Skip to content

Latest commit

 

History

History
360 lines (264 loc) · 4.42 KB

readme.md

File metadata and controls

360 lines (264 loc) · 4.42 KB
Raw

Title

Email Spoofing

URL

https://hackerone.com/reports/793532

Severity score

null

Reporter

mayankraheja069

Bounty paid

null

Title

Missing URL sanitization in comments can be leveraged for phishing

URL

https://hackerone.com/reports/252894

Severity score

null

Reporter

leovin

Bounty paid

null

Title

Content injection on shared event (calendar.mail.ru)

URL

https://hackerone.com/reports/847473

Severity score

null

Reporter

urban_tramp

Bounty paid

$150

Title

Content Spoofing or Text Injection support.mycrypto.com

URL

https://hackerone.com/reports/325827

Severity score

null

Reporter

w2w

Bounty paid

null

Title

URL filter bypass in Enterprise Grid

URL

https://hackerone.com/reports/500348

Severity score

null

Reporter

akaki

Bounty paid

$100

Title

npm packages that overlap with core node packages

URL

https://hackerone.com/reports/333459

Severity score

8.6

Reporter

mlucool

Bounty paid

null

Title

Lack of validation before assigning custom domain names leading to abuse of GitLab pages service

URL

https://hackerone.com/reports/296907

Severity score

null

Reporter

badshah_

Bounty paid

null

Title

Go.imgur.com can be used to phish for account information

URL

https://hackerone.com/reports/384101

Severity score

null

Reporter

kiyell

Bounty paid

$50

Title

Unclaimed Github Repository Takeover on https://www.data.gov/labs

URL

https://hackerone.com/reports/515574

Severity score

null

Reporter

noobzombie

Bounty paid

$150

Title

GitHub users outside of HackerOne organization can create and update Wiki pages of certain public HackerOne repositories

URL

https://hackerone.com/reports/459634

Severity score

null

Reporter

mik317

Bounty paid

null

Title

Stored XSS in api.icq.net

URL

https://hackerone.com/reports/363042

Severity score

0

Reporter

cheatboss

Bounty paid

$150

Title

Twitter Source Label allow 'mongolian vowel separator' U+180E (app name)

URL

https://hackerone.com/reports/785243

Severity score

null

Reporter

lorenznickel

Bounty paid

$560

Title

Missing SPF Records

URL

https://hackerone.com/reports/652447

Severity score

null

Reporter

harshita174

Bounty paid

null

Title

Content Spoofing

URL

https://hackerone.com/reports/841630

Severity score

null

Reporter

full109tun

Bounty paid

null

Title

Limited arbitrary text inclusion in user invite emails

URL

https://hackerone.com/reports/278220

Severity score

null

Reporter

hk755a

Bounty paid

null

Title

[warofdragons.com] Content Spoofing

URL

https://hackerone.com/reports/113370

Severity score

null

Reporter

bigbear_

Bounty paid

null

Title

[tanks.mail.ru] Content Spoofing

URL

https://hackerone.com/reports/112871

Severity score

null

Reporter

bigbear_

Bounty paid

null

Title

[s2.jugger.ru] Content Spoofing

URL

https://hackerone.com/reports/112869

Severity score

null

Reporter

bigbear_

Bounty paid

null

Title

Domian Takeover in [███████]

URL

https://hackerone.com/reports/804080

Severity score

null

Reporter

yghonem

Bounty paid

null

Title

Missing SPF record for the in scope domain

URL

https://hackerone.com/reports/325734

Severity score

6.4

Reporter

nitesculucian

Bounty paid

null

Title

Content spoofing в http://my.mail.ru/cgi-bin/app/paymentm

URL

https://hackerone.com/reports/83565

Severity score

0

Reporter

page1337

Bounty paid

null

Title

URL link spoofing

URL

https://hackerone.com/reports/481472

Severity score

3.5

Reporter

akaki

Bounty paid

$250

Title

ICQ for macOS: lack of com.apple.quarantine meta-attribute on downloaded files leads to GateKeeper/Quarantine bypass for downloaded executables

URL

https://hackerone.com/reports/484664

Severity score

null

Reporter

metnew

Bounty paid

$150

Title

Subdomain Takeover on demo.greenhouse.io pointing to unbouncepages

URL

https://hackerone.com/reports/407355

Severity score

null

Reporter

hacker2202

Bounty paid

$500