readme.md
January 20, 2023 · View on GitHub
Title
Account Deleted without any confirmation
URL
https://hackerone.com/reports/42403
Severity score
null
Reporter
sappi
Bounty paid
null
Title
Default credentials on a DoD website
URL
https://hackerone.com/reports/192074
Severity score
null
Reporter
korprit
Bounty paid
null
Title
Top 10 2013-A2-Broken Authentication and Session Management - wordpress.com
URL
https://hackerone.com/reports/18503
Severity score
null
Reporter
mohaab007
Bounty paid
null
Title
Получение вечного доступа к Long Pool и авторизованой страницы сайта, если мы когда-либо были на аккаунте жертвы
URL
https://hackerone.com/reports/337734
Severity score
null
Reporter
povargek
Bounty paid
$500
Title
Broken Authentication on Badoo
URL
https://hackerone.com/reports/121469
Severity score
null
Reporter
darshitvarotaria
Bounty paid
$427
Title
An implementation flaw in Mail.ru can be exploited for DKIM signature spoofing and email spoofing
URL
https://hackerone.com/reports/731878
Severity score
5
Reporter
jianjun
Bounty paid
$150
Title
Project Disclosure of all Harvest Instances
URL
https://hackerone.com/reports/152929
Severity score
null
Reporter
vichaarya
Bounty paid
$500
Title
Yahoo mail login page bruteforce protection bypass
URL
https://hackerone.com/reports/2596
Severity score
null
Reporter
daksh
Bounty paid
null
Title
Unauthorized file (invoice) download
URL
https://hackerone.com/reports/115209
Severity score
null
Reporter
ninad
Bounty paid
null
Title
Read-only share recipient can restore old versions of file
URL
https://hackerone.com/reports/146067
Severity score
null
Reporter
bugdiscloseguys
Bounty paid
$300
Title
Vulnerable Link Leaks the User Names
URL
https://hackerone.com/reports/123089
Severity score
null
Reporter
daniyal_nasir
Bounty paid
null
Title
Possibly big authorization problem in Lähitapiola´s varainhoito
URL
https://hackerone.com/reports/135252
Severity score
null
Reporter
billy_blaze
Bounty paid
$400
Title
एमएस डॉस प्राणघाती है।
URL
https://hackerone.com/reports/5596
Severity score
null
Reporter
prakharprasad
Bounty paid
null
Title
Liberapay Non Verified Account Takeover with signup feature
URL
https://hackerone.com/reports/361194
Severity score
null
Reporter
khizer47
Bounty paid
null
Title
Broken Authentication and session management OWASP A2
URL
https://hackerone.com/reports/798812
Severity score
null
Reporter
phhitachi
Bounty paid
null
Title
Snooping into messages via email service
URL
https://hackerone.com/reports/163938
Severity score
null
Reporter
rijalrojan
Bounty paid
$2,500
Title
SMTP server allows anonymous relay from internal addresses to internal addresses
URL
https://hackerone.com/reports/144385
Severity score
null
Reporter
phenix
Bounty paid
null
Title
[gitmm.corp.mail.ru] Auth Bypass, Information Disclosure
URL
https://hackerone.com/reports/99273
Severity score
null
Reporter
bigbear_
Bounty paid
null
Title
Broken OAuth leads to change photo profile users .
URL
https://hackerone.com/reports/642475
Severity score
null
Reporter
u0pattern
Bounty paid
$512
Title
There is any issue No valid SPF Records
URL
https://hackerone.com/reports/864696
Severity score
null
Reporter
blackviper21
Bounty paid
null
Title
It's possible to view configuration and/or source code on uchat.awscorp.uberinternal.com without
URL
https://hackerone.com/reports/298862
Severity score
null
Reporter
gregoryvperry
Bounty paid
null
Title
Password Reset Link not expiring after changing the email Leads To Account Takeover
URL
https://hackerone.com/reports/685007
Severity score
null
Reporter
alishah
Bounty paid
$100
Title
Unauthorized access to jiratest.starbucks.com
URL
https://hackerone.com/reports/332586
Severity score
null
Reporter
damian89
Bounty paid
$4,000
Title
Username restriction bypass with SSL client authentication
URL
https://hackerone.com/reports/480928
Severity score
8.2
Reporter
halfdog
Bounty paid
$1,000
Title
Unauthorized access to all collections, products, pages from other stores
URL
https://hackerone.com/reports/93921
Severity score
null
Reporter
supernatural
Bounty paid
$2,500
Title
Bypassing Verify Humans Page
URL
https://hackerone.com/reports/242874
Severity score
null
Reporter
suvrat7
Bounty paid
null
Title
SAML authentication bypass
URL
https://hackerone.com/reports/812064
Severity score
8.8
Reporter
tomp1
Bounty paid
null
Title
No Rate Limit On Reset Password
URL
https://hackerone.com/reports/838572
Severity score
null
Reporter
dianeme
Bounty paid
null
Title
User enumeration via error message
URL
https://hackerone.com/reports/123496
Severity score
null
Reporter
zuh4n
Bounty paid
null
Title
AWS S3 bucket writeable for authenticated AWS users
URL
https://hackerone.com/reports/881004
Severity score
null
Reporter
zinin
Bounty paid
null
Title
Testing for user enumeration (OWASP‐AT‐002) - https://gh.bouncer.login.yahoo.com
URL
https://hackerone.com/reports/12708
Severity score
null
Reporter
cmaruti
Bounty paid
$100
Title
2-factor authentication bypass
URL
https://hackerone.com/reports/145629
Severity score
null
Reporter
malcolmx
Bounty paid
$100
Title
Account takeover via Pornhub Oauth
URL
https://hackerone.com/reports/192648
Severity score
null
Reporter
cyber-guard
Bounty paid
$1,000
Title
Session not expired on logout
URL
https://hackerone.com/reports/245124
Severity score
null
Reporter
ronygigi
Bounty paid
null
Title
Recently change email but still login with old email
URL
https://hackerone.com/reports/986459
Severity score
null
Reporter
dream_changer
Bounty paid
null
Title
Bruteforce attack is possible on newsletter.nextcloud.com
URL
https://hackerone.com/reports/145722
Severity score
null
Reporter
koolacac
Bounty paid
null
Title
missing SPF for legalrobot.com
URL
https://hackerone.com/reports/64561
Severity score
null
Reporter
paramdham
Bounty paid
$20
Title
[insideok.ru] Database Dump
URL
https://hackerone.com/reports/197789
Severity score
null
Reporter
bigbear_
Bounty paid
$500
Title
Thailand – a small number of alarm system portals accessible with the default credentials
URL
https://hackerone.com/reports/406486
Severity score
null
Reporter
radoooz
Bounty paid
$500
Title
Password Restriction On Change
URL
https://hackerone.com/reports/262140
Severity score
null
Reporter
ihusnain49
Bounty paid
null
Title
By pass admin panel [seminars.mail.ru]
URL
https://hackerone.com/reports/119427
Severity score
null
Reporter
haxta4ok00
Bounty paid
$150
Title
Complete or Edit Another User's Profile
URL
https://hackerone.com/reports/123731
Severity score
null
Reporter
yaworsk
Bounty paid
null
Title
Login using disconnected google account i.e login using old email id
URL
https://hackerone.com/reports/223427
Severity score
null
Reporter
tushar21
Bounty paid
null
Title
LDAP login possible even though account doesn't match user filter
URL
https://hackerone.com/reports/205908
Severity score
null
Reporter
gvde
Bounty paid
null
Title
Bypass of biometrics security functionality is possible in Android application (com.shopify.mobile)
URL
https://hackerone.com/reports/637194
Severity score
null
Reporter
tems
Bounty paid
$500
Title
User Enumeration
URL
https://hackerone.com/reports/192986
Severity score
null
Reporter
aa23
Bounty paid
null
Title
Critical : Access to group videos where videos are restricted for all users(Broken authentication )
URL
https://hackerone.com/reports/78781
Severity score
null
Reporter
indoappsec
Bounty paid
$150
Title
Unauthenticated Docker registry
URL
https://hackerone.com/reports/179103
Severity score
null
Reporter
nathonsecurity
Bounty paid
$5,000
Title
Near-duplicate accounts allowed with ignored email mutations
URL
https://hackerone.com/reports/171337
Severity score
null
Reporter
vishnuraj
Bounty paid
$20
Title
HackerOne Important Emails Notification are sent in clear-text
URL
https://hackerone.com/reports/127175
Severity score
null
Reporter
ala_arfaoui
Bounty paid
null
Title
set Pragma header
URL
https://hackerone.com/reports/145206
Severity score
null
Reporter
hassanjawaid
Bounty paid
null
Title
Password reset token issue
URL
https://hackerone.com/reports/265775
Severity score
null
Reporter
ghoibsec
Bounty paid
$20
Title
Comment Spoofing at http://suggestions.yahoo.com/detail/?prop=directory&fid=97721
URL
https://hackerone.com/reports/6665
Severity score
null
Reporter
surgent10cross
Bounty paid
$500
Title
Password Complexity
URL
https://hackerone.com/reports/263728
Severity score
null
Reporter
ihusnain49
Bounty paid
null
Title
CORS (Cross-Origin Resource Sharing)
URL
https://hackerone.com/reports/310579
Severity score
null
Reporter
asad_anwar
Bounty paid
null
Title
Captcha Bypass enable login bruteforce
URL
https://hackerone.com/reports/124173
Severity score
null
Reporter
bugs3ra
Bounty paid
null
Title
Broken Authentication - Security token gets captured via man in the middle attack
URL
https://hackerone.com/reports/206650
Severity score
null
Reporter
dermeister
Bounty paid
$200
Title
Email address is not validated, No Rate Limit and RCE On Forgot Password Page Of affiliates.nordvpn.com
URL
https://hackerone.com/reports/798913
Severity score
null
Reporter
aplis
Bounty paid
null
Title
No Valid SPF Records
URL
https://hackerone.com/reports/962909
Severity score
null
Reporter
harshita174
Bounty paid
null
Title
[Critical] - Steal OAuth Tokens
URL
https://hackerone.com/reports/131202
Severity score
null
Reporter
paulos_
Bounty paid
$840
Title
Bypass two-factor authentication
URL
https://hackerone.com/reports/121696
Severity score
null
Reporter
kamikaze
Bounty paid
$500
Title
Bypassing Digits origin validation which leads to account takeover
URL
https://hackerone.com/reports/129873
Severity score
null
Reporter
filedescriptor
Bounty paid
$5,040
Title
Missing authentication on Notification setting .
URL
https://hackerone.com/reports/135891
Severity score
null
Reporter
vijay_kumar
Bounty paid
null
Title
Unsecured Elasticsearch Instance
URL
https://hackerone.com/reports/267161
Severity score
null
Reporter
cyber-guard
Bounty paid
$3,500
Title
Configuration and/or source code files on uchat-staging.uberinternal.com can be viewed without OneLogin SSO Authentication
URL
https://hackerone.com/reports/298990
Severity score
null
Reporter
gregoryvperry
Bounty paid
null
Title
Email Verification Link can be Used as Password Reset Link!
URL
https://hackerone.com/reports/98469
Severity score
null
Reporter
karimrahal
Bounty paid
$50
Title
Improper access control to messages of Social app
URL
https://hackerone.com/reports/921717
Severity score
5
Reporter
sanktjodel
Bounty paid
null
Title
Sub Domain Take over
URL
https://hackerone.com/reports/111078
Severity score
null
Reporter
ketan_patil
Bounty paid
$15
Title
Invitation is not properly cancelled while inviting to bug reports.
URL
https://hackerone.com/reports/66151
Severity score
null
Reporter
boredengineer21
Bounty paid
$500
Title
getting emails of users/removing them from victims account [using typical attack]
URL
https://hackerone.com/reports/35287
Severity score
null
Reporter
akhil-reni
Bounty paid
$140
Title
Attackers can control which security questions they are presented (████████)
URL
https://hackerone.com/reports/192082
Severity score
null
Reporter
korprit
Bounty paid
null
Title
Atttacker can send "Invitation Request" to a Project that is not even created yet!
URL
https://hackerone.com/reports/9088
Severity score
null
Reporter
faisalahmed
Bounty paid
null
Title
Improper authentication in the load sell inventory page
URL
https://hackerone.com/reports/993767
Severity score
null
Reporter
niggy
Bounty paid
null
Title
Group Invite not properly authenticated
URL
https://hackerone.com/reports/46379
Severity score
null
Reporter
m0rph3u5
Bounty paid
null
Title
[ipm.informatica.com]- Broken Authentication
URL
https://hackerone.com/reports/201152
Severity score
null
Reporter
adminadminadmin
Bounty paid
null
Title
[H1-2006 2020] Multiple vulnerabilities lead to CEO account takeover and paid bounties
URL
https://hackerone.com/reports/890196
Severity score
null
Reporter
fersingb
Bounty paid
null
Title
twofactor_auth bypassable if provider fails to load
URL
https://hackerone.com/reports/317711
Severity score
null
Reporter
cyphar
Bounty paid
$50
Title
Change any Uber user's password through /rt/users/passwordless-signup - Account Takeover (critical)
URL
https://hackerone.com/reports/143717
Severity score
null
Reporter
mongo
Bounty paid
$10,000
Title
GA code not verified on the server side allows sending Verification Documents on behalf of another user
URL
https://hackerone.com/reports/77076
Severity score
null
Reporter
crab
Bounty paid
$250
Title
No valid SPF record
URL
https://hackerone.com/reports/66385
Severity score
null
Reporter
paramdham
Bounty paid
$20
Title
No Valid SPF Records.
URL
https://hackerone.com/reports/116973
Severity score
null
Reporter
bugdiscloseguys
Bounty paid
$10
Title
Forgot Password Issue
URL
https://hackerone.com/reports/23363
Severity score
null
Reporter
xtross1
Bounty paid
$300
Title
Security Vulnerability - SMTP protection not used
URL
https://hackerone.com/reports/123518
Severity score
null
Reporter
ashishdhaduk
Bounty paid
null
Title
[IDOR] post to anyone even if their stream is restricted to friends only
URL
https://hackerone.com/reports/137954
Severity score
null
Reporter
mikkz
Bounty paid
$1,500
Title
Воскрешение сессии после сброса сессий / смены пароля / принудительной смены пароля
URL
https://hackerone.com/reports/207062
Severity score
null
Reporter
povargek
Bounty paid
$700
Title
Missing Rate limiting on https://underwriter.partner.cuvva.com/login
URL
https://hackerone.com/reports/232403
Severity score
null
Reporter
str33
Bounty paid
null
Title
No Rate Limiting On Phone Number Login Leads to Login Bypass
URL
https://hackerone.com/reports/903363
Severity score
null
Reporter
done11
Bounty paid
null
Title
Leak ██████████ information in real time through API request
URL
https://hackerone.com/reports/307050
Severity score
7.5
Reporter
severus
Bounty paid
$3,000
Title
Create account in uber without signup form
URL
https://hackerone.com/reports/125242
Severity score
null
Reporter
blueberryinfosec
Bounty paid
null
Title
Authentication bypass leads to sensitive data exposure (token+secret)
URL
https://hackerone.com/reports/129918
Severity score
null
Reporter
secalert
Bounty paid
$2,000
Title
Talk - Leak of password-protected room name via already existent resource addition
URL
https://hackerone.com/reports/662218
Severity score
2.7
Reporter
foobar7
Bounty paid
$150
Title
Wordpress Vulnerabilities in transparencyreport.uber.com and eng.uber.com domains
URL
https://hackerone.com/reports/148163
Severity score
null
Reporter
vivek-p
Bounty paid
$1,000
Title
Bypass Password Authentication for updating email and phone number - Security Vulnerability
URL
https://hackerone.com/reports/770504
Severity score
null
Reporter
jayesh25
Bounty paid
$700
Title
AWS S3 bucket writeable for authenticated aws users
URL
https://hackerone.com/reports/128088
Severity score
null
Reporter
yaworsk
Bounty paid
$2,500
Title
Open Redirect on central.uber.com allows for account takeover
URL
https://hackerone.com/reports/206591
Severity score
null
Reporter
ngalog
Bounty paid
$8,000
Title
Notification request disclose private information about other myshopify accounts
URL
https://hackerone.com/reports/56936
Severity score
null
Reporter
dvl
Bounty paid
$4,000
Title
SMB User Authentication Bypass and Persistence
URL
https://hackerone.com/reports/148151
Severity score
null
Reporter
rhinosecuritylabs
Bounty paid
$150
Title
Authentication errors in server side validaton of E-MAIL
URL
https://hackerone.com/reports/80883
Severity score
null
Reporter
faisalahmed
Bounty paid
null
Title
Make victim buy in attacker's account without any idea - http://www.booztlet.com/
URL
https://hackerone.com/reports/167731
Severity score
null
Reporter
inhibitor181
Bounty paid
$80
Title
[CRITICAL]-Taking over entire subdomain of romit.io
URL
https://hackerone.com/reports/173681
Severity score
null
Reporter
ehsahil
Bounty paid
$513
Title
All Active user sessions should be destroyed when user change his password!
URL
https://hackerone.com/reports/157450
Severity score
null
Reporter
rahul_ch
Bounty paid
null
Title
test1.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability
URL
https://hackerone.com/reports/83971
Severity score
null
Reporter
ashesh
Bounty paid
null
Title
IDOR - disclosure of private videos - /api_android_v3/getUserVideos
URL
https://hackerone.com/reports/186279
Severity score
null
Reporter
cyber-guard
Bounty paid
$1,500
Title
login to any user's cashier account and full account information disclosure
URL
https://hackerone.com/reports/98247
Severity score
null
Reporter
zombiehelp54
Bounty paid
$300
Title
Urgent : Disclosure of all the apps with hash ID in mopub through API request (Authentication bypass)
URL
https://hackerone.com/reports/98432
Severity score
null
Reporter
indoappsec
Bounty paid
$280
Title
No valid SPF record found
URL
https://hackerone.com/reports/775531
Severity score
null
Reporter
cybersera
Bounty paid
null
Title
Authentication Bypass by abusing Insecure crypto tokens in /lib/OA/Dal/PasswordRecovery.php:
URL
https://hackerone.com/reports/576504
Severity score
null
Reporter
paulos_
Bounty paid
null
Title
AWS S3 bucket writable for authenticated aws user
URL
https://hackerone.com/reports/131468
Severity score
null
Reporter
dpgribkov
Bounty paid
null
Title
Access to ██████████████ due to weak credentials
URL
https://hackerone.com/reports/692116
Severity score
null
Reporter
kingragnar
Bounty paid
null
Title
Email Forgery through Mandrillapp SPF
URL
https://hackerone.com/reports/117097
Severity score
null
Reporter
bugdiscloseguys
Bounty paid
$10
Title
Transactions visible on Unconfirmed devices
URL
https://hackerone.com/reports/100186
Severity score
null
Reporter
shahmeer-amir
Bounty paid
$500
Title
Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports
URL
https://hackerone.com/reports/106084
Severity score
null
Reporter
h13-
Bounty paid
$500
Title
Bypassing password requirement during deletion of accout
URL
https://hackerone.com/reports/93901
Severity score
null
Reporter
computerk
Bounty paid
$500
Title
Unauthorized admission to any team in zeit.co
URL
https://hackerone.com/reports/681882
Severity score
null
Reporter
caesareg
Bounty paid
null
Title
Bypass CAPTCHA protection
URL
https://hackerone.com/reports/210417
Severity score
null
Reporter
exception
Bounty paid
$500
Title
Mapbox API Access Token with No Scope Can Read Styles
URL
https://hackerone.com/reports/122050
Severity score
null
Reporter
bugs3ra
Bounty paid
$200
Title
Login to any user account using other facebook app access token
URL
https://hackerone.com/reports/101977
Severity score
null
Reporter
vinothkumar
Bounty paid
null
Title
Administrator can create user without entering high security mode
URL
https://hackerone.com/reports/351361
Severity score
3.5
Reporter
ivh
Bounty paid
$300
Title
Bypassing Phone Verification For Posting AD On OLX
URL
https://hackerone.com/reports/165854
Severity score
null
Reporter
raees
Bounty paid
null
Title
Tweetdeck (twitter owned app) not revoked
URL
https://hackerone.com/reports/90172
Severity score
null
Reporter
xmly
Bounty paid
$280
Title
Bypass OTP verification when placing Order
URL
https://hackerone.com/reports/142221
Severity score
null
Reporter
thisishrsh
Bounty paid
null
Title
Not Using Secure Flag Option on Cookies Could Lead to a Man in the Middle Session Highjacking
URL
https://hackerone.com/reports/123748
Severity score
null
Reporter
yaworsk
Bounty paid
null
Title
Twitter Ads Campaign information disclosure through admin without any authentication.
URL
https://hackerone.com/reports/49806
Severity score
null
Reporter
avicoder_
Bounty paid
$560
Title
Missing Rate Limit for Current Password field in nextcloud.com
URL
https://hackerone.com/reports/199714
Severity score
2.7
Reporter
sumitsahoo
Bounty paid
null
Title
Password token validation in Weblate Bypass
URL
https://hackerone.com/reports/243842
Severity score
null
Reporter
footstep
Bounty paid
null
Title
2FA bypass by sending blank code
URL
https://hackerone.com/reports/897385
Severity score
null
Reporter
safehacker_27
Bounty paid
$1,000
Title
Open Aws Amazon S3 Buckets
URL
https://hackerone.com/reports/222724
Severity score
null
Reporter
saadahmedx
Bounty paid
$500
Title
Bypassing Digits web authentication's host validation with HPP
URL
https://hackerone.com/reports/114169
Severity score
null
Reporter
filedescriptor
Bounty paid
$2,520
Title
create staff member without owner access
URL
https://hackerone.com/reports/90688
Severity score
null
Reporter
supernatural
Bounty paid
$1,000
Title
Login to any account with the emailaddress
URL
https://hackerone.com/reports/245408
Severity score
null
Reporter
gerben_javado
Bounty paid
$1,000
Title
pam-ussh may be tricked into using another logged in user's ssh-agent
URL
https://hackerone.com/reports/204802
Severity score
6.6
Reporter
solardiz
Bounty paid
$1,500
Title
Access to Splunk via shard3-db2.ec2.shopify.com endpoint
URL
https://hackerone.com/reports/165048
Severity score
null
Reporter
ysx
Bounty paid
$500
Title
Unauthorized access to Zookeeper on http://locutus-zk3.ec2.shopify.com:2181
URL
https://hackerone.com/reports/154369
Severity score
null
Reporter
mico02
Bounty paid
$1,000
Title
Slack OAuth2 "redirect_uri" Bypass
URL
https://hackerone.com/reports/2575
Severity score
null
Reporter
prakharprasad
Bounty paid
$100
Title
Domain takeover (legalrobot.co.za)
URL
https://hackerone.com/reports/230525
Severity score
null
Reporter
todayisnew
Bounty paid
$20
Title
Restricted user is able to delete filter sets of admin users in https://infrastructure.newrelic.com/accounts/{{ACC#}}/settings/filterSets
URL
https://hackerone.com/reports/202501
Severity score
null
Reporter
jon_bottarini
Bounty paid
$250
Title
Password Reset Link issue
URL
https://hackerone.com/reports/161924
Severity score
null
Reporter
i1ackerone
Bounty paid
null
Title
Insecure direct object reference - have access to deleted DM's
URL
https://hackerone.com/reports/52646
Severity score
null
Reporter
akhil-reni
Bounty paid
$420
Title
Improperly implemented password recovery link functionality
URL
https://hackerone.com/reports/809
Severity score
null
Reporter
dawidczagan
Bounty paid
$300
Title
Recursor accepts unsigned, empty NXDOMAINs in secure zones
URL
https://hackerone.com/reports/858854
Severity score
4.8
Reporter
mnordhoff
Bounty paid
$400
Title
Broken Authentication and Session Management(Session Fixation)
URL
https://hackerone.com/reports/167698
Severity score
null
Reporter
koshti25
Bounty paid
null
Title
Unauthorized access to any Store Admin's First & Last name
URL
https://hackerone.com/reports/95441
Severity score
null
Reporter
hazimaslam
Bounty paid
$500
Title
Able to create basic user account via Google login on HackerOne Drupal CMS
URL
https://hackerone.com/reports/208407
Severity score
null
Reporter
ishahriyar
Bounty paid
null
Title
Session Hijacking
URL
https://hackerone.com/reports/167460
Severity score
null
Reporter
aswad_husnain
Bounty paid
null
Title
[CRITICAL] -- Complete Account Takeover
URL
https://hackerone.com/reports/136885
Severity score
null
Reporter
parth
Bounty paid
$8,000
Title
Private Program Disclosure in /:handle/reports/draft.json endpoint
URL
https://hackerone.com/reports/116032
Severity score
null
Reporter
charfe
Bounty paid
$500
Title
Password reset link remains valid after email change
URL
https://hackerone.com/reports/145896
Severity score
null
Reporter
rootxflood
Bounty paid
null
Title
Authentication bypass at fast.corp.yahoo.com
URL
https://hackerone.com/reports/3577
Severity score
null
Reporter
internetwache
Bounty paid
null
Title
Flaw in login with twitter to steal Oauth tokens
URL
https://hackerone.com/reports/44492
Severity score
null
Reporter
akhil-reni
Bounty paid
$140
Title
Authentication Bypassing and Sensitive Information Disclosure on Verify Email Address in Registration Flow
URL
https://hackerone.com/reports/124151
Severity score
null
Reporter
vivek-p
Bounty paid
null
Title
████ - Complete account takeover
URL
https://hackerone.com/reports/566811
Severity score
null
Reporter
cablej_dds
Bounty paid
null
Title
iOS application does not destroy session upon logout.
URL
https://hackerone.com/reports/7041
Severity score
null
Reporter
uname
Bounty paid
$100
Title
Password complexity requirements not enforced
URL
https://hackerone.com/reports/191643
Severity score
null
Reporter
japz
Bounty paid
$20
Title
Writable RubyCi Amazon s3 bucket
URL
https://hackerone.com/reports/207053
Severity score
null
Reporter
dataalchemist
Bounty paid
$500
Title
Unauthenticated access to details of hidden products in any shop via title emuneration
URL
https://hackerone.com/reports/93394
Severity score
null
Reporter
juhhga
Bounty paid
$1,000
Title
No authorization required in iOS device web-application
URL
https://hackerone.com/reports/148538
Severity score
null
Reporter
ahsan
Bounty paid
null
Title
No redirect uri for Twitter Oath resulting in token leak
URL
https://hackerone.com/reports/244958
Severity score
null
Reporter
b3nac
Bounty paid
null
Title
Users can falsely declare their own Uber account info on the monthly billing application
URL
https://hackerone.com/reports/168453
Severity score
null
Reporter
rubyroobs
Bounty paid
$500
Title
Password Complexity very low.
URL
https://hackerone.com/reports/13567
Severity score
null
Reporter
iamthefrogy
Bounty paid
null
Title
No rate-limit in Two factor Authentication leads to bypass using bruteforce attack
URL
https://hackerone.com/reports/128777
Severity score
null
Reporter
bugs3ra
Bounty paid
$100
Title
Remove anyone's pic gravtar
URL
https://hackerone.com/reports/101145
Severity score
null
Reporter
akshyy
Bounty paid
$75
Title
Password reset links should expire after being used, instead of at specific time
URL
https://hackerone.com/reports/244612
Severity score
null
Reporter
silv3rpoision
Bounty paid
null
Title
Users with 2FA can have multiple sessions
URL
https://hackerone.com/reports/250243
Severity score
0
Reporter
fawazxq
Bounty paid
$60
Title
All Active user sessions should be destroyed when user change his password!
URL
https://hackerone.com/reports/17252
Severity score
null
Reporter
faisalahmed
Bounty paid
null
Title
No rate limiting on https://biz.uber.com/confirm allowed an attacker to join arbitrary business.uber.com accounts
URL
https://hackerone.com/reports/281344
Severity score
null
Reporter
cablej
Bounty paid
$750
Title
Name can't be numbers or email
URL
https://hackerone.com/reports/263196
Severity score
null
Reporter
swag01
Bounty paid
null
Title
Password reset token not expiring
URL
https://hackerone.com/reports/15166
Severity score
null
Reporter
siddiki
Bounty paid
$100
Title
jsConnect Plugin: Takeover of existing account
URL
https://hackerone.com/reports/384962
Severity score
7.4
Reporter
foobar7
Bounty paid
$300
Title
Able to view others' gifts on /gift/share URL, giftId is predictable, and easy to manipulate
URL
https://hackerone.com/reports/119166
Severity score
null
Reporter
caffeinewriter
Bounty paid
$150
Title
Inadequate cache control in gitter allows to view private chat room
URL
https://hackerone.com/reports/493791
Severity score
null
Reporter
dhakal_ananda
Bounty paid
null
Title
Обходим 2FA и/или получаем access_token, если мы когда-либо были на аккаунте жертвы
URL
https://hackerone.com/reports/316078
Severity score
null
Reporter
povargek
Bounty paid
$300
Title
User with no permissions can create, edit, delete favorite prescriptions /erx/
URL
https://hackerone.com/reports/142101
Severity score
null
Reporter
yaworsk
Bounty paid
$50
Title
Privacy Issue on protected tweets
URL
https://hackerone.com/reports/55506
Severity score
null
Reporter
dia2diab
Bounty paid
null
Title
Content Spoofing in mango.qiwi.com
URL
https://hackerone.com/reports/118066
Severity score
null
Reporter
cyberunit
Bounty paid
$150
Title
Eavesdropping on private Slack calls
URL
https://hackerone.com/reports/184698
Severity score
7.3
Reporter
michiel
Bounty paid
$1,000
Title
An adversary can overwhelm the resources by automating Forgot password/Sign Up requests
URL
https://hackerone.com/reports/119605
Severity score
null
Reporter
roshanpty
Bounty paid
null
Title
Authentication Bypass in Updating Personal Information
URL
https://hackerone.com/reports/146129
Severity score
null
Reporter
footstep
Bounty paid
null
Title
set Expires header
URL
https://hackerone.com/reports/145207
Severity score
null
Reporter
hassanjawaid
Bounty paid
null
Title
Approve topup method by sender of this method
URL
https://hackerone.com/reports/47384
Severity score
null
Reporter
4lemon
Bounty paid
null
Title
niche s3 buckets are readable/writeable/deleteable by authorized AWS users
URL
https://hackerone.com/reports/129381
Severity score
null
Reporter
yaworsk
Bounty paid
$700
Title
Process of changing email address and password does not asks old Password.
URL
https://hackerone.com/reports/15777
Severity score
null
Reporter
siddiki
Bounty paid
null
Title
Unauthorized Team members viewing
URL
https://hackerone.com/reports/123572
Severity score
null
Reporter
temmyscript
Bounty paid
null
Title
Broken authentication and session management flaw
URL
https://hackerone.com/reports/152080
Severity score
null
Reporter
khizer47
Bounty paid
null
Title
Account Takeover possibility via https://awards.donationalerts.com using login with twitch.tv
URL
https://hackerone.com/reports/974704
Severity score
null
Reporter
jayesh25
Bounty paid
$1,000
Title
[www.stripo.email] There is no rate limit for /it/contact-us/ endpoints
URL
https://hackerone.com/reports/856310
Severity score
null
Reporter
what_web
Bounty paid
null
Title
Drivers can change profile picture
URL
https://hackerone.com/reports/101063
Severity score
null
Reporter
rohk
Bounty paid
$500
Title
Authentication Bypass due to Session Mismanagement
URL
https://hackerone.com/reports/10912
Severity score
null
Reporter
spader_the
Bounty paid
null
Title
Account Take over of millions of MTN users account due to lack of Rate limiting when sending OTP code
URL
https://hackerone.com/reports/761000
Severity score
null
Reporter
its_afolic
Bounty paid
null
Title
S3 Buckets open to the world thanks to 'Authenticated Users' ACL
URL
https://hackerone.com/reports/98819
Severity score
null
Reporter
brakhane
Bounty paid
$1,000
Title
change Login Services settings without owner access
URL
https://hackerone.com/reports/90690
Severity score
null
Reporter
supernatural
Bounty paid
$1,000
Title
OAuth Bug
URL
https://hackerone.com/reports/9460
Severity score
null
Reporter
atom
Bounty paid
null
Title
Enum phone numbers thru /en/sims/topup/add/
URL
https://hackerone.com/reports/47362
Severity score
null
Reporter
4lemon
Bounty paid
null
Title
Subdomain Takeover via Unclaimed WordPress site
URL
https://hackerone.com/reports/274336
Severity score
null
Reporter
ysx
Bounty paid
$250
Title
Password reset token not expiring
URL
https://hackerone.com/reports/170161
Severity score
null
Reporter
hk755a
Bounty paid
$100
Title
https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD
URL
https://hackerone.com/reports/1031437
Severity score
null
Reporter
themastersunil
Bounty paid
null
Title
Cookie Misconfiguration
URL
https://hackerone.com/reports/180397
Severity score
null
Reporter
abdulwahab
Bounty paid
null
Title
SAML Authentication Bypass on uchat.uberinternal.com
URL
https://hackerone.com/reports/223014
Severity score
null
Reporter
mishre
Bounty paid
$8,500
Title
Data exports stored on S3 can be scraped easily
URL
https://hackerone.com/reports/2746
Severity score
null
Reporter
jobert
Bounty paid
null
Title
Unauthorized access to the slack channel via inside.gratipay.com/appendices/chat
URL
https://hackerone.com/reports/226648
Severity score
0
Reporter
7h0r4pp4n
Bounty paid
null
Title
password less login token expiration issue
URL
https://hackerone.com/reports/172837
Severity score
null
Reporter
satishb3
Bounty paid
$500
Title
SMTP protection not used (please read carefully )
URL
https://hackerone.com/reports/25191
Severity score
null
Reporter
ashesh
Bounty paid
null
Title
apps.owncloud.com: Session Cookie in URL can be captured by hackers
URL
https://hackerone.com/reports/83667
Severity score
null
Reporter
ashesh
Bounty paid
null
Title
Hack administrator password even if you are a guest
URL
https://hackerone.com/reports/5441
Severity score
null
Reporter
shivakumarplayz
Bounty paid
null
Title
Takeover of an account via reset password options after removing the account
URL
https://hackerone.com/reports/230076
Severity score
null
Reporter
imran_hadid
Bounty paid
null
Title
AWS S3 Bucket hotornot-images permissions allow for listing and removing files
URL
https://hackerone.com/reports/133680
Severity score
null
Reporter
yaworsk
Bounty paid
null
Title
newsletter.nextcloud.com: Bypass firewall protection
URL
https://hackerone.com/reports/145730
Severity score
null
Reporter
bug_cat
Bounty paid
null
Title
Arbitrary read on s3://shopify-delivery-app-storage/files
URL
https://hackerone.com/reports/94087
Severity score
null
Reporter
brakhane
Bounty paid
$1,500
Title
Source code leakage through GIT web access at host '52.91.137.42'
URL
https://hackerone.com/reports/148068
Severity score
null
Reporter
d0znpp
Bounty paid
$1,500
Title
Password token validation in https://wakatime.com/
URL
https://hackerone.com/reports/244614
Severity score
null
Reporter
silv3rpoision
Bounty paid
null
Title
Use Partner/Driver App Without Being Activated
URL
https://hackerone.com/reports/127085
Severity score
null
Reporter
shmoo
Bounty paid
null
Title
SPF whitelist of mandrill leads to email forgery
URL
https://hackerone.com/reports/56742
Severity score
null
Reporter
mikebrooks
Bounty paid
$1,000
Title
Второй способ обхода 2FA
URL
https://hackerone.com/reports/167121
Severity score
null
Reporter
povargek
Bounty paid
$1,050
Title
Weak Forgot Password implementation
URL
https://hackerone.com/reports/176116
Severity score
null
Reporter
pavanw3b
Bounty paid
null
Title
Unsecured Grafana instance
URL
https://hackerone.com/reports/167585
Severity score
null
Reporter
cyber-guard
Bounty paid
$750
Title
password token validation
URL
https://hackerone.com/reports/275242
Severity score
null
Reporter
flex0geek
Bounty paid
null
Title
Web Authentication Endpoint Credentials Brute-Force Vulnerability
URL
https://hackerone.com/reports/127844
Severity score
null
Reporter
arneswinnen
Bounty paid
$1,500
Title
Missing access control at password change
URL
https://hackerone.com/reports/164648
Severity score
null
Reporter
chernobyl
Bounty paid
$40
Title
Bypass auth.email-domains (2)
URL
https://hackerone.com/reports/2233
Severity score
null
Reporter
tomvg
Bounty paid
$500
Title
Subdomain Takeover on http://kiosk.owox.com/
URL
https://hackerone.com/reports/182576
Severity score
null
Reporter
eavesdr0pp3r
Bounty paid
null
Title
strengthen Diffie-Hellman (DH) key exchange parameters in grtp.co
URL
https://hackerone.com/reports/117458
Severity score
null
Reporter
ashish_r_padelkar
Bounty paid
$1
Title
Domain takoever - https://sellocdn.com
URL
https://hackerone.com/reports/96007
Severity score
null
Reporter
uname
Bounty paid
null
Title
PM can delete payment of any invoice in company (Access control Issue)
URL
https://hackerone.com/reports/159393
Severity score
null
Reporter
indoappsec
Bounty paid
$100
Title
Rate limiting on password reset links
URL
https://hackerone.com/reports/115844
Severity score
null
Reporter
paramdham
Bounty paid
null
Title
Account hijack via deleted PH account
URL
https://hackerone.com/reports/201940
Severity score
null
Reporter
cyber-guard
Bounty paid
$1,000
Title
Clickjacking or URL Masking
URL
https://hackerone.com/reports/204198
Severity score
null
Reporter
dhiraj-mishra
Bounty paid
null
Title
Session Hijacking attack (Different Scenario)
URL
https://hackerone.com/reports/19640
Severity score
null
Reporter
shahmeer-amir
Bounty paid
null
Title
Bybass The Closing of the account and logged again to your account
URL
https://hackerone.com/reports/167489
Severity score
null
Reporter
ymy
Bounty paid
$200
Title
[Studio.twitter.com] See someone else pics
URL
https://hackerone.com/reports/164649
Severity score
null
Reporter
anandprakash_
Bounty paid
$5,040
Title
Session retention is present which reveals the customer info
URL
https://hackerone.com/reports/125634
Severity score
null
Reporter
blueberryinfosec
Bounty paid
null
Title
Subdomain Expired
URL
https://hackerone.com/reports/101104
Severity score
null
Reporter
hak
Bounty paid
$140
Title
Brute force on "vimeo" cookie
URL
https://hackerone.com/reports/46109
Severity score
null
Reporter
ba4fe4ca95021d367f8a574
Bounty paid
null
Title
Full Account Takeover
URL
https://hackerone.com/reports/159202
Severity score
null
Reporter
s0meb0dy
Bounty paid
null
Title
Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com
URL
https://hackerone.com/reports/219205
Severity score
9.3
Reporter
arneswinnen
Bounty paid
$5,000
Title
Broken Authentication & Session Management (Login Bypass) at support.owox.com
URL
https://hackerone.com/reports/222082
Severity score
null
Reporter
koviri_jagdish
Bounty paid
null
Title
Absence of Token expiry leads to Unauthorized login Access
URL
https://hackerone.com/reports/766578
Severity score
null
Reporter
yogesh_ojha
Bounty paid
$3,000
Title
(FULL PATH DISCLOSURE) Unknown MySQL server host 'shardm-reader.chi2.shopify.io'
URL
https://hackerone.com/reports/157876
Severity score
null
Reporter
jamesclyde
Bounty paid
$500
Title
Subdomain Takeover (moderator.ubnt.com)
URL
https://hackerone.com/reports/181665
Severity score
null
Reporter
madrobot
Bounty paid
$500
Title
Unauthorized access to all the actions of invoices by PM (Access control Issues)
URL
https://hackerone.com/reports/159395
Severity score
null
Reporter
indoappsec
Bounty paid
$150
Title
[authmagic-timerange-stateless-core] Improper Authentication
URL
https://hackerone.com/reports/736522
Severity score
null
Reporter
ermilov
Bounty paid
null
Title
auto-logout after 20 minutes
URL
https://hackerone.com/reports/123897
Severity score
null
Reporter
trabajoduro
Bounty paid
$1
Title
Broken Authentication & Session Management - Failure to Invalidate Session on all other browsers at Password change
URL
https://hackerone.com/reports/226712
Severity score
null
Reporter
koviri_jagdish
Bounty paid
null
Title
No Rate Limit On Forgot Password Page Of affiliates.nordvpn.com
URL
https://hackerone.com/reports/791498
Severity score
null
Reporter
alishah
Bounty paid
null
Title
Subdomain takeover : URGENT
URL
https://hackerone.com/reports/118514
Severity score
null
Reporter
paresh_parmar
Bounty paid
null
Title
email spoofing
URL
https://hackerone.com/reports/981456
Severity score
null
Reporter
crazy_criminal_bj-4545
Bounty paid
null
Title
Insufficient OAuth callback validation which leads to Periscope account takeover
URL
https://hackerone.com/reports/110293
Severity score
null
Reporter
filedescriptor
Bounty paid
$5,040
Title
Defect-Security | Driver-Broken Authentication | Able to update the Subscription Setting anonymously
URL
https://hackerone.com/reports/134206
Severity score
null
Reporter
vilen07
Bounty paid
null
Title
SSO Authentication Bypass
URL
https://hackerone.com/reports/168108
Severity score
null
Reporter
danielhartnell
Bounty paid
null
Title
Clickjacking on authenticated pages which is inscope for New Relic
URL
https://hackerone.com/reports/128645
Severity score
null
Reporter
trabajoduro_2
Bounty paid
null
Title
Bypassing password authentication of users that have 2FA enabled
URL
https://hackerone.com/reports/128085
Severity score
null
Reporter
jobert
Bounty paid
null
Title
[qiwi.com] Oauth захват аккаунта
URL
https://hackerone.com/reports/159507
Severity score
null
Reporter
kxyry
Bounty paid
$950
Title
Unauthorized access to a system used for CI/CD processes
URL
https://hackerone.com/reports/410475
Severity score
8.1
Reporter
k3mlol
Bounty paid
$500
Title
No Bruteforce Protection
URL
https://hackerone.com/reports/8996
Severity score
null
Reporter
dhaval
Bounty paid
null
Title
Password reset vulnerability on a DoD website
URL
https://hackerone.com/reports/194308
Severity score
null
Reporter
sp1d3rs
Bounty paid
null
Title
SAP Server - default credentials enabled
URL
https://hackerone.com/reports/195163
Severity score
null
Reporter
ak1t4
Bounty paid
$250
Title
A user with restricted privileges is able to view Phone Number + Billing Email of account owner
URL
https://hackerone.com/reports/197059
Severity score
null
Reporter
jon_bottarini
Bounty paid
null
Title
Can add employee in business.uber.com without add payment method
URL
https://hackerone.com/reports/153175
Severity score
null
Reporter
severus
Bounty paid
null
Title
Not Completed Accounts Take Over (Urgent bug)
URL
https://hackerone.com/reports/64626
Severity score
null
Reporter
dia2diab
Bounty paid
null
Title
Two-factor authentication bypass on Grab Android App
URL
https://hackerone.com/reports/202425
Severity score
4.3
Reporter
sp1d3rs
Bounty paid
$500
Title
Subdomain takeover on https://cloudfront.ubnt.com/ due to non-used CloudFront DNS entry
URL
https://hackerone.com/reports/210188
Severity score
null
Reporter
linkks
Bounty paid
null
Title
Authentication Issue
URL
https://hackerone.com/reports/146133
Severity score
null
Reporter
bugdiscloseguys
Bounty paid
$50
Title
Generate new Test token
URL
https://hackerone.com/reports/147544
Severity score
null
Reporter
onidnalbj
Bounty paid
$100
Title
Unauthenticated request allows changing hostname
URL
https://hackerone.com/reports/802079
Severity score
5.3
Reporter
giany
Bounty paid
$550
Title
Weak Password Policy
URL
https://hackerone.com/reports/115036
Severity score
null
Reporter
mugeesahmed
Bounty paid
null
Title
Account takeover via leaked session cookie
URL
https://hackerone.com/reports/745324
Severity score
8.3
Reporter
haxta4ok00
Bounty paid
$20,000
Title
No email verification during registration
URL
https://hackerone.com/reports/90643
Severity score
null
Reporter
b35489bca2c22d7a8392a3c
Bounty paid
null
Title
Password reset form ignores email field
URL
https://hackerone.com/reports/213180
Severity score
null
Reporter
rehan
Bounty paid
$40
Title
Restricted User is able to edit Alert Conditions of Synthetics Monitors even if Synthetics Permissions is enabled by an admin
URL
https://hackerone.com/reports/197436
Severity score
null
Reporter
jon_bottarini
Bounty paid
null
Title
Access to GitLab's Slack by abusing issue creation from e-mail
URL
https://hackerone.com/reports/218230
Severity score
9.3
Reporter
intidc
Bounty paid
null
Title
Rate limiting on Email confirmation link
URL
https://hackerone.com/reports/115845
Severity score
null
Reporter
paramdham
Bounty paid
$20
Title
Authentication Failed Mobile version
URL
https://hackerone.com/reports/55530
Severity score
null
Reporter
lccunha
Bounty paid
$500
Title
[cs.money] Open Redirect Leads to Account Takeover
URL
https://hackerone.com/reports/905607
Severity score
null
Reporter
abdilahrf_
Bounty paid
$750
Title
deleted staff member can add his amazon marketplace web services account to the store.
URL
https://hackerone.com/reports/99374
Severity score
null
Reporter
zombiehelp54
Bounty paid
$500
Title
SPF Issue
URL
https://hackerone.com/reports/116609
Severity score
null
Reporter
nullelite
Bounty paid
$20
Title
[dobro.city-mobil.ru] Недостаточная аутентификация (доступ к панели администратора)
URL
https://hackerone.com/reports/714673
Severity score
null
Reporter
yarbabin
Bounty paid
$500
Title
Issue with Password reset functionality
URL
https://hackerone.com/reports/92251
Severity score
null
Reporter
ninad
Bounty paid
$100
Title
OAuth authorization page vulnerable to clickjacking
URL
https://hackerone.com/reports/65825
Severity score
null
Reporter
paulos_
Bounty paid
$5,000
Title
Improper signup & sign-in validation
URL
https://hackerone.com/reports/661402
Severity score
null
Reporter
zsbappa
Bounty paid
null
Title
Bypassing Digits bridge origin validation
URL
https://hackerone.com/reports/110467
Severity score
null
Reporter
filedescriptor
Bounty paid
$5,040
Title
Privecy Issue : view "Protected users" followers and following
URL
https://hackerone.com/reports/56119
Severity score
null
Reporter
kaito
Bounty paid
null
Title
Sending payments via QR code does not require confirmation
URL
https://hackerone.com/reports/126784
Severity score
null
Reporter
atheistoffail
Bounty paid
$1,000
Title
█████ - Pre-generation of VIEWSTATE allows CAC bypass
URL
https://hackerone.com/reports/496219
Severity score
null
Reporter
cablej_dds
Bounty paid
null
Title
Server Side Misconfiguration (EMAIL SPOOFING)
URL
https://hackerone.com/reports/263508
Severity score
null
Reporter
swag01
Bounty paid
null
Title
No valid SPF record not found
URL
https://hackerone.com/reports/771028
Severity score
null
Reporter
cybersera
Bounty paid
null
Title
Broken Authentication and session management OWASP A2
URL
https://hackerone.com/reports/205309
Severity score
null
Reporter
ho_nc
Bounty paid
null
Title
[api.data.gov] Leak Valid API With out Verification -
URL
https://hackerone.com/reports/266449
Severity score
0
Reporter
lawrenceamer
Bounty paid
null
Title
Incorrect param parsing in Digits web authentication
URL
https://hackerone.com/reports/126522
Severity score
null
Reporter
filedescriptor
Bounty paid
$2,520
Title
Authorization bypass using login by phone option+horizontal escalation possible on Grab Android App
URL
https://hackerone.com/reports/205000
Severity score
7.5
Reporter
sp1d3rs
Bounty paid
$1,000
Title
Newrelic s3 bucket is writeable and deleteable by authorized AWS users
URL
https://hackerone.com/reports/277262
Severity score
null
Reporter
kunal_bahl
Bounty paid
null
Title
Password Reset emails missing TLS leads account takeover
URL
https://hackerone.com/reports/173251
Severity score
null
Reporter
c0rte
Bounty paid
null
Title
Improper Authentication in Vimeo's API 'versions' endpoint.
URL
https://hackerone.com/reports/328724
Severity score
null
Reporter
bugdiscloseguys
Bounty paid
$2,000
Title
Information leakage on a Department of Defense website
URL
https://hackerone.com/reports/186189
Severity score
null
Reporter
korprit
Bounty paid
null
Title
Shopify android client all API request's response leakage, including access_token, cookie, response header, response body content
URL
https://hackerone.com/reports/56002
Severity score
null
Reporter
sukhoi
Bounty paid
$2,000
Title
Access to Splunk at https://apt.ec2.shopify.com:8089
URL
https://hackerone.com/reports/158118
Severity score
null
Reporter
lewerkun
Bounty paid
$500
Title
[upload-X.my.mail.ru] /uploadphoto Insecure Direct Object References
URL
https://hackerone.com/reports/140548
Severity score
null
Reporter
bobrov
Bounty paid
$160
Title
Authentication Data are not Clearing
URL
https://hackerone.com/reports/119262
Severity score
null
Reporter
vulnh0lic
Bounty paid
$150
Title
Stealing data from customers.gitlab.com without user interaction
URL
https://hackerone.com/reports/674195
Severity score
8.1
Reporter
rpadovani
Bounty paid
$3,500
Title
[IDOR] Deleting other users comment
URL
https://hackerone.com/reports/138243
Severity score
null
Reporter
mikkz
Bounty paid
$1,000
Title
I Can Delete Any Airbnb Users Symbol!
URL
https://hackerone.com/reports/49356
Severity score
null
Reporter
faisalahmed
Bounty paid
null
Title
Broken Authentication and session management OWASP A2
URL
https://hackerone.com/reports/284
Severity score
null
Reporter
anandprakash_
Bounty paid
$100
Title
India - OTP bypass on Phone number verification for account creation
URL
https://hackerone.com/reports/762695
Severity score
6.1
Reporter
deksterh1
Bounty paid
null
Title
Improper authentication on registration
URL
https://hackerone.com/reports/382667
Severity score
null
Reporter
lezibintlgent
Bounty paid
null
Title
AWS Signature Disclosure in www.digitalsellz.com allows access to S3
URL
https://hackerone.com/reports/170052
Severity score
null
Reporter
skorov
Bounty paid
null
Title
Phabricator Diffusion application allows unauthorized users to delete mirrors
URL
https://hackerone.com/reports/38965
Severity score
null
Reporter
nullsub
Bounty paid
$300
Title
Full Api Access and Run All Functions via Starbucks App
URL
https://hackerone.com/reports/232650
Severity score
null
Reporter
ynsy
Bounty paid
null
Title
Email Spoofing With Your Website's Email
URL
https://hackerone.com/reports/163156
Severity score
null
Reporter
muhaddix
Bounty paid
null
Title
Business logic Failure - Browser cache management and logout vulnerability in Certly
URL
https://hackerone.com/reports/158270
Severity score
null
Reporter
cjlegacion
Bounty paid
null
Title
Information disclosure vulnerability on a DoD website
URL
https://hackerone.com/reports/200125
Severity score
null
Reporter
jon_bottarini
Bounty paid
null
Title
Bypass auth.email-domains
URL
https://hackerone.com/reports/2224
Severity score
null
Reporter
tomvg
Bounty paid
$1,000
Title
All Active user sessions should be destroyed when user change his password!
URL
https://hackerone.com/reports/150540
Severity score
null
Reporter
smii3
Bounty paid
null
Title
Cross Site WebSocket Hijacking
URL
https://hackerone.com/reports/211283
Severity score
null
Reporter
aishu_kc
Bounty paid
null
Title
Email spoofing-fake mail from your mail domain server
URL
https://hackerone.com/reports/163501
Severity score
null
Reporter
sumit7
Bounty paid
null
Title
Ability to Download Music Tracks Without Paying (Missing permission check on/musicstore/download)
URL
https://hackerone.com/reports/43770
Severity score
null
Reporter
wkcaj
Bounty paid
$250
Title
PM with can Set up email for invoices and estimates (Access control Issue)
URL
https://hackerone.com/reports/158979
Severity score
null
Reporter
indoappsec
Bounty paid
$250
Title
Read access to hidden orders,products,customers etc. by limited access Staff member through reference page in Comments (Information disclosure )
URL
https://hackerone.com/reports/154405
Severity score
null
Reporter
indoappsec
Bounty paid
$500
Title
Broken Authentication and Session Management
URL
https://hackerone.com/reports/23579
Severity score
null
Reporter
vinothkumar
Bounty paid
null
Title
Password type input with auto-complete enabled
URL
https://hackerone.com/reports/7954
Severity score
null
Reporter
ashesh
Bounty paid
null
Title
Authentication Bypass on monitoring server
URL
https://hackerone.com/reports/194832
Severity score
null
Reporter
jamesclyde
Bounty paid
$500
Title
No Rate Limit On Forgot Password Page Of NordVPN
URL
https://hackerone.com/reports/751604
Severity score
5.3
Reporter
th3pr0xyb0y
Bounty paid
$500
Title
Getting SmartDNS for free from - join.nordvpn.com
URL
https://hackerone.com/reports/925757
Severity score
null
Reporter
salahhasoneh
Bounty paid
$700
Title
Outdated Coturn is vulnerable to known vulnerabilities (High)
URL
https://hackerone.com/reports/843263
Severity score
null
Reporter
sandrogauci
Bounty paid
null
Title
Spring security configuration allows agent sessions to be hijacked
URL
https://hackerone.com/reports/241244
Severity score
null
Reporter
4cad
Bounty paid
null
Title
Bypassing "You've requested your data the maximum number of times today." + "Please Verify an email address with snapchat to continue"
URL
https://hackerone.com/reports/173043
Severity score
null
Reporter
marwan
Bounty paid
$250
Title
X/Csrf token problem
URL
https://hackerone.com/reports/13639
Severity score
null
Reporter
coolboss
Bounty paid
null
Title
Account creation code bypass
URL
https://hackerone.com/reports/77330
Severity score
null
Reporter
arun_agr
Bounty paid
null
Title
All the active session should destroy when user change his password
URL
https://hackerone.com/reports/123183
Severity score
null
Reporter
smil3
Bounty paid
null
Title
Insecure Direct Object References in https://vimeo.com/forums
URL
https://hackerone.com/reports/52176
Severity score
null
Reporter
patrik
Bounty paid
$500
Title
Email Notification should be get while changing Paypal Email
URL
https://hackerone.com/reports/62827
Severity score
null
Reporter
mvcdabra
Bounty paid
null
Title
OTP token bypass in accessing user settings
URL
https://hackerone.com/reports/699082
Severity score
null
Reporter
dhakal_ananda
Bounty paid
$1,000
Title
Direct URL access to completed reports
URL
https://hackerone.com/reports/109815
Severity score
null
Reporter
roshanpty
Bounty paid
$200
Title
Authentication Bypass - Chaining two vulnerabilities leads to account takeover at en.instagram-brand.com
URL
https://hackerone.com/reports/209008
Severity score
null
Reporter
dermeister
Bounty paid
$175
Title
Information Disclosure in /skills call
URL
https://hackerone.com/reports/188719
Severity score
6.5
Reporter
deepankerchawla
Bounty paid
$10,000
Title
Authentication Bypass on Icinga monitoring server
URL
https://hackerone.com/reports/143482
Severity score
null
Reporter
wkcaj
Bounty paid
$3,000
Title
Misconfigured user account settings on DoD website
URL
https://hackerone.com/reports/197907
Severity score
null
Reporter
mantis
Bounty paid
null
Title
Open S3 Bucket WriteAble To Any Aws User
URL
https://hackerone.com/reports/209223
Severity score
null
Reporter
injector404
Bounty paid
$500
Title
Dropbox apps Server side request forgery
URL
https://hackerone.com/reports/137229
Severity score
null
Reporter
ehsahil
Bounty paid
null
Title
No Any Kind of Protection on Delete account
URL
https://hackerone.com/reports/113211
Severity score
null
Reporter
gamhody_
Bounty paid
null
Title
Authorization Token is Not expiring After Logout
URL
https://hackerone.com/reports/337426
Severity score
null
Reporter
saneh
Bounty paid
null
Title
coinbase Email leak while sending and requesting
URL
https://hackerone.com/reports/168289
Severity score
3.5
Reporter
anda123
Bounty paid
null
Title
Authentication Required When password change
URL
https://hackerone.com/reports/335717
Severity score
null
Reporter
paramdham
Bounty paid
null
Title
Bypass Local Authentication (TouchID)
URL
https://hackerone.com/reports/363544
Severity score
null
Reporter
zeq3ul
Bounty paid
null
Title
By pass admin panel [conference.mail.ru]
URL
https://hackerone.com/reports/119432
Severity score
null
Reporter
haxta4ok00
Bounty paid
$150
Title
Broken Authentication and Session Management
URL
https://hackerone.com/reports/17474
Severity score
null
Reporter
anandprakash_
Bounty paid
$300
Title
Unauthenticated Access to some old file thumbnails
URL
https://hackerone.com/reports/145621
Severity score
null
Reporter
mkbb
Bounty paid
null
Title
Access to internal CMS containing private Data
URL
https://hackerone.com/reports/100926
Severity score
null
Reporter
nahamsec
Bounty paid
$1,500
Title
password reset token leaking allowed for ATO of an Uber account
URL
https://hackerone.com/reports/173551
Severity score
null
Reporter
procode701
Bounty paid
$10,000
Title
SPF/DKIM/DMARC for aspen.io
URL
https://hackerone.com/reports/117159
Severity score
null
Reporter
nullboy
Bounty paid
$2
Title
Email Spoof
URL
https://hackerone.com/reports/115452
Severity score
null
Reporter
shivathegame
Bounty paid
null
Title
[www.drive2.ru] Insufficient Security Configurability - The user can using the same password as your current ID.
URL
https://hackerone.com/reports/850938
Severity score
null
Reporter
what_web
Bounty paid
null
Title
Arbitrary write on s3://shopify-delivery-app-storage/files
URL
https://hackerone.com/reports/93691
Severity score
null
Reporter
brakhane
Bounty paid
$2,000
Title
Unauthenticated access to Zendesk tickets through athena-flex-production.shopifycloud.com Okta bypass
URL
https://hackerone.com/reports/397130
Severity score
9.8
Reporter
rijalrojan
Bounty paid
$5,000
Title
Password modification without knowing actual password & httpOnly bypass
URL
https://hackerone.com/reports/119794
Severity score
null
Reporter
ngocdh
Bounty paid
null
Title
Password Reset Does Not Confirm the Existence of an Email Address
URL
https://hackerone.com/reports/143291
Severity score
null
Reporter
err
Bounty paid
null
Title
IDOR expire other user sessions
URL
https://hackerone.com/reports/56511
Severity score
null
Reporter
sappi
Bounty paid
$1,000
Title
Flaw in valid password policy.
URL
https://hackerone.com/reports/33331
Severity score
null
Reporter
siddiki
Bounty paid
null
Title
Unauthorised Access to Anyone's User Account
URL
https://hackerone.com/reports/202921
Severity score
null
Reporter
bhavukjain1
Bounty paid
null
Title
Partner Account Takeover on https://www.delivery-club.ru через пользовательский аккаунт.
URL
https://hackerone.com/reports/330760
Severity score
null
Reporter
danila
Bounty paid
$500
Title
Staging Rabbitmq instance is exposed to the internet with default credentials
URL
https://hackerone.com/reports/753602
Severity score
3.7
Reporter
albatraoz
Bounty paid
$100
Title
Insufficient validation on Digits bridge
URL
https://hackerone.com/reports/168116
Severity score
null
Reporter
filedescriptor
Bounty paid
$5,040
Title
IDOR - Access to private video thumbnails even if video requires password authentication
URL
https://hackerone.com/reports/197114
Severity score
null
Reporter
nahamsec
Bounty paid
$1,000
Title
SSO bypass in zendesk using trint organization able to leak internal ticket information
URL
https://hackerone.com/reports/734936
Severity score
8.1
Reporter
dopaminedetox
Bounty paid
null
Title
Uber for Business Allows Administrators to Change Uber Driver Ratings Due to Failure to Authenticate fast-rating Endpoint
URL
https://hackerone.com/reports/134521
Severity score
null
Reporter
ddworken
Bounty paid
null
Title
bug
URL
https://hackerone.com/reports/156941
Severity score
null
Reporter
test_account_bd
Bounty paid
null
Title
No authentication required to add an email address.
URL
https://hackerone.com/reports/139965
Severity score
null
Reporter
apok
Bounty paid
null
Title
failure to invalidate session on password change
URL
https://hackerone.com/reports/145488
Severity score
null
Reporter
pradeepch99
Bounty paid
null
Title
Attacker can get vine repost user all informations even Ip address and location .
URL
https://hackerone.com/reports/201300
Severity score
null
Reporter
0xprial
Bounty paid
$5,040
Title
Insecure Account Deletion
URL
https://hackerone.com/reports/361368
Severity score
null
Reporter
hack2684
Bounty paid
null
Title
AWS S3 bucket writable for authenticated aws user
URL
https://hackerone.com/reports/131523
Severity score
null
Reporter
dpgribkov
Bounty paid
$100
Title
Weak user aunthentication on mobile application - I just broken userKey secret password
URL
https://hackerone.com/reports/138101
Severity score
null
Reporter
jahrek
Bounty paid
$5,000
Title
Airship doesn't reject weak passwords
URL
https://hackerone.com/reports/148903
Severity score
null
Reporter
kelunik
Bounty paid
null
Title
Password Policy Issue
URL
https://hackerone.com/reports/246042
Severity score
null
Reporter
chuu
Bounty paid
null
Title
AirFibre products vulnerable to HTTP Header injection
URL
https://hackerone.com/reports/203673
Severity score
null
Reporter
simongurney
Bounty paid
$150
Title
Old Sessions remain valid after the password change.
URL
https://hackerone.com/reports/10186
Severity score
null
Reporter
siddiki
Bounty paid
null
Title
Request Accepts without X-CSRFToken [ Header - Cookie ]
URL
https://hackerone.com/reports/99857
Severity score
null
Reporter
hussain_0x3c
Bounty paid
$100
Title
resetreportedcount & updatetags doesn't verify appid param
URL
https://hackerone.com/reports/351106
Severity score
4.1
Reporter
milkgames
Bounty paid
$750
Title
Missing Access Control(IDOR) To Know LinkedAccounts
URL
https://hackerone.com/reports/152407
Severity score
null
Reporter
kiraak-boy
Bounty paid
$100
Title
Authentication Bypass in Yahoo Groups
URL
https://hackerone.com/reports/1209
Severity score
null
Reporter
0ctac0der
Bounty paid
null
Title
Spf
URL
https://hackerone.com/reports/116927
Severity score
null
Reporter
syedrafi
Bounty paid
null
Title
Unauthorised access to olx.in user accounts.
URL
https://hackerone.com/reports/155130
Severity score
null
Reporter
palashjhabak
Bounty paid
null
Title
OneLogin authentication bypass on WordPress sites
URL
https://hackerone.com/reports/136169
Severity score
null
Reporter
jouko
Bounty paid
$10,000
Title
SAML Response Reuse on hackerone.com/users/saml/auth
URL
https://hackerone.com/reports/888930
Severity score
null
Reporter
samtink
Bounty paid
$500
Title
Излишние права при авторизации через интерфейс mail.ru
URL
https://hackerone.com/reports/195913
Severity score
null
Reporter
at3nder
Bounty paid
null
Title
Information disclosure in coinbase android app
URL
https://hackerone.com/reports/192197
Severity score
3.2
Reporter
7h3_3y3
Bounty paid
null
Title
No permission set on Activities [Android App]
URL
https://hackerone.com/reports/145402
Severity score
null
Reporter
eavesdr0pp3r
Bounty paid
null
Title
Новый 2FA Bypass
URL
https://hackerone.com/reports/179421
Severity score
null
Reporter
povargek
Bounty paid
$1,000
Title
No Rate limit on Password Reset Function
URL
https://hackerone.com/reports/280389
Severity score
null
Reporter
akaash_pantherdefence
Bounty paid
null
Title
Linking Invoice to uninvited project.
URL
https://hackerone.com/reports/174871
Severity score
null
Reporter
bugdiscloseguys
Bounty paid
$150
Title
External programs revealing info
URL
https://hackerone.com/reports/124929
Severity score
null
Reporter
1337coder
Bounty paid
$1,500
Title
Last pipeline status for MR leaked
URL
https://hackerone.com/reports/582349
Severity score
null
Reporter
xanbanx
Bounty paid
$750
Title
Email field filtering problem.
URL
https://hackerone.com/reports/28632
Severity score
null
Reporter
siddiki
Bounty paid
null
Title
Session is not expire after logout
URL
https://hackerone.com/reports/709378
Severity score
null
Reporter
saqib98
Bounty paid
null
Title
Logic issue in email change process
URL
https://hackerone.com/reports/266017
Severity score
null
Reporter
safehacker_27
Bounty paid
$60
Title
OAUTH pemission set as true= lead to authorize malicious application
URL
https://hackerone.com/reports/87561
Severity score
null
Reporter
paresh_parmar
Bounty paid
$100
Title
NON VALIDATION OF SESSIONS AFTER PASSWORD CHANGE
URL
https://hackerone.com/reports/164239
Severity score
null
Reporter
w3b7ricks73r
Bounty paid
null
Title
Exposed Access Control Data Backup Files on DoD Website
URL
https://hackerone.com/reports/195544
Severity score
null
Reporter
mazen160
Bounty paid
null
Title
Bypassing lock protection
URL
https://hackerone.com/reports/490946
Severity score
3.8
Reporter
doragon
Bounty paid
$50
Title
Admin panel access restrictions bypass [poll.mail.ru/admin/]
URL
https://hackerone.com/reports/117862
Severity score
null
Reporter
haxta4ok00
Bounty paid
$500
Title
Bypass verification of email while creating account(No rate limiting enable for verification code)
URL
https://hackerone.com/reports/64666
Severity score
null
Reporter
indoappsec
Bounty paid
null
Title
Race Conditions in OAuth 2 API implementations
URL
https://hackerone.com/reports/55140
Severity score
null
Reporter
dor1s
Bounty paid
$2,500
Title
Password Reset Link not expiring after changing the email Leads To Account Takeover
URL
https://hackerone.com/reports/792737
Severity score
null
Reporter
n33dm0n3y
Bounty paid
$100
Title
Github test clientID and clientSecret leaked
URL
https://hackerone.com/reports/796139
Severity score
null
Reporter
rira12621
Bounty paid
null
Title
DKIM records not present, Email Hijacking is possible
URL
https://hackerone.com/reports/84287
Severity score
null
Reporter
ashesh
Bounty paid
$10
Title
No rate-limit in SERVER_SECURITY_CHECK
URL
https://hackerone.com/reports/174668
Severity score
null
Reporter
c0rte
Bounty paid
$140
Title
Profile fields validation bypass
URL
https://hackerone.com/reports/255474
Severity score
null
Reporter
princesinha
Bounty paid
$20
Title
Category- Broken Authentication and Session Management (leads to account compromise if some conditions are met)
URL
https://hackerone.com/reports/17383
Severity score
null
Reporter
anandprakash_
Bounty paid
$100
Title
Login with Google Not Authenticated on iOS App
URL
https://hackerone.com/reports/202177
Severity score
null
Reporter
bhavukjain1
Bounty paid
$100
Title
Login as root without password on EdgeSwitchX
URL
https://hackerone.com/reports/512958
Severity score
4.8
Reporter
fr33rh
Bounty paid
$100
Title
Missing rate limit in signup Form
URL
https://hackerone.com/reports/905692
Severity score
5.3
Reporter
ahmedelmalky
Bounty paid
null
Title
Vine - overwrite account associated with email via android application
URL
https://hackerone.com/reports/187714
Severity score
null
Reporter
mishre
Bounty paid
$280
Title
Subdomain Takeover on http://blog.owox.com/
URL
https://hackerone.com/reports/184884
Severity score
null
Reporter
yynl
Bounty paid
null
Title
Token remains alive ever after logging out!
URL
https://hackerone.com/reports/14177
Severity score
null
Reporter
shahriyar
Bounty paid
null
Title
Expire User Sessions in Admin Site does not expire user session in Shopify Application in IOS
URL
https://hackerone.com/reports/67220
Severity score
null
Reporter
nismo
Bounty paid
$500
Title
Account Takeover with old password and login QR
URL
https://hackerone.com/reports/764558
Severity score
null
Reporter
namunah
Bounty paid
null
Title
Abuse of "Remember Me" functionality.
URL
https://hackerone.com/reports/37822
Severity score
null
Reporter
gadhiyasavan
Bounty paid
null
Title
TCP Source Port Pass Firewall
URL
https://hackerone.com/reports/77802
Severity score
null
Reporter
salmankhanchampion
Bounty paid
$1,000
Title
Basic Authorization over HTTP
URL
https://hackerone.com/reports/114870
Severity score
null
Reporter
hassham
Bounty paid
null
Title
Cross-origin resource sharing misconfig
URL
https://hackerone.com/reports/311805
Severity score
null
Reporter
asad_anwar
Bounty paid
null
Title
Physical Access to Mobile App Allows Local Attribute Updates without Authentication
URL
https://hackerone.com/reports/165561
Severity score
null
Reporter
jigarthakkar39
Bounty paid
null
Title
Vimeo.com Insecure Direct Object References Reset Password
URL
https://hackerone.com/reports/42587
Severity score
null
Reporter
bropolicy
Bounty paid
$5,000
Title
CORS (Cross-Origin Resource Sharing)
URL
https://hackerone.com/reports/163491
Severity score
null
Reporter
burpman07
Bounty paid
$20
Title
Two-factor authentication (via SMS)
URL
https://hackerone.com/reports/66223
Severity score
null
Reporter
dia2diab
Bounty paid
null
Title
Stealing Users OAUTH Tokens via redirect_uri
URL
https://hackerone.com/reports/405100
Severity score
null
Reporter
ethancruize
Bounty paid
null
Title
Unprotected Memcache Installation running
URL
https://hackerone.com/reports/119871
Severity score
null
Reporter
zephrfish
Bounty paid
$2,500
Title
Weak password policy
URL
https://hackerone.com/reports/28703
Severity score
null
Reporter
internetwache
Bounty paid
null
Title
[www.drive2.ru] Insufficient Security Configurability - The user's can set an existing password as a new password.
URL
https://hackerone.com/reports/835302
Severity score
null
Reporter
what_web
Bounty paid
null
Title
UnAuthorized Editorial Publishing to Blogs
URL
https://hackerone.com/reports/3356
Severity score
null
Reporter
mlitchfield
Bounty paid
$300
Title
Account takeover
URL
https://hackerone.com/reports/17512
Severity score
null
Reporter
coolboss
Bounty paid
null
Title
Parameter Manipulation allowed for viewing of other user’s teavana.com orders
URL
https://hackerone.com/reports/141090
Severity score
null
Reporter
meals
Bounty paid
$6,000
Title
Staff member can delete Private Apps
URL
https://hackerone.com/reports/155704
Severity score
null
Reporter
indoappsec
Bounty paid
$500
Title
An administrator without the 'Settings' permission is able to see payment gateways
URL
https://hackerone.com/reports/96908
Severity score
null
Reporter
brakhane
Bounty paid
$500
Title
SSL Issue on legalrobot.com
URL
https://hackerone.com/reports/116805
Severity score
null
Reporter
nullelite
Bounty paid
$20
Title
Session Fixation At Logout /Session Misconfiguration
URL
https://hackerone.com/reports/193556
Severity score
null
Reporter
aa23
Bounty paid
null
Title
Changing details of other users profile using UUID (IDOR)
URL
https://hackerone.com/reports/195996
Severity score
null
Reporter
ehsahil
Bounty paid
$1,200
Title
Account take over of 'light' starbuckscardb2b users
URL
https://hackerone.com/reports/767829
Severity score
7.5
Reporter
zude
Bounty paid
null
Title
Session Not Expired On Logout
URL
https://hackerone.com/reports/244875
Severity score
null
Reporter
pratyushjanghel
Bounty paid
null
Title
apps.owncloud.com: SSL Session cookie without secure flag set
URL
https://hackerone.com/reports/83710
Severity score
null
Reporter
ashesh
Bounty paid
null
Title
Application Error disclosure, Verification token seen error and user able to change password
URL
https://hackerone.com/reports/642494
Severity score
null
Reporter
amolcg
Bounty paid
null
Title
New Device confirmation tokens are not properly validated.
URL
https://hackerone.com/reports/30238
Severity score
null
Reporter
born2hack
Bounty paid
$100
Title
Bypassing 2FA for BTC transfers
URL
https://hackerone.com/reports/10554
Severity score
null
Reporter
michiel
Bounty paid
$1,000
Title
Poodle attack SSLv3 Support (viestinta.lahitapiola.fi)
URL
https://hackerone.com/reports/181768
Severity score
null
Reporter
monish
Bounty paid
$60
Title
protect against tabnabbing in statement
URL
https://hackerone.com/reports/109161
Severity score
null
Reporter
atom
Bounty paid
$10
Title
User credentials are not strong on vault.uber.com
URL
https://hackerone.com/reports/128895
Severity score
null
Reporter
bugs3ra
Bounty paid
null
Title
Administrator access to a Django Administration Panel on *.sc-corp.net via bruteforced credentials
URL
https://hackerone.com/reports/128114
Severity score
null
Reporter
notnaffy
Bounty paid
$1,000
Title
User able to access company details in yrityspalvelu without proper permissions
URL
https://hackerone.com/reports/213418
Severity score
9.1
Reporter
billy_blaze
Bounty paid
$2,000
Title
Cookie bug
URL
https://hackerone.com/reports/101983
Severity score
null
Reporter
blinkms
Bounty paid
$75
Title
Unsecured Grafana instance
URL
https://hackerone.com/reports/182234
Severity score
null
Reporter
abc12345
Bounty paid
null
Title
Subdomain Takeover on OWOX.RU
URL
https://hackerone.com/reports/186393
Severity score
null
Reporter
yynl
Bounty paid
null
Title
[www.drive2.ru] Insufficient Security Configurability - Notification email is not sent when email is changed.
URL
https://hackerone.com/reports/835647
Severity score
null
Reporter
what_web
Bounty paid
null
Title
user with no draft order permission can still perform action on draft order's in stocky app (idor)
URL
https://hackerone.com/reports/802286
Severity score
null
Reporter
imranhudaa
Bounty paid
$500
Title
customers password hash leak!!!!
URL
https://hackerone.com/reports/92344
Severity score
null
Reporter
supernatural
Bounty paid
$500
Title
NextCloud is also Accepting OCTET-STREAM Type of Documents instead of jpg or Imge Files Only
URL
https://hackerone.com/reports/271253
Severity score
null
Reporter
rohit_coder
Bounty paid
null
Title
Обход 2ух-шаговой авторизации / 2FA Bypass
URL
https://hackerone.com/reports/163834
Severity score
null
Reporter
povargek
Bounty paid
$1,000
Title
Staff members with no permission to access domains can access them.
URL
https://hackerone.com/reports/96855
Severity score
null
Reporter
zombiehelp54
Bounty paid
$500
Title
Bypassed password authentication before enabling OTP verification
URL
https://hackerone.com/reports/124845
Severity score
null
Reporter
jbbbkj
Bounty paid
$500
Title
Uploading files to a folder where invited user don't have any EDIT privilege
URL
https://hackerone.com/reports/145950
Severity score
null
Reporter
detroitsmash
Bounty paid
$250
Title
privilege escalation
URL
https://hackerone.com/reports/13959
Severity score
null
Reporter
niks
Bounty paid
$250
Title
Publicy accessible IDRAC instance at api-m.inapp.pushwoosh.com
URL
https://hackerone.com/reports/187025
Severity score
null
Reporter
sp1d3rs
Bounty paid
null
Title
Password reset token issue
URL
https://hackerone.com/reports/253934
Severity score
null
Reporter
dilip_prakash
Bounty paid
$60
Title
[www.werkenbijderet.nl] There is no rate limit for vacature-alert endpoints
URL
https://hackerone.com/reports/882942
Severity score
null
Reporter
what_web
Bounty paid
$100
Title
Insecure Direct Object References that allows to read any comment (even if it should be private)
URL
https://hackerone.com/reports/52181
Severity score
null
Reporter
patrik
Bounty paid
$150
Title
open authentication bug
URL
https://hackerone.com/reports/48065
Severity score
null
Reporter
ckmk44
Bounty paid
$100
Title
Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify
URL
https://hackerone.com/reports/810880
Severity score
null
Reporter
w2w
Bounty paid
$100
Title
Limit email address length
URL
https://hackerone.com/reports/127995
Severity score
null
Reporter
jaypatel
Bounty paid
$1
Title
Weak credentials for nutty.ubnt.com
URL
https://hackerone.com/reports/204052
Severity score
null
Reporter
korprit
Bounty paid
null
Title
Private program activity timeline information disclosure
URL
https://hackerone.com/reports/116029
Severity score
null
Reporter
charfe
Bounty paid
$5,000
Title
Possibility to attach any mobile number to any email
URL
https://hackerone.com/reports/18992
Severity score
null
Reporter
hunter
Bounty paid
$3,000
Title
Privilege escalation and circumvention of permission to limited access user
URL
https://hackerone.com/reports/95589
Severity score
null
Reporter
egrep
Bounty paid
$500
Title
Bruteforcing help.nextcloud.com
URL
https://hackerone.com/reports/145727
Severity score
null
Reporter
japz
Bounty paid
null
Title
Parameter Manipulation allowed for editing the shipping address for other user’s teavana.com subscriptions.
URL
https://hackerone.com/reports/141120
Severity score
null
Reporter
meals
Bounty paid
$4,000
Title
Can message users without the proper authorization
URL
https://hackerone.com/reports/46113
Severity score
null
Reporter
jkjkjk
Bounty paid
$100
Title
Employees with Any Permissions Can Create App with Full Permissions and Perform any API Action
URL
https://hackerone.com/reports/135989
Severity score
null
Reporter
yaworsk
Bounty paid
$100
Title
Rate-limit bypass
URL
https://hackerone.com/reports/165727
Severity score
null
Reporter
imnarendrabhati
Bounty paid
$500
Title
User with no permissions can access full wdcalendar feed
URL
https://hackerone.com/reports/141541
Severity score
null
Reporter
yaworsk
Bounty paid
$50
Title
public report - Reproducible - Writable RubyCi Amazon s3 bucket[207053]
URL
https://hackerone.com/reports/209251
Severity score
null
Reporter
koti2
Bounty paid
$500
Title
Bypass file access control vulnerability on a DoD website
URL
https://hackerone.com/reports/203311
Severity score
null
Reporter
generaleg
Bounty paid
null
Title
Authentication bypass vulnerability on a DoD website
URL
https://hackerone.com/reports/187705
Severity score
null
Reporter
spam404
Bounty paid
null
Title
Get organization info base on uuid
URL
https://hackerone.com/reports/151465
Severity score
null
Reporter
severus
Bounty paid
$3,000
Title
Simultaneous Session Logon : Improper Session Management
URL
https://hackerone.com/reports/11722
Severity score
null
Reporter
0ctac0der
Bounty paid
null
Title
Missing access control exposing detailed information on all users
URL
https://hackerone.com/reports/138244
Severity score
null
Reporter
albinowax
Bounty paid
$100
Title
Password token validation in https://demo.weblate.org/
URL
https://hackerone.com/reports/229987
Severity score
null
Reporter
brdoors3
Bounty paid
null
Title
[h1-415 2020] My writeup on how to retrieve the special secret document
URL
https://hackerone.com/reports/776684
Severity score
9
Reporter
blaklis
Bounty paid
null
Title
Access to some Slack workspace metadata and settings available to unauthorized parties
URL
https://hackerone.com/reports/130133
Severity score
null
Reporter
secalert
Bounty paid
$7,000
Title
unvalid open authentication with facebook
URL
https://hackerone.com/reports/44425
Severity score
null
Reporter
ckmk44
Bounty paid
null
Title
Can link to websites from profile
URL
https://hackerone.com/reports/275245
Severity score
null
Reporter
flex0geek
Bounty paid
null
Title
Complete Profile URL is not Random and not expiring
URL
https://hackerone.com/reports/123902
Severity score
null
Reporter
s4thi5h
Bounty paid
null
Title
newrelic.atlassian.net - jira information disclosure
URL
https://hackerone.com/reports/197726
Severity score
null
Reporter
fng
Bounty paid
null
Title
configure a redirect URI for Facebook OAuth
URL
https://hackerone.com/reports/140432
Severity score
null
Reporter
paulos_
Bounty paid
$10
Title
DKIM records not present, Email Hijacking is possible.....
URL
https://hackerone.com/reports/253926
Severity score
null
Reporter
kaamakya
Bounty paid
null
Title
Paid account can review\download any invoice of any other shop
URL
https://hackerone.com/reports/94899
Severity score
null
Reporter
dvl
Bounty paid
$4,000
Title
Twitter SSO allows unverified e-mail registration, leads to Slack and social media hijacks
URL
https://hackerone.com/reports/235139
Severity score
9.1
Reporter
intidc
Bounty paid
$750
Title
S3 ACL misconfiguration
URL
https://hackerone.com/reports/189023
Severity score
null
Reporter
baseballislife
Bounty paid
null
Title
API Key added for one Indices works for all other indices too.
URL
https://hackerone.com/reports/118925
Severity score
null
Reporter
bugs3ra
Bounty paid
$1,000
Title
Delete Credit Cards from any Twitter Account in ads.twitter.com [New Vulnerability]
URL
https://hackerone.com/reports/27404
Severity score
null
Reporter
secgeek
Bounty paid
$2,800
Title
The application uses basic authentication.
URL
https://hackerone.com/reports/151847
Severity score
null
Reporter
roshanpty
Bounty paid
null
Title
Auth bypass on directory.corp.ubnt.com
URL
https://hackerone.com/reports/116504
Severity score
null
Reporter
ebrietas
Bounty paid
$1,000
Title
Self-Stored XSS - Chained with login/logout CSRF
URL
https://hackerone.com/reports/632017
Severity score
null
Reporter
madguyyy
Bounty paid
$300
Title
[www.boozt.com] - Authentication bypass
URL
https://hackerone.com/reports/257305
Severity score
6.6
Reporter
ramsexy
Bounty paid
$200
Title
http_basic_authenticate_with is suseptible to timing attacks.
URL
https://hackerone.com/reports/94568
Severity score
null
Reporter
d_w
Bounty paid
$1,500
Title
"SESSION" Cookie without HttpOnly flag set
URL
https://hackerone.com/reports/7033
Severity score
null
Reporter
ashesh
Bounty paid
null
Title
PIN for passwordless WebAuthn is asked for but not verified
URL
https://hackerone.com/reports/924393
Severity score
4.3
Reporter
dschuermann
Bounty paid
null
Title
Open AWS S3 bucket leaks all Images uploaded to Zomato chat
URL
https://hackerone.com/reports/507097
Severity score
5.7
Reporter
yashrs
Bounty paid
$300
Title
Authentication Issue for easter egg on bonjour.uber.com
URL
https://hackerone.com/reports/146838
Severity score
null
Reporter
ddworken
Bounty paid
null
Title
Urgent : Unauthorised Access to Media content of all Direct messages and protected tweets(Indirect object reference)
URL
https://hackerone.com/reports/99600
Severity score
null
Reporter
indoappsec
Bounty paid
$420
Title
Subdomain Takeover Via via Dangling NS records on Amazon Route 53 http://api.e2e-kops-aws-canary.test-cncf-aws.canary.k8s.io
URL
https://hackerone.com/reports/746000
Severity score
6.4
Reporter
todayisnew
Bounty paid
$250
Title
unauthorized access to all customers first and last name
URL
https://hackerone.com/reports/92453
Severity score
null
Reporter
supernatural
Bounty paid
$2,500
Title
Problem with OAuth
URL
https://hackerone.com/reports/46485
Severity score
null
Reporter
anonymous100928
Bounty paid
$1,260
Title
Account Takeover on https://www.delivery-club.ru через партнерский аккаунт.
URL
https://hackerone.com/reports/324230
Severity score
null
Reporter
danila
Bounty paid
$1,000
Title
Existing sessions valid after removing third party auth
URL
https://hackerone.com/reports/223475
Severity score
null
Reporter
brdoors3
Bounty paid
null
Title
Many Slack teams can be joined by abusing an improperly configured support@ inbox
URL
https://hackerone.com/reports/239623
Severity score
null
Reporter
securinti
Bounty paid
$1,500
Title
Record payment for any invoice by PM (Access control Issue)
URL
https://hackerone.com/reports/159391
Severity score
null
Reporter
indoappsec
Bounty paid
$100
Title
Reauthentication for changing password bypass
URL
https://hackerone.com/reports/642886
Severity score
null
Reporter
viber
Bounty paid
null
Title
shopper login_code's can be brute forced
URL
https://hackerone.com/reports/158157
Severity score
null
Reporter
b6117130df17feef13481e3
Bounty paid
$250
Title
No authentication on email address for password reset functionality/ https://platform.thecoalition.com/forgot-password
URL
https://hackerone.com/reports/315512
Severity score
null
Reporter
startedfromthebottom
Bounty paid
null
Title
Chained Bugs to Leak Victim's Uber's FB Oauth Token
URL
https://hackerone.com/reports/202781
Severity score
null
Reporter
ngalog
Bounty paid
$7,500
Title
Accessing title of the report of which you are marked as duplicate
URL
https://hackerone.com/reports/75556
Severity score
null
Reporter
mafia
Bounty paid
$500
Title
Missing rate limit on password
URL
https://hackerone.com/reports/138863
Severity score
null
Reporter
malcolmx
Bounty paid
null
Title
Broken Authentication and session management OWASP A2
URL
https://hackerone.com/reports/449671
Severity score
null
Reporter
sameerphad72
Bounty paid
null
Title
Control Character Injection In Messages
URL
https://hackerone.com/reports/210994
Severity score
null
Reporter
exception
Bounty paid
$350
Title
Oauth flow on the comments widget login can lead to the access code leakage
URL
https://hackerone.com/reports/292783
Severity score
null
Reporter
sp1d3rs
Bounty paid
null
Title
- Guessing registered users in legalrobot.com
URL
https://hackerone.com/reports/66845
Severity score
null
Reporter
paramdham
Bounty paid
$20
Title
Notify user about password change
URL
https://hackerone.com/reports/223609
Severity score
null
Reporter
amsda
Bounty paid
null
Title
Deleting Teams implemenation
URL
https://hackerone.com/reports/2975
Severity score
null
Reporter
techintheprovince
Bounty paid
null
Title
[express-laravel-passport] Improper Authentication
URL
https://hackerone.com/reports/748214
Severity score
7.5
Reporter
ermilov
Bounty paid
null
Title
Subdomain Takeover of Brave.com
URL
https://hackerone.com/reports/175397
Severity score
null
Reporter
sahiltikoo
Bounty paid
null
Title
Cache leads to Privacy leaks
URL
https://hackerone.com/reports/17105
Severity score
null
Reporter
ashesh
Bounty paid
null
Title
http://tp-dev1.tp.smailru.net/
URL
https://hackerone.com/reports/62544
Severity score
null
Reporter
isox
Bounty paid
$150
Title
Share owner has no possibility to list all existing derived shares
URL
https://hackerone.com/reports/145452
Severity score
null
Reporter
detroitsmash
Bounty paid
$350
Title
Ability to log in as any user without authentication if █████████ is empty
URL
https://hackerone.com/reports/215053
Severity score
9.8
Reporter
thenickdude
Bounty paid
$6,000
Title
Cross Domain leakage of sensitive information - Leading to Account Takeover at Instagram Brand
URL
https://hackerone.com/reports/209352
Severity score
null
Reporter
dermeister
Bounty paid
$100
Title
apps.owncloud.com: Referer protection Bypassed
URL
https://hackerone.com/reports/92644
Severity score
null
Reporter
herlove
Bounty paid
null
Title
broken authentication
URL
https://hackerone.com/reports/23921
Severity score
null
Reporter
robin
Bounty paid
null
Title
Emails and alert policies can be altered by malicious users.
URL
https://hackerone.com/reports/123120
Severity score
null
Reporter
hogarth45
Bounty paid
null
Title
Reopen Disable Accounts/ Hidden Access After Disable
URL
https://hackerone.com/reports/59659
Severity score
null
Reporter
antrax
Bounty paid
$500
Title
Restrict any user from logging into his account.
URL
https://hackerone.com/reports/48416
Severity score
null
Reporter
siddiki
Bounty paid
null
Title
SMS/Call spamming due to truncated phone number
URL
https://hackerone.com/reports/177551
Severity score
null
Reporter
indcyberjoker
Bounty paid
$500
Title
Bypassing Password Reset
URL
https://hackerone.com/reports/141734
Severity score
null
Reporter
muzammilabbaskayani
Bounty paid
$50
Title
Restricted User can view multiple account details including customer_root_account_id, payment method, date of first payment, etc.
URL
https://hackerone.com/reports/198221
Severity score
null
Reporter
jon_bottarini
Bounty paid
null
Title
BruteForce in to Admin Account
URL
https://hackerone.com/reports/188205
Severity score
null
Reporter
hackerwahab
Bounty paid
null
Title
Verification code issues for Two-Step Authentication
URL
https://hackerone.com/reports/67660
Severity score
null
Reporter
maverickrocky02
Bounty paid
$100
Title
Misconfigured password reset vulnerability on a DoD website
URL
https://hackerone.com/reports/193932
Severity score
null
Reporter
mthirup
Bounty paid
null
Title
Password Reset Links Not Expiring
URL
https://hackerone.com/reports/22858
Severity score
null
Reporter
andi_r
Bounty paid
null
Title
S3 bucket takeover due to proxy.harvestfiles.com
URL
https://hackerone.com/reports/152584
Severity score
null
Reporter
eboda
Bounty paid
$1,000
Title
[oneclickdrsfdc-test.informatica.com] Tomcat Example Scripts Exposed Unauthenticated
URL
https://hackerone.com/reports/147161
Severity score
null
Reporter
zephrfish
Bounty paid
null
Title
Improper session management
URL
https://hackerone.com/reports/737
Severity score
null
Reporter
dawidczagan
Bounty paid
$100
Title
Password(s) can be found via login process.
URL
https://hackerone.com/reports/119454
Severity score
null
Reporter
sasi2103
Bounty paid
null
Title
Bypass access restrictions from API
URL
https://hackerone.com/reports/67557
Severity score
null
Reporter
supernatural
Bounty paid
$1,000
Title
IDOR- Activate Mopub on different organizations- steal api token- Fabric.io
URL
https://hackerone.com/reports/95552
Severity score
null
Reporter
akhil-reni
Bounty paid
$5,040
Title
H1514 [*.(my)shopify.com] - Viewing Password Protected Content
URL
https://hackerone.com/reports/421859
Severity score
9.3
Reporter
corb3nik
Bounty paid
$3,000
Title
Bypass configured 2FA provider with another provider that can be set up at login
URL
https://hackerone.com/reports/722748
Severity score
4.6
Reporter
christophwurst
Bounty paid
null
Title
[oauth token leak] at oauth.semrush.com
URL
https://hackerone.com/reports/314814
Severity score
7.4
Reporter
nikitastupin
Bounty paid
$650
Title
Cookie Misconfiguration
URL
https://hackerone.com/reports/163227
Severity score
null
Reporter
cjlegacion
Bounty paid
null
Title
Business logic Failure - Browser cache management and logout vulnerability.
URL
https://hackerone.com/reports/7909
Severity score
null
Reporter
vhssunny1
Bounty paid
null
Title
Add signature to transactions without any permission
URL
https://hackerone.com/reports/172733
Severity score
null
Reporter
supernatural
Bounty paid
$500
Title
Bypass auth.email-domains
URL
https://hackerone.com/reports/4795
Severity score
null
Reporter
introvertmac
Bounty paid
null
Title
SMS URL verification link does not expire on phone number change and lacks rate limiting
URL
https://hackerone.com/reports/200179
Severity score
null
Reporter
hanuman1
Bounty paid
$500
Title
Private Program and bounty details disclosed as part of JSON search response
URL
https://hackerone.com/reports/80936
Severity score
null
Reporter
techguynoob
Bounty paid
$500
Title
No Valid SPF Records.
URL
https://hackerone.com/reports/629087
Severity score
null
Reporter
danangtriatmaja
Bounty paid
$500
Title
Bug in iOS application which could lead to unauthorised access.
URL
https://hackerone.com/reports/7036
Severity score
null
Reporter
uname
Bounty paid
$100
Title
Non-owner user can remove online store channel and re-add it.
URL
https://hackerone.com/reports/98151
Severity score
null
Reporter
zombiehelp54
Bounty paid
null
Title
vulnerabilitie
URL
https://hackerone.com/reports/137723
Severity score
null
Reporter
r0bbyz
Bounty paid
null
Title
Bypass to report #280389 [Thinking The issue is not fixed Yet]
URL
https://hackerone.com/reports/764335
Severity score
null
Reporter
4m4n
Bounty paid
null
Title
Session Impersonation in riders.uber.com
URL
https://hackerone.com/reports/127645
Severity score
null
Reporter
durga
Bounty paid
null
Title
Reading Emails in Uber Subdomains
URL
https://hackerone.com/reports/156536
Severity score
null
Reporter
rijalrojan
Bounty paid
$10,000
Title
No rate limiting on password protected shared file link
URL
https://hackerone.com/reports/145462
Severity score
null
Reporter
johnd
Bounty paid
null
Title
Mediation link can be accepted by other users
URL
https://hackerone.com/reports/123420
Severity score
null
Reporter
kirkj
Bounty paid
$500
Title
[www.zomato.com] Unauthenticated access to Internal Sales Data of Zomato through an unrestricted endpoint
URL
https://hackerone.com/reports/263535
Severity score
null
Reporter
prateek_0490
Bounty paid
$250
Title
Deleting other people's comments on ModeratorMessages
URL
https://hackerone.com/reports/357952
Severity score
null
Reporter
milkgames
Bounty paid
$500
Title
No Captcha or rate limit on Login Page
URL
https://hackerone.com/reports/6697
Severity score
null
Reporter
exploitprotocol
Bounty paid
null
Title
[c-api.city-mobil.ru] IDOR chat messages between driver and customer
URL
https://hackerone.com/reports/850637
Severity score
null
Reporter
anyday
Bounty paid
$150
Title
Disclosure of private photos/albums - http://www.pornhub.com/album/show_image_box
URL
https://hackerone.com/reports/167582
Severity score
null
Reporter
cyber-guard
Bounty paid
$750
Title
[h1-415 2020] finally
URL
https://hackerone.com/reports/779910
Severity score
null
Reporter
003random
Bounty paid
null
Title
Redirect on authorization allows account compromise
URL
https://hackerone.com/reports/384289
Severity score
null
Reporter
cablej_dds
Bounty paid
null
Title
Mobile Authentication Endpoint Credentials Brute-Force Vulnerability
URL
https://hackerone.com/reports/127202
Severity score
null
Reporter
arneswinnen
Bounty paid
null
Title
Some S3 Buckets are world readable (and one is world writeable)
URL
https://hackerone.com/reports/94502
Severity score
null
Reporter
brakhane
Bounty paid
$500
Title
Team member invitations to sandboxed teams are not invalidated consistently
URL
https://hackerone.com/reports/46429
Severity score
null
Reporter
mazengamal
Bounty paid
$500
Title
User enumeration in wp-admin
URL
https://hackerone.com/reports/151583
Severity score
null
Reporter
hacklikeapro
Bounty paid
null
Title
Exposed Docker Registry at https://████
URL
https://hackerone.com/reports/924487
Severity score
null
Reporter
chron0x
Bounty paid
null
Title
Stealing livechat token and using it to chat as the user - user information disclosure
URL
https://hackerone.com/reports/151058
Severity score
null
Reporter
zombiehelp54
Bounty paid
$1,500
Title
Открытый доступ к корпоративным данным.
URL
https://hackerone.com/reports/79393
Severity score
null
Reporter
cyberunit
Bounty paid
$500
Title
After removing app from facebook app session not expiring.
URL
https://hackerone.com/reports/129209
Severity score
null
Reporter
lilly
Bounty paid
null
Title
API: missing invalidation of OAuth2 Authorization Code during access revocation causes authorization bypass
URL
https://hackerone.com/reports/57603
Severity score
null
Reporter
dor1s
Bounty paid
$500
Title
[idor] Profile Admin can pin any other user's post on his stream wall
URL
https://hackerone.com/reports/138852
Severity score
null
Reporter
indoappsec
Bounty paid
$750
Title
Unauthorized Access
URL
https://hackerone.com/reports/116179
Severity score
null
Reporter
orlyjamie
Bounty paid
null
Title
The user, who was deleted from Github Organization, still can access all functions of federalist, in case he didn't do logout
URL
https://hackerone.com/reports/245833
Severity score
null
Reporter
sp1d3rs
Bounty paid
$300
Title
[IODR] Get business trip via organization id
URL
https://hackerone.com/reports/151470
Severity score
null
Reporter
severus
Bounty paid
$2,000
Title
"Remember me" token generated when "Remember me" box unchecked
URL
https://hackerone.com/reports/105991
Severity score
null
Reporter
dhaval
Bounty paid
$500
Title
Add a video to favourite list of any user [via YouPorn API / FrontEnd]
URL
https://hackerone.com/reports/203047
Severity score
null
Reporter
prakharprasad
Bounty paid
$500
Title
Rate Limit Bypass on login Page
URL
https://hackerone.com/reports/224460
Severity score
6.8
Reporter
atruba
Bounty paid
null
Title
[idor] Unauthorized Read access to all the private posts(Including Photos,Videos,Gifs)
URL
https://hackerone.com/reports/148764
Severity score
null
Reporter
indoappsec
Bounty paid
$1,500
Title
Find whether a video has been favourited or not, for any user [via YouPorn Mobile API]
URL
https://hackerone.com/reports/203042
Severity score
null
Reporter
prakharprasad
Bounty paid
$150
Title
Login page password-guessing attack(Brute-force attack-High).
URL
https://hackerone.com/reports/7226
Severity score
null
Reporter
xss
Bounty paid
null
Title
Session Management Flaw
URL
https://hackerone.com/reports/152944
Severity score
null
Reporter
khizer47
Bounty paid
null
Title
Account Hijacking (Only rare case scenario)
URL
https://hackerone.com/reports/21083
Severity score
null
Reporter
xtross1
Bounty paid
null
Title
Rate Limit Misconfiguration on tumblr login .
URL
https://hackerone.com/reports/708917
Severity score
null
Reporter
u0pattern
Bounty paid
$100
Title
SMTP protection not used
URL
https://hackerone.com/reports/56177
Severity score
null
Reporter
shubham
Bounty paid
null
Title
User with limited access to Index configuration can rename the Index
URL
https://hackerone.com/reports/99969
Severity score
null
Reporter
bugs3ra
Bounty paid
$200
Title
Significant Two step verification Authentication Bypass
URL
https://hackerone.com/reports/479464
Severity score
null
Reporter
david993
Bounty paid
null
Title
All Plugins - Direct file access to plugin files Vulnerability
URL
https://hackerone.com/reports/172618
Severity score
null
Reporter
iamsha4yan
Bounty paid
null
Title
An administrator without any permission is able to get order notifications using his APNS Token.
URL
https://hackerone.com/reports/100938
Severity score
null
Reporter
rms
Bounty paid
$500
Title
Unauthorized team members can leak information and see all API calls through /1/admin/* endpoints, even after they have been removed.
URL
https://hackerone.com/reports/156520
Severity score
null
Reporter
eboda
Bounty paid
$400
Title
No authorization required in Windows phone web-application
URL
https://hackerone.com/reports/148537
Severity score
null
Reporter
ahsan
Bounty paid
null
Title
“email” MFA mode allows bypassing MFA from victim’s device when the device trust is not expired
URL
https://hackerone.com/reports/665722
Severity score
null
Reporter
l1nkworld
Bounty paid
$2,500
Title
[www.drive2.ru] Insufficient Security Configurability - Email notification is not being sent while changing passwords
URL
https://hackerone.com/reports/835138
Severity score
null
Reporter
what_web
Bounty paid
null
Title
bypass of 2FA
URL
https://hackerone.com/reports/248656
Severity score
8.1
Reporter
kaysbugs
Bounty paid
$750
Title
Unauthorized read access to Invoices by PM (Access control Issues)
URL
https://hackerone.com/reports/159399
Severity score
null
Reporter
indoappsec
Bounty paid
$150
Title
Able to reset other user's password in https://card.starbucks.com.sg/
URL
https://hackerone.com/reports/315879
Severity score
null
Reporter
qwacsawd
Bounty paid
null
Title
Users Unable to login using Gmail/Facebook on https://boozt-stage1.booztx.com/login
URL
https://hackerone.com/reports/279932
Severity score
null
Reporter
rey_7
Bounty paid
$100
Title
Delete/modify your own comment after limited access(IDOR)
URL
https://hackerone.com/reports/154410
Severity score
null
Reporter
indoappsec
Bounty paid
$500
Title
Reset Link Issue
URL
https://hackerone.com/reports/161918
Severity score
null
Reporter
i1ackerone
Bounty paid
null
Title
Disclosure of map information
URL
https://hackerone.com/reports/74933
Severity score
null
Reporter
hussain_0x3c
Bounty paid
$500
Title
Password reset access control
URL
https://hackerone.com/reports/180895
Severity score
null
Reporter
chernobyl
Bounty paid
$40