Insecure Direct Object Reference on in-scope .mil website
https://hackerone.com/reports/230026
null
gamliel
null
Rate limit missing at room login
https://hackerone.com/reports/385381
4.3
lucky_sen
$500
scripts loader DOS vulnerability
https://hackerone.com/reports/690338
null
badisman
null
load scripts DOS vulnerability
https://hackerone.com/reports/826238
null
th3cyb3rc0p
null
Two Factor Authentication Bypass
https://hackerone.com/reports/350288
6.6
amans
$500
Missing Rate Limit in Forgot Password can Lead to email address leakage of all smule accounts
https://hackerone.com/reports/441161
null
dhakal_ananda
null
the login blocking mechanism does not work correctly
https://hackerone.com/reports/504362
6.8
aufzayed
null
Verification code for Underwriter dashboard can be brute-forced
https://hackerone.com/reports/231813
null
bhumish
null
The Uber Promo Customer Endpoint Does Not Implement Multifactor Authentication, Blacklisting or Rate Limiting
https://hackerone.com/reports/293359
null
gregoryvperry
null
[wallet.rapida.ru] Mass SMS flood
https://hackerone.com/reports/209368
null
bigbear_
$200
Authorization for wp-admin directory are vulnerable to brute force.
https://hackerone.com/reports/788420
null
brumens
null
Rate Limit Issue on hosted.weblate.org
https://hackerone.com/reports/229825
null
imran_hadid
null
brute force attack allowed on admin page https://www.stellar.org/wp-admin/
https://hackerone.com/reports/342977
null
abo-jehad
null
Throttling Bypass - ws1.dashlane.com
https://hackerone.com/reports/225897
5.3
corb3nik
$350
Bruteforce Unlimited number of password attempts
https://hackerone.com/reports/272832
9.8
chrisnagora
null
Forgot Password Page SMS Brute Force could lead to Account Takeover using Android/IOS app "About the house" via api.prodom.smart.space
https://hackerone.com/reports/944392
8.2
jayesh25
$1,500
Exposed authentication (/cs/Satellite)
https://hackerone.com/reports/292463
null
curiositysec
$200
Possible denial of service when entering a loooong password
https://hackerone.com/reports/840598
5.3
xcheater
$100
No BruteForce Protection
https://hackerone.com/reports/223337
6.5
jaypatel
null
There is vulnebility Click Here TO fix
https://hackerone.com/reports/319036
6.8
sonicnik
null
Bypassing the SMS sending limit for download app link.
https://hackerone.com/reports/517711
null
bihari_web
null
The login of Hotor Not is Vulnerable to bruteforce.
https://hackerone.com/reports/744692
null
oo7hacker3
$500
Account TakeOver at my.33slona.ru
https://hackerone.com/reports/773519
7.5
r0hack
$1,700
Improper Restriction of Excessive Authentication Attempts at https://api.warrobots.com/auth (Pixonic Games)
https://hackerone.com/reports/920548
null
jayesh25
$150
Rate limits too low for email 2FA
https://hackerone.com/reports/979820
null
exploit_db
null
Account Takeover at vseapteki.ru
https://hackerone.com/reports/707231
7.7
r0hack
$2,000
Login page password - guessing attack
https://hackerone.com/reports/244909
null
paxtammy
null
Mail.Ru Top - Website Counter Bruteforcing
https://hackerone.com/reports/754536
4.4
ksapphire
$150
BruteForce Any [My.com] Account Credentials.
https://hackerone.com/reports/238041
null
0xradi
$100
unlock self-lock by brute force
https://hackerone.com/reports/410221
null
manshum12
$900
Improper Restriction of Excessive Authentication Attempts at https://ucs.ru/login
https://hackerone.com/reports/905194
5.8
jayesh25
$400
Bruteforcing password reset tokens, could lead to account takeover
https://hackerone.com/reports/271533
null
003random
$50
Missing rate limit for current password field (Password Change) Account Takeover
https://hackerone.com/reports/827484
null
full109tun
$200
No rate limit in affiliate statsapi endpoint
https://hackerone.com/reports/413505
null
chilliesssssss7
$150
Possible denial of service when entering a loooong password
https://hackerone.com/reports/952349
5.3
guoxuxin
null
Improper Restriction of Excessive Authentication Attempts at o2-ac.my.com/token
https://hackerone.com/reports/917791
null
jayesh25
$150
Sending Unlimited Emails to anyone from zomato mail server.
https://hackerone.com/reports/518928
null
bihari_web
null
[agent.33slona.ru] Recovery code bruteforce
https://hackerone.com/reports/671119
8.2
iframe
$1,500
Missing Rate Limit in Password Change
https://hackerone.com/reports/440495
null
dhakal_ananda
null
[H1-2006 2020] Includes 1 free content discovery
https://hackerone.com/reports/894198
null
osintopsec
null
Ability to bruteforce mopub account’s password due to lack of rate limitation protection using {ip rotation techniques}
https://hackerone.com/reports/819930
3.7
updatelap
$420
SMS Brute Force Possibility via https://youdrive.today/login/web/code can lead to Account Takeover
https://hackerone.com/reports/922418
null
jayesh25
$1,500
A specially crafted value for the 'Cache-Digest' header causing crash in chat.makerdao.com
https://hackerone.com/reports/972936
null
lalit2020
null
User login page doesn't implement any form of rate limiting
https://hackerone.com/reports/410451
3
0xspade
$500
[combo.mail.ru] SMS code bruteforce
https://hackerone.com/reports/917688
8.3
esetal
$6,000
StoreFront API allows for a brute force attack on customer login by not timing out ALL attempts
https://hackerone.com/reports/708013
5.8
clew
$500
Missing rate-limits at endpoints
https://hackerone.com/reports/232878
null
introvertmac
null
app.passit.io is vulnerable against Brute Force password quessing attack
https://hackerone.com/reports/337181
null
muon4
null
Brute-force any email account through allods.mail.ru
https://hackerone.com/reports/811776
null
hackervision
null
Account Takeover worki.ru
https://hackerone.com/reports/744662
10
tr3harder
$1,700
mailbomb through invite feature on chrome addon
https://hackerone.com/reports/233376
null
konkakarthik
null
SSH port on store.greenhouse.io is vulnerable to brute force attacks
https://hackerone.com/reports/897556
null
lonelyhuman
null
The password recovery let users know whether an email address exists or not in the website
https://hackerone.com/reports/681468
null
guilhermecruzdev
null
SSL expired subdomain leads to API swap with main and flagged cookies. Unable to log device ids and certain session tokens.
https://hackerone.com/reports/1024880
null
babykeem
$350
Possibility to enumerate and bruteforce promotion codes in Uber iOS App
https://hackerone.com/reports/125707
null
r0t
$3,000
Bruteforce in admin panel
https://hackerone.com/reports/341074
null
shawalkhan
null
SSH backdated version open port
https://hackerone.com/reports/255627
null
walidhossain
null
Account TakeOver through password recovery at am.ru
https://hackerone.com/reports/730067
9.7
r0hack
$3,000
No rate limit in stats api token endpoint
https://hackerone.com/reports/412526
null
chilliesssssss7
$150
Rate Limit workaround in the message of the phone number verification
https://hackerone.com/reports/619578
null
dr_akm
$100