readme.md
January 20, 2023 · View on GitHub
Title
Insecure Direct Object Reference on in-scope .mil website
URL
https://hackerone.com/reports/230026
Severity score
null
Reporter
gamliel
Bounty paid
null
Title
Rate limit missing at room login
URL
https://hackerone.com/reports/385381
Severity score
4.3
Reporter
lucky_sen
Bounty paid
$500
Title
scripts loader DOS vulnerability
URL
https://hackerone.com/reports/690338
Severity score
null
Reporter
badisman
Bounty paid
null
Title
load scripts DOS vulnerability
URL
https://hackerone.com/reports/826238
Severity score
null
Reporter
th3cyb3rc0p
Bounty paid
null
Title
Two Factor Authentication Bypass
URL
https://hackerone.com/reports/350288
Severity score
6.6
Reporter
amans
Bounty paid
$500
Title
Missing Rate Limit in Forgot Password can Lead to email address leakage of all smule accounts
URL
https://hackerone.com/reports/441161
Severity score
null
Reporter
dhakal_ananda
Bounty paid
null
Title
the login blocking mechanism does not work correctly
URL
https://hackerone.com/reports/504362
Severity score
6.8
Reporter
aufzayed
Bounty paid
null
Title
Verification code for Underwriter dashboard can be brute-forced
URL
https://hackerone.com/reports/231813
Severity score
null
Reporter
bhumish
Bounty paid
null
Title
The Uber Promo Customer Endpoint Does Not Implement Multifactor Authentication, Blacklisting or Rate Limiting
URL
https://hackerone.com/reports/293359
Severity score
null
Reporter
gregoryvperry
Bounty paid
null
Title
[wallet.rapida.ru] Mass SMS flood
URL
https://hackerone.com/reports/209368
Severity score
null
Reporter
bigbear_
Bounty paid
$200
Title
Authorization for wp-admin directory are vulnerable to brute force.
URL
https://hackerone.com/reports/788420
Severity score
null
Reporter
brumens
Bounty paid
null
Title
Rate Limit Issue on hosted.weblate.org
URL
https://hackerone.com/reports/229825
Severity score
null
Reporter
imran_hadid
Bounty paid
null
Title
brute force attack allowed on admin page https://www.stellar.org/wp-admin/
URL
https://hackerone.com/reports/342977
Severity score
null
Reporter
abo-jehad
Bounty paid
null
Title
Throttling Bypass - ws1.dashlane.com
URL
https://hackerone.com/reports/225897
Severity score
5.3
Reporter
corb3nik
Bounty paid
$350
Title
Bruteforce Unlimited number of password attempts
URL
https://hackerone.com/reports/272832
Severity score
9.8
Reporter
chrisnagora
Bounty paid
null
Title
Forgot Password Page SMS Brute Force could lead to Account Takeover using Android/IOS app "About the house" via api.prodom.smart.space
URL
https://hackerone.com/reports/944392
Severity score
8.2
Reporter
jayesh25
Bounty paid
$1,500
Title
Exposed authentication (/cs/Satellite)
URL
https://hackerone.com/reports/292463
Severity score
null
Reporter
curiositysec
Bounty paid
$200
Title
Possible denial of service when entering a loooong password
URL
https://hackerone.com/reports/840598
Severity score
5.3
Reporter
xcheater
Bounty paid
$100
Title
No BruteForce Protection
URL
https://hackerone.com/reports/223337
Severity score
6.5
Reporter
jaypatel
Bounty paid
null
Title
There is vulnebility Click Here TO fix
URL
https://hackerone.com/reports/319036
Severity score
6.8
Reporter
sonicnik
Bounty paid
null
Title
Bypassing the SMS sending limit for download app link.
URL
https://hackerone.com/reports/517711
Severity score
null
Reporter
bihari_web
Bounty paid
null
Title
The login of Hotor Not is Vulnerable to bruteforce.
URL
https://hackerone.com/reports/744692
Severity score
null
Reporter
oo7hacker3
Bounty paid
$500
Title
Account TakeOver at my.33slona.ru
URL
https://hackerone.com/reports/773519
Severity score
7.5
Reporter
r0hack
Bounty paid
$1,700
Title
Improper Restriction of Excessive Authentication Attempts at https://api.warrobots.com/auth (Pixonic Games)
URL
https://hackerone.com/reports/920548
Severity score
null
Reporter
jayesh25
Bounty paid
$150
Title
Rate limits too low for email 2FA
URL
https://hackerone.com/reports/979820
Severity score
null
Reporter
exploit_db
Bounty paid
null
Title
Account Takeover at vseapteki.ru
URL
https://hackerone.com/reports/707231
Severity score
7.7
Reporter
r0hack
Bounty paid
$2,000
Title
Login page password - guessing attack
URL
https://hackerone.com/reports/244909
Severity score
null
Reporter
paxtammy
Bounty paid
null
Title
Mail.Ru Top - Website Counter Bruteforcing
URL
https://hackerone.com/reports/754536
Severity score
4.4
Reporter
ksapphire
Bounty paid
$150
Title
BruteForce Any [My.com] Account Credentials.
URL
https://hackerone.com/reports/238041
Severity score
null
Reporter
0xradi
Bounty paid
$100
Title
unlock self-lock by brute force
URL
https://hackerone.com/reports/410221
Severity score
null
Reporter
manshum12
Bounty paid
$900
Title
Improper Restriction of Excessive Authentication Attempts at https://ucs.ru/login
URL
https://hackerone.com/reports/905194
Severity score
5.8
Reporter
jayesh25
Bounty paid
$400
Title
Bruteforcing password reset tokens, could lead to account takeover
URL
https://hackerone.com/reports/271533
Severity score
null
Reporter
003random
Bounty paid
$50
Title
Missing rate limit for current password field (Password Change) Account Takeover
URL
https://hackerone.com/reports/827484
Severity score
null
Reporter
full109tun
Bounty paid
$200
Title
No rate limit in affiliate statsapi endpoint
URL
https://hackerone.com/reports/413505
Severity score
null
Reporter
chilliesssssss7
Bounty paid
$150
Title
Possible denial of service when entering a loooong password
URL
https://hackerone.com/reports/952349
Severity score
5.3
Reporter
guoxuxin
Bounty paid
null
Title
Improper Restriction of Excessive Authentication Attempts at o2-ac.my.com/token
URL
https://hackerone.com/reports/917791
Severity score
null
Reporter
jayesh25
Bounty paid
$150
Title
Sending Unlimited Emails to anyone from zomato mail server.
URL
https://hackerone.com/reports/518928
Severity score
null
Reporter
bihari_web
Bounty paid
null
Title
[agent.33slona.ru] Recovery code bruteforce
URL
https://hackerone.com/reports/671119
Severity score
8.2
Reporter
iframe
Bounty paid
$1,500
Title
Missing Rate Limit in Password Change
URL
https://hackerone.com/reports/440495
Severity score
null
Reporter
dhakal_ananda
Bounty paid
null
Title
[H1-2006 2020] Includes 1 free content discovery
URL
https://hackerone.com/reports/894198
Severity score
null
Reporter
osintopsec
Bounty paid
null
Title
Ability to bruteforce mopub account’s password due to lack of rate limitation protection using {ip rotation techniques}
URL
https://hackerone.com/reports/819930
Severity score
3.7
Reporter
updatelap
Bounty paid
$420
Title
SMS Brute Force Possibility via https://youdrive.today/login/web/code can lead to Account Takeover
URL
https://hackerone.com/reports/922418
Severity score
null
Reporter
jayesh25
Bounty paid
$1,500
Title
A specially crafted value for the 'Cache-Digest' header causing crash in chat.makerdao.com
URL
https://hackerone.com/reports/972936
Severity score
null
Reporter
lalit2020
Bounty paid
null
Title
User login page doesn't implement any form of rate limiting
URL
https://hackerone.com/reports/410451
Severity score
3
Reporter
0xspade
Bounty paid
$500
Title
[combo.mail.ru] SMS code bruteforce
URL
https://hackerone.com/reports/917688
Severity score
8.3
Reporter
esetal
Bounty paid
$6,000
Title
StoreFront API allows for a brute force attack on customer login by not timing out ALL attempts
URL
https://hackerone.com/reports/708013
Severity score
5.8
Reporter
clew
Bounty paid
$500
Title
Missing rate-limits at endpoints
URL
https://hackerone.com/reports/232878
Severity score
null
Reporter
introvertmac
Bounty paid
null
Title
app.passit.io is vulnerable against Brute Force password quessing attack
URL
https://hackerone.com/reports/337181
Severity score
null
Reporter
muon4
Bounty paid
null
Title
Brute-force any email account through allods.mail.ru
URL
https://hackerone.com/reports/811776
Severity score
null
Reporter
hackervision
Bounty paid
null
Title
Account Takeover worki.ru
URL
https://hackerone.com/reports/744662
Severity score
10
Reporter
tr3harder
Bounty paid
$1,700
Title
mailbomb through invite feature on chrome addon
URL
https://hackerone.com/reports/233376
Severity score
null
Reporter
konkakarthik
Bounty paid
null
Title
SSH port on store.greenhouse.io is vulnerable to brute force attacks
URL
https://hackerone.com/reports/897556
Severity score
null
Reporter
lonelyhuman
Bounty paid
null
Title
The password recovery let users know whether an email address exists or not in the website
URL
https://hackerone.com/reports/681468
Severity score
null
Reporter
guilhermecruzdev
Bounty paid
null
Title
SSL expired subdomain leads to API swap with main and flagged cookies. Unable to log device ids and certain session tokens.
URL
https://hackerone.com/reports/1024880
Severity score
null
Reporter
babykeem
Bounty paid
$350
Title
Possibility to enumerate and bruteforce promotion codes in Uber iOS App
URL
https://hackerone.com/reports/125707
Severity score
null
Reporter
r0t
Bounty paid
$3,000
Title
Bruteforce in admin panel
URL
https://hackerone.com/reports/341074
Severity score
null
Reporter
shawalkhan
Bounty paid
null
Title
SSH backdated version open port
URL
https://hackerone.com/reports/255627
Severity score
null
Reporter
walidhossain
Bounty paid
null
Title
Account TakeOver through password recovery at am.ru
URL
https://hackerone.com/reports/730067
Severity score
9.7
Reporter
r0hack
Bounty paid
$3,000
Title
No rate limit in stats api token endpoint
URL
https://hackerone.com/reports/412526
Severity score
null
Reporter
chilliesssssss7
Bounty paid
$150
Title
Rate Limit workaround in the message of the phone number verification
URL
https://hackerone.com/reports/619578
Severity score
null
Reporter
dr_akm
Bounty paid
$100