://hackerone.com/reports/39428 | Phabricator Phame Blog Skins Local File Inclusion
https://hackerone.com/reports/39486 | No bruteforce protection leads to enumeration of emails in http://e.mail.ru/
https://hackerone.com/reports/39631 | Open redirection in fabric.io
https://hackerone.com/reports/41240 | POODLE Bug: 199.16.156.44, 199.16.156.108, mx4.twitter.com
https://hackerone.com/reports/41469 | Error stack trace
https://hackerone.com/reports/41758 | Stored XSS in api key of operator wallet
https://hackerone.com/reports/41856 | HTML/XSS rendered in Android App of Crashlytics through fabric.io
https://hackerone.com/reports/42161 | stored xss in transaction
https://hackerone.com/reports/42236 | URGENT - Subdomain Takeover on users.tweetdeck.com , the same issue of report #32825
https://hackerone.com/reports/42240 | chrome allows POST requests with custom headers using flash + 307 redirect
https://hackerone.com/reports/42393 | XSS on partners.uber.com
https://hackerone.com/reports/42582 | Vimeo.com - Reflected XSS Vulnerability
https://hackerone.com/reports/42584 | Vimeo.com - reflected xss vulnerability
https://hackerone.com/reports/42587 | Vimeo.com Insecure Direct Object References Reset Password
https://hackerone.com/reports/42702 | APIs for channels allow HTML entities that may cause XSS issue
https://hackerone.com/reports/42797 | Denial of Service in Action Pack Exception Handling
https://hackerone.com/reports/42961 | fabric.io - app member can make himself an admin
https://hackerone.com/reports/43065 | Fabric.io - an app admin can delete team members from other user apps
https://hackerone.com/reports/43440 | Arbitrary file existence disclosure in Action Pack
https://hackerone.com/reports/43443 | PyUnicode_FromFormatV crasher
https://hackerone.com/reports/43602 | Buying ondemand videos that 0.1 and sometimes for free
https://hackerone.com/reports/43617 | Adding profile picture to anyone on Vimeo
https://hackerone.com/reports/43672 | player.vimeo.com - Reflected XSS Vulnerability
https://hackerone.com/reports/43770 | Ability to Download Music Tracks Without Paying (Missing permission check on/musicstore/download)
https://hackerone.com/reports/43850 | abusing Thumbnails(https://vimeo.com/upload/select_thumb) to see a private video
https://hackerone.com/reports/43988 | twitter android app Fragment Injection
https://hackerone.com/reports/43998 | CRITICAL full source code/config disclosure for Cameo
https://hackerone.com/reports/44052 | Hadoop Node available to public
https://hackerone.com/reports/44146 | Make API calls on behalf of another user (CSRF protection bypass)
https://hackerone.com/reports/44217 | Application XSS filter function Bypass may allow Multiple stored XSS
https://hackerone.com/reports/44294 | Heartbleed: my.com (185.30.178.33) port 1433
https://hackerone.com/reports/44492 | Flaw in login with twitter to steal Oauth tokens
https://hackerone.com/reports/44512 | XSS on any site that includes the moogaloop flash player | deprecated embed code
https://hackerone.com/reports/44513 | RCE due to Web Console IP Whitelist bypass in Rails 4.0 and 4.1
https://hackerone.com/reports/44727 | Insecure Data Storage in Vine Android App
https://hackerone.com/reports/44798 | Vimeo Search - XSS Vulnerability [http://vimeo.com/search]
https://hackerone.com/reports/44888 | Improper way of validating a program
https://hackerone.com/reports/45368 | ftp upload of video allows naming that is not sanitized as the manual naming
https://hackerone.com/reports/45484 | XSS on Vimeo
https://hackerone.com/reports/45960 | CRITICAL vulnerability - Insecure Direct Object Reference - Unauthorized access to Videos of Channel whose privacy is set to Private.
https://hackerone.com/reports/46072 | Vulnerability with the way \ escaped characters in http://danlec.com style links are rendered
https://hackerone.com/reports/46113 | Can message users without the proper authorization
https://hackerone.com/reports/46345 | Directory index and information disclosure
https://hackerone.com/reports/46366 | Error stack trace
https://hackerone.com/reports/46397 | Insecure Direct Object Reference vulnerability
https://hackerone.com/reports/46429 | Team member invitations to sandboxed teams are not invalidated consistently
https://hackerone.com/reports/46485 | Problem with OAuth
https://hackerone.com/reports/46618 | Frictionless Transferring of Wallet Ownership
https://hackerone.com/reports/46747 | Team admin can change unauthorized team setting (require_at_for_mention)
https://hackerone.com/reports/46750 | Team admin can change unauthorized team setting (allow_message_deletion)
https://hackerone.com/reports/46818 | Twitter Card - Parent Window Redirection
https://hackerone.com/reports/46916 | Markdown parsing issue enables insertion of malicious tags and event handlers
https://hackerone.com/reports/47012 | Adobe Flash Player Out-of-Bound Access Vulnerability
https://hackerone.com/reports/47227 | Race condition in workers may cause an exploitable double free by abusing bytearray.compress()
https://hackerone.com/reports/47232 | Use after free during the StageVideoAvailabilityEvent can result in arbitrary code execution
https://hackerone.com/reports/47234 | Use After Free in Flash MessageChannel.send can cause arbitrary code execution
https://hackerone.com/reports/47280 | JSON keys are not properly escaped
https://hackerone.com/reports/47472 | CSP Bypass: Click handler for links with data-method="post" can cause authenticity_token to be sent off domain
https://hackerone.com/reports/47495 | Same Origin Policy bypass
https://hackerone.com/reports/47536 | [ishop.qiwi.com] XSS + Misconfiguration
https://hackerone.com/reports/47627 | Email Enumeration (POC)
https://hackerone.com/reports/47779 | Heap overflow in H. Spencerâ€™s regex library on 32 bit systems
https://hackerone.com/reports/47888 | Reporting user's profile by using another people's ID
https://hackerone.com/reports/47940 | Team admin can add billing contacts
https://hackerone.com/reports/48065 | open authentication bug
https://hackerone.com/reports/48100 | Bad Write in TTF font parsing (win32k.sys)
https://hackerone.com/reports/48422 | Team member invitations to sandboxed teams are not invalidated consistently (v2)
https://hackerone.com/reports/48516 | Redirect URL in /intent/ functionality is not properly escaped
https://hackerone.com/reports/49035 | HDFS NameNode Public disclosure: http://185.5.139.33:50070/dfshealth.jsp
https://hackerone.com/reports/49139 | scfbp.tng.mail.ru: Heartbleed
https://hackerone.com/reports/49170 | Information disclosure - emails disclosed in response > staging.seatme.us
https://hackerone.com/reports/49408 | RCE Ñ‡ĞµÑ€ĞµĞ· JDWP
https://hackerone.com/reports/49561 | Vimeo + & Vimeo PRO Unautorised Tax bypass
https://hackerone.com/reports/49652 | Improperly validated fields allows injection of arbitrary HTML via spoofed React objects
https://hackerone.com/reports/49663 | URGENT - Subdomain Takeover on status.vimeo.com due to unclaimed domain pointing to statuspage.io
https://hackerone.com/reports/49759 | Open Redirect leak of authenticity_token lead to full account take over.
https://hackerone.com/reports/49806 | Twitter Ads Campaign information disclosure through admin without any authentication.
https://hackerone.com/reports/49935 | rails-ujs will send CSRF tokens to other origins
https://hackerone.com/reports/49974 | The csrf token remains same after user logs in
https://hackerone.com/reports/50134 | XSS in original referrer after follow
https://hackerone.com/reports/50170 | FREAK: Factoring RSA_EXPORT Keys to Impersonate TLS Servers
https://hackerone.com/reports/50752 | open redirect sends authenticity_token to any website or (ip address)
https://hackerone.com/reports/50776 | A user can edit comments even after video comments are disabled
https://hackerone.com/reports/50786 | A user can add videos to other user's private groups
https://hackerone.com/reports/50829 | A user can post comments on other user's private videos
https://hackerone.com/reports/50884 | Bypass pin(4 digit passcode on your android app)
https://hackerone.com/reports/50885 | CVE-2014-0224 openssl ccs vulnerability
https://hackerone.com/reports/50941 | A user can enhance their videos with paid tracks without buying the track
https://hackerone.com/reports/51265 | Flash Cross Domain Policy Bypass by Using File Upload and Redirection - only in Chrome
https://hackerone.com/reports/51817 | Post in private groups after getting removed
https://hackerone.com/reports/52035 | Open redirect in "Language change".
https://hackerone.com/reports/52042 | HTTP Response Splitting (CRLF injection) in report_story
https://hackerone.com/reports/52176 | Insecure Direct Object References in https://vimeo.com/forums
https://hackerone.com/reports/52181 | Insecure Direct Object References that allows to read any comment (even if it should be private)
https://hackerone.com/reports/52635 | UniFi v3.2.10 Cross-Site Request Forgeries / Referer-Check Bypass
https://hackerone.com/reports/52646 | Insecure direct object reference - have access to deleted DM's
https://hackerone.com/reports/52707 | Invite any user to your group without even following him
https://hackerone.com/reports/52708 | Share your channel to any user on vimeo without following him
https://hackerone.com/reports/52822 | XSS with Time-of-Day Format
https://hackerone.com/reports/52982 | [URGENT ISSUE] Add or Delete the videos in watch later list of any user .
https://hackerone.com/reports/53004 | Blacklist bypass on Callback URLs
https://hackerone.com/reports/53088 | SSRF vulnerability (access to metadata server on EC2 and OpenStack)
https://hackerone.com/reports/53098 | XSS in twitter.com/safety/unsafe_link_warning
https://hackerone.com/reports/53843 | HTTP Response Splitting (CRLF injection) due to headers overflow
https://hackerone.com/reports/53858 | Insecure Direct Object Reference - access to other user/group DM's
https://hackerone.com/reports/54094 | HTTP MitM on Flash Player settings manager allows attacker to set sandbox settings
https://hackerone.com/reports/54321 | Xss in website's link
https://hackerone.com/reports/54327 | Persistent cross-site scripting (XSS) in map attribution
https://hackerone.com/reports/54610 | Logout any user of same team
https://hackerone.com/reports/54631 | Vulnerable to JavaScript injection. (WXS) (Javascript injection)!
https://hackerone.com/reports/54641 | Captcha Bypass in Snapchat's Geofilter Submission Process
https://hackerone.com/reports/54719 | e.mail.ru stored XSS in agent via sticker (smile)
https://hackerone.com/reports/54733 | Sandboxed iframes don't show confirmation screen
https://hackerone.com/reports/54779 | Missing spf flags for myshopify.com
https://hackerone.com/reports/55017 | Multiple Python integer overflows
https://hackerone.com/reports/55018 | Segmentation fault for invalid PSS parameters
https://hackerone.com/reports/55028 | Free called on unitialized pointer in exif.c
https://hackerone.com/reports/55029 | Use after free vulnerability in unserialize() with DateTimeZone
https://hackerone.com/reports/55030 | SoapClient's __call() type confusion through unserialize()
https://hackerone.com/reports/55033 | Use after free vulnerability in unserialize()
https://hackerone.com/reports/55140 | Race Conditions in OAuth 2 API implementations
https://hackerone.com/reports/55431 | XML Parser Bug: XXE over which leads to RCE
https://hackerone.com/reports/55525 | Open redirection in OAuth
https://hackerone.com/reports/55530 | Authentication Failed Mobile version
https://hackerone.com/reports/55546 | Open Redirect after login at http://ecommerce.shopify.com
https://hackerone.com/reports/55670 | Fabric.io: Ex-admin of an organization can delete team members
https://hackerone.com/reports/55716 | Force 500 Internal Server Error on any shop (for one user)
https://hackerone.com/reports/55842 | [persistent cross-site scripting] customers can target admins
https://hackerone.com/reports/55911 | CSRF token fixation in facebook store app that can lead to adding attacker to victim acc
https://hackerone.com/reports/56002 | Shopify android client all API request's response leakage, including access_token, cookie, response header, response body content
https://hackerone.com/reports/56385 | Double free vulnerability in Flash Player Settings Manager (CVE-2015-0346)
https://hackerone.com/reports/56511 | IDOR expire other user sessions
https://hackerone.com/reports/56626 | Shop admin can change external login services
https://hackerone.com/reports/56742 | SPF whitelist of mandrill leads to email forgery
https://hackerone.com/reports/56779 | XSS on ecommerce.shopify.com
https://hackerone.com/reports/56828 | SSRF vulnerablity in app webhooks
https://hackerone.com/reports/56936 | Notification request disclose private information about other myshopify accounts
https://hackerone.com/reports/57163 | Open-redirect on hackerone.com
https://hackerone.com/reports/57356 | DOM based cookie bomb
https://hackerone.com/reports/57459 | XSS in experts.shopify.com
https://hackerone.com/reports/57603 | API: missing invalidation of OAuth2 Authorization Code during access revocation causes authorization bypass
https://hackerone.com/reports/57692 | Server responds with the server error logs on account creation
https://hackerone.com/reports/57764 | ByPassing the email Validation Email on Sign up process in mobile apps
https://hackerone.com/reports/57914 | HTML injection in email sent by romit.io
https://hackerone.com/reports/57918 | Insecure Local Data Storage : Application stores data using a binary sqlite database
https://hackerone.com/reports/58612 | Homograph attack
https://hackerone.com/reports/58630 | Content Spoofing
https://hackerone.com/reports/58679 | SSL cookie without secure flag set
https://hackerone.com/reports/59015 | Stored XSS in the Shopify Discussion Forums
https://hackerone.com/reports/59179 | Race condition when redeeming coupon codes
https://hackerone.com/reports/59356 | XSS in dropbox main domain
https://hackerone.com/reports/59369 | Making any Report Failed to load
https://hackerone.com/reports/59375 | Homograph attack
https://hackerone.com/reports/59469 | Fake URL + Additional vectors for homograph attack
https://hackerone.com/reports/59505 | Create and Update patients vulnerability
https://hackerone.com/reports/59508 | Accessing all appointments vulnerability
https://hackerone.com/reports/59659 | Reopen Disable Accounts/ Hidden Access After Disable
https://hackerone.com/reports/60016 | xss profile
https://hackerone.com/reports/60058 | teach.udemy.com log poison vulnerability through wordpress debug.log being publically available
https://hackerone.com/reports/60402 | Content Spoofing - External Link Warning Page
https://hackerone.com/reports/60573 | http://fitter1.i.mail.ru/browser/ Ñ‚Ğ¾Ñ€Ñ‡Ğ¸Ñ‚ Graphite Ğ² Ğ¼Ğ¸Ñ€
https://hackerone.com/reports/61312 | Bypass of the SSRF protection (Slack commands, Phabricator integration)
https://hackerone.com/reports/61367 | xss on autoserch
https://hackerone.com/reports/61371 | leak receipt of another user
https://hackerone.com/reports/62301 | Ability to add pishing links in discusion ," Bypassing uneductional Links add "
https://hackerone.com/reports/62400 | XSS on https://www.udemy.com/asset/export.html
https://hackerone.com/reports/62427 | XSS in myshopify.com Admin site in TAX Overrides
https://hackerone.com/reports/62531 | tt-mac.i.mail.ru: Quagga 0.99.23.1 (Router) : Default password and default enable password
https://hackerone.com/reports/62544 | http://tp-dev1.tp.smailru.net/
https://hackerone.com/reports/62778 | Multiple sub domain are vulnerable because of leaking full path
https://hackerone.com/reports/62861 | Bulk Discount App in myshopify.com exposes http://bulkdiscounts.shopifyapps.com vulnerable to XSS
https://hackerone.com/reports/63158 | External URL page bypass
https://hackerone.com/reports/63324 | Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298
https://hackerone.com/reports/63537 | XSS in https://app.mavenlink.com/workspaces/
https://hackerone.com/reports/63729 | Logic error with notifications: user that has left team continues to receive notifications and can not 'clean' this area on account
https://hackerone.com/reports/63865 | Potential denial of service in hackerone.com//reward_settings
https://hackerone.com/reports/63888 | Cross site scripting
https://hackerone.com/reports/64731 | Able to intercept app Traffic after choosing up the Secured Connection using SSL (HTTPS)
https://hackerone.com/reports/64963 | API: Bug in method auth.validatePhone
https://hackerone.com/reports/65013 | HTML Injection Ğ½Ğ° e.mail.ru
https://hackerone.com/reports/65084 | Big Bug with Vault which i have already reported: Case #606962
https://hackerone.com/reports/65284 | Stored Cross-Site Scripting in Map Share Page
https://hackerone.com/reports/65330 | Ğ�Ğµ Ğ´Ğ¾Ñ�Ñ‚Ğ°Ñ‚Ğ¾Ñ‡Ğ½Ğ°Ñ� Ğ¿Ñ€Ğ¾Ğ²ĞµÑ€ĞºĞ° Ğ»Ğ¾Ğ³Ğ¸Ğ½Ğ° Ñ�ĞºĞ°Ğ¹Ğ¿
https://hackerone.com/reports/65729 | Activities are not Protected and able to crash app using other app (Can Malware or third parry app).
https://hackerone.com/reports/66121 | XSS at http://vk.com on IE using flash files
https://hackerone.com/reports/66151 | Invitation is not properly cancelled while inviting to bug reports.
https://hackerone.com/reports/66235 | Ğ£Ñ�Ğ·Ğ²Ğ¸Ğ¼Ğ¾Ñ�Ñ‚ÑŒ Ğ² Ğ£ĞºĞ°Ğ·Ğ°Ğ½Ğ¸Ğµ Ğ¼ĞµÑ�Ñ‚ Ğ½Ğ° Ñ„Ğ¾Ñ‚Ğ¾ + Ñ„Ğ¸Ñ‡Ğ° + Ñ…Ğ°ĞºĞ¸Ğ½Ğ³
https://hackerone.com/reports/66257 | [s.mail.ru] CRLF Injection
https://hackerone.com/reports/66262 | mailto: link injection on https://hackerone.com/directory
https://hackerone.com/reports/66386 | [www.*.myshopify.com] CRLF Injection
https://hackerone.com/reports/66962 | Misusing of FPU Instruction Could Cause Security Vulnerabilities in Adobe Flash Player
https://hackerone.com/reports/67125 | XSS at importing Product List
https://hackerone.com/reports/67132 | XSS at Bulk editing products
https://hackerone.com/reports/67161 | Possible xWork classLoader RCE: shared.mail.ru
https://hackerone.com/reports/67220 | Expire User Sessions in Admin Site does not expire user session in Shopify Application in IOS
https://hackerone.com/reports/67377 | SSRF via 'Add Image from URL' feature
https://hackerone.com/reports/67386 | [my.mail.ru] CRLF Injection
https://hackerone.com/reports/67389 | SSRF via 'Insert Image' feature of Products/Collections/Frontpage
https://hackerone.com/reports/67660 | Verification code issues for Two-Step Authentication
https://hackerone.com/reports/71614 | XSS in Myshopify Admin Site in DISCOUNTS
https://hackerone.com/reports/72243 | Publicly exposed SVN repository, ht.pornhub.com
https://hackerone.com/reports/72331 | XSS at Bulk editing ProductVariants
https://hackerone.com/reports/72785 | CSV Injection with the CVS export feature
https://hackerone.com/reports/73234 | out of bounds read crashes php-cgi
https://hackerone.com/reports/73235 | Use After Free Vulnerability in unserialize()
https://hackerone.com/reports/73236 | X509_to_X509_REQ NULL pointer deref
https://hackerone.com/reports/73237 | Buffer Over flow when parsing tar/zip/phar in phar_set_inode
https://hackerone.com/reports/73238 | Buffer Over-read in unserialize when parsing Phar
https://hackerone.com/reports/73239 | ZIP Integer Overflow leads to writing past heap boundary
https://hackerone.com/reports/73240 | Integer overflow in ftp_genlist() resulting in heap overflow
https://hackerone.com/reports/73241 | Malformed ECParameters causes infinite loop
https://hackerone.com/reports/73244 | Use after free vulnerability in unserialize() with DateInterval
https://hackerone.com/reports/73245 | Type Confusion Vulnerability in SoapClient
https://hackerone.com/reports/73246 | Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER
https://hackerone.com/reports/73247 | php_stream_url_wrap_http_ex() type-confusion vulnerability
https://hackerone.com/reports/73248 | Tokenizer crash when processing undecodable source code
https://hackerone.com/reports/73249 | Multiple use after free bugs in element module
https://hackerone.com/reports/73250 | Multiple use after free bugs in heapq module
https://hackerone.com/reports/73251 | Multiple use after free bugs in json encoding
https://hackerone.com/reports/73252 | Use after free in get_filter
https://hackerone.com/reports/73253 | Multiple type confusions in unicode error handlers
https://hackerone.com/reports/73255 | str_repeat() sign mismatch based memory corruption
https://hackerone.com/reports/73256 | PHP yaml_parse/yaml_parse_file/yaml_parse_url Double Free
https://hackerone.com/reports/73257 | PHP yaml_parse/yaml_parse_file/yaml_parse_url Unsafe Deserialization
https://hackerone.com/reports/73258 | Python: imageop Unsafe Arithmetic
https://hackerone.com/reports/73259 | Integer overflow in _pickle.c
https://hackerone.com/reports/73260 | Integer overflow in _json_encode_unicode leads to crash
https://hackerone.com/reports/73276 | Internet-based attacker can run Flash apps in local sandboxes by using special URL schemes (PSIRT-3299, CVE-2015-3079)
https://hackerone.com/reports/73491 | Buffer Overflow in PHP of the AirMax Products
https://hackerone.com/reports/73566 | Reflected XSS in chat
https://hackerone.com/reports/73567 | Attention! Remote Code Execution at http://wpt.ec2.shopify.com/
https://hackerone.com/reports/73808 | Extremely high Course rating values could be set in order to make really high Average rating of the course. Negative values could be set to.
https://hackerone.com/reports/74004 | Other Buffer Overflow in PHP of the AirMax Products
https://hackerone.com/reports/74025 | Yet another Buffer Overflow in PHP of the AirMax Products
https://hackerone.com/reports/74147 | Potential for financial loss, negative Values for "Buy fee" and "Sell Fee"
https://hackerone.com/reports/75357 | Session Cookie without HttpOnly and secure flag set
https://hackerone.com/reports/75556 | Accessing title of the report of which you are marked as duplicate
https://hackerone.com/reports/75702 | No rate limit which leads to "Users information Disclosure" including verfification documents etc.
https://hackerone.com/reports/75727 | Stored Cross site scripting In developer.zendesk.com
https://hackerone.com/reports/76307 | Self XSS Protection not used , I can trick users to insert JavaScript
https://hackerone.com/reports/76713 | XSS - Gallery Search Listing
https://hackerone.com/reports/76733 | Using GET method for account login with CSRF token leaking to external sites Via Referer.
https://hackerone.com/reports/76738 | Open redirect filter bypass
https://hackerone.com/reports/77060 | SMTP protection not used
https://hackerone.com/reports/77065 | Stealing CSRF Tokens
https://hackerone.com/reports/77067 | No rate limiting for sensitive actions (like "forgot password") enables user enumeration
https://hackerone.com/reports/77076 | GA code not verified on the server side allows sending Verification Documents on behalf of another user
https://hackerone.com/reports/77081 | Content Sniffing not disabled
https://hackerone.com/reports/77221 | Open/Unvalidated Redirect Issue
https://hackerone.com/reports/77231 | Weak Cryptographic Hash
https://hackerone.com/reports/77319 | Full path disclosure at https://keybase.io/_/api/1.0/invitation_request.json
https://hackerone.com/reports/77802 | TCP Source Port Pass Firewall
https://hackerone.com/reports/78052 | xss in group
https://hackerone.com/reports/78158 | Wrong Handling of Content-Type allows Flash injection and Rosseta flash patch bypass
https://hackerone.com/reports/78219 | ĞŸĞ¾ĞºÑƒĞ¿ĞºĞ° Ğ¿ĞµÑ�Ğ½Ğ¸ Ğ´ĞµÑˆĞµĞ²Ğ»Ğµ, Ñ‡ĞµĞ¼ Ğ¾Ğ½Ğ° Ñ�Ñ‚Ğ¾Ğ¸Ñ‚.
https://hackerone.com/reports/78253 | ĞŸĞ¾ĞºÑƒĞ¿ĞºĞ°=>Ñ�ĞºĞ°Ñ‡ĞºĞ° Ğ¿ĞµÑ�ĞµĞ½, ĞºĞ¾Ñ‚Ğ¾Ñ€Ñ‹Ğµ Ğ½Ğµ Ğ¿Ñ€ĞµĞ´Ğ½Ğ°Ğ·Ğ½Ğ°Ñ‡ĞµĞ½Ñ‹ Ğ´Ğ»Ñ� Ğ¿Ñ€Ğ¾Ğ´Ğ°Ğ¶Ğ¸
https://hackerone.com/reports/78412 | Cross site scripting
https://hackerone.com/reports/78436 | (URGENT!) ĞŸĞ¾ĞºÑƒĞ¿ĞºĞ° OK Ğ´ĞµÑˆĞµĞ²Ğ»Ğµ, Ñ‡ĞµĞ¼ Ğ¾Ğ½ Ñ�Ñ‚Ğ¾Ğ¸Ñ‚
https://hackerone.com/reports/78443 | Time-Based Blind SQL Injection Attacks
https://hackerone.com/reports/78516 | Ğ”Ğ¾Ñ�Ñ‚ÑƒĞ¿ Ğº Ñ‡ÑƒĞ¶Ğ¸Ğ¼ Ğ¿Ñ€Ğ¸Ğ²Ğ°Ñ‚Ğ½Ñ‹Ğ¼ Ñ„Ğ¾Ñ‚Ğ¾Ğ³Ñ€Ğ°Ñ„Ğ¸Ñ�Ğ¼ (3) Ñ‡ĞµÑ€ĞµĞ· Ğ¾Ğ±Ğ»Ğ¾Ğ¶ĞºÑƒ Ğ²Ğ¸Ğ´ĞµĞ¾
https://hackerone.com/reports/78765 | information disclosure
https://hackerone.com/reports/79046 | Ğ”Ğ¾Ñ�Ñ‚ÑƒĞ¿ Ğº Ñ‡ÑƒĞ¶Ğ¸Ğ¼ Ğ³Ñ€ÑƒĞ¿Ğ¿Ğ¾Ğ²Ñ‹Ğ¼ Ğ±ĞµÑ�ĞµĞ´Ğ°Ğ¼.
https://hackerone.com/reports/79185 | Content spoofing through Referel header
https://hackerone.com/reports/79348 | OSX slack:// protocol handler javascript injection
https://hackerone.com/reports/79393 | Ğ�Ñ‚ĞºÑ€Ñ‹Ñ‚Ñ‹Ğ¹ Ğ´Ğ¾Ñ�Ñ‚ÑƒĞ¿ Ğº ĞºĞ¾Ñ€Ğ¿Ğ¾Ñ€Ğ°Ñ‚Ğ¸Ğ²Ğ½Ñ‹Ğ¼ Ğ´Ğ°Ğ½Ğ½Ñ‹Ğ¼.
https://hackerone.com/reports/79552 | [gratipay.com] CRLF Injection
https://hackerone.com/reports/80298 | Ğ’Ğ½ĞµĞ´Ñ€ĞµĞ½Ğ¸Ğµ Ğ¿Ñ€Ğ¾Ğ¸Ğ·Ğ²Ğ¾Ğ»ÑŒĞ½Ğ¾Ğ³Ğ¾ javascript-Ñ�Ñ†ĞµĞ½Ğ°Ñ€Ğ¸Ñ� Ğ² Ñ„ÑƒĞ½ĞºÑ†Ğ¸Ğ¾Ğ½Ğ°Ğ»Ğµ Ğ¿Ñ€Ğ¾Ñ�Ğ¼Ğ¾Ñ‚Ñ€Ğ° Ğ¸Ğ·Ğ¾Ğ±Ñ€Ğ°Ğ¶ĞµĞ½Ğ¸Ğ¹ Ğ¼Ğ¾Ğ±Ğ¸Ğ»ÑŒĞ½Ğ¾Ğ¹ Ğ²ĞµÑ€Ñ�Ğ¸Ğ¸ Ñ�Ğ°Ğ¹Ñ‚Ğ°
https://hackerone.com/reports/80597 | Number of invited researchers disclosed as part of JSON search response
https://hackerone.com/reports/80936 | Private Program and bounty details disclosed as part of JSON search response
https://hackerone.com/reports/80990 | JetBrains .idea project directory
https://hackerone.com/reports/81083 | Internal bounty and swag details disclosed as part of JSON response
https://hackerone.com/reports/81441 | XSS https://delivery.shopifyapps.com/ (Digital Downloads App in myshopify.com)
https://hackerone.com/reports/81701 | Possible SQL injection on "Jump to twitter"
https://hackerone.com/reports/81736 | XSS in WordPress
https://hackerone.com/reports/81757 | Reflected XSS in chat.
https://hackerone.com/reports/82725 | Stored XSS in comments
https://hackerone.com/reports/84287 | DKIM records not present, Email Hijacking is possible
https://hackerone.com/reports/84601 | XSS and cache poisoning via upload.twitter.com on ton.twitter.com
https://hackerone.com/reports/84709 | [API ISSUE] agents can Create agents even after they are disabled !
https://hackerone.com/reports/84740 | Stored XSS On Statement
https://hackerone.com/reports/85201 | Full Path Disclosure
https://hackerone.com/reports/85291 | XSS https://www.shopify.com/signup
https://hackerone.com/reports/85488 | Stored XSS on player.vimeo.com
https://hackerone.com/reports/85615 | Reflected XSS on vimeo.com/musicstore
https://hackerone.com/reports/85624 | Highly wormable clickjacking in player card
https://hackerone.com/reports/85720 | IDOR on remoing Share
https://hackerone.com/reports/86022 | Multiple so called 'type juggling' attacks. Most notably PhabricatorUser::validateCSRFToken() is 'bypassable' in certain cases.
https://hackerone.com/reports/86468 | [https://www.anghami.com/updatemailinfo/] Sql Injection
https://hackerone.com/reports/86504 | [CRITICAL] Login To Any Account Linked With Google+ With Email Only
https://hackerone.com/reports/87027 | [keybase.io] Open Redirect
https://hackerone.com/reports/87040 | XSS on OAuth authorize/authenticate endpoint
https://hackerone.com/reports/87168 | www.shopify.com XSS on blog pages via sharing buttons
https://hackerone.com/reports/87505 | Full Path Disclosure
https://hackerone.com/reports/87531 | Mail spaming
https://hackerone.com/reports/87577 | Stored XSS on vimeo.com and player.vimeo.com
https://hackerone.com/reports/87586 | Ğ�ĞµĞ±ĞµĞ·Ğ¾Ğ¿Ğ°Ñ�Ğ½Ğ°Ñ� Ñ�Ñ…ĞµĞ¼Ğ° Ğ²Ñ‹Ğ´Ğ°Ñ‡Ğ¸ Ğ½Ğ¾Ğ¼ĞµÑ€Ğ° ĞºĞ°Ñ€Ñ‚Ñ‹ QVC (Ğ²Ğ¾Ğ·Ğ¼Ğ¾Ğ¶Ğ½Ğ¾, Ñ‚Ğ°ĞºĞ¶Ğµ QVV Ğ¸ QVP)
https://hackerone.com/reports/87588 | XSS Vulnerability
https://hackerone.com/reports/87854 | XSS on vimeo.com/home after other user follows you
https://hackerone.com/reports/88105 | XSS on vimeo.com | "Search within these results" feature (requires user interaction)
https://hackerone.com/reports/88395 | Information leakage through Graphviz blocks
https://hackerone.com/reports/88508 | XSS when using captions/subtitles on video player based on Flash (requires user interaction)
https://hackerone.com/reports/88719 | Multiple DOMXSS on Amplify Web Player
https://hackerone.com/reports/88881 | XSS: https://light.mail.ru/compose, https://m.mail.ru/compose/[id]/reply Ğ¿Ñ€Ğ¸ Ğ¾Ñ‚Ğ²ĞµÑ‚Ğµ Ğ½Ğ° Ñ�Ğ¿ĞµÑ†Ğ¸Ğ°Ğ»ÑŒĞ½Ñ‹Ğ¼ Ğ¾Ğ±Ñ€Ğ°Ğ·Ğ¾Ğ¼ Ñ�Ñ„Ğ¾Ñ€Ğ¼Ğ¸Ñ€Ğ¾Ğ²Ğ°Ğ½Ğ½Ğ¾Ğµ Ğ¿Ğ¸Ñ�ÑŒĞ¼Ğ¾
https://hackerone.com/reports/89505 | Self-XSS in posts by formatting text as code
https://hackerone.com/reports/89624 | Cross-site Scripting https://www.zendesk.com/product/pricing/
https://hackerone.com/reports/90131 | CSV Excel Macro Injection Vulnerability in export customer tickets
https://hackerone.com/reports/90172 | Tweetdeck (twitter owned app) not revoked
https://hackerone.com/reports/90274 | CSV Excel Macro Injection Vulnerability in export chat logs
https://hackerone.com/reports/90308 | User email enumuration using Gmail
https://hackerone.com/reports/90688 | create staff member without owner access
https://hackerone.com/reports/90690 | change Login Services settings without owner access
https://hackerone.com/reports/90753 | Content Spoofing
https://hackerone.com/reports/91343 | Information disclosure (No rate limting in forgot password & other login)
https://hackerone.com/reports/91421 | Reflected Flash XSS using swfupload.swf with an epileptic reloading to bypass the button-event
https://hackerone.com/reports/91599 | WooCommerce: Support Ticket indirect object reference
https://hackerone.com/reports/91816 | Server Side Request Forgery In Video to GIF Functionality
https://hackerone.com/reports/92251 | Issue with Password reset functionality
https://hackerone.com/reports/92353 | CSV Injection in polldaddy.com
https://hackerone.com/reports/92472 | Tokens from services like Facebook can be stolen
https://hackerone.com/reports/92740 | SPF records not found
https://hackerone.com/reports/93004 | unauthorized access to all collections name
https://hackerone.com/reports/93020 | Ğ¡Ğ¿Ğ¾Ñ�Ğ¾Ğ± ÑƒĞ·Ğ½Ğ°Ñ‚ÑŒ Ğ¸Ğ¼Ñ� Ñ‡ĞµĞ»Ğ¾Ğ²ĞµĞºĞ° Ğ¸ Ğ’Ğ£Ğ— ÑƒĞ´Ğ°Ğ»ĞµĞ½Ğ½Ğ¾Ğ¹ Ñ�Ñ‚Ñ€Ğ°Ğ½Ğ¸Ñ†Ñ‹
https://hackerone.com/reports/93394 | Unauthenticated access to details of hidden products in any shop via title emuneration
https://hackerone.com/reports/93691 | Arbitrary write on s3://shopify-delivery-app-storage/files
https://hackerone.com/reports/93901 | Bypassing password requirement during deletion of accout
https://hackerone.com/reports/93921 | Unauthorized access to all collections, products, pages from other stores
https://hackerone.com/reports/94087 | Arbitrary read on s3://shopify-delivery-app-storage/files
https://hackerone.com/reports/94230 | Cross-site Scripting in all Zopim
https://hackerone.com/reports/94584 | Sql-inj in https://maximum.com/ajax/people
https://hackerone.com/reports/94610 | Version Disclosure (NginX)
https://hackerone.com/reports/94637 | Host Header Injection/Redirection
https://hackerone.com/reports/94642 | SMS Invite Form Abuse
https://hackerone.com/reports/94899 | Paid account can review\download any invoice of any other shop
https://hackerone.com/reports/94909 | XSS risk reduction with X-XSS-Protection: 1; mode=block header
https://hackerone.com/reports/95089 | Reflected XSS in cart at hardware.shopify.com
https://hackerone.com/reports/95231 | XSS in the "Poll" Feature on Twitter.com
https://hackerone.com/reports/95243 | Following a User Actually Follows Another User
https://hackerone.com/reports/95552 | IDOR- Activate Mopub on different organizations- steal api token- Fabric.io
https://hackerone.com/reports/95555 | CSRF on cards API
https://hackerone.com/reports/95564 | Persistent XSS in image title
https://hackerone.com/reports/95589 | Privilege escalation and circumvention of permission to limited access user
https://hackerone.com/reports/95981 | Http Response Splitting - Validate link
https://hackerone.com/reports/96229 | XSS on player.vimeo.com without user interaction and vimeo.com with user interaction
https://hackerone.com/reports/96337 | Stored XSS in Slack (weird, trial and error)
https://hackerone.com/reports/96470 | Missing of csrf protection
https://hackerone.com/reports/96636 | Password Reset - query param overrides postdata
https://hackerone.com/reports/96662 | crossdomain.xml too permissive on eu1.badoo.com, us1.badoo.com, etc.
https://hackerone.com/reports/96847 | Un-handled exception leads to Information Disclosure
https://hackerone.com/reports/96855 | Staff members with no permission to access domains can access them.
https://hackerone.com/reports/96890 | A 'Full access' administrator is able to see the shop owners user details
https://hackerone.com/reports/96908 | An administrator without the 'Settings' permission is able to see payment gateways
https://hackerone.com/reports/97161 | Can see private tweets via keyword searches on tweetdeck
https://hackerone.com/reports/97191 | Send AJAX request to external domain
https://hackerone.com/reports/97292 | HTTP header injection in info.hackerone.com allows setting cookies for hackerone.com
https://hackerone.com/reports/97295 | Multiple critical vulnerabilities in Odnoklassniki Android application
https://hackerone.com/reports/97452 | Staff members with no permission can access to the files, uploaded by the administrator
https://hackerone.com/reports/97501 | SVG parser loads external resources on image upload
https://hackerone.com/reports/97510 | Following a User After Favoriting Actually Follows Another User (related to #95243)
https://hackerone.com/reports/97535 | List of devices is accessible regardless of the account limitations
https://hackerone.com/reports/97657 | File upload XSS (Java applet) on http://slackatwork.com/
https://hackerone.com/reports/97672 | File Upload XSS in image uploading of App in mopub
https://hackerone.com/reports/97683 | Reflected Self-XSS in Slack
https://hackerone.com/reports/97938 | XSS m.imgur.com
https://hackerone.com/reports/97948 | Cross-domain AJAX request
https://hackerone.com/reports/98012 | Stored XSS on https://www.algolia.com/realtime-search-demo/*
https://hackerone.com/reports/98247 | login to any user's cashier account and full account information disclosure
https://hackerone.com/reports/98259 | 'Limited' RCE in certain places where Liquid is accepted
https://hackerone.com/reports/98281 | XSS Reflected in test.qiwi.ru
https://hackerone.com/reports/98432 | Urgent : Disclosure of all the apps with hash ID in mopub through API request (Authentication bypass)
https://hackerone.com/reports/98469 | Email Verification Link can be Used as Password Reset Link!
https://hackerone.com/reports/98499 | Apps can access 'channels' beta api
https://hackerone.com/reports/99157 | RC4 cipher suites detected on status.slack.com
https://hackerone.com/reports/99245 | XSS in L.mapbox.shareControl in mapbox.js
https://hackerone.com/reports/99321 | [CSRF] Activate PayPal Express Checkout
https://hackerone.com/reports/99368 | an xss issue
https://hackerone.com/reports/99374 | deleted staff member can add his amazon marketplace web services account to the store.
https://hackerone.com/reports/99424 | Mass Assignment Vulnerability in partners.uber.com
https://hackerone.com/reports/99435 | Open redirect helps to steal Facebook access_token
https://hackerone.com/reports/99594 | Reflected XSS on www.boozt.com
https://hackerone.com/reports/99600 | Urgent : Unauthorised Access to Media content of all Direct messages and protected tweets(Indirect object reference)
https://hackerone.com/reports/99647 | CSRF Add Album On onpatient.com
https://hackerone.com/reports/99708 | Limited CSRF bypass.
https://hackerone.com/reports/99857 | Request Accepts without X-CSRFToken [ Header - Cookie ]
https://hackerone.com/reports/99969 | User with limited access to Index configuration can rename the Index
https://hackerone.com/reports/100509 | Pre-generation of 2FA secret/backup codes seems like an unnecessary risk
https://hackerone.com/reports/100820 | Add tweet to collection CSRF
https://hackerone.com/reports/100849 | URGENT : NICHE.co Account Take Over Vulnerability
https://hackerone.com/reports/100931 | xss in link items (mopub.com)
https://hackerone.com/reports/100938 | An administrator without any permission is able to get order notifications using his APNS Token.
https://hackerone.com/reports/101063 | Drivers can change profile picture
https://hackerone.com/reports/101104 | Subdomain Expired
https://hackerone.com/reports/101145 | Remove anyone's pic gravtar
https://hackerone.com/reports/101324 | RC4 cipher suites detected
https://hackerone.com/reports/101330 | SSL certificate invalid date
https://hackerone.com/reports/101331 | RC4 cipher suites detected
https://hackerone.com/reports/101450 | XSS in creating tweets
https://hackerone.com/reports/101909 | account.ubnt.com CSRF
https://hackerone.com/reports/101962 | Open redirect using theme install
https://hackerone.com/reports/102194 | [CRITICAL] CSRF leading to account take over
https://hackerone.com/reports/102234 | Same-Origin Policy bypass on main domain - ok.ru
https://hackerone.com/reports/102236 | Same-Origin Policy Bypass #2
https://hackerone.com/reports/102327 | content injection
https://hackerone.com/reports/102376 | Ğ�Ğ±Ñ…Ğ¾Ğ´ Ğ·Ğ°Ñ‰Ğ¸Ñ‚Ñ‹ Ğ¾Ñ‚ csrf-Ğ¾Ğº Ğ² m.ok.ru
https://hackerone.com/reports/102755 | Stored XSS in name selection
https://hackerone.com/reports/103351 | [CSRF] Install premium themes
https://hackerone.com/reports/103772 | Open Redirect at *.myshopify.com/account/login?checkout_url=
https://hackerone.com/reports/103787 | CSRF possible when SOP Bypass/UXSS is available
https://hackerone.com/reports/103990 | Null pointer dereference in phar_get_fp_offset()
https://hackerone.com/reports/103991 | mod_lua: Crash in websockets PING handling
https://hackerone.com/reports/103992 | Integer overflow in _Unpickler_Read
https://hackerone.com/reports/103993 | Request Hijacking Vulnerability In RubyGems 2.4.6 And Earlier
https://hackerone.com/reports/103994 | Python 3.3 - 3.5 product_setstate() Out-of-bounds Read
https://hackerone.com/reports/103995 | Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
https://hackerone.com/reports/103996 | Use After Free Vulnerability in unserialize() with SplObjectStorage
https://hackerone.com/reports/103997 | Use After Free Vulnerability in unserialize()
https://hackerone.com/reports/103998 | Use After Free Vulnerability in session deserializer
https://hackerone.com/reports/103999 | Use after free vulnerability in unserialize() with GMP
https://hackerone.com/reports/104000 | Python xmlparse_setattro() Type Confusion
https://hackerone.com/reports/104001 | time_strftime() Buffer Over-read
https://hackerone.com/reports/104002 | Python scan_eol() Buffer Over-read
https://hackerone.com/reports/104003 | Python deque.index() uninitialized memory
https://hackerone.com/reports/104004 | Mem out-of-bounds write (segfault) in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER
https://hackerone.com/reports/104005 | null pointer deref (segfault) in zend_eval_const_expr
https://hackerone.com/reports/104006 | Null pointer deref (segfault) in spl_autoload via ob_start
https://hackerone.com/reports/104007 | Buffer over-read in exif_read_data with TIFF IFD tag
https://hackerone.com/reports/104008 | Uninitialized pointer in phar_make_dirstream
https://hackerone.com/reports/104009 | zend_throw_or_error() format string vulnerability
https://hackerone.com/reports/104010 | SOAP serialize_function_call() type confusion / RCE
https://hackerone.com/reports/104011 | AddressSanitizer reports a global buffer overflow in mkgmtime() function
https://hackerone.com/reports/104012 | Integer overflow in unserialize() (32-bits only)
https://hackerone.com/reports/104013 | heap buffer overflow in enchant_broker_request_dict()
https://hackerone.com/reports/104014 | libcurl duphandle read out of bounds
https://hackerone.com/reports/104015 | curl_setopt_array() type confusion
https://hackerone.com/reports/104016 | Dangling pointer in the unserialization of ArrayObject items
https://hackerone.com/reports/104017 | Arbitrary code execution in str_ireplace function
https://hackerone.com/reports/104018 | Multiple Use After Free Vulnerabilites in unserialize()
https://hackerone.com/reports/104019 | Files extracted from archive may be placed outside of destination directory
https://hackerone.com/reports/104020 | audioop.lin2adpcm Buffer Over-read
https://hackerone.com/reports/104021 | audioop.adpcm2lin Buffer Over-read
https://hackerone.com/reports/104022 | hotshot pack_string Heap Buffer Overflow
https://hackerone.com/reports/104023 | bytearray.find Buffer Over-read
https://hackerone.com/reports/104024 | array.fromstring Use After Free
https://hackerone.com/reports/104025 | use after free in load_newobj_ex
https://hackerone.com/reports/104026 | invalid pointer free() in phar_tar_process_metadata()
https://hackerone.com/reports/104027 | Memory Corruption in phar_parse_tarfile when entry filename starts with null
https://hackerone.com/reports/104028 | Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)
https://hackerone.com/reports/104032 | PyFloat_FromString & PyNumber_Long Buffer Over-reads
https://hackerone.com/reports/104033 | tokenizer crash when processing undecodable source code
https://hackerone.com/reports/104087 | Trick make all fixed open redirect links vulnerable again
https://hackerone.com/reports/104359 | shopifyapps.com XSS on sales channels via currency formatting
https://hackerone.com/reports/104465 | git-fastclone allows arbitrary command execution through usage of ext remote URLs in submodules
https://hackerone.com/reports/104543 | HTML injection in apps user review
https://hackerone.com/reports/104559 | XSS on codex.wordpress.org
https://hackerone.com/reports/104917 | Cross-Site Scripting Reflected On Main Domain
https://hackerone.com/reports/104931 | CSRF in Connecting Pinterest Account
https://hackerone.com/reports/105190 | Unsafe usage of Ruby string interpolation enabling command injection in git-fastclone
https://hackerone.com/reports/105419 | Cookie-Based Injection
https://hackerone.com/reports/105463 | risk of having secure=false in a crossdomain.xml
https://hackerone.com/reports/105659 | many xss in widgets.shopifyapps.com
https://hackerone.com/reports/105688 | DOM Based XSS in Checkout
https://hackerone.com/reports/105887 | Know whether private program for company exist or not
https://hackerone.com/reports/105953 | Parameter pollution in social sharing buttons
https://hackerone.com/reports/105977 | DLL Hijacking Vulnerability in GlassWireSetup.exe
https://hackerone.com/reports/105991 | "Remember me" token generated when "Remember me" box unchecked
https://hackerone.com/reports/106084 | Team Memberâ–ˆâ–ˆâ–ˆ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports
https://hackerone.com/reports/106293 | Reflective XSS on wholesale.shopify.com
https://hackerone.com/reports/106305 | Improve signals in reputation
https://hackerone.com/reports/106348 | text injection can be used in phishing 404 page should not include attacker text
https://hackerone.com/reports/106350 | text injection can be used in phishing 404 page should not include attacker text
https://hackerone.com/reports/106384 | Application error message
https://hackerone.com/reports/106427 | HTTP-Response-Splitting on v.shopify.com
https://hackerone.com/reports/106548 | Format string vulnerability in zend_throw_or_error()
https://hackerone.com/reports/106636 | Strored Cross Site Scripting
https://hackerone.com/reports/106779 | Stored XSS in comments
https://hackerone.com/reports/106897 | Stored XSS in /admin/orders
https://hackerone.com/reports/106982 | XSS in imgur mobile
https://hackerone.com/reports/107036 | XSS in imgur mobile 3
https://hackerone.com/reports/107213 | GlassWireSetup.exe subject to EXE planting attack
https://hackerone.com/reports/107296 | Possible Timing Side-Channel in XMLRPC Verification
https://hackerone.com/reports/107336 | Team Member(s) associated with a Group have Read-only permission (Post internal comments) can post comment to all the participants
https://hackerone.com/reports/107358 | reflected in xss
https://hackerone.com/reports/107780 | [cfire.mail.ru] Time Based SQL Injection
https://hackerone.com/reports/107960 | Reflected File Download in community.ubnt.com/restapi/
https://hackerone.com/reports/108082 | Exploiting unauthenticated encryption mode
https://hackerone.com/reports/108113 | Bypassing callback_url validation on Digits
https://hackerone.com/reports/108681 | Use After Free Vulnerability in WDDX Packet Deserialization
https://hackerone.com/reports/108682 | Type Confusion Vulnerability in PHP_to_XMLRPC_worker()
https://hackerone.com/reports/108683 | Session WDDX Packet Deserialization Type Confusion Vulnerability
https://hackerone.com/reports/109054 | HTTP trace method is enabled
https://hackerone.com/reports/109161 | protect against tabnabbing in statement
https://hackerone.com/reports/109175 | Use After Free in sortWithSortKeys()
https://hackerone.com/reports/109212 | [parapa.mail.ru] SQL Injection
https://hackerone.com/reports/109483 | User with Read-Only permissions can request/approve public disclosure
https://hackerone.com/reports/109699 | Subdomain Takeover in http://assets.goubiquiti.com/
https://hackerone.com/reports/109815 | Direct URL access to completed reports
https://hackerone.com/reports/109843 | Uninitialized pointer in phar_make_dirstream()
https://hackerone.com/reports/109959 | Extended policy checks are buggy
https://hackerone.com/reports/110293 | Insufficient OAuth callback validation which leads to Periscope account takeover
https://hackerone.com/reports/110352 | Perl 5.22 VDir::MapPathA/W Out-of-bounds Reads and Buffer Over-reads
https://hackerone.com/reports/110417 | Heap corruption in tar/zip/phar parser
https://hackerone.com/reports/110467 | Bypassing Digits bridge origin validation
https://hackerone.com/reports/110578 | HTML injection can lead to data theft
https://hackerone.com/reports/110655 | Information Exposure Through Directory Listing
https://hackerone.com/reports/110720 | Arbitary Memory Read via gdImageRotateInterpolated Array Index Out of Bounds
https://hackerone.com/reports/110722 | Heap BufferOver Flow in escapeshellargs and escapeshellcmd functions
https://hackerone.com/reports/110801 | Internal GET SSRF via CSRF with Press This scan feature
https://hackerone.com/reports/111078 | Sub Domain Take over
https://hackerone.com/reports/111094 | Content Spoofing OR Text Injection in https://withinsecurity.com
https://hackerone.com/reports/111192 | CSV Injection via the CSV export feature
https://hackerone.com/reports/111216 | Twitter Disconnect CSRF
https://hackerone.com/reports/111218 | Attach Pinterest account - no State/CSRF parameter in Oauth Call back
https://hackerone.com/reports/111365 | XSS at www.woothemes.com
https://hackerone.com/reports/111386 | Legacy API exposes private video titles
https://hackerone.com/reports/111417 | Checking whether user liked the media or not even when you are blocked
https://hackerone.com/reports/111500 | XSS at wordpress.com
https://hackerone.com/reports/111752 | Big Bug in SSL : breach compression attack (CVE-2013-3587) affect imgur.com
https://hackerone.com/reports/111860 | Error Page Text Injection #106350
https://hackerone.com/reports/111915 | [CRITICAL] HTML injection issue leading to account take over
https://hackerone.com/reports/111950 | [allods.my.com] SSRF / XSPA
https://hackerone.com/reports/111968 | Interstitial redirect bypass / open redirect in https://hackerone.com/zendesk_session
https://hackerone.com/reports/112057 | Heapoverflow in zipimporter module
https://hackerone.com/reports/112386 | smartlist_add, smartlist_insert (may) cause heap corruption as a result of inadequate checks in smartlist_ensure_capacity
https://hackerone.com/reports/112496 | Session Issue Maybe Can lead to huge loss [CRITICAL]
https://hackerone.com/reports/112555 | [afisha.mail.ru] SQL Injection
https://hackerone.com/reports/112632 | [tor] libevent dns remote stack overread vulnerability
https://hackerone.com/reports/112723 | PHP-FPM fpm_log.c memory leak and buffer overflow
https://hackerone.com/reports/112784 | libevent (stack) buffer overflow in evutil_parse_sockaddr_port
https://hackerone.com/reports/112855 | EIP control using type confusion in json encoding
https://hackerone.com/reports/112858 | UAF in xmlparser_setevents (1)
https://hackerone.com/reports/112860 | UAF in xmlparser_setevents (2)
https://hackerone.com/reports/112863 | Trivial age-old heap overflow in 32-bit PHP
https://hackerone.com/reports/112935 | Unintended HTML inclusion as a result of https://hackerone.com/reports/110578
https://hackerone.com/reports/112955 | WordPress Failure Notice page will generate arbitrary hyperlinks
https://hackerone.com/reports/113070 | Multiple issues with Markdown and URL parsing
https://hackerone.com/reports/113112 | Open-redirect on paragonie.com
https://hackerone.com/reports/113120 | An integer overflow bug in php_implode() could lead heap overflow, make PHP to crash
https://hackerone.com/reports/113122 | An integer overflow bug in php_str_to_str_ex() led arbitrary code execution.
https://hackerone.com/reports/113268 | Integer overflow in wordwrap
https://hackerone.com/reports/113288 | OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)
https://hackerone.com/reports/113424 | [tor] control connection pre-auth DoS (infinite loop) with --enable-bufferevents
https://hackerone.com/reports/113798 | Null pointer deref with ob_start with compact
https://hackerone.com/reports/113799 | Null pointer deref with ob_start with get_defined_vars
https://hackerone.com/reports/114024 | Stack overflow when decompressing tar archives
https://hackerone.com/reports/114078 | Use-after-free vulnerability in SPL(ArrayObject, unserialize)
https://hackerone.com/reports/114079 | Use-after-free vulnerability in SPL(SplObjectStorage, unserialize)
https://hackerone.com/reports/114125 | Remote Server Restart Lead to Denial of Server by only one Request.
https://hackerone.com/reports/114169 | Bypassing Digits web authentication's host validation with HPP
https://hackerone.com/reports/114172 | Out-of-Bound Read in phar_parse_zipfile()
https://hackerone.com/reports/114339 | Type Confusion in WDDX Packet Deserialization
https://hackerone.com/reports/114414 | openssl_seal() uninitialized memory usage
https://hackerone.com/reports/114430 | CSRF on https://shopify.com/plus
https://hackerone.com/reports/114476 | Ğ’Ğ½ĞµĞ´Ñ€ĞµĞ½Ğ¸Ğµ Ğ²Ğ½ĞµÑˆĞ½Ğ¸Ñ… Ñ�ÑƒÑ‰Ğ½Ğ¾Ñ�Ñ‚ĞµĞ¹ Ğ² Ñ„ÑƒĞ½ĞºÑ†Ğ¸Ğ¾Ğ½Ğ°Ğ»Ğµ Ğ¸Ğ¼Ğ¿Ğ¾Ñ€Ñ‚Ğ° Ğ¿Ğ¾Ğ»ÑŒĞ·Ğ¾Ğ²Ğ°Ñ‚ĞµĞ»ĞµĞ¹ YouTrack
https://hackerone.com/reports/114529 | Content Spoofing and Local Redirect in Mapbox Studio
https://hackerone.com/reports/114698 | Remote Server Restart Lead to Denial of Service by only one Request.
https://hackerone.com/reports/115007 | Race conditions can be used to bypass invitation limit
https://hackerone.com/reports/115205 | Putting link inside link in markdown
https://hackerone.com/reports/115230 | Content spoofing due to the improper behavior of the not-found meesage
https://hackerone.com/reports/115275 | SPF DNS Record
https://hackerone.com/reports/115284 | prevent content spoofing on /search
https://hackerone.com/reports/115291 | [orsotenslimselfie.lady.mail.ru] SQL Injection
https://hackerone.com/reports/115337 | Full Path Disclosure
https://hackerone.com/reports/115686 | [tor] pre-emptive defenses, potential vulnerabilities
https://hackerone.com/reports/115702 | [tor] libevent dns OOB read
https://hackerone.com/reports/115748 | SSRF in https://imgur.com/vidgif/url
https://hackerone.com/reports/115857 | SSRF and local file read in video to gif converter
https://hackerone.com/reports/115978 | SSRF / Local file enumeration / DoS due to improper handling of certain file formats by ffmpeg
https://hackerone.com/reports/116006 | XSS on hardware.shopify.com
https://hackerone.com/reports/116029 | Private program activity timeline information disclosure
https://hackerone.com/reports/116032 | Private Program Disclosure in /:handle/reports/draft.json endpoint
https://hackerone.com/reports/116286 | Type confusion in partial.setstate, partial_repr, partial_call leads to memory corruption, reliable control flow hijack
https://hackerone.com/reports/116360 | The POODLE attack (SSLv3 supported) for https://grtp.co/
https://hackerone.com/reports/116372 | Use-After-Free / Double-Free in WDDX Deserialize
https://hackerone.com/reports/116419 | an xss issue in https://hunter22.slack.com/help/requests/793043
https://hackerone.com/reports/116508 | [3k.mail.ru] SQL Injection
https://hackerone.com/reports/116570 | VERY DANGEROUS XSS STORED inside emails
https://hackerone.com/reports/116764 | vk.com/login.php
https://hackerone.com/reports/116773 | Type Confusion Vulnerability - SOAP / make_http_soap_request()
https://hackerone.com/reports/116798 | Private Program Disclosure in /:handle/settings/allow_report_submission.json endpoint
https://hackerone.com/reports/116937 | Chat History CSV Export Excel Injection Vulnerability
https://hackerone.com/reports/116951 | Increase number of bugs by sending duplicate of your own valid report
https://hackerone.com/reports/116973 | No Valid SPF Records.
https://hackerone.com/reports/117068 | XSS @ love.uber.com
https://hackerone.com/reports/117080 | Multiple Vulnerabilities (Including SQLi) in love.uber.com
https://hackerone.com/reports/117097 | Email Forgery through Mandrillapp SPF
https://hackerone.com/reports/117142 | limit HTTP methods on other domains
https://hackerone.com/reports/117149 | SPF/DKIM/DMARC for grtp.co
https://hackerone.com/reports/117159 | SPF/DKIM/DMARC for aspen.io
https://hackerone.com/reports/117187 | Prevent content spoofing on /~username/emails/verify.html
https://hackerone.com/reports/117190 | Reflected XSS on Uber.com careers
https://hackerone.com/reports/117325 | DMARC is misconfigured for grtp.co
https://hackerone.com/reports/117330 | stop serving grtp.co over HTTP
https://hackerone.com/reports/117449 | XSS in Draft Orders in Timeline i SHOPIFY Admin Site!
https://hackerone.com/reports/117458 | strengthen Diffie-Hellman (DH) key exchange parameters in grtp.co
https://hackerone.com/reports/117480 | Stored XSS via Angular Expression injection on developer.zendesk.com
https://hackerone.com/reports/117651 | Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes
https://hackerone.com/reports/117739 | limit number of images in statement
https://hackerone.com/reports/117902 | Ğ”Ğ¾Ñ€Ğº
https://hackerone.com/reports/118066 | Content Spoofing in mango.qiwi.com
https://hackerone.com/reports/118582 | CSV Injection at the CSV export feature
https://hackerone.com/reports/118631 | XSSI (Cross Site Script Inclusion)
https://hackerone.com/reports/118688 | File name and folder enumeration.
https://hackerone.com/reports/118718 | User with Read-Only permissions can manually public disclosure the report
https://hackerone.com/reports/118855 | CVE-2016-0799 memory issues in BIO_*printf functions
https://hackerone.com/reports/118925 | API Key added for one Indices works for all other indices too.
https://hackerone.com/reports/118965 | Distinguish EP+Private vs Private programs in HackerOne
https://hackerone.com/reports/119022 | Tweet Deck XSS- Persistent- Group DM name
https://hackerone.com/reports/119166 | Able to view others' gifts on /gift/share URL, giftId is predictable, and easy to manipulate
https://hackerone.com/reports/119220 | Sub-Domain Takeover
https://hackerone.com/reports/119221 | User with Read-Only permissions can edit the Internal comment Activities on Bug Reports After Revoke the team access permissions
https://hackerone.com/reports/119236 | Open Redirection on Uber.com
https://hackerone.com/reports/119250 | xss in the all widgets of shopifyapps.com
https://hackerone.com/reports/119317 | Read-Only user can execute arbitraty shell commands on AirOS
https://hackerone.com/reports/119471 | DOMXSS in Tweetdeck
https://hackerone.com/reports/119652 | Adobe Flash Player ASnative(101,10) Memory Corruption Vulnerability
https://hackerone.com/reports/119653 | Adobe Flash Player ASnative(900,1).call(MovieClip) Use-After-Free Vulnerability
https://hackerone.com/reports/119655 | Adobe Flash Player ASnative(900,1).call(TextField) Use-After-Free Vulnerability
https://hackerone.com/reports/119657 | Adobe Flash Player Race Condition Vulnerability
https://hackerone.com/reports/119873 | BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
https://hackerone.com/reports/120026 | don't serve hidden files from Nginx
https://hackerone.com/reports/121461 | Subdomain takeover due to unclaimed Amazon S3 bucket on a2.bime.io
https://hackerone.com/reports/121469 | Broken Authentication on Badoo
https://hackerone.com/reports/121489 | CRLF injection in https://verkkopalvelu.lahitapiola.fi/
https://hackerone.com/reports/121696 | Bypass two-factor authentication
https://hackerone.com/reports/121827 | Account Takeover
https://hackerone.com/reports/121863 | Buffer overflow in HTTP url parsing functions
https://hackerone.com/reports/121940 | Shell Injection via Web Management Console (dl-fw.cgi)
https://hackerone.com/reports/122050 | Mapbox API Access Token with No Scope Can Read Styles
https://hackerone.com/reports/122113 | OpenSSH / dropbearSSHd xauth command injection
https://hackerone.com/reports/122254 | Adobe Flash Player TextField Use-After-Free Vulnerability
https://hackerone.com/reports/122256 | Adobe Flash Player Uninitialised Memory Corruption
https://hackerone.com/reports/122849 | Stored XSS in https://checkout.shopify.com/
https://hackerone.com/reports/123027 | Edit Auto Response Messages
https://hackerone.com/reports/123119 | Use after free with assign by ref to overloaded objects
https://hackerone.com/reports/123125 | XSS on hardware.shopify.com
https://hackerone.com/reports/123339 | CSRF allows attacker to delete item from customer's "Postilaatikko"
https://hackerone.com/reports/123615 | SECURITY: Referencing previous Reports attachment_IDs on new Reports via Draft_Sync DELETES Attachments
https://hackerone.com/reports/123742 | suppress version in Server header on gratipay.com or grtp.co
https://hackerone.com/reports/123849 | Cookie Does Not Contain The "secure" Attribute
https://hackerone.com/reports/123897 | auto-logout after 20 minutes
https://hackerone.com/reports/124100 | Shopify GitHub Login and Password exposed all private source code might be available.
https://hackerone.com/reports/124223 | CSV Injection via the CSV export feature
https://hackerone.com/reports/124277 | XSS via React element spoofing
https://hackerone.com/reports/124429 | Stored XSS via "Free Shipping" option (Discounts)
https://hackerone.com/reports/124611 | Disclosure of private programs that have an "external" page on HackerOne
https://hackerone.com/reports/124737 | Multiple Heap Overflows in php_raw_url_encode/php_url_encode
https://hackerone.com/reports/124845 | Bypassed password authentication before enabling OTP verification
https://hackerone.com/reports/124889 | Websites opened from reports can change url of report page
https://hackerone.com/reports/124976 | Hijacking user session by forcing the use of invalid HTTPs Certificate on images.gratipay.com
https://hackerone.com/reports/125000 | Open Redirect in m.uber.com
https://hackerone.com/reports/125027 | Reflected XSS on developer.uber.com via Angular template injection
https://hackerone.com/reports/125112 | XSS in getrush.uber.com
https://hackerone.com/reports/125200 | Lack of rate limiting on get.uber.com leads to enumeration of promotion codes and estimation of a lower bound on the number of Uber drivers
https://hackerone.com/reports/125250 | Avoiding Surge Pricing
https://hackerone.com/reports/125498 | Dom Based Xss
https://hackerone.com/reports/125505 | Possibility to brute force invite codes in riders.uber.com
https://hackerone.com/reports/125587 | Hogging up all the resources on hackerone.com
https://hackerone.com/reports/125791 | Reflected XSS via Unvalidated / Open Redirect in uber.com
https://hackerone.com/reports/125849 | XSS found on Snapchat website
https://hackerone.com/reports/125980 | uber.com may RCE by Flask Jinja2 Template Injection
https://hackerone.com/reports/126010 | prevent content spoofing on /~username/emails/verify.html
https://hackerone.com/reports/126099 | Stored XSS in drive.uber.com WordPress admin panel
https://hackerone.com/reports/126109 | CSV Injection in business.uber.com
https://hackerone.com/reports/126197 | XSS In archive.uber.com Due to Mime Sniffing in IE
https://hackerone.com/reports/126203 | CBC "cut and paste" attack may cause Open Redirect(even XSS)
https://hackerone.com/reports/126209 | Posting modified information in 'Investment section' will cause unintended information change in verkkopalvelu.tapiola.fi
https://hackerone.com/reports/126416 | Integer Overflow in php_raw_url_encode
https://hackerone.com/reports/126522 | Incorrect param parsing in Digits web authentication
https://hackerone.com/reports/126539 | XSS on https://app.shopify.com/
https://hackerone.com/reports/126652 | potential remote code execution with phar archive
https://hackerone.com/reports/126797 | Use-after-free during XML transformations (MFSA-2016-27)
https://hackerone.com/reports/126906 | Stored XSS in archive.uber.com Due to Injection of Javascript:alert(0)
https://hackerone.com/reports/127077 | www.lahitapiola.fi DOM XSS by choosing regional company
https://hackerone.com/reports/127154 | XSS using javascript:alert(8007)
https://hackerone.com/reports/127212 | php_snmp_error() Format String Vulnerability
https://hackerone.com/reports/127242 | Negative size parameter (-1) in memcpy mbfl_strcut
https://hackerone.com/reports/127620 | New hacktivity view discloses report IDs of non-public reports
https://hackerone.com/reports/127703 | [CRITICAL] Full account takeover using CSRF
https://hackerone.com/reports/127844 | Web Authentication Endpoint Credentials Brute-Force Vulnerability
https://hackerone.com/reports/127918 | Easy spam with USE My PHONE Feature
https://hackerone.com/reports/127948 | Stored XSS on newsroom.uber.com admin panel / Stream WordPress plugin
https://hackerone.com/reports/127995 | Limit email address length
https://hackerone.com/reports/128088 | AWS S3 bucket writeable for authenticated aws users
https://hackerone.com/reports/128114 | Administrator access to a Django Administration Panel on *.sc-corp.net via bruteforced credentials
https://hackerone.com/reports/128121 | fix bug in username restriction
https://hackerone.com/reports/128169 | BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
https://hackerone.com/reports/128750 | Read-Only user can execute arbitraty shell commands on AirOS
https://hackerone.com/reports/128777 | No rate-limit in Two factor Authentication leads to bypass using bruteforce attack
https://hackerone.com/reports/128856 | Send email asynchronously
https://hackerone.com/reports/129001 | Cookie-based client-side denial-of-service to all of the LÃ¤hitapiola domains
https://hackerone.com/reports/129091 | CPU utilization 99% on visiting wordpress site url & open redirect found
https://hackerone.com/reports/129381 | niche s3 buckets are readable/writeable/deleteable by authorized AWS users
https://hackerone.com/reports/129436 | xss in DM group name in twitter
https://hackerone.com/reports/129771 | Python 2.7 strop.replace Integer Overflow
https://hackerone.com/reports/129773 | Previous attachments can be referenced when creating a new report
https://hackerone.com/reports/129862 | Stored XSS on [your_zendesk].zendesk.com in Facebook Channel
https://hackerone.com/reports/129873 | Bypassing Digits origin validation which leads to account takeover
https://hackerone.com/reports/130889 | Reflected XSS in scores.ubnt.com
https://hackerone.com/reports/131065 | bring grtp.co up to A grade on SSLLabs
https://hackerone.com/reports/131082 | Open Redirector via (apps/files_pdfviewer) for un-authenticated users.
https://hackerone.com/reports/131108 | Akismet Several CSRF vulnerabilities
https://hackerone.com/reports/131202 | [Critical] - Steal OAuth Tokens
https://hackerone.com/reports/131450 | Stored XSS in developer.uber.com
https://hackerone.com/reports/132104 | Stored XSS on team.slack.com using new Markdown editor of posts inside the Editing mode and using javascript-URIs
https://hackerone.com/reports/132602 | Stored XSS at Udemy
https://hackerone.com/reports/133963 | XSS on www.wordpress.com
https://hackerone.com/reports/134061 | Reflected XSS via Livefyre Media Wall in newsroom.uber.com
https://hackerone.com/reports/134321 | RCE on facebooksearch.algolia.com
https://hackerone.com/reports/134388 | Content Spoofing or Text Injection (404 error page injection on yrityspalvelu)
https://hackerone.com/reports/134434 | XSS In /zuora/ functionality
https://hackerone.com/reports/134546 | WordPress Flash XSS in flashmediaelement.swf
https://hackerone.com/reports/134738 | WordPress SOME bug in plupload.flash.swf leading to RCE
https://hackerone.com/reports/134757 | staff memeber can install apps even if have limitied access
https://hackerone.com/reports/134880 | ASN.1 BIO excessive memory allocation (CVE-2016-2109)
https://hackerone.com/reports/135072 | RCE in profile picture upload
https://hackerone.com/reports/135152 | Integer overflow in ZipArchive::getFrom*
https://hackerone.com/reports/135217 | Reflected cross-site scripting (XSS) on api.tiles.mapbox.com
https://hackerone.com/reports/135288 | Multiple vulnerabilities in a WordPress plugin at drive.uber.com
https://hackerone.com/reports/135291 | Out-of-bounds reads in zif_grapheme_stripos with negative offset
https://hackerone.com/reports/135293 | bcpowmod accepts negative scale and corrupts one definition
https://hackerone.com/reports/135294 | xml_parse_into_struct segmentation fault
https://hackerone.com/reports/135756 | View all deleted comments and rating of any app .
https://hackerone.com/reports/135797 | Session Fixation
https://hackerone.com/reports/135944 | EVP_EncodeUpdate overflow (CVE-2016-2105)
https://hackerone.com/reports/135945 | EVP_EncryptUpdate overflow (CVE-2016-2106)
https://hackerone.com/reports/135946 | EBCDIC overread (CVE-2016-2176)
https://hackerone.com/reports/136169 | OneLogin authentication bypass on WordPress sites
https://hackerone.com/reports/136221 | Denial of service in account statistics endpoint
https://hackerone.com/reports/136454 | User credentials leak and arbitrary local file read/leak due to same-origin-policy violation
https://hackerone.com/reports/136481 | CSRF on Vimeo via cross site flashing leading to info disclosure and private videos go public
https://hackerone.com/reports/136582 | OAuth 2 Authorization Bypass via CSRF and Cross Site Flashing
https://hackerone.com/reports/136600 | Reflected XSS in Backend search
https://hackerone.com/reports/136720 | don't leak server version of grtp.co in error pages
https://hackerone.com/reports/136850 | Images and Subtitles Leakage from private videos
https://hackerone.com/reports/136986 | Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
https://hackerone.com/reports/137487 | Amazon Bucket Accessible (http://inpref.s3.amazonaws.com/)
https://hackerone.com/reports/137502 | All Vimeo Private videos disclosure via Authorization Bypass
https://hackerone.com/reports/137956 | SQL Injection
https://hackerone.com/reports/138025 | Heap corruption via memarea.c
https://hackerone.com/reports/138075 | [stored xss, pornhub.com] stream post function
https://hackerone.com/reports/138179 | Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
https://hackerone.com/reports/138181 | Bleichenbacher oracle in SSLv2 (CVE-2016-0704)
https://hackerone.com/reports/138243 | [IDOR] Deleting other users comment
https://hackerone.com/reports/138244 | Missing access control exposing detailed information on all users
https://hackerone.com/reports/138516 | Adobe Flash Player ContentFactory class Memory Corruption Vulnerability
https://hackerone.com/reports/138517 | Adobe Flash Player Metadata class Memory Corruption Vulnerability
https://hackerone.com/reports/138518 | Adobe Flash Player OpportunityGenerator class Memory Corruption Vulnerability
https://hackerone.com/reports/138869 | OneLogin authentication bypass on WordPress sites via XMLRPC
https://hackerone.com/reports/139004 | Persistent XSS at verkkopalvelu.tapiola.fi using spoofed React element and React v.0.13.3
https://hackerone.com/reports/139192 | Ability to collect users' ids that have visited a specific web page with malicious code
https://hackerone.com/reports/139245 | WordPress core stored XSS via attachment file name
https://hackerone.com/reports/139398 | Read-Only user can execute arbitraty shell commands on AirOS
https://hackerone.com/reports/139626 | Passphrase credential lock bypass
https://hackerone.com/reports/139879 | Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability
https://hackerone.com/reports/140432 | configure a redirect URI for Facebook OAuth
https://hackerone.com/reports/140447 | Open Redirect on slack.com
https://hackerone.com/reports/140548 | [upload-X.my.mail.ru] /uploadphoto Insecure Direct Object References
https://hackerone.com/reports/140616 | www.starbucks.co.uk Reflected XSS via utm_source parameter
https://hackerone.com/reports/140705 | [my.mail.ru] HTML injection Ğ² Ğ¿Ğ¸Ñ�ÑŒĞ¼Ğ°Ñ… Ğ¾Ñ‚ [email protected]
https://hackerone.com/reports/140865 | Integer Overflow in php_html_entities()
https://hackerone.com/reports/141065 | Security Issue : CSRF Token Design Flaw
https://hackerone.com/reports/141125 | Ngnix Server version disclosure
https://hackerone.com/reports/141174 | node.drchrono.com - Information Disclosure and Windows Host Exposed
https://hackerone.com/reports/141197 | get_icu_value_internal out-of-bounds read
https://hackerone.com/reports/141198 | Template stored XSS
https://hackerone.com/reports/141202 | imagescale out-of-bounds read
https://hackerone.com/reports/141212 | Integer underflow / arbitrary null write in fread/gzread
https://hackerone.com/reports/141240 | Angular injection in the profile name of onpatient
https://hackerone.com/reports/141244 | XSS in zendesk.com/product/
https://hackerone.com/reports/141344 | [CRITICAL] CSRF leading to account take over
https://hackerone.com/reports/141463 | Stored XSS via AngularJS Injection
https://hackerone.com/reports/141541 | User with no permissions can access full wdcalendar feed
https://hackerone.com/reports/141629 | Able to remove the admin access of my program
https://hackerone.com/reports/141700 | Bypass GlassWire's monitoring of Hosts file
https://hackerone.com/reports/141734 | Bypassing Password Reset
https://hackerone.com/reports/141839 | Multiple vulnerabilities related to PCRE functions (already fixed)
https://hackerone.com/reports/142084 | Stored XSS in unifi.ubnt.com
https://hackerone.com/reports/142096 | [Screenhero] Subdomain takeover
https://hackerone.com/reports/142101 | User with no permissions can create, edit, delete favorite prescriptions /erx/
https://hackerone.com/reports/142135 | XSS Ğ² upload.php
https://hackerone.com/reports/142472 | CVE-2016-2177 Undefined pointer arithmetic in SSL code
https://hackerone.com/reports/142549 | Information Disclosure through .DS_Store in â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ
https://hackerone.com/reports/142709 | Fetching external resources through svg images
https://hackerone.com/reports/142773 | 16 instances where return value of OpenSSL i2d_RSAPublicKey is discarded -- might lead to use of uninitialized memory
https://hackerone.com/reports/142940 | Bug Report
https://hackerone.com/reports/142946 | xss vulnerability in http://ubermovement.com/community/daniel
https://hackerone.com/reports/143022 | Heap corruption via Python 2.7.11 IOBase readline()
https://hackerone.com/reports/143064 | Information Disclosure
https://hackerone.com/reports/143139 | upgrade Aspen on inside.gratipay.com to pick up CR injection fix
https://hackerone.com/reports/143220 | XSS on www.mapbox.com/authorize
https://hackerone.com/reports/143234 | Integer Overflow in _gd2GetHeader() resulting in heap overflow
https://hackerone.com/reports/143240 | XSS on www.mapbox.com/authorize/ because of open redirect at /core/oauth/auth
https://hackerone.com/reports/143669 | ĞŸĞ¾Ğ»ÑƒÑ‡ĞµĞ½Ğ¸Ğµ Ğ¾Ñ€Ğ¸Ğ³Ğ¸Ğ½Ğ°Ğ»Ğ° Ñ�ĞºÑ€Ñ‹Ñ‚Ğ¾Ğ³Ğ¾ Ğ¸Ğ·Ğ¾Ğ±Ñ€Ğ°Ğ¶ĞµĞ½Ğ¸Ñ�
https://hackerone.com/reports/143717 | Change any Uber user's password through /rt/users/passwordless-signup - Account Takeover (critical)
https://hackerone.com/reports/143903 | File upload over private IM channel
https://hackerone.com/reports/143935 | [sms-be-vip.twitter.com] vulnerable to Jetleak
https://hackerone.com/reports/143966 | Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714)
https://hackerone.com/reports/143975 | Homograph attack in escalate report
https://hackerone.com/reports/144000 | Authorization Bypass in Delivery Chat Logs
https://hackerone.com/reports/144129 | Old titles are not hidden in reports with limited disclosure
https://hackerone.com/reports/144482 | StringIO strio_getline() can divulge arbitrary memory
https://hackerone.com/reports/144616 | Brute-Forcing invite codes in partners.uber.com
https://hackerone.com/reports/144674 | [townwars.mail.ru] Time-Based SQL Injection
https://hackerone.com/reports/144782 | CVE-2016-0772 - python: smtplib StartTLS stripping attack
https://hackerone.com/reports/145086 | Stored XSS in SupportFlow Ticket Subject
https://hackerone.com/reports/145091 | Stored XSS from ticket messages in admin table in SupportFlow
https://hackerone.com/reports/145128 | [account-global.ubnt.com] CRLF Injection
https://hackerone.com/reports/145150 | Bulk UUID enumeration via invite codes
https://hackerone.com/reports/145224 | Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry
https://hackerone.com/reports/145265 | Adobe Flash Player ShimContentFactory class Memory Corruption Vulnerability
https://hackerone.com/reports/145266 | Adobe Flash Player ShimContentFactory.retrieveResolvers Memory Corruption Vulnerability
https://hackerone.com/reports/145267 | Adobe Flash Player ShimContentResolver.configure Memory Corruption Vulnerability
https://hackerone.com/reports/145269 | Adobe Flash Player ShimOpportunityGenerator class Memory Corruption Vulnerability
https://hackerone.com/reports/145271 | Adobe Flash Player ShimContentResolver(resolverType=0) class Memory Corruption Vulnerability
https://hackerone.com/reports/145272 | Adobe Flash Player ShimContentResolver(resolverType=1) class Memory Corruption Vulnerability
https://hackerone.com/reports/145278 | xss in https://www.uber.com
https://hackerone.com/reports/145355 | Stored XSS on Share-popup of a directory's Gallery-view
https://hackerone.com/reports/145452 | Share owner has no possibility to list all existing derived shares
https://hackerone.com/reports/145463 | Nextcloud server software: Content Spoofing
https://hackerone.com/reports/145467 | Downloading password protected / restricted videos
https://hackerone.com/reports/145629 | 2-factor authentication bypass
https://hackerone.com/reports/145950 | Uploading files to a folder where invited user don't have any EDIT privilege
https://hackerone.com/reports/146180 | Integer Overflow in SplFileObject::fread
https://hackerone.com/reports/146182 | Integer Overflow/Heap Overflow in json_encode()/json_decode()
https://hackerone.com/reports/146183 | Integer Overflow in nl2br()
https://hackerone.com/reports/146184 | Integer Overflow in addcslashes()/addslashes()
https://hackerone.com/reports/146185 | Integer Overflow in Length of String-typed ZVAL
https://hackerone.com/reports/146200 | _php_mb_regex_ereg_replace_exec - double free
https://hackerone.com/reports/146202 | Invalid free in phar_extract_file()
https://hackerone.com/reports/146233 | Use After Free Vulnerability in PHP's GC algorithm and unserialize
https://hackerone.com/reports/146235 | ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
https://hackerone.com/reports/146255 | Double Free Corruption in wddx.c (extension)
https://hackerone.com/reports/146278 | Log pollution can lead to HTML Injection.
https://hackerone.com/reports/146336 | XSS vulnerable parameter in a location hash
https://hackerone.com/reports/146360 | Heap Overflow Due To Integer Overflow
https://hackerone.com/reports/146707 | Mixed Active Scripting Issue on https://www.lahitapiola.fi
https://hackerone.com/reports/146845 | Race Conditions in Popular reports feature.
https://hackerone.com/reports/146910 | RC4 cipher suites detected
https://hackerone.com/reports/146911 | The POODLE attack (SSLv3 supported)
https://hackerone.com/reports/146936 | CVE-2015-8874 Stack overflow with imagefilltoborder
https://hackerone.com/reports/146940 | pass2_no_dither out-of-bounds access
https://hackerone.com/reports/146944 | NULL Pointer Dereference at _gdScaleVert
https://hackerone.com/reports/147125 | Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
https://hackerone.com/reports/147369 | User can start call in a channel of an unpaid account
https://hackerone.com/reports/147544 | Generate new Test token
https://hackerone.com/reports/147577 | Application error message
https://hackerone.com/reports/147776 | Change contents of the careers iframe in https://corp.badoo.com/jobs
https://hackerone.com/reports/148050 | Know undisclosed Bounty Amount when Bounty Statistics are enabled.
https://hackerone.com/reports/148151 | SMB User Authentication Bypass and Persistence
https://hackerone.com/reports/148467 | ĞŸĞ°Ğ±Ğ»Ğ¸ĞºĞ¸: ĞœĞ¾Ğ´ĞµÑ€Ğ°Ñ‚Ğ¾Ñ€ Ğ¿Ğ°Ğ±Ğ»Ğ¸ĞºĞ° Ğ¼Ğ¾Ğ¶ĞµÑ‚ ÑƒĞ´Ğ°Ğ»Ñ�Ñ‚ÑŒ Ğ´Ğ¾Ğ±Ğ°Ğ²Ğ»ĞµĞ½Ğ½Ñ‹Ğµ Ñ€ĞµĞ´Ğ°ĞºÑ‚Ğ¾Ñ€Ğ°Ğ¼Ğ¸ Ğ¼Ğ°Ñ‚ĞµÑ€Ğ¸Ğ°Ğ»Ñ‹ Ñ� Ñ‚Ğ°Ğ¹Ğ¼ĞµÑ€Ğ¾Ğ¼ Ğ½Ğ° Ğ¿ÑƒĞ±Ğ»Ğ¸ĞºĞ°Ñ†Ğ¸Ñ�.
https://hackerone.com/reports/148609 | Register multiple users using one invitation (race condition)
https://hackerone.com/reports/148741 | Stored Cross-Site-Scripting in CMS Airship's authors profiles
https://hackerone.com/reports/148751 | Stored XSS in comments
https://hackerone.com/reports/148764 | [idor] Unauthorized Read access to all the private posts(Including Photos,Videos,Gifs)
https://hackerone.com/reports/148770 | Subdomain takeover at api.legalrobot.com due to non-used domain in Modulus.io.
https://hackerone.com/reports/148777 | Microsoft IIS tilde directory enumeration
https://hackerone.com/reports/148848 | "a stored xss issue in share post menu"
https://hackerone.com/reports/148853 | Stored XSS using SVG
https://hackerone.com/reports/148865 | HTML in Diffusion not escaped in certain circumstances
https://hackerone.com/reports/148963 | Application error message
https://hackerone.com/reports/149011 | a stored xss issue in https://files.slack.com
https://hackerone.com/reports/149154 | Stored xss
https://hackerone.com/reports/149287 | Reflected Xss in AirMax [Nanostation Loco M2]
https://hackerone.com/reports/149571 | Stored XSS in wis.pr
https://hackerone.com/reports/149798 | Content (Text) Injection at NextCloud Server 9.0.52 - via http://custom_nextcloud_url/remote.php/dav/files/
https://hackerone.com/reports/149855 | Reflected XSS in m.imgur.com
https://hackerone.com/reports/149907 | Urgent: attacker can access every data source on Bime
https://hackerone.com/reports/149914 | Attacker can access graphic representation of every query
https://hackerone.com/reports/150083 | Cross Site Scripting(XSS) on IRCCloud Badges Page (using Parameter Pollution)
https://hackerone.com/reports/150156 | SQL Injection on sctrack.email.uber.com.cn
https://hackerone.com/reports/150179 | Html Injection and Possible XSS in sms-be-vip.twitter.com
https://hackerone.com/reports/150374 | https://windsor.shopify.com/ takeover
https://hackerone.com/reports/150626 | Heap Buffer Overflow
https://hackerone.com/reports/150905 | Information disclosure through directory listing at http://dockerhost01.maximum.nl:8080
https://hackerone.com/reports/150976 | Flash â€œlocal-with-filesystemâ€� Bypass in navigateToURL
https://hackerone.com/reports/151034 | Xss on billing
https://hackerone.com/reports/151039 | Adobe Flash Player TimedEvent.parent Memory Corruption Vulnerability
https://hackerone.com/reports/151040 | Adobe Flash Player ShimAdPolicySelector(adPolicySelectorType=0) class Memory Corruption
https://hackerone.com/reports/151043 | Adobe Flash Player PSDK Class Use After Free Vulnerability
https://hackerone.com/reports/151058 | Stealing livechat token and using it to chat as the user - user information disclosure
https://hackerone.com/reports/151117 | [bbPress] Stored XSS in any forum post.
https://hackerone.com/reports/151459 | Creating Post on a restricted channel
https://hackerone.com/reports/151465 | Get organization info base on uuid
https://hackerone.com/reports/151470 | [IODR] Get business trip via organization id
https://hackerone.com/reports/151475 | ownCloud 2.2.2.6192 DLL Hijacking Vulnerability
https://hackerone.com/reports/151516 | CSV Injection at Camptix Event Ticketing
https://hackerone.com/reports/151868 | No Rate Limit In Inviting Similar Contact Multiple Times
https://hackerone.com/reports/152013 | CSRF in 'set.php' via age causes stored XSS on 'get.php' - http://www.rockstargames.com/php/videoplayer_cache/get.php'
https://hackerone.com/reports/152067 | Stored XSS on developer.uber.com via admin account compromise
https://hackerone.com/reports/152231 | Out of bound read in exif_process_IFD_in_MAKERNOTE
https://hackerone.com/reports/152232 | NULL Pointer Dereference in exif_process_user_comment
https://hackerone.com/reports/152266 | Use After Free Vulnerability in SNMP with GC and unserialize()
https://hackerone.com/reports/152267 | Use After Free in unserialize() with Unexpected Session Deserialization
https://hackerone.com/reports/152278 | Stack-based buffer overflow vulnerability in php_stream_zip_opener
https://hackerone.com/reports/152280 | Stack-based buffer overflow vulnerability in virtual_file_ex
https://hackerone.com/reports/152281 | Use After Free/Double Free in Garbage Collection
https://hackerone.com/reports/152398 | In correct casting from size_t to int lead to heap overflow in mcrypt_generic
https://hackerone.com/reports/152399 | php curl ext size_t overflow lead to heap corruption
https://hackerone.com/reports/152400 | php mcrypt ext - In correct casting from size_t to int lead to heap overflow in mdecrypt_generic
https://hackerone.com/reports/152407 | Missing Access Control(IDOR) To Know LinkedAccounts
https://hackerone.com/reports/152416 | Lazy Load stored XSS
https://hackerone.com/reports/152569 | Cross-Site Request Forgery (CSRF)
https://hackerone.com/reports/152577 | Content Injection at First & Last Name Parameters that could Lead Fraud Issue
https://hackerone.com/reports/152584 | S3 bucket takeover due to proxy.harvestfiles.com
https://hackerone.com/reports/152586 | CSRF token fixation in Sign in with Google
https://hackerone.com/reports/152591 | Stored XSS on invoice, executing on any subdomain
https://hackerone.com/reports/152669 | Users enumeration is possible through cycling through recurring[client_id] argument value.
https://hackerone.com/reports/152692 | Persistent Cross-Site Scripting in WooCommerce WordPress plugin
https://hackerone.com/reports/152696 | Leak of all project names and all user names , even across applications
https://hackerone.com/reports/152772 | Inadequate error handling in bzread()
https://hackerone.com/reports/152782 | locale_accept_from_http out-of-bounds access
https://hackerone.com/reports/152784 | imagegif/output out-of-bounds access
https://hackerone.com/reports/152929 | Project Disclosure of all Harvest Instances
https://hackerone.com/reports/152958 | Multiple XSS in Camptix Event Ticketing Plugin
https://hackerone.com/reports/153093 | WordPress core - Denial of Service via Cross Site Request Forgery
https://hackerone.com/reports/153618 | Reflected XSS via #tags= while using a callback in newswire http://www.rockstargames.com/newswire
https://hackerone.com/reports/153666 | csp bypass + xss
https://hackerone.com/reports/153776 | gdImageTrueColorToPaletteBody allows arbitrary write/read access
https://hackerone.com/reports/153863 | heap-buffer-overflow (write) simplestring_addn simplestring.c
https://hackerone.com/reports/153905 | IDOR - Disable sharing
https://hackerone.com/reports/154096 | Blind OOB XXE At "http://ubermovement.com/"
https://hackerone.com/reports/154369 | Unauthorized access to Zookeeper on http://locutus-zk3.ec2.shopify.com:2181
https://hackerone.com/reports/154400 | Opportunity to set arbitrary cookies
https://hackerone.com/reports/154405 | Read access to hidden orders,products,customers etc. by limited access Staff member through reference page in Comments (Information disclosure )
https://hackerone.com/reports/154410 | Delete/modify your own comment after limited access(IDOR)
https://hackerone.com/reports/154425 | Subdomain takeover on http://fastly.sc-cdn.net/
https://hackerone.com/reports/154827 | More content spoofing through dir param in the files app
https://hackerone.com/reports/154963 | Stealing User emails by clickjacking cards.twitter.com/xxx/xxx
https://hackerone.com/reports/155222 | (BYPASS) Open Redirect after login at http://ecommerce.shopify.com
https://hackerone.com/reports/155223 | Use After Free Vulnerability in array_walk()/array_walk_recursive()
https://hackerone.com/reports/155618 | Watch any Password Video without password
https://hackerone.com/reports/155657 | Arbitrary Code Injection in ownCloudâ€™s Windows Client
https://hackerone.com/reports/155704 | Staff member can delete Private Apps
https://hackerone.com/reports/155774 | CSRF - Add optional two factor mobile number
https://hackerone.com/reports/156258 | OX (Guard): Stored Cross-Site Scripting via Incoming Email
https://hackerone.com/reports/156347 | Stored XSS triggered by json key during UI generation
https://hackerone.com/reports/156373 | Stored xss
https://hackerone.com/reports/156387 | Stored XSS from Display Settings triggered on Save and viewing realtime search demo
https://hackerone.com/reports/156520 | Unauthorized team members can leak information and see all API calls through /1/admin/* endpoints, even after they have been removed.
https://hackerone.com/reports/156542 | Avoid "resend verification email" confusion
https://hackerone.com/reports/156948 | Repeated mediation requests and multiple emails possible on a report.
https://hackerone.com/reports/157412 | Querying private posts and changing post meta
https://hackerone.com/reports/157699 | Disclosure of external users invited to a specific report
https://hackerone.com/reports/157876 | (FULL PATH DISCLOSURE) Unknown MySQL server host 'shardm-reader.chi2.shopify.io'
https://hackerone.com/reports/157956 | CSRF To change Email Notification Settings
https://hackerone.com/reports/157958 | Stored XSS
https://hackerone.com/reports/157993 | Cross-Site Request Forgery (CSRF)
https://hackerone.com/reports/157996 | Race Condition in Redeeming Coupons
https://hackerone.com/reports/158002 | Missing rel=noreferrer tag allows link in list to change url of currently open tab
https://hackerone.com/reports/158016 | Server side request forgery on image upload for lists
https://hackerone.com/reports/158019 | Host Header Injection/Redirection in: https://www.instacart.com/
https://hackerone.com/reports/158021 | Image Upload Path Disclosure
https://hackerone.com/reports/158118 | Access to Splunk at https://apt.ec2.shopify.com:8089
https://hackerone.com/reports/158148 | reverb.twitter.com redirects to vulnerable reverb.guru
https://hackerone.com/reports/158157 | shopper login_code's can be brute forced
https://hackerone.com/reports/158186 | Non-secure requests are not automatically upgraded to HTTPS
https://hackerone.com/reports/158434 | (BYPASS) Open redirect and XSS in supporthiring.shopify.com
https://hackerone.com/reports/158484 | [scores.ubnt.com] DOM based XSS at form.html
https://hackerone.com/reports/158554 | Hyperlink Injection in Friend Invitation Emails
https://hackerone.com/reports/158853 | OX Guard: DOM Based Cross-Site Scripting
https://hackerone.com/reports/158979 | PM with can Set up email for invoices and estimates (Access control Issue)
https://hackerone.com/reports/159156 | Hacker.One Subdomain Takeover
https://hackerone.com/reports/159387 | PM can delete the company logo image (Vertical Privilege Escalation )
https://hackerone.com/reports/159391 | Record payment for any invoice by PM (Access control Issue)
https://hackerone.com/reports/159393 | PM can delete payment of any invoice in company (Access control Issue)
https://hackerone.com/reports/159395 | Unauthorized access to all the actions of invoices by PM (Access control Issues)
https://hackerone.com/reports/159399 | Unauthorized read access to Invoices by PM (Access control Issues)
https://hackerone.com/reports/159460 | Stored XSS(Cross Site Scripting) In Slack App Name
https://hackerone.com/reports/159498 | Blind Stored XSS Against Lahitapiola Employees - Session and Information leakage
https://hackerone.com/reports/159512 | Requesting Mediation possible on reports that are too old for mediation
https://hackerone.com/reports/159522 | Open redirect using checkout_url
https://hackerone.com/reports/159526 | Information leakage of private program
https://hackerone.com/reports/159686 | integer overflow in the _csv module's join_append_data function
https://hackerone.com/reports/159687 | integer overflow in binascii.b2a_qp
https://hackerone.com/reports/159690 | stack buffer overflows in the curses module
https://hackerone.com/reports/159693 | Py_DECREF on a non-owned object in the _sre module
https://hackerone.com/reports/159696 | Two vulnerabilities in the ssl module
https://hackerone.com/reports/159820 | Issues with uploading list images
https://hackerone.com/reports/159878 | [render.bitstrips.com] Stored XSS via an incorrect avatar property value
https://hackerone.com/reports/159943 | Create an Unexpected Object and Don't Invoke __wakeup() in During Deserialization
https://hackerone.com/reports/159946 | PHP Session Data Injection Vulnerability
https://hackerone.com/reports/159948 | Use After Free Vulnerability in unserialize()
https://hackerone.com/reports/159953 | integer overflow in curl_escape caused heap corruption
https://hackerone.com/reports/159954 | integer overflow in base64_decode caused heap corruption
https://hackerone.com/reports/159955 | integer overflow in bzdecompress caused heap corruption
https://hackerone.com/reports/159958 | Integer overflow lead to heap corruption in sql_regcase
https://hackerone.com/reports/159959 | integer overflow in quoted_printable_encode caused heap corruption
https://hackerone.com/reports/159960 | integer overflow in urlencode caused heap corruption
https://hackerone.com/reports/159961 | integer overflow in php_uuencode caused heap corruption
https://hackerone.com/reports/159988 | Heap Overflow due to integer overflows
https://hackerone.com/reports/159992 | memory allocator fails to realloc small block to large one
https://hackerone.com/reports/160047 | [apps.shopify.com] Open Redirect
https://hackerone.com/reports/160109 | Brute force login and bypass locked account restrictions via iOS app
https://hackerone.com/reports/160294 | Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128)
https://hackerone.com/reports/160295 | Heap overflow in curl_escape
https://hackerone.com/reports/160520 | Bypass fix in https://hackerone.com/reports/151516 report.
https://hackerone.com/reports/160981 | Extracting private info of estimates.
https://hackerone.com/reports/161189 | select_colors write out-of-bounds
https://hackerone.com/reports/161193 | imagegammacorrect allows arbitrary write access
https://hackerone.com/reports/161198 | wddx_deserialize null dereference with invalid xml
https://hackerone.com/reports/161200 | wddx_deserialize allows illegal memory access
https://hackerone.com/reports/161216 | wddx_deserialize null dereference
https://hackerone.com/reports/161217 | wddx_deserialize null dereference in php_wddx_pop_element
https://hackerone.com/reports/161301 | READ .svg files by changing .svg into .png extension
https://hackerone.com/reports/161485 | Non-secure requests to www.lahitapiola.fi are not automatically upgraded to HTTPS
https://hackerone.com/reports/161710 | Possible to steal any protected files on Android
https://hackerone.com/reports/162822 | Fetch private list metadata and any user's personal name
https://hackerone.com/reports/162955 | Code Injection in Slack's Windows Desktop Client leads to Privilege Escalation
https://hackerone.com/reports/163067 | Stealing users password (Limited Scenario)
https://hackerone.com/reports/163087 | use of uninitialized variables in operator.methodcaller
https://hackerone.com/reports/163307 | WordPress Authentication Denial of Service
https://hackerone.com/reports/163459 | potential memory corruption in or/buffers.c (particularly on 32 bit)
https://hackerone.com/reports/163464 | User Information sent to client through websockets
https://hackerone.com/reports/163467 | User Information leak allows user to bypass email verification.
https://hackerone.com/reports/163476 | Information Disclosure in AWS S3 Bucket
https://hackerone.com/reports/163491 | CORS (Cross-Origin Resource Sharing)
https://hackerone.com/reports/163676 | Legal | Application is Missing CSP(Content Security Policy) Header
https://hackerone.com/reports/164027 | Reflected Self-XSS Vulnerability in the Comment section of Files Information
https://hackerone.com/reports/164137 | Possible content spoofing due to missing error page
https://hackerone.com/reports/164152 | [ibank.qiwi.ru] XSS via Request-URI
https://hackerone.com/reports/164224 | Urgent: Server side template injection via Smarty template allows for RCE
https://hackerone.com/reports/164515 | Project Manager can approve pending reports(Access control Issue)
https://hackerone.com/reports/164546 | CSRF bypass on Submit Time sheet for Approval
https://hackerone.com/reports/164578 | Reflected XSS in www.lahitapiola.fi (/cs/Satellite) using Oracle WebCenter -page
https://hackerone.com/reports/164581 | Oracle WebCenter Sites Support Tools available and Information disclosure (/cs/Satellite)
https://hackerone.com/reports/164649 | [Studio.twitter.com] See someone else pics
https://hackerone.com/reports/164656 | [contact-sys.com] XSS via Request-URI
https://hackerone.com/reports/164662 | [wallet.rapida.ru] XSS Cookie flashcookie
https://hackerone.com/reports/164674 | CSV Injection in Camptix
https://hackerone.com/reports/164684 | [lk.contact-sys.com] SQL Injection reset_password FP_LK_USER_LOGIN
https://hackerone.com/reports/164704 | [contact-sys.com] XSS /ajax/transfer/status trn param
https://hackerone.com/reports/164739 | SQL Injection on /cs/Satellite path
https://hackerone.com/reports/164821 | OX Guard: DOM Based Cross-Site Scripting (#2)
https://hackerone.com/reports/164833 | Hyperlink Injection in Friend Invitation Emails
https://hackerone.com/reports/164916 | Same origin policy bypass on e.mail.ru via Cross-Site Flashing
https://hackerone.com/reports/164933 | [lk.contact-sys.com] LKlang Path Traversal
https://hackerone.com/reports/164945 | [contact-sys.com] SQL Injectionâ–ˆâ–ˆâ–ˆâ–ˆ limit param
https://hackerone.com/reports/165046 | Open redirect allows changing iframe content in *.myshopify.com/admin/themes//editor
https://hackerone.com/reports/165102 | urllib HTTP header injection CVE-2016-5699
https://hackerone.com/reports/165131 | Seemingly sensitive information at /api/v2/zones
https://hackerone.com/reports/165154 | Additional information for CVE-2016-5699
https://hackerone.com/reports/165219 | [id.rapida.ru] Full Path Disclosure
https://hackerone.com/reports/165229 | Nextcloud 10.0 privilege escalation issue - Normal user can mask external storage shared by admin
https://hackerone.com/reports/165275 | OX (Guard): Stored Cross-Site Scripting via Email Attachment
https://hackerone.com/reports/165324 | XSS on expenses attachments
https://hackerone.com/reports/165570 | Race Condition in account survey
https://hackerone.com/reports/165686 | Reflected XSS in Gallery App
https://hackerone.com/reports/165727 | Rate-limit bypass
https://hackerone.com/reports/165862 | Invoices can be added to any retainers - even closs-platform
https://hackerone.com/reports/165930 | PHP info page disclosure on http://www.day.dk/
https://hackerone.com/reports/166080 | null pointer dereference in set_conversion_mode due uncheck _ctypes_conversion_errors
https://hackerone.com/reports/166265 | Verification of E-Mail address possible on https://biz.yelp.com/login and https://biz.yelp.com/forgot
https://hackerone.com/reports/166629 | Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
https://hackerone.com/reports/166634 | SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
https://hackerone.com/reports/166661 | Arbitrary heap overread in strscan on 32 bit Ruby, patch included
https://hackerone.com/reports/166682 | Denial of Service through set_preference.json
https://hackerone.com/reports/166709 | Self-XSS via location cookie city field when getting suggestions for a new location
https://hackerone.com/reports/166826 | Potential Subdomain Takeover Possible
https://hackerone.com/reports/166871 | Instance of Apache Vulnerable to Several Issues
https://hackerone.com/reports/166887 | Unsanitized Location Name in POS Channel can lead to XSS in Orders Timeline
https://hackerone.com/reports/166942 | leaking Digits OAuth authorization to third party websites
https://hackerone.com/reports/167075 | XSS in SHOPIFY: Unsanitized Supplier Name can lead to XSS in Transfers Timeline
https://hackerone.com/reports/167489 | Bybass The Closing of the account and logged again to your account
https://hackerone.com/reports/167688 | msilib.OpenDatabase Type Confusion
https://hackerone.com/reports/167731 | Make victim buy in attacker's account without any idea - http://www.booztlet.com/
https://hackerone.com/reports/167846 | Deleted Post and Administrative Function Access in eCommerce Forum
https://hackerone.com/reports/167888 | Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF
https://hackerone.com/reports/167895 | Out of bound when verify signature of zip phar in phar_parse_zipfile
https://hackerone.com/reports/167896 | Out of bound when verify signature of tar phar in phar_parse_tarfile
https://hackerone.com/reports/167901 | integer overflow in pg_escape_string caused heap corruption
https://hackerone.com/reports/167902 | integer overflow in php_ldap_do_escape caused heap corruption
https://hackerone.com/reports/167903 | integer overflow in str_pad caused heap corruption
https://hackerone.com/reports/167904 | heap overflow in substr_replace
https://hackerone.com/reports/167905 | integer overflow in pg_escape_bytea caused heap corruption
https://hackerone.com/reports/167906 | integer overflow in imap_binary caused heap corruption
https://hackerone.com/reports/167907 | integer overflow in preg_quote caused heap corruption
https://hackerone.com/reports/167908 | integer overflow in fgets cause heap corruption
https://hackerone.com/reports/167909 | integer overflow in recode_string caused heap corruption
https://hackerone.com/reports/167910 | memory corruption in wordwrap function
https://hackerone.com/reports/167911 | integer overflow in fgetcsv caused heap corruption
https://hackerone.com/reports/167921 | integer overflow in xml_utf8_encode
https://hackerone.com/reports/167931 | Memory Corruption in During Deserialized-object Destruction
https://hackerone.com/reports/167977 | Missing type check when unserializing SplArray
https://hackerone.com/reports/168027 | gzdecode does NOT check output string size which leads to an overflow
https://hackerone.com/reports/168028 | gzuncompress does NOT check output string size which leads to an overflow
https://hackerone.com/reports/168029 | ldap_escape could produce string larger than 2Gb
https://hackerone.com/reports/168116 | Insufficient validation on Digits bridge
https://hackerone.com/reports/168458 | Stored XSS in https://productreviews.shopifyapps.com/proxy/v4/reviews/product
https://hackerone.com/reports/168476 | Incoming email hijacking on sc-cdn.net
https://hackerone.com/reports/168485 | Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE
https://hackerone.com/reports/168538 | Twitter iOS fails to validate server certificate and sends oauth token
https://hackerone.com/reports/169699 | CSRF in the "Add restaurant picture" function
https://hackerone.com/reports/169759 | Open redirect in bulk edit
https://hackerone.com/reports/170138 | SEH buffer overflow msgfmt_format_message
https://hackerone.com/reports/170144 | wddx_deserialize use-after-free
https://hackerone.com/reports/170161 | Password reset token not expiring
https://hackerone.com/reports/170260 | imap_rfc822_parse_headers GS Violation
https://hackerone.com/reports/170310 | Bypass rate limiting on /users/password (possibly site-wide rate limit bypass?)
https://hackerone.com/reports/170548 | Ruby OpenSSL Library - IV Reuse in GCM Mode
https://hackerone.com/reports/170618 | CVE-2016-7418 PHP Out-Of-Bounds Read in php_wddx_push_element
https://hackerone.com/reports/170619 | PHP Integer Overflow in gdImageWebpCtx
https://hackerone.com/reports/170894 | Facebook and twitter page claimed of maximum.com [important]
https://hackerone.com/reports/171205 | No rate limit for Referral Program
https://hackerone.com/reports/172115 | Multiple use after frees in obj2ast_* methods
https://hackerone.com/reports/172137 | Authentication bypass on sso.ubnt.com via subdomain takeover of ping.ubnt.com
https://hackerone.com/reports/172227 | Stored XSS in photo comment functionality
https://hackerone.com/reports/172289 | HackerOne Integrations Design Issue
https://hackerone.com/reports/172403 | Python 2.7 32-bit JSON encoding heap corruption
https://hackerone.com/reports/172411 | Heap overflow caused by type confusion vulnerability in merge_param()
https://hackerone.com/reports/172545 | IDOR - Ability to view unlisted products
https://hackerone.com/reports/172549 | Possible Blind Writing to S3 Bucket
https://hackerone.com/reports/172562 | LZMADecompressor.decompress Use After Free
https://hackerone.com/reports/172574 | Follow Button XSS
https://hackerone.com/reports/172595 | Reflected XSS in LTContactFormReceiver (/cs/Satellite)
https://hackerone.com/reports/172698 | Subdomain take over signup.websummit
https://hackerone.com/reports/172711 | Content Spoofing in udemy
https://hackerone.com/reports/172733 | Add signature to transactions without any permission
https://hackerone.com/reports/172780 | out of date disqus shortname usage in the web app source code
https://hackerone.com/reports/172837 | password less login token expiration issue
https://hackerone.com/reports/172843 | DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request
https://hackerone.com/reports/172933 | IDNs displayed in unicode in messages/about/talk sections (Homograph Attack)
https://hackerone.com/reports/173043 | Bypassing "You've requested your data the maximum number of times today." + "Please Verify an email address with snapchat to continue"
https://hackerone.com/reports/173681 | [CRITICAL]-Taking over entire subdomain of romit.io
https://hackerone.com/reports/173811 | Git available containing passwords.
https://hackerone.com/reports/173969 | Full access to any list
https://hackerone.com/reports/174069 | Buffer overflow in HTTP parse_hostinfo(), parse_userinfo() and parse_scheme()
https://hackerone.com/reports/174328 | CSRF in github integration
https://hackerone.com/reports/174474 | Cookie Injection at 'harvestapp.com'
https://hackerone.com/reports/174632 | Information disclosure in mmap module - python 2.7.12
https://hackerone.com/reports/174645 | Existence of Folder path by guessing the path through response
https://hackerone.com/reports/174668 | No rate-limit in SERVER_SECURITY_CHECK
https://hackerone.com/reports/174721 | View liked twits of private account via publish.twitter.com
https://hackerone.com/reports/174871 | Linking Invoice to uninvited project.
https://hackerone.com/reports/174882 | Requesting Show CheckIn Alert for Non Friend User
https://hackerone.com/reports/175070 | Subdomain takeover on rider.uber.com due to non-existent distribution on Cloudfront
https://hackerone.com/reports/175091 | chain.setstate Type Confusion
https://hackerone.com/reports/175168 | [ecommerce.shopify.com] Invalidated redirection
https://hackerone.com/reports/175260 | missing NULL check in dom_document_save_html
https://hackerone.com/reports/175262 | NULL pointer dereference in SimpleXMLElement::asXML()
https://hackerone.com/reports/175263 | crash in openssl_random_pseudo_bytes function
https://hackerone.com/reports/175264 | heap overflow in php_ereg_replace function
https://hackerone.com/reports/175286 | Homograph attack
https://hackerone.com/reports/175310 | Write out-of-bounds at number_format
https://hackerone.com/reports/175311 | memcpy negative size parameter in php_resolve_path
https://hackerone.com/reports/175312 | memcpy negative parameter _bc_new_num_ex
https://hackerone.com/reports/175315 | Illegal write access through Locale methods
https://hackerone.com/reports/175316 | stack-buffer-overflow through "ResourceBundle" methods
https://hackerone.com/reports/175320 | 2 Directory Listing on ledger.brave.com & vault-staging.brave.com
https://hackerone.com/reports/175403 | [website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html
https://hackerone.com/reports/175490 | Able to Login deactivated staff account in shopify app mobile
https://hackerone.com/reports/175529 | URI Obfuscation
https://hackerone.com/reports/175587 | Stack Buffer Overflow in GD dynamicGetbuf
https://hackerone.com/reports/175779 | Address Bar Spoofing - Already resolved - Retroactive report
https://hackerone.com/reports/175958 | [iOS/Android] Address Bar Spoofing Vulnerability
https://hackerone.com/reports/175979 | Access to local file system using javascript
https://hackerone.com/reports/175982 | Use-after-free in unserialize()
https://hackerone.com/reports/176065 | [Android] HTML Injection in BatterySaveArticleRenderer WebView
https://hackerone.com/reports/176066 | Denial of service attack on Brave Browser.
https://hackerone.com/reports/176197 | Denial of service attack(window object) on brave browser
https://hackerone.com/reports/176226 | CachingIterator null dereference when convert to string
https://hackerone.com/reports/176279 | Heap overflow in mysqlnd related to BIT fields (CVE-2016-7412)
https://hackerone.com/reports/176308 | Wordpress.com REST API oauth bypass via Cross Site Flashing
https://hackerone.com/reports/176754 | Cross-site scripting (reflected)
https://hackerone.com/reports/176899 | Editing a project (LIMITED)
https://hackerone.com/reports/176929 | [ios] Address bar spoofing in Brave for iOS
https://hackerone.com/reports/176979 | Authentication Issue
https://hackerone.com/reports/177472 | CSRF: add item to victim's cart automatically (starbucks.com - updatecart)
https://hackerone.com/reports/177508 | Reflected XSS by exploiting CSRF vulnerability on teavana.com wishlist comment module. (wishlist-comments)
https://hackerone.com/reports/177624 | Unvalidated redirect on team.badoo.com
https://hackerone.com/reports/177635 | CSRF vulnerability in saving payment card on store.starbucks.com (COBilling -AddCreditCard)
https://hackerone.com/reports/177639 | CSRF exploit | Adding/Editing comment of wishlist items (teavana.com - Wishlist-Comments)
https://hackerone.com/reports/177757 | Stored XSS in Restoring Archived Tasks
https://hackerone.com/reports/178049 | Ğ Ğ°Ñ�ĞºÑ€Ñ‹Ñ‚Ğ¸Ğµ Ğ±Ğ°Ğ»Ğ°Ğ½Ñ�Ğ° Ğ½Ğ° //kopilka.qiwi.com
https://hackerone.com/reports/178094 | php_snmp_parse_oid integer overflow in memory allocation
https://hackerone.com/reports/178144 | imagecropauto out-of-bounds access
https://hackerone.com/reports/178184 | SSRF in https://cards-dev.twitter.com/validator
https://hackerone.com/reports/178284 | [vitrina.contact-sys.com] Full Path Disclosure
https://hackerone.com/reports/178293 | Misconfiguration in Two Factor Authorisation
https://hackerone.com/reports/178506 | Access private list metadata
https://hackerone.com/reports/178567 | Arbitrary modification value "session" (Cookie) in badoo.com
https://hackerone.com/reports/178742 | Leave inaccessible messaging system with a message (https://us1.badoo.com)
https://hackerone.com/reports/178831 | CSRF on signup endpoint (auto-api.yelp.com)
https://hackerone.com/reports/179164 | Stored XSS in community.ubnt.com
https://hackerone.com/reports/179328 | Open Redirect (verkkopalvelu.lahitapiola.fi)
https://hackerone.com/reports/179426 | Reflected XSS on blockchain.info
https://hackerone.com/reports/179559 | Stored XSS in Template Documents
https://hackerone.com/reports/179568 | Tab nabbing via window.opener
https://hackerone.com/reports/179695 | XSS via unicode characters in upload filename
https://hackerone.com/reports/179751 | SQL Injection on /webApp/omatalousuk (viestinta.lahitapiola.fi)
https://hackerone.com/reports/179763 | Suspicious browser fingerprinting(?) scripts on http://www.lahitapiola.fi/ redirector
https://hackerone.com/reports/180037 | Selecting encryption for email with drive attachment overrides the drive email password
https://hackerone.com/reports/180109 | crash in gzcompress and 3 other compress functions
https://hackerone.com/reports/180110 | crash in implode() function
https://hackerone.com/reports/180111 | crash in bzcompress function
https://hackerone.com/reports/180112 | iconv() function missing string length check
https://hackerone.com/reports/180113 | crash in get_icu_value_internal function
https://hackerone.com/reports/180115 | crash in locale_get_keywords() when keyword value in locale string too long
https://hackerone.com/reports/180116 | another crash in locale_get_keywords function
https://hackerone.com/reports/180253 | Reflected Cross-Site Scripting due to vulnerable Flash component (Flashmediaelement.swf)
https://hackerone.com/reports/180434 | cURL / libcURL - CVE-2016-8624 invalid URL parsing with '#'
https://hackerone.com/reports/180538 | X.509 certificate validation fails on international vanity domains
https://hackerone.com/reports/180562 | Memory corruption in _php_math_number_format_ex()
https://hackerone.com/reports/180563 | Heap overflow due to integer overflow in bzdecompress() function
https://hackerone.com/reports/180572 | Memory corruption due to missing check size in _php_math_number_format_ex()
https://hackerone.com/reports/180582 | Heap overflow due to integer overflow in php_escape_html_entities_ex() function
https://hackerone.com/reports/180584 | Heap overflow due to integer overflow in pg_escape_string() function
https://hackerone.com/reports/180588 | Invalid memory access in zend_strtod() function
https://hackerone.com/reports/180589 | crash in simplestring_addn function
https://hackerone.com/reports/180590 | Invalid memory access in spl_filesystem_dir_open function
https://hackerone.com/reports/180591 | Invalid memory access in php_basename function
https://hackerone.com/reports/180592 | Invalid memory access in spl_filesystem_info_set_filename function
https://hackerone.com/reports/180695 | ruby DoS https://www.mruby.science
https://hackerone.com/reports/180814 | crash in locale_compose() function
https://hackerone.com/reports/180908 | NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
https://hackerone.com/reports/180909 | Use-after-free in ArrayObject Deserialization
https://hackerone.com/reports/180977 | Exception cause SIGABRT
https://hackerone.com/reports/181073 | malloc negative size parameter
https://hackerone.com/reports/181088 | Window.opener bug at www.coinbase.com
https://hackerone.com/reports/181210 | Incorrect detection of onion URLs
https://hackerone.com/reports/181225 | Missing rel=noopener noreferrer in target=_blank links (Phishing attack)
https://hackerone.com/reports/181232 | Denial of Service in mruby due to null pointer dereference
https://hackerone.com/reports/181319 | Memory disclosure in mruby String#lines method
https://hackerone.com/reports/181321 | Use after free vulnerability in mruby Array#to_h causing DOS possible RCE
https://hackerone.com/reports/181558 | [DOS] denial of service using code snippet on brave browser
https://hackerone.com/reports/181594 | Error Page Content Spoofing or Text Injection (viestinta.lahitapiola.fi)
https://hackerone.com/reports/181642 | libtiff 4.0.6 heap bufer overflow / out of bounds read (CVE-2016-9273)
https://hackerone.com/reports/181665 | Subdomain Takeover (moderator.ubnt.com)
https://hackerone.com/reports/181677 | NULL pointer dereference when parsing ternary operators
https://hackerone.com/reports/181685 | Range#initialize_copy null pointer dereference
https://hackerone.com/reports/181686 | [DOS] Browser hangs on loading the code snippet
https://hackerone.com/reports/181695 | Undefined method_missing null pointer dereference
https://hackerone.com/reports/181748 | [IDOR][translate.twitter.com] Opportunity to change any comment at the forum
https://hackerone.com/reports/181768 | Poodle attack SSLv3 Support (viestinta.lahitapiola.fi)
https://hackerone.com/reports/181803 | SQL Injection /webApp/oma_conf ctx parameter (viestinta.lahitapiola.fi)
https://hackerone.com/reports/181810 | HTML Injection in email /webApp/lahti (viestinta.lahitapiola.fi)
https://hackerone.com/reports/181826 | SQL Injection /webApp/sijoitustalous_peruutus locId parameter (viestinta.lahitapiola.fi)
https://hackerone.com/reports/181828 | Segfault in mruby, mruby_engine and the parent MRI Ruby due to null pointer dereference
https://hackerone.com/reports/181842 | Multiple Reflected XSS /webApp/lahti (viestinta.lahitapiola.fi)
https://hackerone.com/reports/181871 | DoS: type confusion in mrb_no_method_error
https://hackerone.com/reports/181874 | SIGSEGV when invalid argument on remove_method
https://hackerone.com/reports/181879 | Struct type confusion RCE
https://hackerone.com/reports/181893 | TOCTTOU bug in mrb_str_setbyte leading the memory corruption
https://hackerone.com/reports/181910 | Range constructor type confusion DoS
https://hackerone.com/reports/182027 | SIGSEV on mrb_ary_splice
https://hackerone.com/reports/182104 | Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at https://jenkins101.udemy.com
https://hackerone.com/reports/182140 | libtiff 4.0.6 segfault / read outside of buffer (CVE-2016-9297)
https://hackerone.com/reports/182160 | XSS in IE11 on portswigger.net via Flash
https://hackerone.com/reports/182169 | Type confusion in FutureIter_throw() which may potentially lead to an arbitrary code execution
https://hackerone.com/reports/182265 | Option method enabled (viestinta.lahitapiola.fi)
https://hackerone.com/reports/182274 | Null pointer dereference due to TOCTTOU bug in mrb_time_initialize
https://hackerone.com/reports/182358 | Partial disclosure of report activity through new "Export as .zip" feature
https://hackerone.com/reports/182420 | Illegal write/read access caused by gdImageAALine overflow
https://hackerone.com/reports/182467 | Email Spoofing
https://hackerone.com/reports/182474 | Use After Free in PHP7 unserialize()
https://hackerone.com/reports/182484 | Broken handling of maximum number of method call arguments leads to segfault
https://hackerone.com/reports/182670 | Email link poisoning / Host header attack
https://hackerone.com/reports/183231 | SIGSEGV on mruby mrb_str_modify() (Invalid memory access)
https://hackerone.com/reports/183239 | SIGSEGV on mruby's mark_tbl() (Invalid memory access)
https://hackerone.com/reports/183356 | Segfault and/or potential unwanted (byte)code execution with "break" and "||=" inside a loop
https://hackerone.com/reports/183405 | Null target_class DoS
https://hackerone.com/reports/183425 | Segmentation fault when a Ruby method is invoked by a C method via Object#send
https://hackerone.com/reports/183548 | SMTP configuration vulnerability viestinta.lahitapiola.fi
https://hackerone.com/reports/183568 | [Buddypress] Arbitrary File Deletion through bp_avatar_set
https://hackerone.com/reports/183796 | XSS and open redirect in verkkopalvelu.lahitapiola.fi
https://hackerone.com/reports/184452 | Disclosure of IBM Websphere page
https://hackerone.com/reports/184661 | mruby-time: Crash host with uninitialized Time obj
https://hackerone.com/reports/184698 | Eavesdropping on private Slack calls
https://hackerone.com/reports/184712 | Denial of service due to invalid memory access in mrb_ary_concat
https://hackerone.com/reports/184715 | Read after free in mrb_vm_exec with OP_ARYCAT reading R(B)
https://hackerone.com/reports/184857 | Crash: calling Proc::initialize_copy with a Proc instance where initialize never ran leads to a crash
https://hackerone.com/reports/185041 | Type confusion in mrb_exc_set leading to memory corruption
https://hackerone.com/reports/185051 | Type confusion in wrap_decimal leading to memory corruption
https://hackerone.com/reports/185387 | Null pointer dereference regression in parse.y
https://hackerone.com/reports/185775 | Crash: Initialize Decimal with itself triggers an assertion
https://hackerone.com/reports/185794 | Crash: mrb_any_to_s can't handle NilClass, Symbol and Fixnum
https://hackerone.com/reports/185826 | XSS in my.shopify.com in widget
https://hackerone.com/reports/185833 | Incomplete or No Cache-control and Pragma HTTP Header Set
https://hackerone.com/reports/185862 | Twitter for android is exposing user's location to any installed android app
https://hackerone.com/reports/185899 | Invalid memory write caused by incorrect upper bound in array_copy
https://hackerone.com/reports/185907 | unchecked unserialize usage in WordPress-Functionality-Plugin-Skeleton/functionality-plugin-skeleton.php
https://hackerone.com/reports/185909 | unchecked unserialize usages in audit-trail-extension/audit-trail-extension.php
https://hackerone.com/reports/185914 | constant cache_page_secret in regolith
https://hackerone.com/reports/185957 | Crash: A call to Symbol.new leads to a crash when inspecting the resulting object
https://hackerone.com/reports/186230 | Internal attachments can be exported via "Export as .zip" feature
https://hackerone.com/reports/186352 | Fetching binaries (for software installation) over HTTP without verification (RCE as ROOT by MITM)
https://hackerone.com/reports/186462 | Stored XSS at 'Buy Button' page
https://hackerone.com/reports/186554 | Stored XSS in Adress Book (starbucks.com/account/profile)
https://hackerone.com/reports/186723 | Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory
https://hackerone.com/reports/186766 | Subdomain takeover on happymondays.starbucks.com due to non-used AWS S3 DNS record
https://hackerone.com/reports/187305 | Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox
https://hackerone.com/reports/187410 | Store XSS
https://hackerone.com/reports/187520 | Wordpress 4.7 - CSRF -> HTTP SSRF any private ip:port and basic-auth
https://hackerone.com/reports/187536 | Null pointer derefence due to bug in codegen with negation without using value
https://hackerone.com/reports/187542 | Brave Browser unexpectedly allows to send arbitrary IPC messages
https://hackerone.com/reports/187714 | Vine - overwrite account associated with email via android application
https://hackerone.com/reports/188086 | Sending arbitrary IPC messages via overriding Function.prototype.apply
https://hackerone.com/reports/188102 | 3 heap corruptions in PHP
https://hackerone.com/reports/188185 | Dom Based Xss DIV.innerHTML parameters store.starbucks*
https://hackerone.com/reports/188313 | Segmentation fault due to bad memory access in kh_get_mt
https://hackerone.com/reports/188326 | Buffer overflow in mrb_time_asctime
https://hackerone.com/reports/188661 | Invalid read when wddx decodes empty boolean element
https://hackerone.com/reports/188719 | Information Disclosure in /skills call
https://hackerone.com/reports/188972 | Persistent XSS in www.starbucks.com
https://hackerone.com/reports/189378 | Unauthenticated Stored XSS on .myshopify.com via checkout page
https://hackerone.com/reports/189633 | Certain inputs cause tight C-level recursion leading to process stack overflow
https://hackerone.com/reports/189726 | Websites opened from reports can change url of report page
https://hackerone.com/reports/189768 | [controlsyou.quora.com] 429 Too Many Requests Error-Page XSS
https://hackerone.com/reports/189793 | [Android] XSS via start ContentActivity
https://hackerone.com/reports/190133 | Segfault when passing invalid values to values_at
https://hackerone.com/reports/190188 | Open Redirect bypass and cookie leakage on www.lahitapiola.com
https://hackerone.com/reports/190798 | Reflected XSS on teavana.com (Locale-Change)
https://hackerone.com/reports/190863 | imagefilltoborder stackoverflow on truecolor images
https://hackerone.com/reports/190933 | Invalid parameter in memcpy function trough openssl_pbkdf2
https://hackerone.com/reports/190951 | XSS on manually entering Postal codes
https://hackerone.com/reports/191095 | Reflected XSS on sankarikoulutus (viestinta.lahitapiola.fi)
https://hackerone.com/reports/191146 | SQL Injection in lapsuudenturva (viestinta.lahitapiola.fi)
https://hackerone.com/reports/191323 | Sub Domain Takeover at mk.prd.vine.co
https://hackerone.com/reports/191328 | Invalid memory access in mrb_str_format
https://hackerone.com/reports/191380 | CRLF and XSS stored on ton.twitter.com
https://hackerone.com/reports/191387 | Reflected XSS and Open Redirect in several parameters (viestinta.lahitapiola.fi)
https://hackerone.com/reports/191601 | SQL Injection on /webApp/sijoitustalousuk email-parameter + potential lack of CSRF Token (viestinta.lahitapiola.fi)
https://hackerone.com/reports/191689 | Incorrect code generation when result of NODE_NEGATE is not used
https://hackerone.com/reports/191890 | DOM Based XSS in Discourse Search
https://hackerone.com/reports/191909 | XSS Vulnerability on Image link parser
https://hackerone.com/reports/191938 | SIGSEGV on mruby mrb_get_args()
https://hackerone.com/reports/191994 | SIGSEGV mrb_obj_freeze() Manipulating Register RAX and RSI
https://hackerone.com/reports/192127 | Buffer underflow in sprintf
https://hackerone.com/reports/192131 | CSRF Attack on (m.badoo.com)deleting account and erasing imported contacts
https://hackerone.com/reports/192140 | XSS on postal codes
https://hackerone.com/reports/192210 | Stored XSS in blog comments through Shopify API
https://hackerone.com/reports/192223 | XSS vulnerability on Audio and Video parsers
https://hackerone.com/reports/192235 | Integer Overflow in mrb_ary_set
https://hackerone.com/reports/192318 | mrb_vformat() heap overflow could lead to code execution
https://hackerone.com/reports/192362 | Heap Overflow in mrb_arb_splice
https://hackerone.com/reports/192388 | Unauthorised read Access to Expense Receipt of any user in the company(Vertical Privilege escalation)
https://hackerone.com/reports/192485 | SIGSEGV on mrb_vm_exec() Null Deref
https://hackerone.com/reports/192532 | SIGABRT, SIGSEGV mspace_free() and mrb_default_allocf()
https://hackerone.com/reports/192578 | kh_get_n2s() stack overrun
https://hackerone.com/reports/192665 | heap-buffer-overflow on mruby
https://hackerone.com/reports/192734 | SIGSEGV Null Pointer mrb_str_concat()
https://hackerone.com/reports/192896 | Memory disclosure in timegm
https://hackerone.com/reports/193056 | Subdomain Takeover at http://gameday.websummit.net
https://hackerone.com/reports/193075 | SIGSEGV - mrb_check_intern_str() - NullPointer
https://hackerone.com/reports/193077 | mrb_str_modify try to write to memory not marked for writing
https://hackerone.com/reports/193081 | Null pointer dereference in mrb_str_prepend
https://hackerone.com/reports/193143 | Use After Free in str_replace
https://hackerone.com/reports/193314 | SMTP user enumeration via mail.zendesk.com
https://hackerone.com/reports/193517 | attempting double-free using the mruby compiler mrbc
https://hackerone.com/reports/193719 | Double free of filename after codegen error
https://hackerone.com/reports/193724 | SIGSEGV - kh_resize_iv - Null Deref
https://hackerone.com/reports/193773 | SIGABRT - mrb_default_allocf
https://hackerone.com/reports/194017 | Open redirect - user interaction needed (verkkopalvelu.lahitapiola.fi/e2/..) - based on #179328
https://hackerone.com/reports/194329 | No session logout after changing password & alsoandroid sessions not shown in sessions list so they can be deleted
https://hackerone.com/reports/194351 | Able to download arbitrary PHP files at yelpblog.com
https://hackerone.com/reports/194574 | IDOR - Folder names disclosure inside a domain, regardless of user
https://hackerone.com/reports/194721 | Verification of email addresses possible through https://www.yelp.com/signup/facebook
https://hackerone.com/reports/194761 | OpenSSL Padding Oracle Attack (CVE-2016-2107) on viestinta.lahitapiola.fi
https://hackerone.com/reports/194790 | IDOR - Downloading all attachements if having access to a shared link
https://hackerone.com/reports/194832 | Authentication Bypass on monitoring server
https://hackerone.com/reports/194884 | Heap use-after-free during range creation
https://hackerone.com/reports/194906 | Heap overflow due to off-by-one when expanding stack
https://hackerone.com/reports/195045 | Set Cookie Via SVG
https://hackerone.com/reports/195156 | CSRF in all API endpoints when authenticated using HTTP Authentication
https://hackerone.com/reports/195350 | Subdomain takeover on podcasts.slack-core.com
https://hackerone.com/reports/195580 | Crash (DoS) when parsing a hostile TIFF
https://hackerone.com/reports/195586 | Memory corruption when parsing a hostile PHAR archive
https://hackerone.com/reports/195688 | NULL Pointer Dereference while unserialize php object
https://hackerone.com/reports/195842 | Segmentation fault - mrb_gc_mark
https://hackerone.com/reports/195950 | Use of uninitialized memory in unserialize()
https://hackerone.com/reports/196221 | XSS in instacart.com/store/partner_recipe
https://hackerone.com/reports/196222 | RTLO char allowed in chat
https://hackerone.com/reports/196380 | SIGSEGV in mrb_vm_exec
https://hackerone.com/reports/196386 | SIGSEGV - mrb_vm_exec - vm.c in line:1272
https://hackerone.com/reports/196458 | apps.shopify.com - CSRF token leakage through Google Analytics
https://hackerone.com/reports/196498 | Segmentation fault on program counter
https://hackerone.com/reports/196624 | dom xss in https://www.slackatwork.com
https://hackerone.com/reports/196655 | Disclose any user's private email through API
https://hackerone.com/reports/196846 | Open redirect / Reflected XSS payload in root that affects all your sites (store.starbucks.* / shop.starbucks.* / teavana.com)
https://hackerone.com/reports/197443 | XSS in topics because of bandcamp preview engine vulnerability
https://hackerone.com/reports/197693 | SIGSEGV - mrb_vm_exec - line:1681
https://hackerone.com/reports/197694 | SIGSEGV - mrb_obj_extend - line:413
https://hackerone.com/reports/197719 | Still heap overflow in mrb_ary_splice
https://hackerone.com/reports/197723 | Null pointer dereference in mrb_str_modify
https://hackerone.com/reports/197789 | [insideok.ru] Database Dump
https://hackerone.com/reports/197902 | Stored XSS in topics because of whitelisted_generic engine vulnerability
https://hackerone.com/reports/197914 | Stored XSS in posts because of absence of oembed variables values escaping
https://hackerone.com/reports/197916 | Crash in print_backtrace
https://hackerone.com/reports/198249 | [XSS/3dsecure.qiwi.com] 3DSecure XSS
https://hackerone.com/reports/198251 | [XSS/pay.qiwi.com] Pay SubDomain Hard-Use XSS
https://hackerone.com/reports/198452 | SIGABRT - mrb_realloc_simple - gc.c - line:201
https://hackerone.com/reports/198622 | Clickjacking Periscope.tv on Chrome
https://hackerone.com/reports/198723 | Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization
https://hackerone.com/reports/198732 | Use After Free in unserialize()
https://hackerone.com/reports/198733 | Type Confusion in Object Deserialization
https://hackerone.com/reports/198734 | GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability]
https://hackerone.com/reports/198969 | IDOR - Deleting other user's reminders just by id
https://hackerone.com/reports/199281 | IDOR - Leaking other user's folder names from /appsuite/api/import?action=ICA
https://hackerone.com/reports/199321 | IDOR - Deleting other user's signature via /appsuite/api/snippet?action=update (although an error is thrown)
https://hackerone.com/reports/199764 | Aborted - proc.c - line:143
https://hackerone.com/reports/199779 | Google Analytics could be used as CSP bypass for data exfiltration on hackerone.com
https://hackerone.com/reports/199804 | Persistent XSS on ForecastApp
https://hackerone.com/reports/200387 | Incorrect code generation with redo inside NODE_RESCUE.
https://hackerone.com/reports/200487 | Incomplete HTML sanitization + Session id leaking + private information disclosure
https://hackerone.com/reports/200576 | Logic flaw enables restricted account to access account license key
https://hackerone.com/reports/200753 | [nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html
https://hackerone.com/reports/200818 | SQL Injection /webApp/cancel_iltakoulu regId parameter (viestinta.lahitapiola.fi)
https://hackerone.com/reports/200821 | heap-use-after-free /home/operac/testafl/mruby/mrubylast/mruby/src/gc.c
https://hackerone.com/reports/200826 | [github.algolia.com] DOM Based XSS github-btn.html
https://hackerone.com/reports/200909 | Out of bounds memory read in unserialize()
https://hackerone.com/reports/201137 | Reflected XSS on iltakoulu_varkaus (viestinta.lahitapiola.fi)
https://hackerone.com/reports/201314 | Enumeration in unsubscribe -function of /omatalousuk (viestinta.lahitapiola.fi)
https://hackerone.com/reports/201346 | CVE-2017-3730: Bad (EC)DHE parameters cause a client crash
https://hackerone.com/reports/201529 | Can upload files without authentication on AirFibre 3.2
https://hackerone.com/reports/201723 | Single user DOS on selectedLanguage -cookie (yrityspalvelu.lahitapiola.fi)
https://hackerone.com/reports/201796 | cloudup Subdomain Takeover That resolves to Desk.com ( CNAME cloudup.desk.com )
https://hackerone.com/reports/201897 | Recursion causing uninitialized memory reads leading to a segfault
https://hackerone.com/reports/201901 | Test Page available with Server details on /r/test (viestinta.lahitapiola.fi)
https://hackerone.com/reports/201905 | SIGSEGV - vm.c - line:1214
https://hackerone.com/reports/201984 | Wordpress directories/files visible to internet
https://hackerone.com/reports/202177 | Login with Google Not Authenticated on iOS App
https://hackerone.com/reports/202354 | Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/
https://hackerone.com/reports/202362 | Null pointer dereference in mrb_random_initialize
https://hackerone.com/reports/202425 | Two-factor authentication bypass on Grab Android App
https://hackerone.com/reports/202499 | User with only Viewing Privilege can send message to Room
https://hackerone.com/reports/202501 | Restricted user is able to delete filter sets of admin users in https://infrastructure.newrelic.com/accounts/{{ACC#}}/settings/filterSets
https://hackerone.com/reports/202582 | Denial of service (segfault) due to null pointer dereference in mrb_obj_instance_eval
https://hackerone.com/reports/202584 | Denial of service (segfault) due to null pointer dereference in mrb_vm_exec
https://hackerone.com/reports/202767 | Subdomain takeover at info.hacker.one
https://hackerone.com/reports/202960 | CVE-2017-5204: The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print()
https://hackerone.com/reports/202965 | CVE-2017-5341 The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print()
https://hackerone.com/reports/202967 | CVE-2017-5484 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print()
https://hackerone.com/reports/202968 | CVE-2017-5342 In tcpdump before 4.9.0 a bug in multiple protocol parsers could cause a buffer overflow in print-ether.c:ether_print()
https://hackerone.com/reports/202969 | CVE-2017-5482 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print().
https://hackerone.com/reports/203002 | Incorrect GC behavior in xxlimited could lead to use-after-free
https://hackerone.com/reports/203042 | Find whether a video has been favourited or not, for any user [via YouPorn Mobile API]
https://hackerone.com/reports/203513 | SIGSEGV - mrb_vm_exec - line:1312
https://hackerone.com/reports/203515 | Wordpress 4.7.2 - Two XSS in Media Upload when file too large.
https://hackerone.com/reports/203595 | forgot to add the patch
https://hackerone.com/reports/203673 | AirFibre products vulnerable to HTTP Header injection
https://hackerone.com/reports/203726 | Open Redirect in .greenhouse.io
https://hackerone.com/reports/204047 | Segmentation fault while printing backtrace
https://hackerone.com/reports/204208 | High server resource usage on captcha (viestinta.lahitapiola.fi)
https://hackerone.com/reports/204421 | Heap buffer oveflow with many arguments
https://hackerone.com/reports/204513 | Infrastructure - Photon - SSRF
https://hackerone.com/reports/204628 | segafult in mruby's sprintf - mrb_str_format
https://hackerone.com/reports/204774 | A crash when an exception is caught in a caller and the receiver returned from ensure
https://hackerone.com/reports/204802 | pam-ussh may be tricked into using another logged in user's ssh-agent
https://hackerone.com/reports/204984 | IDOR - Accessing other user's attachements via PUT /appsuite/api/files?action=saveAs
https://hackerone.com/reports/205000 | Authorization bypass using login by phone option+horizontal escalation possible on Grab Android App
https://hackerone.com/reports/205284 | SIGABRT - method_missing - mark_context_stack
https://hackerone.com/reports/205481 | Wordpress unzip_file path traversal
https://hackerone.com/reports/205884 | Interger overflow in str_substr leading to read/write out of bound memory
https://hackerone.com/reports/205953 | CSRF - Adding unlimited number of saved items via GET request
https://hackerone.com/reports/206109 | mruby heap use-after-free
https://hackerone.com/reports/206227 | Remote Code Execution on Git.imgur-dev.com
https://hackerone.com/reports/206319 | Persistent CSRF in /GiftCert-AddToBasket prevents purchases on eCommerce sites
https://hackerone.com/reports/206650 | Broken Authentication - Security token gets captured via man in the middle attack
https://hackerone.com/reports/206653 | Captcha bypass for the most important function - At en.instagram-brand.com
https://hackerone.com/reports/206894 | SSRF at iris.lystit.com
https://hackerone.com/reports/207042 | Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP
https://hackerone.com/reports/207053 | Writable RubyCi Amazon s3 bucket
https://hackerone.com/reports/207266 | Information leakage via CSV when content is valid JavaScript
https://hackerone.com/reports/207321 | Controlled address leak due to type confusion - ASLR bypass
https://hackerone.com/reports/207576 | Subdomain takeover on s3.shopify.com
https://hackerone.com/reports/207710 | Heap use-after-free in mrb_vm_exec
https://hackerone.com/reports/207983 | read outside of buffer (heap buffer overflow) in S_regmatch - regexec.c:6057
https://hackerone.com/reports/208237 | Brute force unsubscription on /webApp/unsub_sb (viestinta.lahitapiola.fi)
https://hackerone.com/reports/208363 | Memory corrouption in mrb_gc_mark
https://hackerone.com/reports/208480 | Site configured improperly at subdomain of lyst.co.uk
https://hackerone.com/reports/208526 | Null pointer dereference in mark_context_stack
https://hackerone.com/reports/208622 | Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web script via p parameter.
https://hackerone.com/reports/208719 | Subdomain Takeover at Landing.udemy.com
https://hackerone.com/reports/208734 | CSRF @ configuration
https://hackerone.com/reports/209004 | Subdomain takeover #2 at info.hacker.one
https://hackerone.com/reports/209008 | Authentication Bypass - Chaining two vulnerabilities leads to account takeover at en.instagram-brand.com
https://hackerone.com/reports/209223 | Open S3 Bucket WriteAble To Any Aws User
https://hackerone.com/reports/209251 | public report - Reproducible - Writable RubyCi Amazon s3 bucket[207053]
https://hackerone.com/reports/209352 | Cross Domain leakage of sensitive information - Leading to Account Takeover at Instagram Brand
https://hackerone.com/reports/209368 | [wallet.rapida.ru] Mass SMS flood
https://hackerone.com/reports/209398 | HTML Injection in email from http://www.lahitapiola.fi/henkilo/sivut/tonttutesti
https://hackerone.com/reports/209449 | Heap buffer overflow with long array assignment
https://hackerone.com/reports/209736 | DOM XSS on teavana.com via "pr_zip_location" parameter
https://hackerone.com/reports/209765 | Heap buffer overflow in mruby value_move
https://hackerone.com/reports/209917 | javascript: and mailto: links are allowed in JIRA integration settings
https://hackerone.com/reports/209937 | SIGSEGV - mark_context_stack
https://hackerone.com/reports/209949 | Arbitrary heap exposure in JSON.generate
https://hackerone.com/reports/210190 | Transitioning a Private Program to Public Does Not Clear Previously Private Updates to Hackers
https://hackerone.com/reports/210331 | SSLv3 POODLE Vulnerability
https://hackerone.com/reports/210354 | RTLO character in file names
https://hackerone.com/reports/210429 | mrb_vm_exec - null ptr dereference
https://hackerone.com/reports/210572 | Full path Disclosure in Rockstargames.comâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ
https://hackerone.com/reports/210779 | [Urgent] Invalidating OAuth2 Bearer token makes TweetDeck unavailable
https://hackerone.com/reports/210875 | use of unsafe host header leads to open redirect
https://hackerone.com/reports/210908 | XSS on 3rd party service Localtapiola is using
https://hackerone.com/reports/211149 | Inadequate/dangerous jQuery behavior
https://hackerone.com/reports/211418 | Source Code Disclosure (CGI)
https://hackerone.com/reports/211477 | Stealing users' facebook access tokens - kitcrm.com
https://hackerone.com/reports/212067 | An â€œalgobotâ€�-s GitHub access token was leaked
https://hackerone.com/reports/212074 | SIGSEGV - mrb_yield_with_class
https://hackerone.com/reports/212107 | Null pointer dereference in mrb_class
https://hackerone.com/reports/212239 | sprintf gem - format string combined attack
https://hackerone.com/reports/212241 | sprintf combined format string attack
https://hackerone.com/reports/212456 | SIGSEGV - kh_get_n2s - in /src/symbol.c:37
https://hackerone.com/reports/212508 | Single User DOS on SelectedLocale -cookie (verkkopalvelu.tapiola.fi)
https://hackerone.com/reports/212696 | RCE by command line argument injection to gm convert in /edit/process?a=crop
https://hackerone.com/reports/212721 | IE 11 Self-XSS on Jira Integration Preview Base Link
https://hackerone.com/reports/212882 | SIGABRT in only mirb
https://hackerone.com/reports/213255 | SIGSEGV in str_buf_cat
https://hackerone.com/reports/213261 | Use-after-free leading to an invalid pointer dereference
https://hackerone.com/reports/213418 | User able to access company details in yrityspalvelu without proper permissions
https://hackerone.com/reports/213437 | Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516 Invalid Curve attack
https://hackerone.com/reports/213558 | Arbitrary Local-File Read from Admin - Restore From Backup due to Symlinks
https://hackerone.com/reports/213779 | SIGSEGV - mrb_obj_value
https://hackerone.com/reports/213942 | Differential "Show Raw File" feature exposes generated files to unauthorised users
https://hackerone.com/reports/214000 | SIGABRT - mirb and mruby
https://hackerone.com/reports/214001 | File access controls incorrectly enforced for files shared via QuickLink - Unshared files can be accessed
https://hackerone.com/reports/214022 | Admin Command Injection via username in user_archive ExportCsvFile
https://hackerone.com/reports/214044 | Stored XSS in [shop].myshopify.com/admin/orders/[id]
https://hackerone.com/reports/214087 | Clickjacking Vulnerability found on Yelp
https://hackerone.com/reports/214571 | Login form on non-HTTPS page
https://hackerone.com/reports/214576 | SIGABRT - mirb - Double Free
https://hackerone.com/reports/214581 | Stored passive XSS at scheduled posts (kitcrm.com)
https://hackerone.com/reports/214681 | Null pointer dereference in ary_concat
https://hackerone.com/reports/214845 | SIGSEGV in mrb_vm_exec
https://hackerone.com/reports/215044 | [iOS] URL can be replaceState by blob URL in iOS Brave
https://hackerone.com/reports/215381 | CSRF on Periscope Web OAuth authorization endpoint
https://hackerone.com/reports/215447 | SIGSEGV in mrb_class
https://hackerone.com/reports/215625 | A HackerOne employee's GitHub personal access token exposed in Travis CI build logs
https://hackerone.com/reports/215854 | Garbage collector crash
https://hackerone.com/reports/215891 | Null pointer dereference in mrb_class
https://hackerone.com/reports/215967 | SIGABRT in mrb_debug_info_append_file
https://hackerone.com/reports/216151 | Use-after-free in _asyncio_Future_remove_done_callback
https://hackerone.com/reports/216615 | Crash in ary_concat()
https://hackerone.com/reports/216700 | heap use-after-free in mrb_vm_exec()
https://hackerone.com/reports/216725 | SIGABRT - in free
https://hackerone.com/reports/216746 | Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks.
https://hackerone.com/reports/216812 | Reflected XSS in error pages (NC-SA-2017-008)
https://hackerone.com/reports/216840 | OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
https://hackerone.com/reports/217007 | Stored XSS in e.mail.ru (payload affect multiple users)
https://hackerone.com/reports/217083 | SIGSEGV in mrb_str_inum
https://hackerone.com/reports/217097 | SIGSEGV in mrb_vm_exec
https://hackerone.com/reports/217358 | Subdomain takeover #3 at info.hacker.one
https://hackerone.com/reports/217555 | Possible to unsubscribe from activities using CSRF @ mijn.werkenbijdefensie.nl
https://hackerone.com/reports/217558 | Possible to view and takeover other user's education and courses @ mijn.werkenbijdefensie.nl
https://hackerone.com/reports/217610 | kh_put_iv SEGFAULT - mruby 1.2.0
https://hackerone.com/reports/217745 | XSS in $shop$.myshopify.com/admin/ via "Button Objects" in malicious app
https://hackerone.com/reports/217790 | XSS in $shop$.myshopify.com/admin/ via twine template injection in "Shopify.API.Modal.input" method when using a malicious app
https://hackerone.com/reports/218088 | Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier
https://hackerone.com/reports/218226 | Stored XSS in comments on https://www.starbucks.co.uk/blog/*
https://hackerone.com/reports/218233 | Null pointer dereference in OP_ENTER
https://hackerone.com/reports/218287 | In App purchase Hack
https://hackerone.com/reports/218451 | [Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME
https://hackerone.com/reports/218465 | [staging-engineering.gnip.com] Publicly accessible GIT directory
https://hackerone.com/reports/218567 | SIGSEGV in array_copy - array.c:71
https://hackerone.com/reports/218570 | Invalid pointer dereference in OP_ENTER
https://hackerone.com/reports/218680 | [buy.coinbase.com]Content Injection
https://hackerone.com/reports/218803 | SIGABRT in sym_validate_len - symbol.c:44
https://hackerone.com/reports/219170 | XSS
https://hackerone.com/reports/219192 | Resend invitation to members by Read only user(Privilege Escalation)
https://hackerone.com/reports/219197 | [â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ.gnip.com] .htpasswd disclosure
https://hackerone.com/reports/219205 | Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com
https://hackerone.com/reports/219215 | Client can redirect payment, causing payment discrepancy between Harvest and PayPal
https://hackerone.com/reports/219607 | Dovecot authentication is vulnerable to timing attacks.
https://hackerone.com/reports/219821 | XSS
https://hackerone.com/reports/219870 | mirb only: stack-buffer-overflow (OOB write) in main()
https://hackerone.com/reports/220002 | Subdomain takeover #4 at info.hacker.one
https://hackerone.com/reports/220009 | Lack of input sanitization in Marketo form leads to execution of HTML in lead emails
https://hackerone.com/reports/220385 | Delete All Data of Any User
https://hackerone.com/reports/220494 | [GitHub Extension] Unsanitised HTML leading to XSS on GitHub.com
https://hackerone.com/reports/220615 | Expired SSL certificate
https://hackerone.com/reports/220737 | Tabnabbing via Window.Opener @Mavenlink
https://hackerone.com/reports/220864 | Unauthorized access to attachments details of Private Calendar appointments (Access control issue)
https://hackerone.com/reports/220874 | Critical : View/Edit access to private appointments of calendar folder by read only user (Vertical privilege escalation)
https://hackerone.com/reports/220903 | Authenticated Cross-site Scripting in Template Name
https://hackerone.com/reports/221251 | heap-buffer-overflow (read outside of buffer) in mrb_vm_exec()
https://hackerone.com/reports/221328 | HTTP 401 response injection on "amp.twimg.com/amplify-web-player/prod/source.html" through "image_src" parameter
https://hackerone.com/reports/221558 | Private Grab Messages on Android App can be accessed and cached by Search Engines
https://hackerone.com/reports/221785 | OOB write in MDC2_Update() (CVE-2016-6303)
https://hackerone.com/reports/221787 | Malformed SHA512 ticket DoS (CVE-2016-6302)
https://hackerone.com/reports/221788 | OOB write in BN_bn2dec() (CVE-2016-2182)
https://hackerone.com/reports/221789 | OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
https://hackerone.com/reports/221790 | Certificate message OOB reads (CVE-2016-6306)
https://hackerone.com/reports/221791 | Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
https://hackerone.com/reports/221792 | Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
https://hackerone.com/reports/221893 | XSS in the search bar of mercantile.wordpress.org
https://hackerone.com/reports/222020 | Mercurial can be tricked into granting authorized users access to the Python debugger
https://hackerone.com/reports/222040 | Reflected XSS at https://da.wordpress.org/themes/?s= via "s=" parameter
https://hackerone.com/reports/222224 | Stored but [SELF] XSS in mercantile.wordpress.org
https://hackerone.com/reports/222252 | Ğ”ÑƒĞ±Ğ»Ğ¸ĞºĞ°Ñ‚: https://hackerone.com/reports/219171 (Ğ´Ğ¾Ñ�Ñ‚ÑƒĞ¿ Ğº Ğ°ĞºĞºĞ°ÑƒĞ½Ñ‚Ñƒ, Ñ‡ĞµÑ€ĞµĞ· Ñ�Ğ±Ñ€Ğ¾Ñ� Ğ¿Ğ°Ñ€Ğ¾Ğ»Ñ�)
https://hackerone.com/reports/222294 | heap-use-after-free in mrb_vm_exec - vm.c:1247
https://hackerone.com/reports/222692 | plugins.trac.wordpress.org likely vulnerable to Cross Site Tracing (xst), TRACE HTTP method should be disabled
https://hackerone.com/reports/222870 | IRC-Bot exposes information
https://hackerone.com/reports/223203 | SVG Server Side Request Forgery (SSRF)
https://hackerone.com/reports/223363 | Escape sequence injection vulnerability in WEBrick BasicAuth
https://hackerone.com/reports/223625 | Subdomain Takeover (and Stored XSS) via Trailing Dot at https://coding-exercises.udemy.com
https://hackerone.com/reports/223906 | Dropbox Paper - Markdown XSS
https://hackerone.com/reports/225243 | phone number exposure for riders/drivers given email/uuid
https://hackerone.com/reports/225831 | Extract Billing admin email address using random team id
https://hackerone.com/reports/225897 | Throttling Bypass - ws1.dashlane.com
https://hackerone.com/reports/226191 | Android MailRu Email: Thirdparty can access private data files with small user interaction
https://hackerone.com/reports/226199 | Changing Victim's JIRA Integration Settings Through Multiple Bugs
https://hackerone.com/reports/226200 | OP_SCALL in LHS of a OP_ASGN resulting in arbitrary memory write
https://hackerone.com/reports/226203 | Cross-site-Scripting
https://hackerone.com/reports/226335 | Escape sequence injection in "summary" field
https://hackerone.com/reports/226418 | HackerOne reports escalation to JIRA is CSRF vulnerable
https://hackerone.com/reports/226428 | Reflected XSS in .myshopify.com through theme preview
https://hackerone.com/reports/226783 | HTML Injection on airlink.ubnt.com
https://hackerone.com/reports/226960 | [platform.harvestapp.com] Reflected XSS in Error Message via URL parameters
https://hackerone.com/reports/227181 | Xss Ğ² https://e.mail.ru/
https://hackerone.com/reports/227486 | XSS on https://www.starbucks.co.uk (can lead to credit card theft) (/shop/paymentmethod)
https://hackerone.com/reports/227522 | IDOR in editing courses
https://hackerone.com/reports/227663 | [https://www.dashlane.com] Test Panel Disclosure
https://hackerone.com/reports/227762 | Heap Overflow in fiber_switch triggered from Fiber.transfer
https://hackerone.com/reports/227809 | XSS at in instacart.com/store/partner_recipe
https://hackerone.com/reports/227833 | Reverse Tab-nabbing at www.instacart.com/store/partner_recipe?recipe_url=
https://hackerone.com/reports/228006 | Cross-site Scripting (XSS) on [maximum.nl]
https://hackerone.com/reports/228112 | Directory Disclose,Email Disclose Zendmail vulnerability
https://hackerone.com/reports/228377 | SSRF in upload IMG through URL
https://hackerone.com/reports/228399 | Any authenticated user can download full list of users, including email
https://hackerone.com/reports/228531 | Xss Ğ² https://e.mail.ru/
https://hackerone.com/reports/228648 | WannaCrypt â€œKillswitchâ€�
https://hackerone.com/reports/229498 | Host header injection/redirection via newsletter signup
https://hackerone.com/reports/229619 | Ability to verify any email address you don't own - accounts.shopify.com
https://hackerone.com/reports/229622 | Directory traversal at https://nightly.ubnt.com
https://hackerone.com/reports/230232 | Stored self-XSS in mercantile.wordpress.org checkout
https://hackerone.com/reports/230234 | [mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection
https://hackerone.com/reports/230435 | DOM Based XSS In mercantile.wordpress.org
https://hackerone.com/reports/231053 | XSS on any Shopify shop via abuse of the HTML5 structured clone algorithm in postMessage listener on "/:id/digital_wallets/dialog"
https://hackerone.com/reports/231917 | Shared file link - password protection bypass under certain conditions
https://hackerone.com/reports/232150 | heap-buffer-overflow (READ of size 11) in Perl 5.25.x
https://hackerone.com/reports/232174 | XSS on $shop$.myshopify.com/admin/ and partners.shopify.com via whitelist bypass in SVG icon for sales channel applications
https://hackerone.com/reports/232347 | [FG-VD-17-063] NextCloud Insufficient Attack Protection Vulnerability Notification
https://hackerone.com/reports/232432 | Universal Cross-Site Scripting in Keybase Chrome extension
https://hackerone.com/reports/232463 | Possible sweet32 lahitapiola.fi
https://hackerone.com/reports/232653 | CSRF. Ğ£Ğ´Ğ°Ğ»ĞµĞ½Ğ¸Ğµ Ğ°Ğ´Ñ€ĞµÑ�Ğ½Ğ¾Ğ¹ ĞºĞ½Ğ¸Ğ³Ğ¸, Ğ´Ğ¾Ğ±Ğ°Ğ²Ğ»ĞµĞ½Ğ¸Ğµ ĞºĞ¾Ğ½Ñ‚Ğ°ĞºÑ‚Ğ¾Ğ²
https://hackerone.com/reports/233099 | CSRF in Report Lost or Stolen Page https://www.starbucks.com/account/card
https://hackerone.com/reports/233440 | heap-buffer-overflow (READ of size 61) in Perl_re_intuit_start()
https://hackerone.com/reports/235200 | Cross-origin resource sharing misconfig | steal user information
https://hackerone.com/reports/235866 | Cross-site Scripting (XSS) in /updates-pro/archive/
https://hackerone.com/reports/236552 | Unauthenticated RCE in Vaultpress
https://hackerone.com/reports/237184 | Session fixation in password protected public download.
https://hackerone.com/reports/237357 | CRLF Injection at vpn.bitstrips.com
https://hackerone.com/reports/237381 | SSRF and local file disclosure in https://wordpress.com/media/videos/ via FFmpeg HLS processing
https://hackerone.com/reports/237915 | PHP mbstring / Oniguruma multiple remote heap/stack corruptions
https://hackerone.com/reports/238260 | Uninstalling Slack for Windows (64-bit), then reinstalling keeps you logged in without authentication
https://hackerone.com/reports/239359 | Timing attack woocommerce, simplify commerce gateway
https://hackerone.com/reports/239503 | Open Redirect & Information Disclosure [mijn.werkenbijdefensie.nl]
https://hackerone.com/reports/240083 | Updating payout preference to CurrencyCloud doesn't notify user via email
https://hackerone.com/reports/240821 | Ability To Takeover any account by Emaill.
https://hackerone.com/reports/240886 | Multiple File Manipulation bugs in WP Super Cache
https://hackerone.com/reports/241008 | Stored XSS in *.myshopify.com
https://hackerone.com/reports/241202 | Unsafe arithmetic in PyString_DecodeEscape
https://hackerone.com/reports/241323 | woocommerce - prevent_caching() bug / bypass
https://hackerone.com/reports/241610 | ap_find_token() Buffer Overread
https://hackerone.com/reports/241619 | DOM-based XSS in store.starbucks.co.uk on IE 11
https://hackerone.com/reports/242314 | Open redirect on https://werkenbijdefensie.nl/
https://hackerone.com/reports/242354 | Null pointer dereference with send/method_missing
https://hackerone.com/reports/242727 | Android content provider exposes password-protected share password hashes
https://hackerone.com/reports/242765 | Any user with invite capabilities can take-over any account on Discourse
https://hackerone.com/reports/243058 | XSS bypass Script execute,Read any file,execute any javascript code--UXSS
https://hackerone.com/reports/243094 | Paragonie Airship Admin CSRF on Extensions Pages
https://hackerone.com/reports/243156 | Installing a crafted gem package may create or overwrite files
https://hackerone.com/reports/243943 | IDOR [partners.shopify.com] - User with ONLY Manage apps permission is able to get shops info and staff names from inside the shop
https://hackerone.com/reports/244504 | Possible SOP bypass in www.starbucks.com due to insecure crossdomain.xml
https://hackerone.com/reports/244904 | Use after free in mruby-mpdecimal
https://hackerone.com/reports/245172 | Double Stored Cross-Site scripting in the admin panel
https://hackerone.com/reports/245228 | Object Injection in Woocommerce / Handle PDT Responses from PayPal
https://hackerone.com/reports/245296 | Persistent XSS on keybase.io via "payload" field in /user/sigchain_signature.toffee template
https://hackerone.com/reports/245833 | The user, who was deleted from Github Organization, still can access all functions of federalist, in case he didn't do logout
https://hackerone.com/reports/245872 | [IDOR] The authenticated user can restart website build or view build logs on any another Federalist account
https://hackerone.com/reports/245956 | Use-after-free in PHP7's unserialize()
https://hackerone.com/reports/246794 | XSS on "widgets.shopifyapps.com" via "stripping" attribute and "shop" parameter
https://hackerone.com/reports/246801 | Captcha Bypass in Coinbase SignUp Form
https://hackerone.com/reports/246803 | [spectacles.com] Bypassing quantity limit in orders
https://hackerone.com/reports/246897 | Open Redirect
https://hackerone.com/reports/247246 | Dom based xss affecting all pages from https://www.grab.com/.
https://hackerone.com/reports/247628 | Reading redacted data via hackbot's answers
https://hackerone.com/reports/247680 | SSRF in imgur video GIF conversion
https://hackerone.com/reports/248560 | [parcel.grab.com] DOM XSS at /assets/bower_components/lodash/perf/
https://hackerone.com/reports/248599 | Information disclosure same issue #176002
https://hackerone.com/reports/248601 | PHP INI Parsing Stack Buffer Overflow Vulnerability
https://hackerone.com/reports/248609 | PHP OpenSSL zif_openssl_seal() heap overflow (wild memcpy)
https://hackerone.com/reports/248659 | PHP WDDX Deserialization Heap OOB Read in timelib_meridian()
https://hackerone.com/reports/248668 | XXE on sms-be-vip.twitter.com in SXMP Processor
https://hackerone.com/reports/248693 | Git repository found
https://hackerone.com/reports/249131 | Ability to create own account UUID leads to stored XSS
https://hackerone.com/reports/249234 | Posting to Twitter CSRF on php/post_twitter_authenticate.php
https://hackerone.com/reports/249319 | Race condition on the Federalist API endpoints can lead to the Denial of Service attack
https://hackerone.com/reports/249798 | Intercom chat session information persists after logout
https://hackerone.com/reports/250386 | CSRF ĞŸÑ€Ğ¾Ğ²ĞµÑ€Ğ¸Ñ‚ÑŒ Ñ�Ğ²Ğ»Ñ�ĞµÑ‚Ñ�Ñ� Ğ»Ğ¸ Ğ¿Ğ¾Ğ»ÑŒĞ·Ğ¾Ğ²Ğ°Ñ‚ĞµĞ»ÑŒ Ğ°Ğ´Ğ¼Ğ¸Ğ½Ğ¾Ğ¼ Ğ³Ñ€ÑƒĞ¿Ğ¿Ñ‹.
https://hackerone.com/reports/250688 | The Federalsit session cookie (federalist.sid) is not properly invalidated - backdoor access to the account is possible
https://hackerone.com/reports/250729 | Content Security Policy not applied to error pages at multiple HackerOne endpoints
https://hackerone.com/reports/250837 | Stored xss via template injection
https://hackerone.com/reports/251224 | Blind stored xss [parcel.grab.com] > name parameter
https://hackerone.com/reports/251572 | Length extension attack leading to HTML injection
https://hackerone.com/reports/251918 | Flash CSRF: Update Ad Frequency %: [cp-ng.pinion.gg]
https://hackerone.com/reports/252580 | Scrollbar Width permits detecting browser platform
https://hackerone.com/reports/252908 | Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486)
https://hackerone.com/reports/253313 | XSS Vulnerability in WooCommerce Product Vendors plugin
https://hackerone.com/reports/253429 | Linux TBB SFTP URI allows local IP disclosure
https://hackerone.com/reports/253934 | Password reset token issue
https://hackerone.com/reports/254269 | Persistent XSS found on bin.pinion.gg due to outdated FlowPlayer SWF file with Remote File Inclusion vulnerability.
https://hackerone.com/reports/254285 | Gain access to random information via group chat "about" property
https://hackerone.com/reports/254588 | Removed staff members who had "Manage shops" permission can still create development stores
https://hackerone.com/reports/255021 | Profile shows incorrect account creation date
https://hackerone.com/reports/255100 | No error or notification on Reset password page
https://hackerone.com/reports/255474 | Profile fields validation bypass
https://hackerone.com/reports/255651 | Unauthorized update of merchants' information via /php/merchant_details.php
https://hackerone.com/reports/255668 | Weak Password
https://hackerone.com/reports/255685 | [New Relic Infrastructure] Restricted User can still integrate with AWS via forced browsing (plus, a few other bugs)
https://hackerone.com/reports/255978 | Non-Cloudflare IPs allowed to access origin servers
https://hackerone.com/reports/255991 | URL Spoof / Brave Shield Bypass
https://hackerone.com/reports/256647 | Simple CSS line-height identifies platform
https://hackerone.com/reports/257305 | [www.boozt.com] - Authentication bypass
https://hackerone.com/reports/257335 | ssh: unprivileged users may hijack due to backdated ssh version open port found(â–ˆâ–ˆâ–ˆ.unikrn.com)
https://hackerone.com/reports/257942 | languagechange event fires simultaneously on all tabs
https://hackerone.com/reports/258084 | Access to all files of remote user through shared file
https://hackerone.com/reports/258198 | The Custom Emoji Page has a Reflected XSS
https://hackerone.com/reports/258201 | Overwrite Drafts of Everyone
https://hackerone.com/reports/258237 | [et.mail.ru] ssrf 2
https://hackerone.com/reports/258260 | Accessing Private Files Shared in message of other users
https://hackerone.com/reports/258318 | filin.mail.ru user's e-mail address disclosure
https://hackerone.com/reports/258460 | [Quora Android] Possible to steal arbitrary files from mobile device
https://hackerone.com/reports/258578 | application/x-brave-tab should not be readable.
https://hackerone.com/reports/258585 | OS username disclosure
https://hackerone.com/reports/258710 | Download attribute allows downloading local files
https://hackerone.com/reports/258876 | XSS when clicking "Share to Twitter" at quora.com/widgets/embed_iframe?path=...
https://hackerone.com/reports/259100 | XSS through __e2e_action_id delivered by JSONP
https://hackerone.com/reports/259390 | Use-after-free in XML::LibXML::Node::replaceChild
https://hackerone.com/reports/259400 | Issues with Forgot password Error Handling
https://hackerone.com/reports/259415 | Lengthy manual entry of 2FA secret
https://hackerone.com/reports/259416 | Incorrect email content when disabling 2FA
https://hackerone.com/reports/259742 | Incorrect error message
https://hackerone.com/reports/260005 | RCE via ssh:// URIs in multiple VCS
https://hackerone.com/reports/260278 | TabNabbing issue (due to taget=_blank)
https://hackerone.com/reports/260420 | [dev-nightly.ubnt.com] Local File Reading
https://hackerone.com/reports/260632 | Improper validation of parameters while creating issues
https://hackerone.com/reports/260662 | No length limit in invite_code can cause server degradation
https://hackerone.com/reports/260697 | CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception)
https://hackerone.com/reports/260744 | [dev.twitter.com] XSS and Open Redirect
https://hackerone.com/reports/260755 | https://secure.gravatar.com
https://hackerone.com/reports/260938 | Homograph IDNs displayed in Description
https://hackerone.com/reports/261221 | Participation of expired account holders in Projects can occure financial loss to Mavenlink
https://hackerone.com/reports/261335 | Heap Use After Free Read in unserialize()
https://hackerone.com/reports/261336 | Out of Bounds Memory Read in unserialize()
https://hackerone.com/reports/261338 | Heap Use After Free in unserialize()
https://hackerone.com/reports/261592 | Open Redirection Found in users.whisper.sh
https://hackerone.com/reports/261734 | Ğ˜Ğ½Ğ´ĞµĞºÑ�Ğ°Ñ†Ğ¸Ñ� Ğ¿Ğ¾Ñ‡Ñ‚Ñ‹/Ğ»Ğ¾Ğ³Ğ¸Ğ½Ğ¾Ğ² Ğ¿Ğ¾Ğ»ÑŒĞ·Ğ¾Ğ²Ğ°Ñ‚ĞµĞ»ĞµĞ¹
https://hackerone.com/reports/262004 | HTML injection in email in unikrn.com
https://hackerone.com/reports/262230 | Tinymce 2.4.0
https://hackerone.com/reports/262649 | Information disclosure (system username) in the x-amz-meta-s3cmd-attrs response header on federation.data.gov
https://hackerone.com/reports/262830 | Rate-limit protection get executed in the last stage of the registration process, allowing enumeration of existing account.
https://hackerone.com/reports/263010 | Improper validation at Phone verification (possible cost increase + SMS SPAM attack)
https://hackerone.com/reports/263109 | Buddypress 2.9.1 - Exceeding the maximum upload size - XSS leading to potential RCE.
https://hackerone.com/reports/263226 | HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute
https://hackerone.com/reports/263684 | [qiwi.com] XSS on payment form
https://hackerone.com/reports/263760 | Opportunity to obtain private tweets through search widget preview caches
https://hackerone.com/reports/263876 | Stored XSS Deleting Menu Links in the Shopify Admin
https://hackerone.com/reports/264177 | XSS when replying / forwarding to a malicious email on iOS
https://hackerone.com/reports/264494 | Subdomain Takeover at creatorforum.roblox.com
https://hackerone.com/reports/264832 | xss filter bypass [polldaddy]
https://hackerone.com/reports/265050 | Blind SSRF in emblem editor (2)
https://hackerone.com/reports/265528 | Reflected XSS on the data.gov (WAF bypass+ Chrome XSS Auditor bypass+ works in all browsers)
https://hackerone.com/reports/265740 | [Cross Domain Referrer Leakage] Password Reset Token Leaking to Third party Sites.
https://hackerone.com/reports/265775 | Password reset token issue
https://hackerone.com/reports/267177 | stored xss in invited team member via email parameter
https://hackerone.com/reports/267570 | Stored XSS through Facebook Page Connection
https://hackerone.com/reports/267636 | [NR Synthetics] (IDOR) Ability to see full name associated with other New Relic accounts through workaround of #255894
https://hackerone.com/reports/267783 | Stored XSS and html injection in biz.mail.ru
https://hackerone.com/reports/268228 | A manager of a determinate group of users still might have access to any user account from any group that he doesn't administrate anymore.
https://hackerone.com/reports/268245 | XSS in biz.mail.ru/error
https://hackerone.com/reports/268382 | Nginx misconfiguration leading to direct PHP source code download
https://hackerone.com/reports/268541 | [Synthetics/Infrastructure/everything] Individual account permissions are not properly managed and inherited on sub accounts
https://hackerone.com/reports/268803 | CVE-2017-12985: The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in ip6_print()
https://hackerone.com/reports/268804 | CVE-2017-12986 The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
https://hackerone.com/reports/268805 | CVE-2017-13008 The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
https://hackerone.com/reports/268806 | CVE-2017-13009 The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print().
https://hackerone.com/reports/268807 | CVE-2017-13010 The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
https://hackerone.com/reports/268808 | CVE-2017-13038 The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
https://hackerone.com/reports/268888 | Sensitive Information Disclosure https://cards-dev.twitter.com
https://hackerone.com/reports/268984 | Homograph Attack Bypass [ Tested on Linux & Windows ]
https://hackerone.com/reports/269230 | Emails of invited collaborators are disclosed in full in payload for report participants
https://hackerone.com/reports/269279 | SQL injection in partner id field on https://www.teavana.com (Sign-up form)
https://hackerone.com/reports/269349 | XSS on https://account.mail.ru/login via postMessage
https://hackerone.com/reports/269458 | XSS Ğ² Ğ¿Ğ¸Ñ�ÑŒĞ¼Ğµ, Ğ² Ñ‚ĞµĞ»Ğµ Ğ¿Ğ¸Ñ�ÑŒĞ¼Ğ°.
https://hackerone.com/reports/269568 | Optionsbleed / CVE-2017-9798
https://hackerone.com/reports/270060 | Reflected Swf XSS In ( plugins.svn.wordpress.org )
https://hackerone.com/reports/270072 | Unpacker improperly validates symlinks, allowing gems writes to arbitrary locations
https://hackerone.com/reports/270993 | resolved bugs in a program are public despite the program settings
https://hackerone.com/reports/271007 | [app.simplenote.com] Stored XSS via Markdown SVG filter bypass
https://hackerone.com/reports/271176 | Bypassing one-time checkout router page (revealing payment information)
https://hackerone.com/reports/271324 | Homograph fix Bypass
https://hackerone.com/reports/271330 | Format string implementation vulnerability, resulting in code execution
https://hackerone.com/reports/271506 | Banned researcher gets email updates on a private program.
https://hackerone.com/reports/271533 | Bruteforcing password reset tokens, could lead to account takeover
https://hackerone.com/reports/271765 | Stored XSS in partners dashboard
https://hackerone.com/reports/272095 | SSRF/XSPA in labs.data.gov/dashboard/validate
https://hackerone.com/reports/272497 | Perl $ENV Key Stack Buffer Overflow
https://hackerone.com/reports/272588 | CSRF in Raffles Ticket Purchasing
https://hackerone.com/reports/272839 | Weak Session ID Implementation - No Session change on Password change
https://hackerone.com/reports/273099 | User with removed manage shops permissions is still able to make changes to a shop
https://hackerone.com/reports/273557 | ability to install paid themes for free
https://hackerone.com/reports/273805 | Improper access control lead To delete anyone comment
https://hackerone.com/reports/273946 | www.drivegrab.com SQL injection
https://hackerone.com/reports/273998 | CSRF token does not valided during blog comment
https://hackerone.com/reports/274541 | Invited user to a Author profile can remove the owner of that Author
https://hackerone.com/reports/274844 | Stored XSS when you read eamils. <style>
https://hackerone.com/reports/274868 | Xss on community.imgur.com
https://hackerone.com/reports/274990 | Remote code execution on rubygems.org
https://hackerone.com/reports/275186 | Get all instacart emails - missing rate limit on /accounts/register
https://hackerone.com/reports/275269 | Gem signature forgery
https://hackerone.com/reports/275386 | Stored XSS Using Media
https://hackerone.com/reports/275515 | Stored XSS in dev-ucrm-billing-demo.ubnt.com In Client Custom Attribute
https://hackerone.com/reports/275518 | Blind XSS in Mobpub Marketplace Admin Production | Sentry via demand.mopub.com (User-Agent)
https://hackerone.com/reports/275714 | Subdomain takeover on developer.openapi.starbucks.com
https://hackerone.com/reports/277163 | XSS Ğ² Ñ‚ĞµĞ»Ğµ Ğ¿Ğ¸Ñ�ÑŒĞ¼Ğ°, Ğ² Ğ±Ğ»Ğ¾Ñ‡Ğ½Ñ‹Ñ… Ñ�Ñ‚Ğ¸Ğ»Ñ�Ñ….
https://hackerone.com/reports/277502 | [BuddyPress 2.9.1] Open Redirect via "wp_http_referer" parameter on "bp-profile-edit" endpoint
https://hackerone.com/reports/277525 | Formula injection via CSV exports in WordCamp Talks plugin
https://hackerone.com/reports/277534 | Timing Attack in Google Authenticator - Per User Prompt
https://hackerone.com/reports/278095 | Invalid Host detection at https://hackerone.com/redirect
https://hackerone.com/reports/278191 | Listing of Amazon S3 Bucket accessible to any amazon authenticated user (metrics.pscp.tv)
https://hackerone.com/reports/279932 | Users Unable to login using Gmail/Facebook on https://boozt-stage1.booztx.com/login
https://hackerone.com/reports/280748 | High server resource usage on captcha (viestinta.lahitapiola.fi)
https://hackerone.com/reports/280912 | apache access.log leakage via long request on https://rapida.ru/
https://hackerone.com/reports/282176 | Unauthenticated hidden groups disclosure via Ajax groups search
https://hackerone.com/reports/282748 | Detecting Tor Browser UI Language
https://hackerone.com/reports/283058 | [IRCCloud Android] Opening arbitrary URLs/XSS in SAMLAuthActivity
https://hackerone.com/reports/283063 | [IRCCloud Android] XSS in ImageViewerActivity
https://hackerone.com/reports/283460 | Open Redirect Protection Bypass
https://hackerone.com/reports/283644 | Out-Of-Bounds Read in timelib_meridian()
https://hackerone.com/reports/284346 | Download attachments with traversal path into any sdcard directory (incomplete fix 106097)
https://hackerone.com/reports/285432 | IDOR - setAttribute action of user object in API
https://hackerone.com/reports/286667 | Self-XSS in password reset functionality
https://hackerone.com/reports/286740 | Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse
https://hackerone.com/reports/287789 | IDOR to view User Order Information
https://hackerone.com/reports/287837 | 217.147.95.145 NFS Exposed with Zeus Server configs
https://hackerone.com/reports/288219 | Open Redirection while saving User account Settings
https://hackerone.com/reports/288704 | Command injection on Phabricator instance with an evil hg branch name
https://hackerone.com/reports/288955 | [IRCCloud Android] Theft of arbitrary files leading to token leakage
https://hackerone.com/reports/288966 | POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204)
https://hackerone.com/reports/288993 | SSL_peek() hang on empty record (CVE-2016-6305)
https://hackerone.com/reports/289246 | Following links are vulnerable to clickjacking
https://hackerone.com/reports/289568 | Program profile metrics endpoint contains mean time to triage, even when turned off
https://hackerone.com/reports/289823 | Improper markup sanitization.
https://hackerone.com/reports/291057 | MySQL username and password leaked in developer.valvesoftware.com via source code dislosure
https://hackerone.com/reports/291522 | XSS on account.mail.ru/login
https://hackerone.com/reports/291539 | [Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron
https://hackerone.com/reports/291683 | Crafted frame injection leading to form-based UI redressing.
https://hackerone.com/reports/291750 | Link filter protection bypass
https://hackerone.com/reports/291764 | SQL Injection found in NextCloud Android App Content Provider
https://hackerone.com/reports/292457 | Reflected XSS in www.dota2.com
https://hackerone.com/reports/292463 | Exposed authentication (/cs/Satellite)
https://hackerone.com/reports/292636 | session_id is not being validated at email invitation endpoint
https://hackerone.com/reports/292797 | ActionController::Parameters .each returns an unsafe hash
https://hackerone.com/reports/293016 | CSRF log victim into the attacker account
https://hackerone.com/reports/293105 | XSS Ğ² Ğ»Ğ¸Ñ‡Ğ½Ñ‹Ñ… Ñ�Ğ¾Ğ¾Ğ±Ñ‰ĞµĞ½Ğ¸Ñ�Ñ…
https://hackerone.com/reports/293299 | Validation message in Bounty award endpoint can be used to determine program balances
https://hackerone.com/reports/293490 | [www.zomato.com] Leaking Email Addresses of merchants via reset password feature
https://hackerone.com/reports/293689 | Query parameter reordering causes redirect page to render unsafe URL
https://hackerone.com/reports/293743 | [public-api.wordpress.com] Stored XSS via Crafted Developer App Description
https://hackerone.com/reports/293845 | [IDOR] Deleting other people's tasks
https://hackerone.com/reports/293847 | SSRF in /appsuite/api/autoconfig
https://hackerone.com/reports/294147 | Mercurial git subrepo lead to arbritary command injection
https://hackerone.com/reports/294201 | subdomain takeover at news-static.semrush.com
https://hackerone.com/reports/294232 | Adding external participants to unaccessible appointments
https://hackerone.com/reports/294462 | NET::Ftp allows command injection in filenames
https://hackerone.com/reports/294505 | Cross-site scripting in "Contact customer" form
https://hackerone.com/reports/294867 | Improper Host Detection During Team Up on tweetdeck.twitter.com
https://hackerone.com/reports/295276 | heap-use-after-free in OP_RESCUE
https://hackerone.com/reports/295330 | code.wordpress.net subdomain Takeover
https://hackerone.com/reports/295380 | heap-buffer-overflow in OP_R_BREAK
https://hackerone.com/reports/295540 | [XSS] Portal Widget Mail
https://hackerone.com/reports/295680 | Invalid read leading to a segfault
https://hackerone.com/reports/295841 | Blind SQL injection in Hall of Fap
https://hackerone.com/reports/296045 | SSRF in VCARD photo upload functionality
https://hackerone.com/reports/296198 | SEGV on ary_concat
https://hackerone.com/reports/297181 | Common response suggestion is sent to Google Analytics when user accepts duplicate comment Genius suggestion
https://hackerone.com/reports/297203 | Reflected XSS using Header Injection
https://hackerone.com/reports/297339 | PHPMYADMIN Setup is accessible without authentication on https://lml.lahitapiola.fi/
https://hackerone.com/reports/297359 | No Rate Limit in email leads to huge Mass mailings
https://hackerone.com/reports/297383 | mruby heredoc notation
https://hackerone.com/reports/297478 | SQL injection in https://labs.data.gov/dashboard/datagov/csv_to_json via User-agent
https://hackerone.com/reports/297547 | Improper markup sanitisation in Simplenote Android application.
https://hackerone.com/reports/297751 | Registered users can change app password permissions for any user
https://hackerone.com/reports/297803 | [crm.unikrn.com] Open Redirect
https://hackerone.com/reports/297968 | Persistent DOM-based XSS in https://help.twitter.com via localStorage
https://hackerone.com/reports/298176 | SQL injection in MilestoneFinder order method
https://hackerone.com/reports/298246 | controlled buffer under-read in pack_unpack_internal()
https://hackerone.com/reports/298265 | HTTP Parameter Pollution using semicolons in iframe element at hackerone.com/careers allows loading external Greenhouse forms
https://hackerone.com/reports/298873 | Command injection by overwriting authorized_keys file through GitLab import
https://hackerone.com/reports/299009 | Single Sing On - Clickjacking
https://hackerone.com/reports/299130 | SSRF - RSS feed, blacklist bypass (IP Formatting)
https://hackerone.com/reports/299135 | SSRF - RSS feed, blacklist bypass (301 re-direct)
https://hackerone.com/reports/299403 | Domain spoofing in redirect page using RTLO
https://hackerone.com/reports/299424 | Bypass Filter and get Stored Xss
https://hackerone.com/reports/299466 | [XSS] Mail <style> v2.0
https://hackerone.com/reports/299473 | Evaluating Ruby code by injecting Rescue job on the system_hook_push queue through web hook
https://hackerone.com/reports/299552 | Information disclosure on https://paycard.rapida.ru
https://hackerone.com/reports/299728 | Markdown parsing issue enables insertion of malicious tags and event handlers
https://hackerone.com/reports/299835 | Link poisoning on https://secure.login.gov/ login page
https://hackerone.com/reports/300099 | [www.zomato.com] Privilege Escalation - Control reviews - /â–ˆâ–ˆâ–ˆâ–ˆdashboard_handler.php
https://hackerone.com/reports/300179 | User uploaded portfolio files can be accessed by any user even after deleted
https://hackerone.com/reports/300181 | Torrent Viewer extension web service available on all interfaces
https://hackerone.com/reports/300270 | Stored XSS in learnboost.com via the lesson[goals] parameter.
https://hackerone.com/reports/300305 | Ability to bypass partner email confirmation to take over any store given an employee email
https://hackerone.com/reports/300391 | The parameter in the POST query allows to control size of returned page which in turn can lead to the potential DOS attack
https://hackerone.com/reports/300454 | [www.zomato.com] Privilege Escalation - /php/restaurant_menus_handler.php
https://hackerone.com/reports/300812 | Stored XSS in www.learnboost.com via ZIP codes.
https://hackerone.com/reports/300879 | User to Admin privilege escalation in Infrastructure Conditions - /v2/accounts/1835740/alerts/conditions
https://hackerone.com/reports/300881 | Account members can re-add themselve after has been deleted by administrator
https://hackerone.com/reports/301137 | GitHub import allows user to create child group under existing namespace
https://hackerone.com/reports/301432 | GitLab CI runner can read and poison cache of all other projects
https://hackerone.com/reports/301458 | Remote Code Execution in Wordpress Desktop
https://hackerone.com/reports/301526 | Invitation token leaks to https://bat.bing.com
https://hackerone.com/reports/301680 | Reflected XSS Vulnerability in https://www.lahitapiola.fi/cs/Satellite
https://hackerone.com/reports/301718 | https://fundl.qiwi.com CSRF Ğ½Ğ° Ğ¿Ğ¾Ğ´Ñ‚Ğ²ĞµÑ€Ğ¶Ğ´ĞµĞ½Ğ¸Ğ¸ sms
https://hackerone.com/reports/301862 | Path traversal leading to limited CSRF on GET requests on two endpoints
https://hackerone.com/reports/301919 | CSRF Add user templates
https://hackerone.com/reports/302253 | Ğ�Ñ‡ĞµĞ½ÑŒ Ğ¶ĞµÑ�Ñ‚ĞºĞ°Ñ� XSS Ğ² Ğ»Ğ¸Ñ‡Ğ½Ñ‹Ñ… Ñ�Ğ¾Ğ¾Ğ±Ñ‰ĞµĞ½Ğ¸Ñ�Ñ… m.ok.ru
https://hackerone.com/reports/302298 | Unintentional file creation caused at Tempfile with directory traversal
https://hackerone.com/reports/302338 | The possibility that unintended file operation may be performed because some methods of Dir do not check NULL characters.
https://hackerone.com/reports/302485 | IDOR allow to extract all registered email
https://hackerone.com/reports/302651 | Leak of Platform Authentication credentials via Repeater
https://hackerone.com/reports/302885 | ImageMagick GIF coder vulnerability leading to memory disclosure
https://hackerone.com/reports/302997 | Unix domain socket and a path containing a null character
https://hackerone.com/reports/303061 | RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi)
https://hackerone.com/reports/303378 | SSRF - Blacklist bypass for mail account addition
https://hackerone.com/reports/303522 | Zomato.com Reflected Cross Site Scripting
https://hackerone.com/reports/303632 | Fastify denial-of-service vulnerability with large JSON payloads
https://hackerone.com/reports/303730 | Defacement of catalog.data.gov via web cache poisoning to stored DOMXSS
https://hackerone.com/reports/303744 | Arbitrary local system file read on open-xchange server
https://hackerone.com/reports/304098 | [XSS/CSRF] filter content-type bypass in Files
https://hackerone.com/reports/304240 | Unrestricted access to Eureka server on â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ
https://hackerone.com/reports/304386 | Unrestricted access to https://â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ.â–ˆâ–ˆâ–ˆâ–ˆâ–ˆmyteksi.net/
https://hackerone.com/reports/304679 | XSS ( Ğ Ğ°Ğ±Ğ¾Ñ‚Ğ° Ñ� Ğ¿Ğ¸Ñ�ÑŒĞ¼Ğ°Ğ¼Ğ¸ )
https://hackerone.com/reports/304708 | Information exposure via error pages (www.lahitapiola.fi Tomcat)
https://hackerone.com/reports/305082 | Query string parameter modifications returned in page
https://hackerone.com/reports/305128 | ClickJacking on IMPORTANT Functions of Yelp
https://hackerone.com/reports/305237 | Malicious file upload (secure.lahitapiola.fi)
https://hackerone.com/reports/305972 | Potential infinite loop in gdImageCreateFromGifCtx!
https://hackerone.com/reports/305973 | Inappropriately parsing HTTP response leads to PHP segment fault!
https://hackerone.com/reports/305974 | Inappropriate URL parsing may cause security risk!
https://hackerone.com/reports/305978 | Urllib connects to a wrong host
https://hackerone.com/reports/306414 | Window.opener protection Bypass
https://hackerone.com/reports/307670 | Difference in query string parameter processing between Hacker News and Keybase Chrome extension spawns chat to incorrect user
https://hackerone.com/reports/307672 | Keybase extension hostname-validation regular expression issue.
https://hackerone.com/reports/307675 | Claiming ownership of GitHub handles via forked GitHub gists.
https://hackerone.com/reports/308489 | wpjobmanager - unserialize of user input
https://hackerone.com/reports/308610 | Read Access to all comments on unauthorized forums' discussions! IDOR!
https://hackerone.com/reports/309058 | Open Redirect on the nl.wordpress.net
https://hackerone.com/reports/310105 | Disclosure of 152 cookie names via crafted input
https://hackerone.com/reports/310185 | Removing a user from a private group doesn't remove him from group's project, if his project's role was changed
https://hackerone.com/reports/310280 | [Informational] Possible SQL Injection in inc/ajax-actions-frontend.php
https://hackerone.com/reports/310946 | The request tells the number of private programs, the new system of authorization /invite/token
https://hackerone.com/reports/311326 | ms5 debug page exposing internal info (internal IPs, headers)
https://hackerone.com/reports/311330 | Open Redirect
https://hackerone.com/reports/311639 | Reflected XSS on https://www.zomato.com
https://hackerone.com/reports/311776 | Securemail server used to internal spam and resource exhaustion
https://hackerone.com/reports/312118 | Using GitLab to monitor and hijack domains in mass quantity.
https://hackerone.com/reports/312543 | XXE in Site Audit function exposing file and directory contents
https://hackerone.com/reports/312548 | XSS via Cookie in e.mail.ru
https://hackerone.com/reports/312647 | Gaining access to private topics using quoting feature
https://hackerone.com/reports/313050 | IDOR in treat subscriptions
https://hackerone.com/reports/313250 | Xss was found by exploiting the URL markdown on http://store.steampowered.com
https://hackerone.com/reports/314126 | Blind XSS - Report review - Admin panel
https://hackerone.com/reports/314204 | [XSS] Style/Event Filter Bypass v3.0
https://hackerone.com/reports/314518 | Reflected XSS+CSRF on secure.lahitapiola.fi
https://hackerone.com/reports/314808 | Full account takeover
https://hackerone.com/reports/314814 | [oauth token leak] at oauth.semrush.com
https://hackerone.com/reports/315205 | Debug information disclosure on oauth-redirector.services.greenhouse.io
https://hackerone.com/reports/315837 | blind XXE in autodiscover parser
https://hackerone.com/reports/316319 | XSS on redirection page( Bypassed)
https://hackerone.com/reports/316713 | Ad Builder Display Ads Path Traversal
https://hackerone.com/reports/316810 | Can read features from any user
https://hackerone.com/reports/317005 | Subdomain Takeover due to unclaimed domain pointing to AWS
https://hackerone.com/reports/317243 | Window.opener fix bypass
https://hackerone.com/reports/317321 | Delete directory using symlink when decompressing tar
https://hackerone.com/reports/317476 | Account Takeover in Periscope TV
https://hackerone.com/reports/317711 | twofactor_auth bypassable if provider fails to load
https://hackerone.com/reports/317931 | Bypassing Homograph Attack Using /@ [ Tested On Windows ]
https://hackerone.com/reports/318068 | SSH server compatible with several vulnerable cryptographic algorithms
https://hackerone.com/reports/318099 | Registration enabled on â–ˆâ–ˆâ–ˆgrab.com
https://hackerone.com/reports/318399 | Program profile_metrics.json contains time to triage for deptofdefense even it's turned off
https://hackerone.com/reports/318571 | Imformation Disclosure on id.rapida.ru
https://hackerone.com/reports/318603 | Sitemap causing strain on your Lahitapiola.fi server
https://hackerone.com/reports/318751 | Access to Private Photos of Apps in App section(IDOR)
https://hackerone.com/reports/320200 | [NR Alerts/Synthetics?] User with no Synthetics permissions can view synthetic monitor details through /internal_api/ endpoint
https://hackerone.com/reports/320222 | memory corruption while parsing HTTP response
https://hackerone.com/reports/320355 | myshopify.com domain takeover
https://hackerone.com/reports/320376 | Open Redirection in index.php page
https://hackerone.com/reports/320679 | [growth.grab.com] Reflected XSS via Base64-encoded "q" param on "my.html" Valentine's microsite
https://hackerone.com/reports/320689 | [NR Synthetics] Restricted user can view synthetics monitors and user permissions through .json endpoint at /permissions/securablemetadata/{GROUP ID}
https://hackerone.com/reports/321029 | HTML Injection inside Slack promotional emails
https://hackerone.com/reports/321249 | Forum Users Information Disclosure
https://hackerone.com/reports/321410 | A user can create an event in a group without being in it http://littleguy.vanillastaging.com/
https://hackerone.com/reports/321420 | xss reflected in littleguy.vanillastaging.com
https://hackerone.com/reports/321444 | Fix bypass of different processing of usernames on Hackernews
https://hackerone.com/reports/321725 | A user can comment in private discussions without having permission to access the discussion
https://hackerone.com/reports/321938 | [www.zomato.com] Getting a complimentary dessert [Zomato Treats] on ordering a Meal at no cost
https://hackerone.com/reports/321980 | [XSS/CSRF] filter content-type bypass in Files v2.0
https://hackerone.com/reports/322661 | Replace other user files in Inbox messages
https://hackerone.com/reports/322935 | Exim off-by-one RCE vulnerability
https://hackerone.com/reports/323005 | CSRF leads to a stored self xss
https://hackerone.com/reports/323975 | CSRF in Inviting users
https://hackerone.com/reports/324005 | Server-Side Request Forgery on SAML Application - Import via URL
https://hackerone.com/reports/324006 | SaaS admin can modify/delete/get user information.
https://hackerone.com/reports/324136 | XSS *.myshopify.com/collections/vendors?q=
https://hackerone.com/reports/324423 | Reflected XSS (myynti.lahitapiolarahoitus.fi)
https://hackerone.com/reports/324442 | Reflected XSS on bbe_open_htmleditor_popup.php of BBE Theme via "value"-GET-parameter
https://hackerone.com/reports/325040 | xmlrpc.php FILE IS enable it will used for bruteforce attack and denial of service
https://hackerone.com/reports/325336 | Subdomain takeover on svcgatewayus.starbucks.com
https://hackerone.com/reports/325510 | Stored-XSS with user interaction on [sandbox.open-xchange.com] via inserted link in mail
https://hackerone.com/reports/326434 | Able to Select Every Poll Option[http://tedwebers-famous-loudspeakers.vanillacommunities.com]
https://hackerone.com/reports/326639 | DoS through cache poisoning using invalid HTTP parameters
https://hackerone.com/reports/327088 | Extra program metrics disclosed via /PROGRAM_NAME json response
https://hackerone.com/reports/327200 | disclosure of email by sending a message.
https://hackerone.com/reports/327512 | Potential command injection in Shell#[] and Shell#test
https://hackerone.com/reports/327671 | Error Page Content Spoofing or Text Injection
https://hackerone.com/reports/327674 | Invitation reminder emails contain insecure links
https://hackerone.com/reports/328337 | IDOR widget.support.my.com
https://hackerone.com/reports/328486 | [Zomato Android/iOS] Theft of user session
https://hackerone.com/reports/329209 | Making further registrations difficult on Vanilla forum
https://hackerone.com/reports/329791 | Internal IP Address Disclosure at https://www.lahitapiolarahoitus.fi/wp-json/wp/v2/pages
https://hackerone.com/reports/329798 | h1-202 leaderboard photo discloses local wifi password
https://hackerone.com/reports/329862 | Stored xss in shop name @ lp.reverb.com
https://hackerone.com/reports/329957 | Tracking of users on third-party websites using the Twitter cookie, due to a flaw in authenticating image requests
https://hackerone.com/reports/330008 | [dev.twitter.com] XSS and Open Redirect Protection Bypass
https://hackerone.com/reports/330135 | S3 bucket unnecessarily discloses permissions
https://hackerone.com/reports/330716 | F5 BIG-IP Cookie Remote Information Disclosure
https://hackerone.com/reports/331223 | Order notifications being sent for a deactivated staff account
https://hackerone.com/reports/331302 | Improper protection of FileContentProvider
https://hackerone.com/reports/331489 | Extremly simple way to bypass Nextcloud-Client PIN/Fingerprint lock
https://hackerone.com/reports/331691 | Email Forwarding invitations for Drafts are not marked as accepted, allowing multiple users to join a program after disabling Email Forwarding
https://hackerone.com/reports/331975 | [XSS] Pasting bootstrap in mail compose
https://hackerone.com/reports/332381 | Internal API endpoint discloses full account name of email address associated with unconfirmed user
https://hackerone.com/reports/332632 | (Possible) staff account takeover via reset token bruteforce at helpdesk.bistudio.com
https://hackerone.com/reports/333008 | Persistent XSS in https://sandbox.reverb.com/item/
https://hackerone.com/reports/333419 | TURN server allows TCP and UDP proxying to internal network, localhost and meta-data services
https://hackerone.com/reports/333507 | Stored XSS in "post last edited" option
https://hackerone.com/reports/333767 | IDOR to view other user folder name
https://hackerone.com/reports/334139 | CSRF Trial 14 days express subscription
https://hackerone.com/reports/334143 | [NR Synthetics] Restricted User can add/modify alert conditions on monitors without any synthetics privileges
https://hackerone.com/reports/334205 | Harvesting all private invites using leave program fast-tracked invitation and security@ email forwarding feature
https://hackerone.com/reports/334253 | CSRF at [Apply to this program] that lead to submit your request automatic with out any validations
https://hackerone.com/reports/334488 | Blind XXE via Powerpoint files
https://hackerone.com/reports/334709 | Cache poisoning using NULL bytes and long URLs
https://hackerone.com/reports/335123 | Invalid Phabricator API token revealed through error message when escalating a report
https://hackerone.com/reports/335177 | DoS of www.lahitapiolarahoitus.fi via CVE-2018-6389 exploitation
https://hackerone.com/reports/335330 | Subdomain Takeover to Authentication bypass
https://hackerone.com/reports/335341 | Disclosure of Users Information via Wordpress API (?rest_route)
https://hackerone.com/reports/335427 | WordPress username enumeration (/author)
https://hackerone.com/reports/335481 | [Zomato's Blog] POST based XSS on https://www.zomato.com/blog/wp-admin/admin-ajax.php?td_theme_name=Newspaper&v=8.2
https://hackerone.com/reports/335607 | [XSS] select/onchange in TinyMCE via set body
https://hackerone.com/reports/335735 | Reflected XSS of bbe-child-starter Theme via "value"-GET-parameter
https://hackerone.com/reports/335779 | User Information Disclosure via Json response
https://hackerone.com/reports/335990 | Flash-based XSS on mediaelement-flash-audio-ogg.swf of www.lahitapiolarahoitus.fi
https://hackerone.com/reports/336131 | Potential to abuse pricing errors in saved carts
https://hackerone.com/reports/337488 | [XSS] Forgot password link
https://hackerone.com/reports/337680 | burp does not validate the common name of the presented collaborator server certificate
https://hackerone.com/reports/337986 | CVE-2018-6797: A crafted regular expression can cause a heap buffer write overflow in Perl 5 giving a remote attacker control over bytes written
https://hackerone.com/reports/339137 | XSS Ğ¿Ñ€Ğ¸ Ğ´Ğ¾Ğ±Ğ°Ğ²Ğ»ĞµĞ½Ğ¸Ğ¸ Ğ² Ñ‡Ğ°Ñ‚ Ğ¿Ğ¾Ğ»ÑŒĞ·Ğ¾Ğ²Ğ°Ñ‚ĞµĞ»Ñ�
https://hackerone.com/reports/339237 | [web.icq.com] Stored XSS in link when sending message
https://hackerone.com/reports/339352 | CSRF logs the victim into attacker's account
https://hackerone.com/reports/339483 | "Bad Protocols Validation" Bypass in "wp_kses_bad_protocol_once" using HTML-encoding without trailing semicolons
https://hackerone.com/reports/340926 | [XSS] Parameter Theme
https://hackerone.com/reports/341876 | SSRF in Exchange leads to ROOT access in all instances
https://hackerone.com/reports/341884 | api.icq.com / Ğ²Ğ¾Ğ·Ğ¼Ğ¾Ğ¶Ğ½Ğ¾Ñ�Ñ‚ÑŒ Ğ¿Ñ€Ğ¸Ñ�Ğ¾ĞµĞ´Ğ¸Ğ½Ğ¸Ñ‚ÑŒÑ�Ñ� Ğº Ğ»Ñ�Ğ±Ğ¾Ğ¼Ñƒ Ñ‡Ğ°Ñ‚Ñƒ (Ğ´Ğ°Ğ¶Ğµ Ğ·Ğ°ĞºÑ€Ñ‹Ñ‚Ğ¾Ğ¼Ñƒ).
https://hackerone.com/reports/341908 | XSS via Direct Message deeplinks
https://hackerone.com/reports/341925 | invalid handling of redirect_uri at o2.mail.ru/jsapi/button
https://hackerone.com/reports/342610 | [XSS] Style/Event Filter Bypass v4.0
https://hackerone.com/reports/342693 | Password reset token leakage via referer
https://hackerone.com/reports/342976 | Referer in /servlet/TestServlet
https://hackerone.com/reports/342978 | Team object in GraphQL disclosed total number of whitelisted hackers
https://hackerone.com/reports/343464 | Team object in GraphQL discloses team group names and permissions
https://hackerone.com/reports/343752 | lootdog.io XSS
https://hackerone.com/reports/344035 | Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
https://hackerone.com/reports/344049 | XSS touch.mail.ru compose Body
https://hackerone.com/reports/344112 | XSS account.mail.ru in state JSON script
https://hackerone.com/reports/344145 | [www.zomato.com] IDOR - Gold Subscription Details, Able to view "Membership ID" and "Validity Details" of other Users
https://hackerone.com/reports/344228 | Stored xss Ğ² Ğ¿ĞµÑ€ĞµÑ�Ğ»Ğ°Ğ½Ğ½Ğ¾Ğ¼ Ñ�Ğ¾Ğ¾Ğ±Ñ‰ĞµĞ½Ğ¸Ğ¸.
https://hackerone.com/reports/344309 | Adding a new user discloses their full name in the "Users" section of NR Alerts notification channels page
https://hackerone.com/reports/344468 | User is able to access and create private synthetics locations without upgrading (regression of #276157)
https://hackerone.com/reports/345152 | Publicly Accessible Datadog link
https://hackerone.com/reports/346219 | XSS e.mail.ru fixSpecialSymbols
https://hackerone.com/reports/347282 | Linux kernel: CVE-2017-6074: DCCP double-free vulnerability
https://hackerone.com/reports/347296 | Docker Registry HTTP API v2 exposed in HTTP without authentication leads to docker images dumping and poisoning
https://hackerone.com/reports/347439 | [synthetics.newrelic.com] SMTP header injection leads to (mass) arbitrary email sending
https://hackerone.com/reports/347665 | Permissions leaks the full name of other NR accounts - Regression of #267636
https://hackerone.com/reports/347693 | Program metrics disclosed response_efficiency_percentage via /program_name json response despite the team decided not to show on their profile
https://hackerone.com/reports/347748 | Improper session handling on web browsers
https://hackerone.com/reports/348076 | Stored XSS in Brower name field reflected in two pages
https://hackerone.com/reports/348443 | Snippet JS template allows attacker to read a user's private snippets
https://hackerone.com/reports/349291 | IDOR via internal_api "users" endpoint
https://hackerone.com/reports/350847 | Bypass of request line length limit to DoS via cache poisoning
https://hackerone.com/reports/351014 | Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution
https://hackerone.com/reports/351016 | Malformed Skybox .TGA in Half-Life (GoldSRC) leads to Access Violation
https://hackerone.com/reports/351106 | resetreportedcount & updatetags doesn't verify appid param
https://hackerone.com/reports/351171 | Stored XXS @ https://steamcommunity.com/search/users/#text= via Profile Name
https://hackerone.com/reports/351275 | DOM Based XSS charting_library
https://hackerone.com/reports/351361 | Administrator can create user without entering high security mode
https://hackerone.com/reports/351376 | XSS in main search, use class tag to imitate Reverb.com core functionality, create false login window
https://hackerone.com/reports/351519 | Improper access check by Kit leads to controlling attributes of store & getting analytics by deleted Store member via dual messenger A/C
https://hackerone.com/reports/351555 | Disclosure of all uploads to Cloudinary via hardcoded api secret in Android app
https://hackerone.com/reports/352869 | Subdomain Takeover Via Insecure CloudFront Distribution cdn.grab.com
https://hackerone.com/reports/353293 | XSS in buying and selling pages, can created spoofed content (false login message)
https://hackerone.com/reports/353310 | People who interviewed for HackerOne security analyst position can be enumerated and their personal email address may be exposed
https://hackerone.com/reports/353784 | Vanilla SQL Injection Vulnerability
https://hackerone.com/reports/354650 | [CVE-2018-6913] heap-buffer-overflow in S_pack_rec
https://hackerone.com/reports/355773 | XSS on support.wordcamp.org in ajax-quote.php
https://hackerone.com/reports/355859 | CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse.
https://hackerone.com/reports/356047 | Wordpress Users Disclosure (/wp-json/wp/v2/users/)
https://hackerone.com/reports/356566 | HackerOne support disclosing report state without checking user identity
https://hackerone.com/reports/356586 | [XSS] content_disposition=inline in files
https://hackerone.com/reports/357485 | Hacktivity of a private program visible to banned user if he gets invited to a program by hackbot
https://hackerone.com/reports/357665 | DoS in Brave browser for iOS
https://hackerone.com/reports/357929 | Items bought for free due to lacks of quantity controls
https://hackerone.com/reports/358007 | Compromising the user ID
https://hackerone.com/reports/358049 | RCE via Print function [Simplenote 1.1.3 - Desktop app]
https://hackerone.com/reports/358339 | File access control rules not enforced on image files
https://hackerone.com/reports/358570 | A SQL injection vulnerability in Vanilla
https://hackerone.com/reports/360171 | Multiple Bugs in api.data.gov/signup endpoint leads to send custom messages to Anyone
https://hackerone.com/reports/360191 | [account.mail.ru] XSS Ğ½Ğ° Ñ�Ñ‚Ñ€Ğ°Ğ½Ğ¸Ñ†Ğµ ÑƒĞ´Ğ°Ğ»ĞµĞ½Ğ¸Ñ� Ğ°ĞºĞºĞ°ÑƒĞ½Ñ‚Ğ° Ñ‡ĞµÑ€ĞµĞ· backUrl
https://hackerone.com/reports/360787 | [account.mail.ru] XSS Ğ½Ğ° Ñ�Ñ‚Ñ€Ğ°Ğ½Ğ¸Ñ†Ğµ Ğ²Ğ¾Ñ�Ñ�Ñ‚Ğ°Ğ½Ğ¾Ğ²Ğ»ĞµĞ½Ğ¸Ñ� Ğ¿Ğ°Ñ€Ğ¾Ğ»Ñ�
https://hackerone.com/reports/360811 | Information Leak - Github - JMS Information
https://hackerone.com/reports/361287 | DOMXSS in redirect param
https://hackerone.com/reports/361793 | [SSRF] PDF documentconverterws
https://hackerone.com/reports/361938 | [XSS] RSS Feed Widget
https://hackerone.com/reports/361951 | Exploiting JSONP callback on /username/charts.json endpoint leads to information disclosure despite user's privacy settings
https://hackerone.com/reports/361957 | Unsanitized input in email field
https://hackerone.com/reports/361960 | Insufficient validation of sides/modifiers quantity
https://hackerone.com/reports/362129 | XSS https://health.mail.ru/my/ Ñ‡ĞµÑ€ĞµĞ· Ğ²Ğ½ĞµÑˆĞ½ĞµĞµ Ğ¸Ğ¼Ñ� Ğ°ĞºĞºĞ°ÑƒĞ½Ñ‚Ğ°
https://hackerone.com/reports/363636 | DoS through PeerExplorer
https://hackerone.com/reports/363971 | Insecure Infrastructure Integrations YML Loading leads to Windows Privilege Escalation
https://hackerone.com/reports/364843 | OLO Total price manipulation using negative quantities
https://hackerone.com/reports/364964 | Client DoS due to large DH parameter (CVE-2018-0732)
https://hackerone.com/reports/365093 | XSS https://agent.postamat.tech/ Ğ² Ğ¿Ñ€Ğ¾Ñ„Ğ¸Ğ»Ğµ + Ğ´Ğ¸Ñ�ĞºĞ»Ğ¾Ğ· Ñ�ĞµĞºÑ€ĞµÑ‚Ğ½Ğ¾Ğ¹ Ğ¸Ğ½Ñ„Ğ¾Ñ€Ğ¼Ğ°Ñ†Ğ¸Ğ¸
https://hackerone.com/reports/365271 | Remote code execution on Basecamp.com
https://hackerone.com/reports/365504 | Comment restriction in subsection "Workshop" of domain "steamcommunity.com" can be bypassed using IDOR
https://hackerone.com/reports/365853 | Subdomain Takeover - https://competition.shopify.com/
https://hackerone.com/reports/367581 | Basic auth details is still work on report ( 351555 )
https://hackerone.com/reports/367966 | FileUpload Plugin: CSRF (delete all attached files)
https://hackerone.com/reports/368119 | [engineering.udemy.com] - Subdomain Takeover (ghost.io)
https://hackerone.com/reports/369086 | URL spoofing in Brave for macOS
https://hackerone.com/reports/369185 | Unsafe handling of protocol handlers
https://hackerone.com/reports/369218 | Navigation to restricted origins via "Open in new tab"
https://hackerone.com/reports/369451 | SSRF in CI after first run
https://hackerone.com/reports/370094 | Ğ’Ñ‹Ğ²Ğ¾Ğ´ Ğ·Ğ½Ğ°Ñ‡ĞµĞ½Ğ¸Ğ¹ Ğ¿ĞµÑ€ĞµĞ¼ĞµĞ½Ğ½Ñ‹Ñ… Nginx Ğ² Ñ‚ĞµĞ»Ğµ Ñ�Ñ‚Ñ€Ğ°Ğ½Ğ¸Ñ†Ñ‹
https://hackerone.com/reports/370777 | [affiliates.udemy.com] Wordpress user admin information discloure
https://hackerone.com/reports/371135 | CVE-2018-12882: heap-use-after-free in PHP 7.2 through 7.2.6, possible 7.2.7
https://hackerone.com/reports/373721 | URL spoofing using protocol handlers
https://hackerone.com/reports/374106 | Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass
https://hackerone.com/reports/374737 | Blind SSRF on errors.hackerone.net due to Sentry misconfiguration
https://hackerone.com/reports/374907 | Root user disclosure in data.gov domain though x-amz-meta-s3cmd-attrs header
https://hackerone.com/reports/374919 | Content spoofing and potential Cross-Site Scripting vulnerability on www.hackerone.com
https://hackerone.com/reports/374969 | Navigation to protocol handler URL from the opened page displayed as a request from this page.
https://hackerone.com/reports/375259 | Cross-origin page stays focused before/after downloading + uninformative modal window for download
https://hackerone.com/reports/375329 | Local files reading using link[rel="import"]
https://hackerone.com/reports/375352 | Post Based XSS On Upload Via CK Editor [semrush.com]
https://hackerone.com/reports/378122 | HackerOne customer submitted sensitive link to VirusTotal, exposing confidential information
https://hackerone.com/reports/378805 | Navigation to chrome-extension:// origin (internal pages) from the web
https://hackerone.com/reports/380045 | Stored XSS in the guide's GameplayVersion (www.dota2.com)
https://hackerone.com/reports/380102 | Missing memory corruption protection on Windows release built
https://hackerone.com/reports/380158 | svcardproxydevus.starbucks.com Subdomain take over
https://hackerone.com/reports/380317 | Team object exposes amount of participants in a private program to non-invited users
https://hackerone.com/reports/380354 | Reflected XSS through multiple inputs in the issue collector on Jira
https://hackerone.com/reports/380413 | Restricted user can bypass permissions restriction to create NR Alert policies
https://hackerone.com/reports/380873 | Prototype pollution attack (lodash / constructor.prototype)
https://hackerone.com/reports/381129 | SSRF in api.slack.com, using slash commands and bypassing the protections.
https://hackerone.com/reports/381192 | Preview bar: Incomplete message origin validation results in XSS
https://hackerone.com/reports/381237 | CSRF | Ban or unban users in broadcast's chat
https://hackerone.com/reports/381356 | Client-Side Race Condition using Marketo, allows sending user to data-protocol in Safari when form without onSuccess is submitted on www.hackerone.com
https://hackerone.com/reports/382625 | Stored XSS in '' Section and WAF Bypass
https://hackerone.com/reports/383564 | Subdomain takeover on svcgatewaydevus.starbucks.com and svcgatewayloadus.starbucks.com
https://hackerone.com/reports/384101 | Go.imgur.com can be used to phish for account information
https://hackerone.com/reports/384112 | xss - reflected
https://hackerone.com/reports/384214 | heap-buffer-overflow (READ of size 48) in exif_read_data()
https://hackerone.com/reports/384477 | Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c
https://hackerone.com/reports/384569 | Bypassing the Trusted Link Alert System
https://hackerone.com/reports/384719 | linkinfo - openbasedir bypass on Windows PHP
https://hackerone.com/reports/384782 | User Information Disclosure via the REST API - /?_method=GET
https://hackerone.com/reports/384839 | DoS for HTTP/2 connections by crafted requests (CVE-2018-1333)
https://hackerone.com/reports/384905 | F5 BigIP Backend Cookie Disclosure
https://hackerone.com/reports/384962 | jsConnect Plugin: Takeover of existing account
https://hackerone.com/reports/385145 | Homograph attack on redirect URL (https://chaturbate.com/external_link/?url)
https://hackerone.com/reports/385239 | Add non-existent room moderator
https://hackerone.com/reports/385372 | Homograph attack on redirect URL
https://hackerone.com/reports/385381 | Rate limit missing at room login
https://hackerone.com/reports/385407 | store xss in calendar via upload filename
https://hackerone.com/reports/386112 | [allhiphop.vanillacommunities.com] XSS Request-URI
https://hackerone.com/reports/386116 | CSV Injection with the CSV export feature
https://hackerone.com/reports/386292 | Bypass of the SSRF protection in Event Subscriptions parameter.
https://hackerone.com/reports/386334 | CSS Injection on /embed/ via bgcolor parameter leaks user's CSRF token and allows for XSS
https://hackerone.com/reports/386340 | Reflected XSS on ssl-ccstatic.highwebmedia.com via player.swf
https://hackerone.com/reports/386556 | [NR Alerts] Internal API exposes Synthetics monitor details to a restricted user without view monitor permissions
https://hackerone.com/reports/386596 | Email Not Completely Deleted after Deleting an account
https://hackerone.com/reports/386735 | Login form on non-HTTPS page on http://stream.highwebmedia.com/auth/login/
https://hackerone.com/reports/386997 | Private program policy page still accessible after user left the program
https://hackerone.com/reports/387007 | [idp.fr.cloud.gov] Open Redirect
https://hackerone.com/reports/387250 | OpenSSL::X509::Name Equality Check Does Not Work, Patch included
https://hackerone.com/reports/387279 | App messaging can be hijacked by third-party websites
https://hackerone.com/reports/387544 | Admin bar: Incomplete message origin validation results in XSS
https://hackerone.com/reports/388506 | Stored XSS in Email attachment file name
https://hackerone.com/reports/388622 | Subdomain takeover on wfmnarptpc.starbucks.com
https://hackerone.com/reports/388743 | [NR Insights] Data app permissions setting does not fully prevent other users from modifying/changing changing data related to your data app
https://hackerone.com/reports/389076 | open-url command allows opening unlimited number of tabs pointing to arbitrary URLs
https://hackerone.com/reports/389108 | Handling of tracking command allows making arbitrary blind requests with user's cookies from Grammarly Extension's origin
https://hackerone.com/reports/389454 | Backup Source Code Detected
https://hackerone.com/reports/389592 | [theacademy.upserve.com] Reflected XSS Query-String
https://hackerone.com/reports/389600 | TeamProfile exposes partially sensitive information through GraphQL
https://hackerone.com/reports/390013 | Local files reading from the web using brave://
https://hackerone.com/reports/390362 | Local files reading from the "file://" origin through brave://
https://hackerone.com/reports/390429 | Reflected XSS on help.steampowered.com
https://hackerone.com/reports/391385 | Unauthorized Use of Victim Credit Card
https://hackerone.com/reports/391390 | Stored XSS on activity
https://hackerone.com/reports/392728 | Possibility to freeze/crash the host system of all Slack Desktop users easily
https://hackerone.com/reports/394016 | Web Cache Deception Attack (XSS)
https://hackerone.com/reports/394253 | Validation bypass for queries generated for PostgreSQL
https://hackerone.com/reports/395729 | socket command allows sending data over WebSockets to arbitrary origins from Grammarly Extension
https://hackerone.com/reports/395737 | chrome://brave available for navigation in Release build [-> RCE] + navigation to chrome://* using tab_helper ["Open in new tab"]
https://hackerone.com/reports/396370 | XSS: Group search terms
https://hackerone.com/reports/396467 | Github Token Leaked publicly for https://github.sc-corp.net
https://hackerone.com/reports/396493 | Reflected DOM XSS on www.starbucks.co.uk
https://hackerone.com/reports/396954 | Attacker can add arbitrary data to the blockchain without paying gas
https://hackerone.com/reports/397031 | Disclosure of top 10 vulnerability types for programs that haven't enabled the Insights feature
https://hackerone.com/reports/397088 | Stored XSS on buy button
https://hackerone.com/reports/397130 | Unauthenticated access to Zendesk tickets through athena-flex-production.shopifycloud.com Okta bypass
https://hackerone.com/reports/397478 | Privilege Escalation via Keybase Helper
https://hackerone.com/reports/397483 | [NR Infrastructure] Restricted user can update integration provider account name via integrations API
https://hackerone.com/reports/397508 | Web cache deception attack - expose token information
https://hackerone.com/reports/397527 | Leaking sensitive information on Github lead full access to all Grab Slack channels
https://hackerone.com/reports/397545 | Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection
https://hackerone.com/reports/398054 | DOM Based XSS in www.hackerone.com via PostMessage
https://hackerone.com/reports/398316 | CSRF combined with IDOR within Document Converter exposes files
https://hackerone.com/reports/398797 | DVR default username and password
https://hackerone.com/reports/398799 | Unauthenticated blind SSRF in OAuth Jira authorization controller
https://hackerone.com/reports/399174 | Access MoPub Reports Data even after Company removed you from their MoPub Account.
https://hackerone.com/reports/399382 | XSS in e.mail.ru
https://hackerone.com/reports/400982 | Open redirect in securegatewayaccess.com / secure.chaturbate.com via prejoin_data parameter
https://hackerone.com/reports/401483 | [chaturbate.com] - CSRF Vulnerability on image upload
https://hackerone.com/reports/402362 | RCE due to ImageTragick v2
https://hackerone.com/reports/402410 | Ğ Ğ°Ñ�ÑˆĞ¸Ñ„Ñ€Ğ¾Ğ²ĞºĞ° Ğ²Ñ�ĞµÑ… Ñ‚Ğ¸Ğ¿Ğ¾Ğ² ÑˆĞ¸Ñ„Ñ€Ğ¾Ğ²Ğ°Ğ½Ğ½Ñ‹Ñ… ID
https://hackerone.com/reports/402473 | Arbitrary File Download as Shopmanager
https://hackerone.com/reports/402753 | Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors
https://hackerone.com/reports/403039 | WooCommerce Blacklist in 'map_meta_cap' leads to Privilege Escalation of Shopmanagers
https://hackerone.com/reports/403083 | Authenticated Code Execution through Phar deserialization in CSV Importer as Shop manager in WooCommerce
https://hackerone.com/reports/403402 | Public Jenkins instance with /script enabled
https://hackerone.com/reports/403417 | Remote Code Execution on www.semrush.com/my_reports on Logo upload
https://hackerone.com/reports/403602 | Attachments may be hijacked via AppCache+CookieBombing trick (bc3_production_blobs bucket)
https://hackerone.com/reports/403783 | [www.zomato.com] Tampering with Order Quantity and paying less amount then actual amount, leads to business loss
https://hackerone.com/reports/404797 | IDOR to delete images from other stores
https://hackerone.com/reports/405342 | Clickjacking at ylands.com
https://hackerone.com/reports/406289 | Stored XSS on Broken Themes via filename
https://hackerone.com/reports/406614 | Resource Consumption DOS on Edgemax v1.10.6
https://hackerone.com/reports/406704 | XSS @ store.steampowered.com via agecheck path name
https://hackerone.com/reports/407355 | Subdomain Takeover on demo.greenhouse.io pointing to unbouncepages
https://hackerone.com/reports/407552 | Vanilla Forums Gdn_Format unserialize() Remote Code Execution Vulnerability
https://hackerone.com/reports/409370 | Denial of service via cache poisoning
https://hackerone.com/reports/409395 | Bypass of GitLab CI runner slash fix in YAML validation
https://hackerone.com/reports/409512 | mod_userdir CRLF injection (CVE-2016-4975)
https://hackerone.com/reports/409518 | "More on Wikipedia" link disclose "Referrer" and leak window.opener reference for arbitrary websites
https://hackerone.com/reports/409701 | SSRF in hatchful.shopify.com
https://hackerone.com/reports/409850 | XSS in steam react chat client
https://hackerone.com/reports/409973 | Some store settings/data are accessible to "No Access" permission users on GraphQL LiveView operation
https://hackerone.com/reports/409986 | Improper handling of Chunked data request in sapi_apache2.c leads to Reflected XSS
https://hackerone.com/reports/410015 | Discrepancy in hacker profile report count may reveal existence of a private program by publishing a report
https://hackerone.com/reports/410212 | Vanilla Forums Xenforo password splitHash Unserialize Remote Code Execution Vulnerability
https://hackerone.com/reports/410237 | Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability
https://hackerone.com/reports/410451 | User login page doesn't implement any form of rate limiting
https://hackerone.com/reports/410882 | Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability (critical)
https://hackerone.com/reports/411075 | Abusing "Report as abuse" functionality to delete any user's post.
https://hackerone.com/reports/411140 | Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability
https://hackerone.com/reports/411329 | code injection, steam chat client
https://hackerone.com/reports/411337 | Forget password link not expiring after email change.
https://hackerone.com/reports/411519 | DNS SRV lookup of file:// sources enables local hijacking of gems
https://hackerone.com/reports/411679 | View Failed Approval and Pending videos other users
https://hackerone.com/reports/411690 | Stored xss in address field in billing activity at https://shop.aaf.com/Order/step1/index.cfm
https://hackerone.com/reports/411723 | Open redirection at https://chaturbate.com/auth/login/
https://hackerone.com/reports/411822 | Password protected rooms total number of viewers disclosure to unauthorized members
https://hackerone.com/reports/411865 | Blind SSRF at https://chaturbate.com/notifications/update_push/
https://hackerone.com/reports/411930 | User with privilege to maintain External Programs can update certain churned HackerOne programs
https://hackerone.com/reports/412526 | No rate limit in stats api token endpoint
https://hackerone.com/reports/412988 | Hacker can request mediation for published reports
https://hackerone.com/reports/413426 | Open redirect on chaturbate.com (tipping/purchase_success)
https://hackerone.com/reports/413442 | [chatws25.stream.highwebmedia.com] - Reflected XSS in c parameter
https://hackerone.com/reports/413505 | No rate limit in affiliate statsapi endpoint
https://hackerone.com/reports/413759 | Race condition at create new Location
https://hackerone.com/reports/413828 | Persistent XSS via Signatures
https://hackerone.com/reports/415139 | Reflected xss on theacademy.upserve.com
https://hackerone.com/reports/415178 | chrome://brave can still be navigated to, leading to RCE
https://hackerone.com/reports/415238 | [Admin Panel] CSRF to resume/pause runner
https://hackerone.com/reports/415258 | RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context
https://hackerone.com/reports/415272 | Linux Desktop application slack executable does not use pie / no ASLR
https://hackerone.com/reports/415398 | Chaturbate "/chat_ignore_list/" endpoint does not check for Account status: Disabled before adding Ignore via POST
https://hackerone.com/reports/415484 | Stored xss
https://hackerone.com/reports/415622 | PII disclosure -- Past team members & their email ID(personal email) can be viewed by Staff member with no permissions on Partner Dashboard
https://hackerone.com/reports/415967 | chrome://brave navigation from web
https://hackerone.com/reports/416040 | Field Day With Protocol Handlers
https://hackerone.com/reports/416682 | CSRF on change video thumbnail at https://chaturbate.com
https://hackerone.com/reports/416906 | Missing Rate Limitation at /apps/upload_app/
https://hackerone.com/reports/416978 | H1514 CSRF in Domain transfer allows adding your domain to other user's account
https://hackerone.com/reports/416983 | H1514 Removed Staff members who had "Apps" permission can still modify flow app connections
https://hackerone.com/reports/417170 | Using GraphQL, STAFF with NO explicit permissions on Store can retrieve Shopify Payments Balance.
https://hackerone.com/reports/417382 | Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session
https://hackerone.com/reports/417839 | H1514 Lack of access control on edit packing slip template
https://hackerone.com/reports/418145 | No rate limiting in changing room subject.
https://hackerone.com/reports/418151 | No rate limiting in starting up a bot.
https://hackerone.com/reports/418254 | Unrestricted POST request size on roomlogin endpoint
https://hackerone.com/reports/418474 | Disclosing a private program in an external link if program is paused
https://hackerone.com/reports/418767 | Hacker can bypass 2FA requirement and reporter blacklist through embedded submission form
https://hackerone.com/reports/418823 | Reflected XSS on developers.zomato.com
https://hackerone.com/reports/419875 | [NR Alerts/Synthetics] IDOR through /policies.json with Synthetics exposes full name of other NR users
https://hackerone.com/reports/419883 | H1514 [beerify.shopifycloud.com] GraphQL discloses internal beer consumption
https://hackerone.com/reports/420115 | Crash in mrb_ary_push
https://hackerone.com/reports/420459 | H1514 Stored XSS in Return Magic App portal content
https://hackerone.com/reports/421009 | H1514 Deanonymizing Exchange Marketplace private listings
https://hackerone.com/reports/421859 | H1514 [*.(my)shopify.com] - Viewing Password Protected Content
https://hackerone.com/reports/422043 | H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing
https://hackerone.com/reports/422279 | H1514 Simple phishing using auto-created modal with weak URL-pattern check in incontext_app_link
https://hackerone.com/reports/422331 | attacker can book unlimited tickets in free at https://aaf.com/checkout/order-received/21237/?key=wc_order_5bbef48fa35b2
https://hackerone.com/reports/422698 | Update Chat Allowed By Option ( without age verification )
https://hackerone.com/reports/422707 | Reflected XSS on $Any$.myshopify.com/admin
https://hackerone.com/reports/422944 | H1514 Remote Code Execution on kitcrm using bulk customer update of Priority Products
https://hackerone.com/reports/423022 | Account takeover at https://try.discourse.org due to no CSRF protection in connecting Yahoo account
https://hackerone.com/reports/423073 | Improper UUID validation results in bypass of #419896
https://hackerone.com/reports/423136 | H1514 Session Fixation on multiple shopify-built apps on *.shopifycloud.com and *.shopifyapps.com
https://hackerone.com/reports/423198 | H1514 Ability to Edit Packaging Slip Templates and View Product & Shipping Information by a low privileged staff in a Sandbox Store
https://hackerone.com/reports/423218 | H1514 DOM XSS on checkout.shopify.com via postMessage handler on /:id/sandbox/google_maps
https://hackerone.com/reports/423388 | H1514 Get access to non public information by pivoting with graphql queries
https://hackerone.com/reports/423454 | H1514 Stored XSS on Wholesale sales channel allows cross-organization data leakage
https://hackerone.com/reports/423467 | H1514 Ability to MiTM Shopify PoS Session to Takeover Communications
https://hackerone.com/reports/423496 | H1514 Bypass Wholesale account signup restrictions
https://hackerone.com/reports/423506 | H1514 Extract information about other sites (new sites) through Affiliate/Referral pages
https://hackerone.com/reports/423541 | H1514 Server Side Template Injection in Return Magic email templates?
https://hackerone.com/reports/423546 | H1514 Wholesale customer without checkout permission can complete purchases
https://hackerone.com/reports/424447 | Integer overflow leading to buffer overflow
https://hackerone.com/reports/424669 | Subdomain Takeover Via unclaimed Heroku Instance tim-exclusive.shopify.com
https://hackerone.com/reports/425048 | Stored XSS on chaturbate.com (wish list)
https://hackerone.com/reports/425200 | XSS [flow] - on www.paypal.com/paypalme/my/landing (requires user interaction)
https://hackerone.com/reports/425314 | API request signature can be reused with other parameters/data than the original in certain cases
https://hackerone.com/reports/425719 | Disclosure of Github Issues
https://hackerone.com/reports/426165 | [www.zomato.com] CORS Misconfiguration, could lead to disclosure of sensitive information
https://hackerone.com/reports/426547 | Missing Rate Limitation at /photo_videos/photoset/create
https://hackerone.com/reports/426944 | Linux privilege escalation via trusted $PATH in keybase-redirector
https://hackerone.com/reports/427502 | Proper verification is not done before sending invitations to researchers for certain private programs with rules e.g. "Participants must be US-based"
https://hackerone.com/reports/427835 | Server-Side request forgery in New-Subscription feature of the calendar app
https://hackerone.com/reports/428010 | Talk / spreed: Disclosure of Room names and participants for password protected rooms
https://hackerone.com/reports/428660 | Gallery: No feedback for invalid password
https://hackerone.com/reports/429026 | Race condition in performing retest allows duplicated payments
https://hackerone.com/reports/429298 | Stored XSS in chat topic due to insecure emoticon parsing on any message type
https://hackerone.com/reports/429617 | Reverse Proxy misroute leading to steal X-Shopify-Access-Token header
https://hackerone.com/reports/429679 | POST-based XSS on apps.shopify.com
https://hackerone.com/reports/430463 | Keybase client: downloaded executables lack "com.apple.quarantine" meta-attribute [macOS]
https://hackerone.com/reports/430854 | Kaspersky Password Manager allows websites to access user's address data
https://hackerone.com/reports/431561 | Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS
https://hackerone.com/reports/431633 | Order Creation Webhooks can be edited/deleted by STAFF with Settings only permission
https://hackerone.com/reports/434116 | Exposing voting results on the Slowvote application without actually voting
https://hackerone.com/reports/434715 | No session expiry after log-out and session id exposed in URL
https://hackerone.com/reports/434763 | Incorrect details on OAuth permissions screen allows DMs to be read without permission
https://hackerone.com/reports/435457 | Ability to login to the Nexus Repo Manager from https://nexus.imgur.com/
https://hackerone.com/reports/435618 | Kaspersky Password Manager is vulnerable to HTML injection in the browser action pop-up via user name
https://hackerone.com/reports/435648 | TOTP Key is shorter than RFC 4226 recommended minimum
https://hackerone.com/reports/436928 | RCE as Admin defeats WordPress hardening and file permissions
https://hackerone.com/reports/437142 | Instant open redirect on Live preview WEB Ide opening
https://hackerone.com/reports/437800 | Passive mixed content issues on the site https://*.fanduel.com
https://hackerone.com/reports/438240 | Reflected Cross site Scripting (XSS) on www.starbucks.com
https://hackerone.com/reports/439729 | Add and Access to Labels of any Private Projects/Groups of Gitlab(IDOR)
https://hackerone.com/reports/439828 | Event privacy level does not work in Thunderbird
https://hackerone.com/reports/439912 | Stored XSS on demo app link
https://hackerone.com/reports/440749 | [Mail.Ru Android] Typo in permission name allows to write contacts without user knowledge
https://hackerone.com/reports/442843 | Notifications sent due to "Transfer report" functionality may be sent to users who are no longer authorized to see the report
https://hackerone.com/reports/446238 | EXIF metadata not stripped from JPG group logos
https://hackerone.com/reports/446271 | CRLF injection
https://hackerone.com/reports/446585 | Exfiltrate and mutate repository and project data through injected templated service
https://hackerone.com/reports/446593 | GitLab's GitHub integration is vulnerable to SSRF vulnerability
https://hackerone.com/reports/447494 | Share recipient can modify a share's expiration date
https://hackerone.com/reports/447975 | Upgrade menu exposes the mobile application token meant to only be visible to administrators
https://hackerone.com/reports/448078 | A user can request a report to be retested even though the program has not been verified by HackerOne
https://hackerone.com/reports/449351 | IE only: stored Cross-Site Scripting (XSS) vulnerability through Program Asset identifier
https://hackerone.com/reports/449482 | Command injection in Pathname
https://hackerone.com/reports/449617 | Null character at fnmatch
https://hackerone.com/reports/452959 | A user can bypass approval step in Hacker Publishing feature, allowing them to publish reports immediately
https://hackerone.com/reports/452973 | Inline banner on Report page discloses whether organization runs a private program
https://hackerone.com/reports/454949 | Race Condition in Flag Submission
https://hackerone.com/reports/455858 | [p2p.qiwi.com] nginx alias traversal
https://hackerone.com/reports/456333 | [auth2.zomato.com] Reflected XSS at oauth2/fallbacks/error | ORY Hydra an OAuth 2.0 and OpenID Connect Provider
https://hackerone.com/reports/456727 | null pointer dereference in imap_mail
https://hackerone.com/reports/458842 | Malformed save files (.sav) allow to write files with arbitrary extensions and content in GoldSrc-based games.
https://hackerone.com/reports/459286 | protocol & Ports are not shown in third-party site redirect warning page
https://hackerone.com/reports/459443 | [NR Insights] IDOR - Modify the filter settings for any NR Insights dashboard through internal_api endpoint
https://hackerone.com/reports/460428 | The impossibility of inclusion of the trial (BROWSER)
https://hackerone.com/reports/460815 | Milestones leaked via search API
https://hackerone.com/reports/460911 | [FG-VD-18-165] Wordpress Cross-Site Scripting Vulnerability Notification II
https://hackerone.com/reports/460920 | Response program can create bounty table
https://hackerone.com/reports/461272 | [www.zomato.com] Blind XSS in one of the admin dashboard
https://hackerone.com/reports/461308 | Remote attacker can impersonate Social users via ActivityPub API
https://hackerone.com/reports/462321 | Ability to view monitor names of other NR accounts through internal API (v3) via "monitor_id" parameter
https://hackerone.com/reports/462503 | Claiming package names in GitLab's automatic package referencer.
https://hackerone.com/reports/463828 | Submitting report through Embedded Submission form gives user indefinite access to a profile
https://hackerone.com/reports/463915 | URL Advisor component in KIS products family is vulnerable to Universal XSS
https://hackerone.com/reports/464426 | account takeover https://idea.qiwi.com/
https://hackerone.com/reports/469372 | Web protection component in Anti-Virus products family uses predictable links for certificate warnings
https://hackerone.com/reports/469803 | Open redirect at https://inventory.upserve.com/http://google.com/
https://hackerone.com/reports/470003 | Privilege Escalation via Keybase Helper (incomplete security fix)
https://hackerone.com/reports/470067 | DoS on the Issue page by exploiting Mermaid.
https://hackerone.com/reports/470206 | Reflected XSS in *.myshopify.com/account/register
https://hackerone.com/reports/470398 | Local privilege escalation bug using Keybase redirector on macOS
https://hackerone.com/reports/470519 | Kaspersky Protection extension for Google Chrome is vulnerable to abuse its features
https://hackerone.com/reports/470520 | RCE on Steam Client via buffer overflow in Server Info
https://hackerone.com/reports/470544 | Unauthorized command execution in Web protection component of Anti-Virus products family
https://hackerone.com/reports/470547 | Unauthorized command execution in Web protection component of Anti-Virus products family [IE]
https://hackerone.com/reports/470553 | Unauthorized command execution in Web protection component of Anti-Virus products family [FF, Chrome]
https://hackerone.com/reports/470637 | User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files
https://hackerone.com/reports/471265 | unuse domain still in using at wechat by Starbucks East China
https://hackerone.com/reports/471739 | macOS privilege escalation via keybase install
https://hackerone.com/reports/472013 | Changing email address on Twitter for Android unsets "Protect your Tweets"
https://hackerone.com/reports/472026 | The auto login link does not expire on changing email id
https://hackerone.com/reports/472651 | Private key "tron" leaked via Travis CI Log
https://hackerone.com/reports/473252 | Privilege Escalation through Keybase Installer via Helper
https://hackerone.com/reports/473888 | RCE which may occur due to ActiveSupport::MessageVerifier or ActiveSupport::MessageEncryptor (especially Active storage)
https://hackerone.com/reports/473950 | XSS on Desktop Client
https://hackerone.com/reports/474262 | XSS due to incomplete JS escaping
https://hackerone.com/reports/474656 | Cross-site Scripting (XSS) on HackerOne careers page
https://hackerone.com/reports/475499 | heap buffer overflow in phar_detect_phar_fname_ext
https://hackerone.com/reports/475660 | Response program can display "eligible for bounty" in scope area in program policy
https://hackerone.com/reports/476168 | Heap overflow in utf32be_mbc_to_code
https://hackerone.com/reports/476178 | Negative size parameter in mb_split
https://hackerone.com/reports/476179 | Buffer over-write in finfo_open with malformed magic file.
https://hackerone.com/reports/476958 | IDOR allows accounts to view full name of other accounts based on email through share notes feature
https://hackerone.com/reports/477073 | ZeroMQ libzmq remote code execution
https://hackerone.com/reports/477222 | Last build status and coverage leaked to unauthorized users
https://hackerone.com/reports/477344 | Heap Buffer Overflow (READ: 4) in phar_parse_pharfile
https://hackerone.com/reports/477896 | Use after free and out of bounds read in xmlrpc_decode()
https://hackerone.com/reports/477897 | buffer overread in base64 code of the xmlrpc module
https://hackerone.com/reports/478367 | efree() on uninitialized Heap data in imagescale leads to use-after-free
https://hackerone.com/reports/478368 | imagecolormatch Out Of Bounds Write on Heap
https://hackerone.com/reports/478957 | Stored XSS/HTML injection in autocomplete suggestions for sharing
https://hackerone.com/reports/479135 | GET request to accounts.json on support site leaks the root account license key and the browser license key to a restricted user
https://hackerone.com/reports/479139 | Bypass of #447975 - view mobile application token though "Application Information" sidebar on Installation page
https://hackerone.com/reports/480778 | Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) could lead to memory leak
https://hackerone.com/reports/480883 | Stack overflow in XML Parsing
https://hackerone.com/reports/480928 | Username restriction bypass with SSL client authentication
https://hackerone.com/reports/480984 | Stack overflow affecting "ext" field on stylers.xml configuration file
https://hackerone.com/reports/481335 | Security check failure or stack buffer overrun (crash)
https://hackerone.com/reports/481360 | Stored XSS in vanilla
https://hackerone.com/reports/481472 | URL link spoofing
https://hackerone.com/reports/481532 | heap-use-after-free (READ of size 8) in main()
https://hackerone.com/reports/482200 | puttygen: heap-buffer-overflow in mp_get_decimal()
https://hackerone.com/reports/483572 | [FG-VD-19-009] Intel(R) Trace Analyzer and Collector 2019 Memory Corruption Vulnerability Notification
https://hackerone.com/reports/484398 | Buffer overflow in libavi_plugin memmove() call
https://hackerone.com/reports/484434 | Stored XSS on imgur profile
https://hackerone.com/reports/484615 | Unsanitized user photo paths allow local file read
https://hackerone.com/reports/484664 | ICQ for macOS: lack of com.apple.quarantine meta-attribute on downloaded files leads to GateKeeper/Quarantine bypass for downloaded executables
https://hackerone.com/reports/484930 | puttygen: 160MB memory leak while trying to extract openssh public key from crafted key file
https://hackerone.com/reports/485407 | From nobody to somebody
https://hackerone.com/reports/485748 | Stored XSS on reports.
https://hackerone.com/reports/486629 | Improper validation allows user to unlock Zomato Gold multiple times at the same restaurant within one day
https://hackerone.com/reports/487008 | Arbitrary file read via ffmpeg HLS parser at https://www.flickr.com/photos/upload
https://hackerone.com/reports/487081 | Stored XSS in Private Message component (BuddyPress)
https://hackerone.com/reports/488643 | Disclosure of h1 challenges name through the calendar
https://hackerone.com/reports/488923 | No Rate Limit on CrowdSignal Polls when Adding Comment
https://hackerone.com/reports/488985 | Race condition in claiming program credentials
https://hackerone.com/reports/489102 | VLC 4.0.0 - Stack Buffer Overflow (SEH)
https://hackerone.com/reports/489146 | Confidential data of users and limited metadata of programs and reports accessible via GraphQL
https://hackerone.com/reports/489284 | Access to Employee calendar disclosing internal presentation and meetings
https://hackerone.com/reports/490782 | Mssing Authorization on Private Message replies (BuddyPress)
https://hackerone.com/reports/490946 | Bypassing lock protection
https://hackerone.com/reports/490960 | macOS privilege escalation
https://hackerone.com/reports/491023 | XSS Reflected on my_report
https://hackerone.com/reports/491473 | Protected tweets exposure through the URL
https://hackerone.com/reports/491753 | DMARC RECORD MISSING
https://hackerone.com/reports/492512 | [bower] Arbitrary File Write through improper validation of symlinks while package extraction
https://hackerone.com/reports/492841 | Web cache poisoning attack leads to user information and more
https://hackerone.com/reports/493324 | Privilege escalation from any user (including external) to gitlab admin when admin impersonates you
https://hackerone.com/reports/494979 | Insufficient sanitizing can lead to arbitrary commands execution
https://hackerone.com/reports/495382 | No SearchEngine sanatizing can lead to command injection
https://hackerone.com/reports/495495 | CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host
https://hackerone.com/reports/495497 | Know whether private project name exists or not within a group using link comments
https://hackerone.com/reports/495508 | Assertion `len == 1' failed, process aborted while streaming ouput from remote server
https://hackerone.com/reports/495515 | Reflected XSS: Taxonomy Converter via tax parameter
https://hackerone.com/reports/495525 | XSSI: Quick Navigation Interface - leak of private page/post titles
https://hackerone.com/reports/495583 | [FG-VD-19-022] Wordpress WooCommerce Cross-Site Scripting Vulnerability Notification
https://hackerone.com/reports/495793 | Malformed .MDL triggers an Access Violation on GoldSRC (hl.exe)
https://hackerone.com/reports/496113 | Crash
https://hackerone.com/reports/496285 | Ubuntu Linux privilege escalation (dirty_sock)
https://hackerone.com/reports/496375 | Reflected XSS in https://www.starbucks.co.jp/store/search/
https://hackerone.com/reports/496405 | Stored XSS in vanilla
https://hackerone.com/reports/496973 | Persistent XSS via e-mail when creating merge requests
https://hackerone.com/reports/497047 | Blocked user Git access through CI/CD token
https://hackerone.com/reports/497255 | A stack buffer overflow in BabyGrid.cpp can lead to program crashes via a malicious localization file
https://hackerone.com/reports/497312 | Command injection by setting a custom search engine
https://hackerone.com/reports/497724 | Stored XSS in Post Preview as Contributor
https://hackerone.com/reports/498052 | Password theft login.newrelic.com via Request Smuggling
https://hackerone.com/reports/498964 | Full access to internal Gitlab instances at redash.gitlab.com, dashboards.gitlab.com, prometheus.gitlab.com
https://hackerone.com/reports/499030 | DOM Based XSS in www.hackerone.com via PostMessage (bypass of #398054)
https://hackerone.com/reports/499348 | Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect
https://hackerone.com/reports/500348 | URL filter bypass in Enterprise Grid
https://hackerone.com/reports/500436 | DOM based CSS Injection on grammarly.com
https://hackerone.com/reports/500515 | XXE at ecjobs.starbucks.com.cn/retail/hxpublic_v6/hxdynamicpage6.aspx
https://hackerone.com/reports/500686 | url that twitter mobile site can not load
https://hackerone.com/reports/501672 | Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints
https://hackerone.com/reports/502593 | Attacker is able to access commit title and team member comments which are supposed to be private
https://hackerone.com/reports/502816 | Access Violation Reading in libfaad_plugin
https://hackerone.com/reports/503208 | Access Violation Reading EXPLOITABLE_0228
https://hackerone.com/reports/503283 | Real Time Error Logs Through Debug Information
https://hackerone.com/reports/503298 | Multiple XSS on account settings that can hijack any users in the company.
https://hackerone.com/reports/503300 | â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ on CRM server without authorization
https://hackerone.com/reports/503804 | Path Disclosure Vulnerability http://crm.******.com
https://hackerone.com/reports/503821 | Assertion `col >= 0 && col < line->cols' failed, process aborted while streaming ouput from remote server
https://hackerone.com/reports/504751 | Open Redirect
https://hackerone.com/reports/504759 | Uploading large avatar images cause excessive CPU usage
https://hackerone.com/reports/504761 | phar_tar_writeheaders_int() buffer overflow
https://hackerone.com/reports/504782 | CSRF at adding new role (user-management.service.newrelic.com)
https://hackerone.com/reports/504951 | Malformed playlist.txt in GoldSrc games leads to Access Violation & arbitrary code execution
https://hackerone.com/reports/505007 | [Twitter Open Source] Releases were & are built/executed/tested/released in the context of insecure/untrusted code
https://hackerone.com/reports/505173 | Malformed map detailed texture files in GoldSrc games lead to Remote Code Execution
https://hackerone.com/reports/505278 | DOS in stream filters
https://hackerone.com/reports/505424 | Twitter ID exposure via error-based side-channel attack
https://hackerone.com/reports/506040 | ChaCha20-Poly1305 with long nonces
https://hackerone.com/reports/506161 | Build fetches jars over HTTP
https://hackerone.com/reports/506646 | Webshell via File Upload on ecjobs.starbucks.com.cn
https://hackerone.com/reports/507012 | bypass Claudflare access crm.mautic.com
https://hackerone.com/reports/507097 | Open AWS S3 bucket leaks all Images uploaded to Zomato chat
https://hackerone.com/reports/507132 | Stored XSS in notes (charts) because of insecure chart data JSON generation
https://hackerone.com/reports/507139 | DOM based XSS in the WooCommerce plugin
https://hackerone.com/reports/507172 | Able to bypass "Device credentials" Lock
https://hackerone.com/reports/507525 | DoS attacks utilizing camo.stream.highwebmedia.com
https://hackerone.com/reports/507957 | Stored XSS on www.starbucks.com.sg/careers/career-center/career-landing-*
https://hackerone.com/reports/508184 | Persistent XSS in Note objects
https://hackerone.com/reports/508459 | SSRF in webhooks leads to AWS private keys disclosure
https://hackerone.com/reports/508490 | Nextcloud domain and name of every user leaked to lookup server
https://hackerone.com/reports/508493 | Group admins can remove arbitrary data from "data" directory (including admin data)
https://hackerone.com/reports/509574 | Invited team member can disclosure slack channels
https://hackerone.com/reports/509924 | JSON serialization of any Project model results in all Runner tokens being exposed through Quick Actions
https://hackerone.com/reports/509930 | Potential unprivileged Stored XSS through wp_targeted_link_rel
https://hackerone.com/reports/510025 | Invalid Read on exif_process_SOFn
https://hackerone.com/reports/510336 | Uninitialized read in exif_process_IFD_in_TIFF
https://hackerone.com/reports/510887 | [CVE-2018-18312] regcomp: heap-buffer-overflow write / reg_node overrun
https://hackerone.com/reports/510888 | [CVE-2018-18313] regcomp: heap-buffer-overflow read in S_grok_bslash_N
https://hackerone.com/reports/511044 | [www.zomato.com] Availing Zomato Gold membership for free by tampering plan id(s)
https://hackerone.com/reports/511381 | All functions that allow users to specify color code are vulnerable to ReDoS
https://hackerone.com/reports/511440 | credentials leakage in public lead to view dev websites
https://hackerone.com/reports/512102 | CSRF at acknowledging an incident
https://hackerone.com/reports/513154 | Unchecked weapon id in WeaponList message parser on client leads to RCE
https://hackerone.com/reports/514224 | SSRF in Search.gov via ?url= parameter
https://hackerone.com/reports/514451 | Deprecated Hacker101 coursework repository mentions Heroku App that is susceptible to takeover
https://hackerone.com/reports/514897 | Possible to enumerate Addresses of users using AddressId and guessing the delivery_subzone
https://hackerone.com/reports/515484 | [Reflected XSS] In Request URL
https://hackerone.com/reports/515574 | Unclaimed Github Repository Takeover on https://www.data.gov/labs
https://hackerone.com/reports/516237 | Uninitialized read in exif_process_IFD_in_MAKERNOTE
https://hackerone.com/reports/518669 | SQLi allow query restriction bypass on exposed FileContentProvider
https://hackerone.com/reports/519059 | Protected Tweets setting overridden by Android app
https://hackerone.com/reports/519220 | File writing by Directory traversal at actionpack-page_caching and RCE by it
https://hackerone.com/reports/519367 | Attacker can read password from log data
https://hackerone.com/reports/520518 | Full name of other accounts exposed through NR API Explorer (another workaround of #476958)
https://hackerone.com/reports/520630 | (Prerelease UI) Stored XSS via role name in JSON chart
https://hackerone.com/reports/520717 | Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE
https://hackerone.com/reports/520903 | Apache HTTP [2.4.17-2.4.38] Local Root Privilege Escalation
https://hackerone.com/reports/526265 | DOM XSS on app.starbucks.com via ReturnUrl
https://hackerone.com/reports/526325 | Stored XSS in Wiki pages
https://hackerone.com/reports/526570 | Bypassing push rules via MRs created by Email
https://hackerone.com/reports/527042 | CVE-2019-0196: mod_http2 with scoreboard Use-After-Free (Read)
https://hackerone.com/reports/528940 | STAFF member with NO Explicit permissions can view ActivityFeed via GraphQL
https://hackerone.com/reports/530458 | Stored XSS in Rich editor via Embed datetime
https://hackerone.com/reports/530464 | Stored XSS in Profile Comments
https://hackerone.com/reports/530499 | WooCommerce: Persistent XSS via customer address (state/county)
https://hackerone.com/reports/530511 | Stored XSS at APM applications listing
https://hackerone.com/reports/530853 | Stored XSS in embedded posts containing images
https://hackerone.com/reports/530871 | Stored XSS firing if the error occurs when trying to delete the APM app
https://hackerone.com/reports/530881 | Hidden Stored XSS in nested post embeds
https://hackerone.com/reports/530974 | Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
https://hackerone.com/reports/531032 | Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack
https://hackerone.com/reports/531042 | Reflected XSS in https://www.starbucks.com/account/create/redeem/MCP131XSR via xtl_amount, xtl_coupon_code, xtl_amount_type parameters
https://hackerone.com/reports/532667 | Server Side JavaScript Code Injection
https://hackerone.com/reports/534450 | Account takeover through the combination of cookie manipulation and XSS
https://hackerone.com/reports/534541 | Combination of content provider allows private data disclosure
https://hackerone.com/reports/534554 | Unpublished Product Images can be disclosed
https://hackerone.com/reports/534711 | Stored XSS at APM apps labels autocomplete dropdown (apps listing)
https://hackerone.com/reports/534794 | Importing GitLab project archives can replace uploads of other users
https://hackerone.com/reports/534908 | CSRF at https://chatstory.pixiv.net/imported
https://hackerone.com/reports/535827 | Buffer overflow in yywarning_s
https://hackerone.com/reports/536669 | "Test target" of the "HTTP target" extension can unintentionally send username and password in the Authorization header
https://hackerone.com/reports/536853 | Unreleased CTF Levels are Revealed on /group/user/ID1?user=USERID endpoint
https://hackerone.com/reports/537550 | Memory corruption in imap-parser.c
https://hackerone.com/reports/538008 | Add users to groups who have restricted group invites
https://hackerone.com/reports/540301 | Wordpress VIP leaks email of the test a/c
https://hackerone.com/reports/540711 | Access Projects And create projects in gitlab pre production server
https://hackerone.com/reports/541020 | GetGlobalAchievementPercentagesForApp is missing the same release checks as GetSchemaForGame
https://hackerone.com/reports/541169 | GitLab::UrlBlocker validation bypass leading to full Server Side Request Forgery
https://hackerone.com/reports/541606 | [Privilege Escalation] Shopify Admin -- Permission from Settings to Customer
https://hackerone.com/reports/541862 | Open redirect protection (https://www.pixiv.net/jump.php) is broken for novels
https://hackerone.com/reports/542180 | Malformed NAV file leads to buffer overflow and code execution in Left4Dead2.exe
https://hackerone.com/reports/544329 | IDOR and statistics leakage in Orders
https://hackerone.com/reports/544928 | Privilege Escalation From user to SYSTEM via unauthenticated command execution
https://hackerone.com/reports/546644 | Two heap use-after-free errors in IMAP operations
https://hackerone.com/reports/547630 | An integer overflow found in /lib/urlapi.c
https://hackerone.com/reports/549040 | Clientside resource Exhausting by exploiting gitlab math rendering
https://hackerone.com/reports/549084 | Stored XSS firing at transaction map (applicationName field)
https://hackerone.com/reports/549364 | Account recovery text message is sending a wrong domain to users.
https://hackerone.com/reports/549831 | External Storage - WebDAV - New user has access to storage from deleted user (same user-ID)
https://hackerone.com/reports/550696 | Heap Buffer Overflow at lib/tftp.c
https://hackerone.com/reports/550937 | Insufficient DKIM record with RSA 512-bit key used on WordPress.com
https://hackerone.com/reports/557154 | DoS attack via comment on Issue
https://hackerone.com/reports/563268 | Spoofing the redirect process using RTLO
https://hackerone.com/reports/564196 | help.shopify.com Cross Site Scripting
https://hackerone.com/reports/565736 | View HackerOne challenge scope before challenge begins
https://hackerone.com/reports/565883 | Bypass Email Verification -- Able to Access Internal Gitlab Services that use Login with Gitlab and Perform Check on email domain
https://hackerone.com/reports/566400 | Stored XSS firing at the "Add chart to note" popup
https://hackerone.com/reports/567468 | Stored XSS at APM key transactions list
https://hackerone.com/reports/568832 | No rate limit on app.crowdsignal.com (Finish quiz)
https://hackerone.com/reports/574639 | Reports Modal in app.mopub.com Disclose by any user
https://hackerone.com/reports/574962 | Verify any unused email address
https://hackerone.com/reports/575562 | Blind Stored XSS on iOS App due to Unsanitized Webview
https://hackerone.com/reports/576288 | Testnet address being sent in cleartext as http://rinkeby.chain.link/ is missing SSL certificate
https://hackerone.com/reports/576532 | DOM XSS via Shopify.API.remoteRedirect
https://hackerone.com/reports/577920 | login csrf in analytics.mopub.com
https://hackerone.com/reports/578119 | Privilege escalation due to insecure use of logrotate
https://hackerone.com/reports/582349 | Last pipeline status for MR leaked
https://hackerone.com/reports/583819 | cookie injection allow dos attack to periscope.tv
https://hackerone.com/reports/583987 | Periscope android app deeplink leads to CSRF in follow action
https://hackerone.com/reports/587829 | CSTI at Plugin page leading to active stored XSS (Publisher name)
https://hackerone.com/reports/587854 | Local files could be overwritten in GitLab, leading to remote command execution
https://hackerone.com/reports/587910 | Password not checked when disabling 2FA on HackerOne
https://hackerone.com/reports/588562 | Memory Leak in OCUtil.dll library in Desktop client can lead to DoS
https://hackerone.com/reports/590020 | CRLF Injection in urllib
https://hackerone.com/reports/590319 | Linux client is vulnerable to directory traversal when downloading files
https://hackerone.com/reports/591295 | Potential pre-auth RCE on Twitter VPN
https://hackerone.com/reports/591302 | Denial of service to WP-JSON API by cache poisoning the CORS allow origin header
https://hackerone.com/reports/591432 | Twitter Periscope Clickjacking Vulnerability
https://hackerone.com/reports/591786 | XSS on services.shopify.com
https://hackerone.com/reports/592090 | IDOR in sending support email upon Verifying user business domain
https://hackerone.com/reports/592316 | Stored XSS on byddypress Plug-in via groups name
https://hackerone.com/reports/592803 | Gaining unlimited bonus points on websites with WooCommerce Points and Rewards
https://hackerone.com/reports/592885 | multiple vulnerabilities on your mautic server
https://hackerone.com/reports/593229 | Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow
https://hackerone.com/reports/593712 | Web cache deception attack on https://open.vanillaforums.com/messages/all
https://hackerone.com/reports/593893 | CSRF in generating developer api_key
https://hackerone.com/reports/602527 | Urgent! Stored XSS at plugin's violations leading to account takeover
https://hackerone.com/reports/602767 | DOM XSS via Shopify.API.Modal.initialize
https://hackerone.com/reports/603764 | DOM Based XSS via postMessage at https://inventory.upserve.com/login/
https://hackerone.com/reports/604534 | Race Condition leads to undeletable group member
https://hackerone.com/reports/604560 | Ğ�Ğ±Ñ…Ğ¾Ğ´ ĞºĞ¾Ğ¼Ğ¸Ñ�Ñ�Ğ¸Ğ¸ Ğ½Ğ° Ğ¿ĞµÑ€ĞµĞ²Ğ¾Ğ´Ñ‹
https://hackerone.com/reports/605608 | [information disclosure] Validate existence of a private project.
https://hackerone.com/reports/605720 | Team member with Program permission only can escalate to Admin permission
https://hackerone.com/reports/605845 | Stored admin-to-owner XSS at infrastructure alerts runbook URL leading to account takeover by malicious admin
https://hackerone.com/reports/605915 | Reflected XSS / Markup Injection in index.php/svg/core/logo/logo parameter color
https://hackerone.com/reports/608577 | Windows Privilege Escalation: Malicious OpenSSL Engine
https://hackerone.com/reports/608656 | Disabled account can still use GraphQL endpoint
https://hackerone.com/reports/612231 | Github Token Leaked publicly for https://github.com/mopub
https://hackerone.com/reports/614355 | GraphQL query "namespace" leaks data
https://hackerone.com/reports/614947 | Site-wide clickjacking at IE11
https://hackerone.com/reports/615840 | Blind Stored XSS In "Report a Problem" on www.data.gov/issue/
https://hackerone.com/reports/617896 | Bypass Email Verification using Salesforce -- Reproducible in gitlab.com
https://hackerone.com/reports/618031 | Stored XSS in Discounts section
https://hackerone.com/reports/619484 | User with read-only access to a share can gain write access to sub-folders in the share
https://hackerone.com/reports/621308 | NULL pointer dereference in mrb_check_frozen
https://hackerone.com/reports/622170 | Arbitrary code execution in desktop client via OpenSSL config
https://hackerone.com/reports/623588 | Uninitialized read in gdImageCreateFromXbm
https://hackerone.com/reports/625546 | Open Redirection leads to redirect Users to malicious website
https://hackerone.com/reports/626082 | Stored XSS via "my recent queries" selector in NRQL dashboard builder
https://hackerone.com/reports/629087 | No Valid SPF Records.
https://hackerone.com/reports/629745 | Reflected cross-site scripting on multiple Starbucks assets.
https://hackerone.com/reports/629892 | Lack of CSRF header validation at https://g-mail.grammarly.com/profile
https://hackerone.com/reports/630462 | Heap overflow happen when receiving short length key from ssh server using ssh protocol 1
https://hackerone.com/reports/631227 | Some HTML Tags are Getting Executed in com.nextcloud.client
https://hackerone.com/reports/631956 | Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message
https://hackerone.com/reports/632017 | Self-Stored XSS - Chained with login/logout CSRF
https://hackerone.com/reports/632101 | Server Side Request Forgery mitigation bypass
https://hackerone.com/reports/633001 | Private System Note Disclosure using GraphQL
https://hackerone.com/reports/633231 | pre-auth Stored XSS in comments via javascript: url when administrator edits user supplied comment
https://hackerone.com/reports/633245 | Delete permission can be added on reshare
https://hackerone.com/reports/633266 | Code injection in macOS Desktop Client
https://hackerone.com/reports/633607 | Invalid read in str_replace_partial
https://hackerone.com/reports/634488 | Broken Authentication and Session Management Flaw After Change Password and Logout
https://hackerone.com/reports/634692 | Stored XSS Via NRQL chartbuilder JSON view
https://hackerone.com/reports/635597 | Wrong Interpretation of URL encoded characters, showing different punny code leads to redirection on different domain
https://hackerone.com/reports/636560 | Project Milestones Disclosed Via Groups When the Victim disabled milestones access in project settings
https://hackerone.com/reports/637194 | Bypass of biometrics security functionality is possible in Android application (com.shopify.mobile)
https://hackerone.com/reports/638401 | Private Key exposed in Travis Log can Compromise all the test servers.
https://hackerone.com/reports/638685 | Restricted user can add and delete tags of APM key transactions
https://hackerone.com/reports/640488 | Total bounties paid amount is disclosed because of redesign of the Program Profiles
https://hackerone.com/reports/642281 | Stored XSS in https://app.mopub.com
https://hackerone.com/reports/642515 | User can delete data in shared folders he's not autorized to access
https://hackerone.com/reports/643274 | Viral Direct Message Clickjacking via link truncation leading to capture of both Google credentials & installation of malicious 3rd party Twitter App
https://hackerone.com/reports/643622 | SSRF In Get Video Contents
https://hackerone.com/reports/643882 | Developper's websites are easily accessibles leading to massive information disclosure
https://hackerone.com/reports/643908 | Stored XSS Vulnerability
https://hackerone.com/reports/645264 | Program Email Nofication settings ignored when being added as an external contributor
https://hackerone.com/reports/646505 | â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ DOM XSS via Shopify.API.remoteRedirect
https://hackerone.com/reports/647130 | Stored XSS in "Create Groups"
https://hackerone.com/reports/649533 | Enable 2FA without verifying the email
https://hackerone.com/reports/651518 | OS Command Injection via egrep in Rake::FileList
https://hackerone.com/reports/653125 | Git flag injection leading to file overwrite and potential remote code execution
https://hackerone.com/reports/654198 | Manipulate hacker profile and private program hacktivity to expose your name as researchers who is actively submitting reports with resolve status
https://hackerone.com/reports/658013 | Git flag injection - local file overwrite to remote code execution
https://hackerone.com/reports/659419 | Reflected XSS on https://make.wordpress.org via 'channel' parameter
https://hackerone.com/reports/661051 | Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file
https://hackerone.com/reports/661722 | WEBrick::HTTPAuth::DigestAuth authentication is vulnerable to regular expression denial of service (ReDoS)
https://hackerone.com/reports/661751 | Subdomain takeover of d02-1-ag.productioncontroller.starbucks.com
https://hackerone.com/reports/661978 | IDOR bug to See hidden slowvote of any user even when you dont have access right
https://hackerone.com/reports/662083 | Inject page in admin panel via Shopify.API.pushState
https://hackerone.com/reports/662204 | Persistent XSS via filename in projects
https://hackerone.com/reports/662218 | Talk - Leak of password-protected room name via already existent resource addition
https://hackerone.com/reports/662287 | Cross-site Scripting (XSS) - Stored in RDoc wiki pages
https://hackerone.com/reports/663729 | [Brave browser] WebTorrent has DNS rebinding vulnerability
https://hackerone.com/reports/664038 | protected Tweet settings overwritten by other settings
https://hackerone.com/reports/665330 | Out of Bounds Memory Read in php_jpg_get16
https://hackerone.com/reports/665398 | Subdomain takeover of datacafe-cert.starbucks.com
https://hackerone.com/reports/665651 | Stealing Users OAuth Tokens through redirect_uri parameter
https://hackerone.com/reports/665722 | â€œemailâ€� MFA mode allows bypassing MFA from victimâ€™s device when the device trust is not expired
https://hackerone.com/reports/665798 | Earn free DAI interest (inflation) through instant CDP+DSR in one tx
https://hackerone.com/reports/666632 | Delete direct message history without access the proper conversation_id
https://hackerone.com/reports/666722 | Email enumeration at SignUp page
https://hackerone.com/reports/667188 | Stored Self XSS on https://app.crowdsignal.com (in Photo Insert App) + Stored XSS on https://your-subdomain.survey.fm
https://hackerone.com/reports/667408 | Head pipeline leaked to unauthorized users via blocking merge request feature
https://hackerone.com/reports/667739 | Previously created sessions continue being valid after MFA activation
https://hackerone.com/reports/667770 | Stored XSS at APM transaction map (transactionName field)
https://hackerone.com/reports/668439 | IDOR leading to downloading of any attachment
https://hackerone.com/reports/669438 | [Bypass #645264] Report title disclosure despite the program settings for email notification is set to "No Content"
https://hackerone.com/reports/669776 | Disclosure of Program email Title Report when being removed as contributor. Bypass for Report #645264
https://hackerone.com/reports/670572 | Uncontrolled Resource Consumption in any Markdown field using Mermaid
https://hackerone.com/reports/672245 | Use After Free in GC with Certain Destructors
https://hackerone.com/reports/672487 | Business Logic Flaw - A non premium user can change/update retailers to get cashback on all the retailers associated with Curve
https://hackerone.com/reports/672623 | Username and Access Token Disclousure
https://hackerone.com/reports/672664 | Steal collateral during end process, by earning DSR interest after flow.
https://hackerone.com/reports/673724 | Circle email-members have still access to a shared folder/file after they are removed from the circle
https://hackerone.com/reports/674195 | Stealing data from customers.gitlab.com without user interaction
https://hackerone.com/reports/674426 | XSS For Profile Name
https://hackerone.com/reports/674540 | mod_remoteip stack buffer overflow and NULL pointer dereference
https://hackerone.com/reports/674757 | Total Paid Bounty Paid can be disclose
https://hackerone.com/reports/674774 | AppLovin API Key hardcoded in a Github repo
https://hackerone.com/reports/674866 | Conversation API Leaks Details Of UnAuthorized Conversations
https://hackerone.com/reports/675578 | Out of Bounds Memory Read in exif_scan_thumbnail
https://hackerone.com/reports/675580 | Out of Bounds Memory Read in exif_process_user_comment
https://hackerone.com/reports/676581 | Use Github pack with Coda employee github account (search code of Coda's private repositories)
https://hackerone.com/reports/676976 | Container scanning and Dependency scanning report leaked to unauthorized users
https://hackerone.com/reports/677557 | mod_http2, memory corruption on early pushes (CVE-2019-10081)
https://hackerone.com/reports/679907 | Malformed string sent through FireServer leads to server freezing/hanging
https://hackerone.com/reports/679969 | CSS Injection to disable app & potential message exfil
https://hackerone.com/reports/680240 | Stored XSS at Synthetics private locations (planted through location label or description)
https://hackerone.com/reports/680415 | mod_http2, read-after-free in h2 connection shutdown (CVE-2019-10082)
https://hackerone.com/reports/682442 | Git flag injection - Search API with scope 'blobs'
https://hackerone.com/reports/682774 | Arbitrary file creation with semi-controlled content (leads to DoS, EoP and others) at Steam Windows Client
https://hackerone.com/reports/683298 | XSS and Open Redirect on MoPub Login
https://hackerone.com/reports/683318 | Windows builds with insecure path defaults (CVE-2019-1552)
https://hackerone.com/reports/683792 | XSS through chat messages
https://hackerone.com/reports/684092 | Steal ALL collateral during liquidation by exploiting lack of validation in flip.kick
https://hackerone.com/reports/684099 | Periscope-all Firebase database takeover
https://hackerone.com/reports/684152 | Steal all MKR from flap during liquidation by exploiting lack of validation in flap.kick
https://hackerone.com/reports/684603 | Heap buffer overflow in TFTP when using small blksize
https://hackerone.com/reports/685007 | Password Reset Link not expiring after changing the email Leads To Account Takeover
https://hackerone.com/reports/685552 | XSS in desktop client via invalid server address on login form
https://hackerone.com/reports/685909 | Searching from Hacktivity returns hits for words in limited disclosure reports that are not visible
https://hackerone.com/reports/686823 | krb5: double-free in read_data() after realloc() fail
https://hackerone.com/reports/687908 | Found Origin IP's Lead To Access To [ Grafana Instance , PgHero Instance [ Can SQL Injection ]
https://hackerone.com/reports/689245 | SSRF In plantuml (on plantuml.pre.gitlab.com)
https://hackerone.com/reports/689314 | Project Template functionality can be used to copy private project data, such as repository, confidential issues, snippets, and merge requests
https://hackerone.com/reports/689997 | Disclosure of Email title report in quick award paypout email (no content mode)
https://hackerone.com/reports/690536 | Passive stored XSS at Synthetics job result page (View resource)
https://hackerone.com/reports/691611 | XSS while logging using Google
https://hackerone.com/reports/692040 | PHP 7.3.3: Heap-use-after-free (READ of size 8) in match_at()
https://hackerone.com/reports/692252 | Group search leaks private MRs, code, commits
https://hackerone.com/reports/692352 | XSS on https://app.mopub.com/reports/custom/add/ [new-d1]
https://hackerone.com/reports/692603 | Privilege escalation in workers container
https://hackerone.com/reports/694181 | Worker container escape lead to arbitrary file reading in host machine
https://hackerone.com/reports/694604 | HTTP Request Smuggling on vpn.lob.com
https://hackerone.com/reports/696266 | "Bounties paid in the last 90 days" discloses the undisclosed bounty amount in program statistics
https://hackerone.com/reports/697055 | Worker container escape lead to arbitrary file reading in host machine [again]
https://hackerone.com/reports/697512 | Information Disclosure through Sentry Instance â–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆâ–ˆ
https://hackerone.com/reports/697959 | Only the file extensions are checked, not the MIME types as configured
https://hackerone.com/reports/698416 | Host Header Injection
https://hackerone.com/reports/698708 | Bypass report #416983 - Removed Staff members who had "Apps" permission can still modify flow app connections
https://hackerone.com/reports/700051 | Misconfigured s3 Bucket exposure
https://hackerone.com/reports/700831 | Unauthenticated read and write access to ALL endpoints of a store is possible for removed staff members who had "Apps" permission
https://hackerone.com/reports/700833 | Race condition Ğ½Ğ° Ğ¿Ğ¾ĞºÑƒĞ¿ĞºĞµ Ğ¿Ñ€Ğ¸Ğ·Ğ¾Ğ² Ğ·Ğ° Ğ±Ğ°Ğ»Ğ»Ñ‹
https://hackerone.com/reports/701901 | 2FA doesn't work in "https://insider.razer.com"
https://hackerone.com/reports/702981 | DOM XSS at https://www.thx.com in IE/Edge browser
https://hackerone.com/reports/702987 | No redirect_uri in the db for web-internal clientKey leads to one-click DoS on gitter.im
https://hackerone.com/reports/703058 | Insecure redirect rule results in bypassing ban redirect on certain pages
https://hackerone.com/reports/703759 | SSO through odnoklassniki uses http rather than https
https://hackerone.com/reports/703894 | View the Starred Projects in a Private Profile
https://hackerone.com/reports/704266 | DOM XSS at www.forescout.com in Microsoft Edge and IE Browser
https://hackerone.com/reports/705420 | A reflected XSS in python/Lib/DocXMLRPCServer.py
https://hackerone.com/reports/706533 | Stored XSS at Mobile (Versions tab)
https://hackerone.com/reports/706934 | Variant of CVE-2013-0269 (Denial of Service and Unsafe Object Creation Vulnerability in JSON)
https://hackerone.com/reports/707406 | Team object in GraphQL disclosed of private programs via the industry
https://hackerone.com/reports/707433 | Disclosure of payment_transactions for programs via GraphQL query
https://hackerone.com/reports/707720 | Stored XSS vulnerability in comments on *.wordpress.com
https://hackerone.com/reports/708013 | StoreFront API allows for a brute force attack on customer login by not timing out ALL attempts
https://hackerone.com/reports/708589 | Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF
https://hackerone.com/reports/708820 | Group search with Elastic search enable leaks unrelated data
https://hackerone.com/reports/708917 | Rate Limit Misconfiguration on tumblr login .
https://hackerone.com/reports/709336 | Reflective Cross-site Scripting via Newsletter Form
https://hackerone.com/reports/709883 | Cross-account stored XSS at embedded charts
https://hackerone.com/reports/710006 | Elasticsearch leaks data through the notes scope
https://hackerone.com/reports/710535 | Cross-account stored XSS at notes (through "swf" note parameter)
https://hackerone.com/reports/712065 | Prototype pollution attack (lodash)
https://hackerone.com/reports/712979 | Creating malformed URLs via new line character in-between two URLs leads to misrepresented hyperlinks in Tweets/DMs
https://hackerone.com/reports/713006 | Keybase client (Windows 10): Write files anywhere in userland using relative path in "download attachement" feature
https://hackerone.com/reports/713285 | http request smuggling in pscp.tv and periscope.tv
https://hackerone.com/reports/713407 | ActiveStorage throws exception when using whitespace as filename, may lead to denial of service of multiple pages
https://hackerone.com/reports/715192 | Private program disclosure via vpn_suspended GraphQL query
https://hackerone.com/reports/716292 | JumpCloud API Key leaked via Open Github Repository.
https://hackerone.com/reports/716761 | WAF bypass via double encoded non standard ASCII chars permitted a reflected XSS on response page not found pages - (629745 bypass)
https://hackerone.com/reports/716976 | Open redirect in semrush.com
https://hackerone.com/reports/719426 | File-drop content is visible through the gallery app
https://hackerone.com/reports/720306 | Docker image with FPM is vulnerable to CVE-2019-11043
https://hackerone.com/reports/722327 | CVE-2019-11043: a buffer underflow in fpm_main.c can lead to RCE in php-fpm
https://hackerone.com/reports/723060 | Reflected XSS at https://pay.gold.razer.com escalated to account takeover
https://hackerone.com/reports/723118 | [IDOR] API endpoint leaking sensitive user information
https://hackerone.com/reports/723175 | De-anonymization Attack: Cross Site Information Leakage
https://hackerone.com/reports/723707 | Code injection in https://www.semrush.com
https://hackerone.com/reports/724217 | tcpdump: CVE-2018-14879 - buffer overflow in tcpdump.c:get_next_file()
https://hackerone.com/reports/724243 | Tcpdump before 4.9.3 has a buffer over-read in print-802_11.c (CVE-2018-16227)
https://hackerone.com/reports/724253 | Tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option() (CVE-2018-16229)
https://hackerone.com/reports/724944 | latest_activity_id and latest_activity_at may disclose information about internal activities to unauthorized users
https://hackerone.com/reports/725307 | Unchecked URL in attachment datasource
https://hackerone.com/reports/725569 | [IDOR] Attacker user can Approve/Decline AFK on the behalf of other users
https://hackerone.com/reports/726117 | SMB access smuggling via FILE URL on Windows
https://hackerone.com/reports/726773 | HTTP Request Smuggling on https://labs.data.gov
https://hackerone.com/reports/727870 | [www.yoti.com] Wordpress user admin information discloure
https://hackerone.com/reports/728664 | Cache poisoning DoS to various TTS assets
https://hackerone.com/reports/729040 | Shopify's SF and LA offices Dashboard Information disclosed via Public Gist
https://hackerone.com/reports/729424 | Stored XSS in private message
https://hackerone.com/reports/730779 | HTTP header values do not have trailing OWS trimmed
https://hackerone.com/reports/731878 | An implementation flaw in Mail.ru can be exploited for DKIM signature spoofing and email spoofing
https://hackerone.com/reports/732415 | The authenticity_token can be reversed and used to forge valid per_form_csrf_tokens for arbitrary routes
https://hackerone.com/reports/733248 | Stored XSS in wordpress.com
https://hackerone.com/reports/735748 | HTTP request smuggling using malformed Transfer-Encoding header
https://hackerone.com/reports/736800 | IP address can be leaked on Image preview in ICQ for Android chat
https://hackerone.com/reports/736867 | SSRF protection bypass
https://hackerone.com/reports/737140 | Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies
https://hackerone.com/reports/737161 | SSRF - URL Attachments - 725307 bypass
https://hackerone.com/reports/737163 | SSRF - Image Sources in HTML Snippets - 727234 bypass
https://hackerone.com/reports/737315 | 'X-Forwarded-Host' key used in input without sanitation - possible cache poisoning
https://hackerone.com/reports/738015 | SSRF - Office Documents - Image URL
https://hackerone.com/reports/738072 | XSS on product comments in transfers
https://hackerone.com/reports/743545 | Bruteforce password recovery code
https://hackerone.com/reports/744692 | The login of Hotor Not is Vulnerable to bruteforce.
https://hackerone.com/reports/745276 | Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd
https://hackerone.com/reports/745324 | Account takeover via leaked session cookie
https://hackerone.com/reports/745495 | Unauthenticated users can access all food.grammarly.io user's data
https://hackerone.com/reports/745953 | Camo Image Proxy Bypass with CSS Escape Sequences
https://hackerone.com/reports/746000 | Subdomain Takeover Via via Dangling NS records on Amazon Route 53 http://api.e2e-kops-aws-canary.test-cncf-aws.canary.k8s.io
https://hackerone.com/reports/746733 | Remotely trigger an assertion on a TLS server with a malformed certificate string
https://hackerone.com/reports/746786 | Disclosure of locally served nerdpacks due to nr-local.net CORS policy misconfiguration
https://hackerone.com/reports/748375 | Transferring a public group to a private group doesn't remove code from the Elastichsearch API search result
https://hackerone.com/reports/751577 | IDOR allow access to payments data of any user
https://hackerone.com/reports/751604 | No Rate Limit On Forgot Password Page Of NordVPN
https://hackerone.com/reports/751699 | NR-wide cross account access through misconfigured CORS-policy of multiple endpoints
https://hackerone.com/reports/751729 | THX Tuneup Survey feedback disclosure via Google cached content for apps.thx.com
https://hackerone.com/reports/751876 | Version problem in wordpress leads to the many vulnearability
https://hackerone.com/reports/752010 | DoS of https://nordvpn.com/ via CVE-2018-6389 exploitation
https://hackerone.com/reports/752073 | xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)
https://hackerone.com/reports/753399 | Open redirect
https://hackerone.com/reports/753491 | DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389
https://hackerone.com/reports/753602 | Staging Rabbitmq instance is exposed to the internet with default credentials
https://hackerone.com/reports/753725 | Disclosure of User Information
https://hackerone.com/reports/753868 | Insecure Storage and Overly Permissive API Keys in Android App
https://hackerone.com/reports/753939 | HTTP SMUGGLING EXPOSED HMAC/DOS
https://hackerone.com/reports/755679 | Timeline Editor Self-XSS (Previous Fix #738072 Incomplete)
https://hackerone.com/reports/756149 | Blind SSRF on debug.nordvpn.com due to misconfigured sentry instance
https://hackerone.com/reports/756182 | Potential leak of server side software at repogohi.nordvpn.com
https://hackerone.com/reports/756729 | Stored XSS in Shopify Chat
https://hackerone.com/reports/757957 | Restricted user can manage the NerdGraph entities' tags
https://hackerone.com/reports/758002 | Markdown parsing issue enables insertion of malicious tags
https://hackerone.com/reports/759247 | Race Condition allows to redeem multiple times gift cards which leads to free "money"
https://hackerone.com/reports/759454 | Helpdesk Takeover at dmc.datastax.com
https://hackerone.com/reports/761218 | Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET
https://hackerone.com/reports/761219 | CodeQL query to detect pages with validationRequest disabled
https://hackerone.com/reports/761220 | CodeQL query to detect insecure MaxLengthRequest values in ASP.NET applications
https://hackerone.com/reports/761222 | Netty HTTP Response Splitting (CRLF Injection) due to disabled header validation
https://hackerone.com/reports/761480 | User password left in memory in plain text after GUI launch
https://hackerone.com/reports/761726 | SOP bypass using browser cache
https://hackerone.com/reports/761975 | Keychain data persistence may lead to account takeover
https://hackerone.com/reports/762271 | Guest users can change the confidentiality attribute on those issues that have been assigned to them
https://hackerone.com/reports/763994 | Disclose Any Store products, Files, Purchase Orders Via Email through Shopify Stocky APP
https://hackerone.com/reports/764243 | API - Amazon S3 bucket misconfiguration
https://hackerone.com/reports/764434 | profile-picture name parameter with large value lead to DoS for other users and programs on the platform
https://hackerone.com/reports/765355 | Modify account details by exploiting clickjacking vulnerability on refer.wordpress.com
https://hackerone.com/reports/765955 | Clickjacking at join.nordvpn.com
https://hackerone.com/reports/766145 | Restricted user can remove NerdStorage documents/collections scoped to ACCOUNT or ENTITY
https://hackerone.com/reports/766578 | Absence of Token expiry leads to Unauthorized login Access
https://hackerone.com/reports/766633 | XSS reflected on [https://www.pixiv.net]
https://hackerone.com/reports/767348 | Java (Maven): Use of insecure protocol to download/upload artifacts
https://hackerone.com/reports/767458 | User input validation can lead to DOS
https://hackerone.com/reports/768110 | Race condition (TOCTOU) in NordVPN can result in local privilege escalation
https://hackerone.com/reports/768677 | lack of input validation that can lead Denial of Service (DOS)
https://hackerone.com/reports/769058 | CORS misconfiguration which leads to the disclosure of certain data concerning the user.
https://hackerone.com/reports/770209 | Unauthorized user can obtain report_sources attribute through Team GraphQL object
https://hackerone.com/reports/770349 | Reflected XSS in twitterflightschool.com
https://hackerone.com/reports/770504 | Bypass Password Authentication for updating email and phone number - Security Vulnerability
https://hackerone.com/reports/771666 | Stealing Zomato X-Access-Token: in Bulk using HTTP Request Smuggling on api.zomato.com
https://hackerone.com/reports/771694 | An attacker can buy marketplace articles for lower prices as it allows for negative quantity values leading to business loss
https://hackerone.com/reports/772886 | Password Reset Link Works Multiple Times
https://hackerone.com/reports/774050 | No rate limiting for confirmation email lead to email flooding
https://hackerone.com/reports/774896 | Kubelet resource exhaustion attack via metric label cardinality explosion from unauthenticated requests
https://hackerone.com/reports/776017 | Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service.
https://hackerone.com/reports/776449 | Restricted user can update Apdex target for applications by leveraging the GraphQL mutation
https://hackerone.com/reports/776634 | [H1-415 2020] CTF Writeup
https://hackerone.com/reports/777942 | Unrestricted access to any "connected pack" on docs
https://hackerone.com/reports/777984 | Denial of Service with Cookie Bomb
https://hackerone.com/reports/778803 | Compromise of auth via subset/superset namespace names.
https://hackerone.com/reports/778834 | OOB read in php_strip_tags_ex
https://hackerone.com/reports/779442 | Subdomain takeover of storybook.lystit.com
https://hackerone.com/reports/780632 | Html Injection and Possible XSS in main nordvpn.com domain
https://hackerone.com/reports/781325 | Out-of-bounds Read in php_strip_tags_ex
https://hackerone.com/reports/781673 | Accepting error message on twitter sends you to attacker site
https://hackerone.com/reports/781880 | CodeQL query to detect weak (duplicated) encryption keys for ASP.NET Telerik Upload
https://hackerone.com/reports/782703 | Account owner/admin can't actually delete personal users' API keys
https://hackerone.com/reports/783258 | 2-factor authentication can be disabled when logged in without confirming account password
https://hackerone.com/reports/783356 | The password limit is not set, [DoS].
https://hackerone.com/reports/783688 | Ability to buy PRO subscriptions by arbitrary reduced prices
https://hackerone.com/reports/783708 | IDOR in semrush academy
https://hackerone.com/reports/783877 | Remote Code Execution in Slack desktop apps + bonus
https://hackerone.com/reports/784186 | napi_get_value_string_X allow various kinds of memory corruption
https://hackerone.com/reports/784676 | iOS app crashed by specially crafted direct message reactions
https://hackerone.com/reports/784714 | Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation
https://hackerone.com/reports/785120 | CodeQL query for finding CSRF vulnerabilities in Spring applications
https://hackerone.com/reports/785243 | Twitter Source Label allow 'mongolian vowel separator' U+180E (app name)
https://hackerone.com/reports/785785 | [Web ICQ Client] XSS-inj in polls
https://hackerone.com/reports/786044 | [windows10.hi-tech.mail.ru] Blind SQL Injection
https://hackerone.com/reports/786301 | Stored XSS in Name of Team Member Invitation
https://hackerone.com/reports/786745 | [API] ICQ user's avatar can be manipulated remotely
https://hackerone.com/reports/786822 | [Web ICQ Client] XSS ÑƒÑ�Ğ·Ğ²Ğ¸Ğ¼Ğ¾Ñ�Ñ‚ÑŒ Ğ² Ğ¸Ğ¼ĞµĞ½Ğ¸ Ğ¿Ğ¾Ğ»ÑŒĞ·Ğ¾Ğ²Ğ°Ñ‚ĞµĞ»Ñ�
https://hackerone.com/reports/787113 | CodeQL query for finding LDAP Injection (CWE-90) vulnerabilities in Java
https://hackerone.com/reports/788257 | "Secure View" aka "Hide Download" can be bypassed easily
https://hackerone.com/reports/788691 | XSS - Guard - Insufficient escaping of User-IDs from PGP Keys
https://hackerone.com/reports/789260 | Past payments using the Direct Debit method keep subscriptions active even if payments fail
https://hackerone.com/reports/789579 | ActiveStorage direct upload fails to sign content-length header for S3 service
https://hackerone.com/reports/790005 | 3igames.mail.ru SQL Injection
https://hackerone.com/reports/790786 | Members from parent group keep their access level on a subgroup transfer and are invisible
https://hackerone.com/reports/790854 | NO username used in authenthication to www.mopub.com leading to direct password submission which has unlimited submission rate.
https://hackerone.com/reports/790876 | Dynamic reflection class
https://hackerone.com/reports/791775 | Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO
https://hackerone.com/reports/792295 | On Singing up with a Phone number , The 4 digit OTP does not expires for a long time leading to an easy attack and make a verified account easilty
https://hackerone.com/reports/792927 | Email address of any user can be queried on Report Invitation GraphQL type when username is known
https://hackerone.com/reports/792953 | SSRF - Guard - Unchecked HKP servers
https://hackerone.com/reports/792960 | SSRF - Guard - Unchecked WKS servers
https://hackerone.com/reports/792998 | 404-response contains debug-information with all headers
https://hackerone.com/reports/796808 | [Part II] Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation
https://hackerone.com/reports/796956 | Able to Takeover Merchants Accounts Even They Have Already Setup SSO, After Bypassing the Email Confirmation
https://hackerone.com/reports/797159 | PHP builded for Windows with TS support does not resolve relalative paths with drive letter correctly
https://hackerone.com/reports/797685 | IDOR in marketing calendar tool
https://hackerone.com/reports/798301 | FileZilla 3.46.3 - 'Scale factor' Buffer Overflow
https://hackerone.com/reports/798599 | xss stored
https://hackerone.com/reports/798686 | x-request-id header reflected in server response without sanitization
https://hackerone.com/reports/798742 | open redirect in eb9f.pivcac.prod.login.gov
https://hackerone.com/reports/798744 | Null Pointer Dereference in PHP Session Upload Progress
https://hackerone.com/reports/799072 | Slowloris, body parsing
https://hackerone.com/reports/800109 | An invite-only's program submission state is accessible to users no longer part of the program
https://hackerone.com/reports/800140 | Malformed HTTP/2 SETTINGS frame leads to reachable assert
https://hackerone.com/reports/801230 | CodeQL query for finding ReDoS and Regex Injection vulnerabilities in Java
https://hackerone.com/reports/802011 | Grafana Improper authorization
https://hackerone.com/reports/803141 | Unauthorized User Can Delete Any User Account
https://hackerone.com/reports/805010 | PHP link() silently truncates after a null byte on Windows
https://hackerone.com/reports/805013 | DirectoryIterator class silently truncates after a null byte
https://hackerone.com/reports/805073 | Periscope iOS app CSRF in follow action due to deeplink
https://hackerone.com/reports/806571 | Stored XSS in blob viewer
https://hackerone.com/reports/806577 | Arbitrary Set-Cookie via "?coupon=" due to semi-colon not encoded
https://hackerone.com/reports/807440 | Java (Maven): Actually fix the use of insecure protocol to download/upload artifacts
https://hackerone.com/reports/807448 | Customer private program can disclose email any users through invited via username
https://hackerone.com/reports/807924 | CSRF on connecting Paypal as Payment Provider
https://hackerone.com/reports/808287 | Unrestricted file upload on the image of contacts
https://hackerone.com/reports/808762 | Exposed Slinky Instance Admin Panel
https://hackerone.com/reports/809248 | SSRF into Shared Runner, by replacing dockerd with malicious server in Executor
https://hackerone.com/reports/809816 | Organization Takeover
https://hackerone.com/reports/810320 | Read-only user can delete higher privileged members using open DELETE /api/memberships/ endpoint
https://hackerone.com/reports/810880 | Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify
https://hackerone.com/reports/811502 | Node.js: TLS session reuse can lead to hostname verification bypass
https://hackerone.com/reports/812754 | Denial of Service by requesting to reset a password
https://hackerone.com/reports/813159 | Cleartext Transmission of Sensitive Information Leads to administrator access
https://hackerone.com/reports/813421 | Account deletion requests not entirely honoured. Misinformation even after seeking clarification from customer support.
https://hackerone.com/reports/816086 | Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete"
https://hackerone.com/reports/816254 | SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution
https://hackerone.com/reports/816560 | SQL injection on contactws.contact-sys.com in TRateObject.AddForOffice in USER_ID parameter leads to remote code execution
https://hackerone.com/reports/819088 | character limitation bypass can lead to DoS on Twitter App and 500 Internal Server Error
https://hackerone.com/reports/819278 | Open S3 Bucket Accessible by any Aws User
https://hackerone.com/reports/819807 | Missing ownership check on remote wipe endpoint
https://hackerone.com/reports/819821 | Initial mirror user can be assigned by other user even if the mirror was removed
https://hackerone.com/reports/819863 | XSS in PDF Viewer
https://hackerone.com/reports/819930 | Ability to bruteforce mopub accountâ€™s password due to lack of rate limitation protection using {ip rotation techniques}
https://hackerone.com/reports/820146 | PHPUnit is included in groupfolders release package potentially causing RCE
https://hackerone.com/reports/824689 | Send arbitrary PUT requests when user clicks on a link
https://hackerone.com/reports/824909 | Subdomain Takeover uptime
https://hackerone.com/reports/824925 | XPath Injection query in java
https://hackerone.com/reports/824926 | CWE-094 ScriptEngine in java
https://hackerone.com/reports/826026 | Use-After-Free In IPV6_2292PKTOPTIONS leading To Arbitrary Kernel R/W Primitives
https://hackerone.com/reports/826176 | program_analytics_benchmarks query shows information not visible in public
https://hackerone.com/reports/826361 | SSRF on project import via the remote_attachment_url on a Note
https://hackerone.com/reports/827051 | Use after free in smtp_server_connection_handle_command
https://hackerone.com/reports/827052 | Arbitrary file read via the UploadsRewriter when moving and issue
https://hackerone.com/reports/827484 | Missing rate limit for current password field (Password Change) Account Takeover
https://hackerone.com/reports/827729 | Null pointer dereference in SMTP server function smtp_string_parse
https://hackerone.com/reports/827816 | Missing server side controls when editing the boardâ€™s sharing permissions per user
https://hackerone.com/reports/831290 | Null pointer dereference in SMTP server function smtp_command_parse_data_with_size
https://hackerone.com/reports/831962 | XSS on Issue reference numbers
https://hackerone.com/reports/832227 | Buffer over-reads in i_stream_zlib_read
https://hackerone.com/reports/832858 | SSRF via 3d.cs.money/pasteLinkToImage
https://hackerone.com/reports/833080 | Tricking the "Create snippet" feature into displaying the wrong filetype can lead to RCE on Slack users
https://hackerone.com/reports/833782 | Allow authenticated users can edit, trash,and add new in BuddyPress Emails function
https://hackerone.com/reports/833856 | DoS for GCSArtifact.RealAll
https://hackerone.com/reports/834366 | Login CSRF vulnerability on hackerone.com
https://hackerone.com/reports/835005 | Organization Takeover via invitation API
https://hackerone.com/reports/836036 | Multiple buffer over reads in mbox_from_parse
https://hackerone.com/reports/836045 | Buffer overread in parse_angle_addr called from message_address_parse_path
https://hackerone.com/reports/836187 | CSRF in Profile Fields allows deleting any field in BuddyPress
https://hackerone.com/reports/836649 | Stored XSS in markdown when redacting references
https://hackerone.com/reports/837018 | Privilege Escalation in BuddyPress core allows Moderate to Administrator
https://hackerone.com/reports/837256 | Improper Access Control in Buddypress core allows reply,delete any user's activity
https://hackerone.com/reports/837729 | Session works after logout from Shopify account and password of online store is displayed
https://hackerone.com/reports/838127 | mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full (CVE-2020-7065)
https://hackerone.com/reports/838685 | Use of uninitialized value in ftp_getrc_msg method of mod_proxy_ftp.c
https://hackerone.com/reports/838855 | [www.zomato.com] Blind SQL Injection in /php/geto2banner
https://hackerone.com/reports/840598 | Possible denial of service when entering a loooong password
https://hackerone.com/reports/840759 | Reflected XSS on www.hackerone.com and resources.hackerone.com
https://hackerone.com/reports/843421 | Hyperlink Injection on Email Invitation
https://hackerone.com/reports/844327 | Java/CWE-036: Calling openStream on URLs created from remote source can lead to file disclosure
https://hackerone.com/reports/844428 | [www.zomato.com] Abusing LocalParams (city) to Inject SOLR query
https://hackerone.com/reports/845677 | Sourcemaps and Unminified Source Code Exposed on Pages
https://hackerone.com/reports/845729 | CPP: Out of order Linux permission dropping without checking return codes
https://hackerone.com/reports/846338 | Reflected XSS on https://www.glassdoor.com/employers/sem-dual-lp/
https://hackerone.com/reports/848625 | None permission staff member can identify installed application and products attached to it
https://hackerone.com/reports/850022 | CSRF on launchpad.37signals.com OAuth2 authorization endpoint
https://hackerone.com/reports/850114 | SSRF in notifications.server configuration
https://hackerone.com/reports/850447 | gitlab-workhorse bypass in Gitlab::Middleware::Multipart allowing files in allowed_paths to be read
https://hackerone.com/reports/851807 | Code injection possible with malformed Nextcloud Talk chat commands
https://hackerone.com/reports/852103 | Out-of-Bound Read in urldecode() [CVE-2020-7067]
https://hackerone.com/reports/852316 | Go/CWE-643: XPath Injection Query in Go
https://hackerone.com/reports/852349 | CPP: Out of order Linux permission dropping without checking return codes
https://hackerone.com/reports/852841 | Reduced purmations on encryption
https://hackerone.com/reports/853130 | IDOR on stocky application-Low Stock-Varient-Settings-Columns
https://hackerone.com/reports/853355 | Unauthorized access to private project security dashboard
https://hackerone.com/reports/854299 | Self XSS in Timeline
https://hackerone.com/reports/854424 | æš´åŠ›ç ´è§£ç”¨æˆ·å¯†ç �æ²¡æœ‰é€Ÿç�‡æ�§åˆ¶
https://hackerone.com/reports/854439 | Initial websocket support for Javascript (SockJS)
https://hackerone.com/reports/854793 | No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org
https://hackerone.com/reports/855276 | Injection of http.<url>.* git config settings leading to SSRF
https://hackerone.com/reports/855618 | Account takeover intercepting magic link for Arrive app
https://hackerone.com/reports/856554 | Stored XSS on the job page
https://hackerone.com/reports/856836 | Stored XSS on PyPi simple API endpoint
https://hackerone.com/reports/858650 | CRLF injection on www.starbucks.com
https://hackerone.com/reports/858671 | Insufficient Type Check on GraphQL leading to Maintainer delete repository
https://hackerone.com/reports/858854 | Recursor accepts unsigned, empty NXDOMAINs in secure zones
https://hackerone.com/reports/858915 | CircleCI token in github repo allows for access to sensitive build information
https://hackerone.com/reports/859333 | Stored XSS in group issue list
https://hackerone.com/reports/860197 | A staff without export customers permissions can still export customers CSV file
https://hackerone.com/reports/860348 | Staff member with no permission can delete POS staff from account settings
https://hackerone.com/reports/861170 | Attacker with an Old account might still be able to DoS ctf.hacker101.com by sending a Crafted request
https://hackerone.com/reports/861521 | Cookie injection leads to complete DoS over whole domain *.mackeeper.com. Injection point accountstage.mackeeper.com/
https://hackerone.com/reports/861940 | OAuth redirect_uri bypass using IDN homograph attack resulting in user's access token leakage
https://hackerone.com/reports/863551 | Subdomain takeover of resources.hackerone.com
https://hackerone.com/reports/863553 | SSRF protection bypass in /appsuite/api/oxodocumentfilter addfile action
https://hackerone.com/reports/863979 | Compromise of node can lead to compromise of pods on other nodes
https://hackerone.com/reports/864701 | Prototype Pollution lodash 4.17.15
https://hackerone.com/reports/865115 | unpermitted user can change the device name of admin account
https://hackerone.com/reports/865195 | reading the stack data of the imap process
https://hackerone.com/reports/865652 | Blind SSRF in /appsuite/api/oxodocumentfilter&action=addfile
https://hackerone.com/reports/866271 | Lack of Input sanitization leads to database Character encoding configuration Disclosure
https://hackerone.com/reports/866597 | Pre-auth buffer over-read in Dovecot NTLM implementation
https://hackerone.com/reports/866605 | Pre-auth Denial-of-Service in Dovecot RPA implementation
https://hackerone.com/reports/867052 | Access Control: Inject tasks into other users decks
https://hackerone.com/reports/867249 | The hacker has access to the administrative part of the management reports in publish report
https://hackerone.com/reports/867513 | Takeover an account that doesn't have a Shopify ID and more
https://hackerone.com/reports/867577 | Unauthenticated request smuggling on launchpad.37signals.com
https://hackerone.com/reports/867699 | Node disk DOS by writing to container /etc/hosts
https://hackerone.com/reports/867952 | HTTP request Smuggling
https://hackerone.com/reports/868615 | Inject page in admin panel via Shopify.API.pushState with protocol invalid
https://hackerone.com/reports/868834 | Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests
https://hackerone.com/reports/869831 | XSS within Shopify Email App - Admin
https://hackerone.com/reports/869888 | Path Traversal in App Proxy
https://hackerone.com/reports/870001 | access permission is not revoked even if the email has been deleted or changed on the partner account -partners.shopify-
https://hackerone.com/reports/871142 | Disclosure of the name of a program that has a private part with an external link
https://hackerone.com/reports/871749 | Unauthorized access to metadata of undisclosed reports that were retested
https://hackerone.com/reports/872094 | CodeQL query to detect SSRF in Python
https://hackerone.com/reports/874574 | Partner's non-verified business email change reflected into Shopify Collaborator Request
https://hackerone.com/reports/874778 | Partial password leak over DNS on HTTP redirect
https://hackerone.com/reports/878779 | Full Read SSRF on Gitlab's Internal Grafana
https://hackerone.com/reports/880089 | Smartsheet employees email disclosure through enpoint after login.
https://hackerone.com/reports/880099 | Unrestricted file upload leads to Stored XSS
https://hackerone.com/reports/880187 | Near to Infinite loop when changing Group's name that has API token as Team Member
https://hackerone.com/reports/880863 | Todos are not redacted when membership changes - Access to (confidential) issues and merge requests
https://hackerone.com/reports/881115 | Cross-Site Scripting (XSS) on www.starbucks.com | .co.uk login pages
https://hackerone.com/reports/881855 | Arbitrary change of blog's background image via CSRF
https://hackerone.com/reports/881918 | Authenticated Stored Cross-site Scripting in bbPress
https://hackerone.com/reports/882412 | OrderListInitial leaks order details
https://hackerone.com/reports/882546 | DOM-Based XSS in tumblr.com
https://hackerone.com/reports/882848 | Possibilty to purchase Ultimate - 1 Year (EDU or OSS)
https://hackerone.com/reports/882923 | DoS for client-go jsonpath func
https://hackerone.com/reports/883867 | Inject page in admin panel via Shopify.API.pushState [New Payload]
https://hackerone.com/reports/884159 | Ability to generate shipping labels in another store orders
https://hackerone.com/reports/885539 | Private list members disclosure via GraphQL
https://hackerone.com/reports/886287 | Java: CWE-532 sensitive info logging
https://hackerone.com/reports/887462 | curl overwrite local file with -J
https://hackerone.com/reports/887879 | xss stored in https://your store.myshopify.com/admin/
https://hackerone.com/reports/888666 | Add check for disabled HTTPOnly setting in Tomcat
https://hackerone.com/reports/888729 | Read-Only user can delete users
https://hackerone.com/reports/888930 | SAML Response Reuse on hackerone.com/users/saml/auth
https://hackerone.com/reports/888986 | [CVE-2020-10543] Buffer overflow caused by a crafted regular expression
https://hackerone.com/reports/889243 | Re-Sharing allows increase of privileges
https://hackerone.com/reports/890747 | PIN OK attack
https://hackerone.com/reports/890793 | Panic: Input stream data unexpectedly has references
https://hackerone.com/reports/890798 | Panic in file smtp-address.c: line 684 (smtp_address_write): assertion failed: (smtp_char_is_qpair(*p))
https://hackerone.com/reports/891069 | null dereference in sieve_address_do_validate (or redundant null check)
https://hackerone.com/reports/891080 | Null pointer deference in call to mail_get_flags
https://hackerone.com/reports/891265 | gagliardetto: Query to detect incorrect conversion between numeric types
https://hackerone.com/reports/891266 | CodeQL query to detect open Spring Boot actuator endpoints
https://hackerone.com/reports/891267 | CPP: Missing/incomplete TLS server certificate hostname validation
https://hackerone.com/reports/891268 | [Java] CWE-939 - Address improper URL authorization
https://hackerone.com/reports/892289 | self-xss with ClickJacking can leads to account takeover in Firefox
https://hackerone.com/reports/892465 | CodeQL query to detect JNDI injections
https://hackerone.com/reports/892466 | Golang : Add Email Content Injection query
https://hackerone.com/reports/892615 | [www.werkenbijbakertilly.nl] Denial of service due to incorrect server return can result in total denial of service.
https://hackerone.com/reports/892904 | Ability to link a Google account to another staff account/store owner that isn't linked yet
https://hackerone.com/reports/894446 | Null dereference in mcht_relational_validate ext-relational-common.c:136
https://hackerone.com/reports/894569 | An attacker can run pipeline jobs as arbitrary user
https://hackerone.com/reports/894870 | CodeQL query for MVEL injections
https://hackerone.com/reports/894871 | CodeQL query for unsafe TLS versions
https://hackerone.com/reports/894872 | CodeQL query to detect Server-Side Template Injections (JavaScript)
https://hackerone.com/reports/894876 | XSS through image upload of contacts using svg file
https://hackerone.com/reports/894915 | XSS on opening a malicious OpenOffice text document
https://hackerone.com/reports/894918 | XSS on opening malicious OpenOffice presentation document
https://hackerone.com/reports/894919 | XSS on opening malicious OpenOffice presentation document
https://hackerone.com/reports/895696 | Blind SSRF on https://labs.data.gov/dashboard/Campaign/json_status/ Endpoint
https://hackerone.com/reports/895972 | Limited LFI
https://hackerone.com/reports/896298 | CodeQL query for SpEL injections
https://hackerone.com/reports/896299 | Java: CWE-297 Insecure JavaMail SSL configuration
https://hackerone.com/reports/896522 | Reflected XSS when renaming a file with a vulnerable name which results in an error
https://hackerone.com/reports/897385 | 2FA bypass by sending blank code
https://hackerone.com/reports/898693 | Out of memory with combination of test_config_set and test_config_reload
https://hackerone.com/reports/898841 | Password reset link not expired at Stocky App
https://hackerone.com/reports/900548 | Buffer over read from smtp_command_parse_parameters
https://hackerone.com/reports/901775 | Get analytics token using only apps permission
https://hackerone.com/reports/902733 | Sensitive Info Leak - An Attacker Can Retrieve All the Users Mobile Numbers at https://website-api.production.curve.app/api/waitlist/us
https://hackerone.com/reports/902970 | [Java]: CWE-523 Insecure HSTS configuration
https://hackerone.com/reports/903521 | Fastify uses allErrors: true ajv configuration by default which is susceptible to DoS
https://hackerone.com/reports/903740 | Denial of Service | twitter.com & mobile.twitter.com
https://hackerone.com/reports/904059 | Open Redirect (6.0.0 < rails < 6.0.3.2)
https://hackerone.com/reports/905015 | Long filenames cause OOM and temp files are not cleaned
https://hackerone.com/reports/905607 | [cs.money] Open Redirect Leads to Account Takeover
https://hackerone.com/reports/905816 | No Rate Limit when accessing "Password protection" enabled surveys leads to bypassing passwords via "pd-pass_surveyid" cookie
https://hackerone.com/reports/906201 | XSS / SELF XSS
https://hackerone.com/reports/906433 | Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506
https://hackerone.com/reports/906907 | IDOR with Geolocation data not stripped from images
https://hackerone.com/reports/908162 | Acronis True Image Local Privilege Escalation via insecure folder permissions
https://hackerone.com/reports/908894 | Null dereference or redundant null check in mail_crypt_load_global_private_key for plugin mail-crypt
https://hackerone.com/reports/909374 | Java : CWE-548 - J2EE server directory listing enabled
https://hackerone.com/reports/909375 | Golang : Add MongoDb NoSQL injection sinks
https://hackerone.com/reports/909863 | Low privileged user can create high privileged user's KITCRM authorization token and can read and write message to KIT
https://hackerone.com/reports/910300 | Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation
https://hackerone.com/reports/911857 | increased privileges on staff account
https://hackerone.com/reports/915110 | No Email Checking at Invitation Confirmation Link leads to Account Takeover without User Interaction at CrowdSignal
https://hackerone.com/reports/915114 | IDOR when editing users leads to Account Takeover without User Interaction at CrowdSignal
https://hackerone.com/reports/915127 | IDOR when moving contents at CrowdSignal
https://hackerone.com/reports/915133 | IDOR at 'media_code' when addings media to questions
https://hackerone.com/reports/915140 | Users can bypass page restrictions via Export feature at "Share" feature in CrowdSignal
https://hackerone.com/reports/915756 | [tumblr.com] 69< Firefox Only XSS Reflected
https://hackerone.com/reports/915940 | Script Editor preview token still working with uninstalled application, even for unpublished script
https://hackerone.com/reports/916704 | Access control missing while viewing the attachments in the "All boards"
https://hackerone.com/reports/917250 | Stored XSS on recruit.innogames.de
https://hackerone.com/reports/917453 | CodeQL query for disabled revocation checking
https://hackerone.com/reports/917454 | Java: CWE-273 Unsafe certificate trust
https://hackerone.com/reports/917455 | CodeQL query to detect OGNL injections
https://hackerone.com/reports/917456 | [Java] CWE-295 - Incorrect Hostname Verification - MitM
https://hackerone.com/reports/917875 | STAFF "No-Permissions" on the Store can retrieve the details Order via exchangeReceiptSend
https://hackerone.com/reports/919175 | HTTP request smuggling on Basecamp 2 allows web cache poisoning
https://hackerone.com/reports/920005 | Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media
https://hackerone.com/reports/920285 | [javascript] CWE-020: CodeQL query to detect missing origin validation in cross-origin communication via postMessage
https://hackerone.com/reports/920357 | Captcha checker "pd-captcha_form_SURVEYID" cookie is accepting any value
https://hackerone.com/reports/921286 | Denial of Service [Chrome]
https://hackerone.com/reports/921704 | Denial-of- service By Cache Poisoning The Cross-Origin Resource Sharing Misconfiguration Allow Origin Header
https://hackerone.com/reports/921709 | Clickjacking on donation page
https://hackerone.com/reports/922456 | Ability to bypass email verification for OAuth grants results in accounts takeovers on 3rd parties
https://hackerone.com/reports/922597 | HTTP Request Smuggling due to CR-to-Hyphen conversion
https://hackerone.com/reports/926221 | Improper use of "path" parameter can be used to trick testers into leaking their Front-End PoC
https://hackerone.com/reports/927567 | Ability to publish a paid theme without purchasing it.
https://hackerone.com/reports/927661 | Ability to manipulate price with a max threshold of <1 Rupee in support rider parameter
https://hackerone.com/reports/928255 | Ability To Delete User(s) Account Without User Interaction
https://hackerone.com/reports/929288 | Java: CWE-939 - Address improper URL authorization
https://hackerone.com/reports/942859 | Stored XSS in Post title (PoC)
https://hackerone.com/reports/944359 | Python : Add query to detect Server Side Template Injection
https://hackerone.com/reports/944735 | Arbitrary DLL injection in mmsminisrv (Acronis Managed Machine Service Mini)
https://hackerone.com/reports/945122 | Arbitrary file creation via symlink attack on syncagentsrv (Acronis Sync Agent Service)
https://hackerone.com/reports/945990 | Safe Redirect Bypass
https://hackerone.com/reports/946053 | Stored XSS in my staff name fired in another your internal panel
https://hackerone.com/reports/946409 | RCE on build server via misconfigured pip install
https://hackerone.com/reports/946728 | SafeParamsHelper::safe_params is not so safe
https://hackerone.com/reports/947728 | staff can able to extend shopify trial period without admin permission
https://hackerone.com/reports/947790 | Reflected XSS on a Atavist theme
https://hackerone.com/reports/948876 | Connect-only connections can use the wrong connection
https://hackerone.com/reports/948929 | Blind Stored XSS Via Staff Name
https://hackerone.com/reports/949382 | DOM-Based XSS in tumblr.com
https://hackerone.com/reports/949513 | XSS by file (Active Storage Proxying)
https://hackerone.com/reports/949823 | XSS DI BIODATA
https://hackerone.com/reports/950190 | Store-XSS in error message of build-dependencies
https://hackerone.com/reports/950299 | Use after free vulnerability in phar_parse_zipfile
https://hackerone.com/reports/950845 | Reflected XSS at /category/ on a Atavis theme
https://hackerone.com/reports/950881 | IDOR when editing email leads to Account Takeover on Atavist
https://hackerone.com/reports/951230 | Can buy Atavist Magazine subscription for free
https://hackerone.com/reports/951292 | Site-wide CSRF at Atavist
https://hackerone.com/reports/952035 | Admin web sessions remain active after logout of Shopify ID
https://hackerone.com/reports/952771 | CVE-2019-11250 remains in effect.
https://hackerone.com/reports/953083 | Ability to publish a paid theme without purchasing it.
https://hackerone.com/reports/953219 | SMTP interaction theft via MITM
https://hackerone.com/reports/953579 | [api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS
https://hackerone.com/reports/955016 | GitLab-Runner on Windows DOCKER_AUTH_CONFIG container host Command Injection
https://hackerone.com/reports/955286 | Graphql: Sorting the reports by jira_status field resulted to different value
https://hackerone.com/reports/956295 | LDAP injection vulnerability in Java
https://hackerone.com/reports/956296 | Golang : Improvements to Golang SSRF query
https://hackerone.com/reports/956967 | Java: CWE-798 - Hardcoded AWS credentials
https://hackerone.com/reports/957829 | Sending thousands of notifications with single request
https://hackerone.com/reports/957874 | Adding your account to victim's app via deeplink
https://hackerone.com/reports/958374 | Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted
https://hackerone.com/reports/960244 | Insufficient Type Check leading to Developer ability to delete Project, Repository, Group, ...
https://hackerone.com/reports/961757 | Twitter Media Studio Source Information Disclosure With Analyst Role
https://hackerone.com/reports/961841 | Recently added 'Country' field doesn't send email notification when changed
https://hackerone.com/reports/961929 | Ability to see password protected content by bypassing the password page of shopify preview URL for new development stores (as of August 17, 2020)
https://hackerone.com/reports/962462 | Unauthorized user is able to access schedule pipeline variables and values
https://hackerone.com/reports/962604 | Revoked User can still view the Merge Request created by him via API
https://hackerone.com/reports/962895 | Stocky App Administrator can create a backdoor admin account by using an existing POS User
https://hackerone.com/reports/963774 | Premium Email Address Check Bypass - Hey
https://hackerone.com/reports/963815 | Java: CWE-522 Insecure basic authentication
https://hackerone.com/reports/963816 | [javascript] CWE-117: CodeQL query to detect Log Injection
https://hackerone.com/reports/965267 | Potential HTTP Request Smuggling in ruby webrick
https://hackerone.com/reports/965510 | Password protection can be removed for newly created development store
https://hackerone.com/reports/965782 | Failed assert in mail_index_transaction_lookup
https://hackerone.com/reports/965790 | Assert failed in edit_mail_istream_read
https://hackerone.com/reports/965881 | Null dereference in cmd_denotify_operation_execute
https://hackerone.com/reports/965914 | fs.realpath.native on darwin may cause buffer overflow
https://hackerone.com/reports/966383 | secret leaks in vsphere cloud controller manager log
https://hackerone.com/reports/966494 | True Image 2021 - LPE via XPC service communication
https://hackerone.com/reports/966834 | Incomplete fix for CVE-2020-12673 : Specially crafted NTML message leads to buffer over read
https://hackerone.com/reports/967457 | Buffer overread off by one in rpa_read_buffer, incomplete fix for CVE-2020-12674
https://hackerone.com/reports/968690 | DOM based XSS in store.acronis.com//purl-corporate-standard-IT [cfg parameter]
https://hackerone.com/reports/970157 | Bypass Password Authentication to Update the Password
https://hackerone.com/reports/970760 | Pixel Flood Attack leads to Application level DoS
https://hackerone.com/reports/972355 | Able to leak private email of any user given his/her username via graphql
https://hackerone.com/reports/972561 | kubeadm logs tokens before deleting them
https://hackerone.com/reports/972601 | Open Redirect at https://oauth.secure.pixiv.net
https://hackerone.com/reports/974222 | IDOR leads to Edit Anyone's Blogs / Websites
https://hackerone.com/reports/974271 | Stored XSS on https://app.crowdsignal.com/surveys/[Survey-Id]/question - Bypass
https://hackerone.com/reports/974368 | CodeQL query to detect XSLT injections
https://hackerone.com/reports/974369 | Query to find TLS configurations supporting hardcoded insecure versions of the protocol and cipher suites
https://hackerone.com/reports/974370 | [CATENACYBER]: [CPP] CWE-476 Null Pointer Dereference : Another query to either missing or redundant NULL check
https://hackerone.com/reports/974892 | Race Condition of Transfer data Credits to Organization Leads to Add Extra free Data Credits to the Organization
https://hackerone.com/reports/975047 | User sensitive information disclosure
https://hackerone.com/reports/975827 | Permanent DoS with one click.
https://hackerone.com/reports/975983 | Site-wide CSRF on Safari due to CORS misconfiguration (not localhost)
https://hackerone.com/reports/976657 | Reflected XSS on a Atavist theme at external_import.php
https://hackerone.com/reports/977851 | Cache poisoning via X-Forwarded-Host in www.shopify.com/partners/blog
https://hackerone.com/reports/978125 | xss triggered in "myshopify.com/admin/product"
https://hackerone.com/reports/978143 | Team object in GraphQL disclosed private_comment
https://hackerone.com/reports/978515 | A specially crafted message sent to the local delivery agent (LMTP) causes the LMTP child process to issue a panic (call i_panic)
https://hackerone.com/reports/978680 | GET based Open redirect on [streamlabs.com/content-hub/streamlabs-obs/search?query=]
https://hackerone.com/reports/979110 | Internal Path Disclosure
https://hackerone.com/reports/980511 | A staff member with no permissions can edit Store Customer Email
https://hackerone.com/reports/980856 | https://publishers.basicattentiontoken.org/favicon.ico is Vulnerable to CVE-2017-7529
https://hackerone.com/reports/981472 | Undocumented fileCopy GraphQL API
https://hackerone.com/reports/981796 | Information Disclosure of Garbage Collection Cycle
https://hackerone.com/reports/981824 | DNS Setup allows sending mail on behalf of other customers
https://hackerone.com/reports/982291 | HEY.com email stored XSS
https://hackerone.com/reports/982510 | Self XSS
https://hackerone.com/reports/983070 | IDOR when creating App on [platform.streamlabs.com/api/v1/store/whitelist] with user_id field
https://hackerone.com/reports/983867 | Java : add MongoDB injection sinks
https://hackerone.com/reports/985150 | Privilege Escalation in Point Of Sale Application from POS Manage Staff Role to potentially Store Owner
https://hackerone.com/reports/986386 | Reflected XSS on www.hackerone.com via Wistia embed code
https://hackerone.com/reports/988103 | Node.js: use-after-free in TLSWrap
https://hackerone.com/reports/988272 | stored XSS in hey.com message content
https://hackerone.com/reports/989415 | Bypass restrict of member subscription to use custom background in https://3d.cs.money without prime subscription
https://hackerone.com/reports/990838 | Bypass Filter on link of build
https://hackerone.com/reports/990878 | IDOR in https://3d.cs.money/
https://hackerone.com/reports/993005 | Server-side denial of service via large payload sent to wiki.cs.money/graphql
https://hackerone.com/reports/993582 | Application DOS via specially crafted payload on 3d.cs.money
https://hackerone.com/reports/994504 | authenticity token not verfied leads to change business name
https://hackerone.com/reports/996899 | LFI to steal /etc/passwd - Bypass filter in the tag via redirect and much more
https://hackerone.com/reports/997198 | Content Spoofing/Text Injection in https://support.cs.money and JS file not minified and uglyfied which makes it clearly readable
https://hackerone.com/reports/999765 | Ticket Trick at https://account.acronis.com
https://hackerone.com/reports/999789 | Getting New Invitations without Leaving Programs
https://hackerone.com/reports/1000567 | ReDoS at wiki.cs.money graphQL endpoint (AND probably a kind of command injection)
https://hackerone.com/reports/1001255 | Possible RCE through Windows Custom Protocol on Windows client
https://hackerone.com/reports/1002188 | Potential HTTP Request Smuggling in nodejs

hackerone-reports's People

Contributors

Stargazers

Watchers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.