readme.md
January 20, 2023 · View on GitHub
Title
Password Reset - query param overrides postdata
URL
https://hackerone.com/reports/96636
Severity score
null
Reporter
reecer
Bounty paid
$1,500
Title
Privilege Escalation using API->Feature
URL
https://hackerone.com/reports/239719
Severity score
9.9
Reporter
hacknroll
Bounty paid
$1,500
Title
Team member with Program permission only can escalate to Admin permission
URL
https://hackerone.com/reports/605720
Severity score
4.8
Reporter
metnew
Bounty paid
$2,500
Title
Privilege escalation to allow non activated users to login and use uber partner ios app
URL
https://hackerone.com/reports/126260
Severity score
null
Reporter
mini
Bounty paid
null
Title
Attacker can delete (and read) private project webhooks
URL
https://hackerone.com/reports/134292
Severity score
null
Reporter
jobert
Bounty paid
null
Title
User with guest access can access private merge requests
URL
https://hackerone.com/reports/195134
Severity score
4.3
Reporter
jobert
Bounty paid
null
Title
Subdomain takeover in many subdomains
URL
https://hackerone.com/reports/205949
Severity score
9.1
Reporter
haxormad
Bounty paid
null
Title
HTTP header values do not have trailing OWS trimmed
URL
https://hackerone.com/reports/730779
Severity score
7.4
Reporter
alyssawilk
Bounty paid
$250
Title
NRQL Query allows restricted user to pull all data from Synthetics monitors without having read permissions enabled
URL
https://hackerone.com/reports/387290
Severity score
null
Reporter
jon_bottarini
Bounty paid
$750
Title
Out-of-date Version (Apache)
URL
https://hackerone.com/reports/184877
Severity score
null
Reporter
linkks
Bounty paid
null
Title
[CRITICAL] Login To Any Account Linked With Google+ With Email Only
URL
https://hackerone.com/reports/86504
Severity score
null
Reporter
ibram
Bounty paid
$100
Title
SSRF on testing endpoint
URL
https://hackerone.com/reports/128685
Severity score
null
Reporter
agarri_fr
Bounty paid
null
Title
Can see private tweets via keyword searches on tweetdeck
URL
https://hackerone.com/reports/97161
Severity score
null
Reporter
xmly
Bounty paid
$1,120
Title
Critical IDOR - Delete any venue of any organization remotely
URL
https://hackerone.com/reports/120123
Severity score
null
Reporter
itly
Bounty paid
null
Title
Disclose Any Store products, Files, Purchase Orders Via Email through Shopify Stocky APP
URL
https://hackerone.com/reports/763994
Severity score
null
Reporter
hackrzvijay
Bounty paid
$2,000
Title
Subdomain takeover at signup.uber.com
URL
https://hackerone.com/reports/197489
Severity score
null
Reporter
ak1t4
Bounty paid
$3,000
Title
Subdomain takeover at info.hacker.one
URL
https://hackerone.com/reports/202767
Severity score
3.5
Reporter
ak1t4
Bounty paid
$1,000
Title
Worker container escape lead to arbitrary file reading in host machine
URL
https://hackerone.com/reports/694181
Severity score
9.3
Reporter
testanull
Bounty paid
$2,000
Title
UniFi Video v3.2.2 (Windows) Local Privileges Escalation due to weak default install directory ACLs
URL
https://hackerone.com/reports/140793
Severity score
7.8
Reporter
mrtuxracer
Bounty paid
$500
Title
Critical IDOR - Get Rules of any organization remotely
URL
https://hackerone.com/reports/120314
Severity score
null
Reporter
itly
Bounty paid
null
Title
Bypass of #447975 - view mobile application token though "Application Information" sidebar on Installation page
URL
https://hackerone.com/reports/479139
Severity score
null
Reporter
jon_bottarini
Bounty paid
$500
Title
[H1-2006 2020] CTF write-up
URL
https://hackerone.com/reports/894604
Severity score
null
Reporter
diegobernal
Bounty paid
null
Title
Access of Android protected components via embedded intent
URL
https://hackerone.com/reports/200427
Severity score
null
Reporter
bagipro
Bounty paid
$1,000
Title
Shop admin can change external login services
URL
https://hackerone.com/reports/56626
Severity score
null
Reporter
satishb3
Bounty paid
$1,000
Title
Worker container escape lead to arbitrary file reading in host machine [again]
URL
https://hackerone.com/reports/697055
Severity score
9.3
Reporter
testanull
Bounty paid
$2,000
Title
Potential Subdomain Takeover - http://storefront.newrelic.com/
URL
https://hackerone.com/reports/116243
Severity score
null
Reporter
charliehacks
Bounty paid
null
Title
[www.zomato.com] Privilege Escalation - Control reviews - /████dashboard_handler.php
URL
https://hackerone.com/reports/300099
Severity score
null
Reporter
gerben_javado
Bounty paid
$300
Title
[H1-2006 2020] [CTF Writeup] A story about Bounty Payments, Collaboration & Community
URL
https://hackerone.com/reports/892337
Severity score
null
Reporter
sturedman
Bounty paid
null
Title
staff memeber can install apps even if have limitied access
URL
https://hackerone.com/reports/134757
Severity score
null
Reporter
abdellahya
Bounty paid
$500
Title
Linux privilege escalation via trusted $PATH in keybase-redirector
URL
https://hackerone.com/reports/426944
Severity score
7.8
Reporter
mirchr
Bounty paid
$5,000
Title
Resend invitation to members by Read only user(Privilege Escalation)
URL
https://hackerone.com/reports/219192
Severity score
null
Reporter
indoappsec
Bounty paid
$200
Title
Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation
URL
https://hackerone.com/reports/910300
Severity score
null
Reporter
say_ch33se
Bounty paid
$22,500
Title
Critical IDOR - Get anyone's Terminal Data remotely
URL
https://hackerone.com/reports/120289
Severity score
null
Reporter
itly
Bounty paid
null
Title
Unauthorised read Access to Expense Receipt of any user in the company(Vertical Privilege escalation)
URL
https://hackerone.com/reports/192388
Severity score
null
Reporter
indoappsec
Bounty paid
$300
Title
Privilege Escalation In Moniter
URL
https://hackerone.com/reports/139502
Severity score
null
Reporter
czd
Bounty paid
null
Title
Ability to access all user authentication tokens, leads to RCE
URL
https://hackerone.com/reports/158330
Severity score
9.9
Reporter
jobert
Bounty paid
null
Title
OpenSSH / dropbearSSHd xauth command injection
URL
https://hackerone.com/reports/122113
Severity score
null
Reporter
hxd
Bounty paid
$1,500
Title
Fabric.io: Ex-admin of an organization can delete team members
URL
https://hackerone.com/reports/55670
Severity score
null
Reporter
satishb3
Bounty paid
$280
Title
Authentication Issue
URL
https://hackerone.com/reports/176979
Severity score
null
Reporter
bugdiscloseguys
Bounty paid
$200
Title
Subdomain Takeover at Landing.udemy.com
URL
https://hackerone.com/reports/208719
Severity score
null
Reporter
computer-engineer
Bounty paid
$50
Title
Critical IDOR - Delete any terminal/gatekeeper of any organization remotely
URL
https://hackerone.com/reports/120288
Severity score
null
Reporter
itly
Bounty paid
null
Title
Password Reset link hijacking via Host Header Poisoning
URL
https://hackerone.com/reports/226659
Severity score
null
Reporter
cdl
Bounty paid
null
Title
A 'Full access' administrator is able to see the shop owners user details
URL
https://hackerone.com/reports/96890
Severity score
null
Reporter
brakhane
Bounty paid
$500
Title
[Critical] Subdomain Takeover
URL
https://hackerone.com/reports/163790
Severity score
null
Reporter
gorkhali
Bounty paid
null
Title
New team invitation functionality allows extend team without upgrade
URL
https://hackerone.com/reports/295900
Severity score
null
Reporter
muon4
Bounty paid
null
Title
SSRF in the Connector Designer (REST and Elastic Search)
URL
https://hackerone.com/reports/112156
Severity score
null
Reporter
agarri_fr
Bounty paid
$1,000
Title
App Takeover ( makerdao.herokuapp.com )
URL
https://hackerone.com/reports/664044
Severity score
null
Reporter
m7mdharoun
Bounty paid
null
Title
Homebrew installed LaunchDaemons create simple root esclations
URL
https://hackerone.com/reports/586251
Severity score
null
Reporter
keeleysam
Bounty paid
null
Title
Project Manager can approve pending reports(Access control Issue)
URL
https://hackerone.com/reports/164515
Severity score
null
Reporter
indoappsec
Bounty paid
$150
Title
Privilege Escalation to Admin-level Account
URL
https://hackerone.com/reports/261285
Severity score
null
Reporter
samczsun
Bounty paid
$400
Title
Multiple Subdomain takeovers via unclaimed instances
URL
https://hackerone.com/reports/276269
Severity score
null
Reporter
benoculars
Bounty paid
$8,000
Title
Subdomain takeover at msproject.geekbrains.ru
URL
https://hackerone.com/reports/922506
Severity score
null
Reporter
steal_wart
Bounty paid
null
Title
Vertical Privilege Escalation on {target.my.com}
URL
https://hackerone.com/reports/854973
Severity score
6.6
Reporter
dedsec69
Bounty paid
null
Title
Ubuntu Linux privilege escalation (dirty_sock)
URL
https://hackerone.com/reports/496285
Severity score
7.8
Reporter
initstring
Bounty paid
$1,000
Title
Team admin can change unauthorized team setting (require_at_for_mention)
URL
https://hackerone.com/reports/46747
Severity score
null
Reporter
satishb3
Bounty paid
$200
Title
Group admins can remove arbitrary data from "data" directory (including admin data)
URL
https://hackerone.com/reports/508493
Severity score
8.4
Reporter
leonklingele
Bounty paid
$150
Title
CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host
URL
https://hackerone.com/reports/495495
Severity score
8.6
Reporter
adam_iwaniuk
Bounty paid
$1,000
Title
[Privilege Escalation] Authenticated users can manipulate others fullname without their knowledge [Team Vector]
URL
https://hackerone.com/reports/246419
Severity score
null
Reporter
r3y
Bounty paid
null
Title
all private tokens are leaked to an unauthenticated attacker
URL
https://hackerone.com/reports/268794
Severity score
null
Reporter
rpearl
Bounty paid
null
Title
Subdomain Takeover - https://competition.shopify.com/
URL
https://hackerone.com/reports/365853
Severity score
5.3
Reporter
llt4l
Bounty paid
$750
Title
Read-only user can delete higher privileged members using open DELETE /api/memberships/
URL
https://hackerone.com/reports/810320
Severity score
null
Reporter
chipped
Bounty paid
$100
Title
Subdomain Takeover at creatorforum.roblox.com
URL
https://hackerone.com/reports/264494
Severity score
null
Reporter
jackb898
Bounty paid
$1,000
Title
Accessing all appointments vulnerability
URL
https://hackerone.com/reports/59508
Severity score
null
Reporter
techintheprovince
Bounty paid
$100
Title
Subdomain Takeover via unclaimed UserVoice domain
URL
https://hackerone.com/reports/269109
Severity score
null
Reporter
benoculars
Bounty paid
$250
Title
Доступ к чужим групповым беседам.
URL
https://hackerone.com/reports/79046
Severity score
null
Reporter
4lemon
Bounty paid
$300
Title
Limitation of app specific password scope can be bypassed (NC-SA-2017-009)
URL
https://hackerone.com/reports/191979
Severity score
3
Reporter
makosdel
Bounty paid
$300
Title
Privilage escalation with malicious .npmrc
URL
https://hackerone.com/reports/358359
Severity score
8.1
Reporter
ginden
Bounty paid
null
Title
Querying private posts and changing post meta
URL
https://hackerone.com/reports/157412
Severity score
null
Reporter
sameoldstory
Bounty paid
$300
Title
Возможность взлома любого пользователя, не использующего двухфакторной аутентификации, через получения кода восстановления на чужой номер.
URL
https://hackerone.com/reports/219171
Severity score
null
Reporter
norver
Bounty paid
$2,000
Title
Able to Select Every Poll Option[http://tedwebers-famous-loudspeakers.vanillacommunities.com]
URL
https://hackerone.com/reports/326434
Severity score
null
Reporter
tikoo_sahil
Bounty paid
$150
Title
Buying ondemand videos that 0.1 and sometimes for free
URL
https://hackerone.com/reports/43602
Severity score
null
Reporter
defmax
Bounty paid
$260
Title
Authorization Bypass in Delivery Chat Logs
URL
https://hackerone.com/reports/144000
Severity score
null
Reporter
michiel
Bounty paid
$100
Title
Apache HTTP [2.4.17-2.4.38] Local Root Privilege Escalation
URL
https://hackerone.com/reports/520903
Severity score
7.8
Reporter
real
Bounty paid
$1,500
Title
[NR Infrastructure] Bypass of #200576 through GraphQL query abuse - allows restricted user access to root account license key
URL
https://hackerone.com/reports/276174
Severity score
null
Reporter
jon_bottarini
Bounty paid
$750
Title
Deleted Post and Administrative Function Access in eCommerce Forum
URL
https://hackerone.com/reports/167846
Severity score
null
Reporter
ysx
Bounty paid
$500
Title
Insecure Infrastructure Integrations YML Loading leads to Windows Privilege Escalation
URL
https://hackerone.com/reports/363971
Severity score
8.8
Reporter
fbogner
Bounty paid
$2,500
Title
A user can enhance their videos with paid tracks without buying the track
URL
https://hackerone.com/reports/50941
Severity score
null
Reporter
satishb3
Bounty paid
$250
Title
[IDOR][translate.twitter.com] Opportunity to change any comment at the forum
URL
https://hackerone.com/reports/181748
Severity score
null
Reporter
kedrisch-4-t
Bounty paid
$1,120
Title
Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry
URL
https://hackerone.com/reports/145224
Severity score
null
Reporter
fransrosen
Bounty paid
$1,000
Title
Посмотреть видеоролики, которые пользователь когда-либо скидывал в ЛС.
URL
https://hackerone.com/reports/223597
Severity score
null
Reporter
circuit
Bounty paid
$100
Title
Privilege Escalation on a DoD Website
URL
https://hackerone.com/reports/199644
Severity score
null
Reporter
vag_mour
Bounty paid
null
Title
[New Relic Infrastructure] Restricted User can still integrate with AWS via forced browsing (plus, a few other bugs)
URL
https://hackerone.com/reports/255685
Severity score
5.4
Reporter
jon_bottarini
Bounty paid
$750
Title
Domain takeover on http://doesfranshaveashell.com/ due to expiration
URL
https://hackerone.com/reports/692068
Severity score
2.7
Reporter
magic_spell
Bounty paid
null
Title
State filter in IssuableFinder allows attacker to delete all issues and merge requests
URL
https://hackerone.com/reports/186194
Severity score
8.1
Reporter
jobert
Bounty paid
null
Title
Click jacking in delete image of user in Yelp
URL
https://hackerone.com/reports/201848
Severity score
null
Reporter
mohamedsherif
Bounty paid
null
Title
[NR Infrastructure] Restricted user can update integration provider account name via integrations API
URL
https://hackerone.com/reports/397483
Severity score
null
Reporter
jon_bottarini
Bounty paid
$750
Title
Flash “local-with-filesystem” Bypass in navigateToURL
URL
https://hackerone.com/reports/150976
Severity score
null
Reporter
irsdl
Bounty paid
$3,000
Title
http://217.20.144.201 privilege escalation in apache tomcat SessionEample-script
URL
https://hackerone.com/reports/77679
Severity score
null
Reporter
mthirup
Bounty paid
$100
Title
Vulnerabilities chain leading to privilege escalation
URL
https://hackerone.com/reports/767647
Severity score
null
Reporter
r3ggi-on-h1
Bounty paid
$500
Title
Ability To Takeover any account by Emaill.
URL
https://hackerone.com/reports/240821
Severity score
8.5
Reporter
0xradi
Bounty paid
$500
Title
Restricted user can bypass permissions restriction to create NR Alert policies
URL
https://hackerone.com/reports/380413
Severity score
null
Reporter
jon_bottarini
Bounty paid
$500
Title
Inadequate access controls in "Vote" functionality???
URL
https://hackerone.com/reports/137503
Severity score
null
Reporter
apok
Bounty paid
null
Title
Critical : View/Edit access to private appointments of calendar folder by read only user (Vertical privilege escalation)
URL
https://hackerone.com/reports/220874
Severity score
null
Reporter
indoappsec
Bounty paid
$200
Title
Compromising Atlassian Confluence (team.uberinternal.com) via WordPress (newsroom.uber.com)
URL
https://hackerone.com/reports/136531
Severity score
null
Reporter
jouko
Bounty paid
null
Title
Attacker can post notes on private MR, snippets, and issues
URL
https://hackerone.com/reports/134299
Severity score
null
Reporter
jobert
Bounty paid
null
Title
Subdomain takeover on happymondays.starbucks.com due to non-used AWS S3 DNS record
URL
https://hackerone.com/reports/186766
Severity score
null
Reporter
dpgribkov
Bounty paid
$2,000
Title
From full-access account to Account Owner
URL
https://hackerone.com/reports/99863
Severity score
null
Reporter
rms
Bounty paid
$500
Title
Able to Login deactivated staff account in shopify app mobile
URL
https://hackerone.com/reports/175490
Severity score
null
Reporter
clarckowen_
Bounty paid
$2,000
Title
Local Privilege escalation to root via XPC
URL
https://hackerone.com/reports/750118
Severity score
7.8
Reporter
r3ggi-on-h1
Bounty paid
$750
Title
Content Spoofing in mango.qiwi.com
URL
https://hackerone.com/reports/118066
Severity score
null
Reporter
cyberunit
Bounty paid
$150
Title
Email Spoofing
URL
https://hackerone.com/reports/163526
Severity score
null
Reporter
mr_sharma_
Bounty paid
null
Title
Full name of other accounts exposed through NR API Explorer (another workaround of #476958)
URL
https://hackerone.com/reports/520518
Severity score
null
Reporter
jon_bottarini
Bounty paid
$750
Title
Subdomain takeover of datacafe-cert.starbucks.com
URL
https://hackerone.com/reports/665398
Severity score
7.5
Reporter
parzel
Bounty paid
$2,000
Title
Бесконечный доступ к аккаунту если мы смогли хотя бы раз зайти на аккаунт.
URL
https://hackerone.com/reports/596363
Severity score
null
Reporter
cheatboss
Bounty paid
$500
Title
Android - Access of some not exported content providers
URL
https://hackerone.com/reports/272044
Severity score
null
Reporter
bagipro
Bounty paid
$1,000
Title
Missing function level access controls allowing attacker to abuse file access controls. Multiple vulnerabilities
URL
https://hackerone.com/reports/171130
Severity score
null
Reporter
abhijeth
Bounty paid
null
Title
Invoices can be added to any retainers - even closs-platform
URL
https://hackerone.com/reports/165862
Severity score
null
Reporter
eboda
Bounty paid
$500
Title
Bypass blocked profile protection on aircrm.ubnt.com
URL
https://hackerone.com/reports/332631
Severity score
null
Reporter
bogdantcaciuc
Bounty paid
$100
Title
IDOR on https://www.eobot.com/paypal
URL
https://hackerone.com/reports/34728
Severity score
null
Reporter
surgent10cross
Bounty paid
null
Title
China - ecjobsdc.starbucks.com.cn html/shtml file upload vulnerability
URL
https://hackerone.com/reports/412481
Severity score
7.5
Reporter
neweq
Bounty paid
null
Title
daily.owncloud.com: Information disclosure
URL
https://hackerone.com/reports/84085
Severity score
null
Reporter
c0ldb00t3r
Bounty paid
null
Title
Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints
URL
https://hackerone.com/reports/501672
Severity score
null
Reporter
jon_bottarini
Bounty paid
$900
Title
Homebrew privilege escalation vulnerability
URL
https://hackerone.com/reports/593926
Severity score
8.8
Reporter
hi_ztz
Bounty paid
null
Title
Host Header Injection
URL
https://hackerone.com/reports/698416
Severity score
null
Reporter
masterhackor
Bounty paid
$500
Title
AWS subdomain Takeover at estore.razersynapse.com
URL
https://hackerone.com/reports/785179
Severity score
null
Reporter
3viltwin
Bounty paid
$250
Title
fabric.io - app member can make himself an admin
URL
https://hackerone.com/reports/42961
Severity score
null
Reporter
satishb3
Bounty paid
$1,400
Title
Delete permission can be added on reshare
URL
https://hackerone.com/reports/633245
Severity score
3.5
Reporter
phil-davis
Bounty paid
$100
Title
Local Privilege Escalation on Dropbox Desktop for Windows
URL
https://hackerone.com/reports/773571
Severity score
null
Reporter
tesitura
Bounty paid
null
Title
Subdomain takeover (sales.mixmax.com)
URL
https://hackerone.com/reports/233408
Severity score
null
Reporter
jin
Bounty paid
null
Title
Requesting Show CheckIn Alert for Non Friend User
URL
https://hackerone.com/reports/174882
Severity score
null
Reporter
vinesh1989
Bounty paid
$500
Title
Bulgaria - Subdomain takeover of mail.starbucks.bg
URL
https://hackerone.com/reports/736863
Severity score
8.4
Reporter
nukedx
Bounty paid
$1,000
Title
Able to Become Admin for Any LINE Official Account
URL
https://hackerone.com/reports/698579
Severity score
null
Reporter
ngalog
Bounty paid
$4,750
Title
Users can bookmark other user's messages
URL
https://hackerone.com/reports/192611
Severity score
null
Reporter
strukt
Bounty paid
$128
Title
Restricted user can add and delete tags of APM key transactions
URL
https://hackerone.com/reports/638685
Severity score
null
Reporter
jon_bottarini
Bounty paid
$750
Title
Domain Takeover in [obviousengine.com] a snapchat acquisitions
URL
https://hackerone.com/reports/392785
Severity score
null
Reporter
malcolmx
Bounty paid
null
Title
GlassWireSetup.exe subject to EXE planting attack
URL
https://hackerone.com/reports/107213
Severity score
null
Reporter
ericlaw
Bounty paid
$100
Title
Deprecated Hacker101 coursework repository mentions Heroku App that is susceptible to takeover
URL
https://hackerone.com/reports/514451
Severity score
0
Reporter
m7mdharoun
Bounty paid
$500
Title
Subdomain takeover on dev-admin.periscope.tv
URL
https://hackerone.com/reports/531890
Severity score
null
Reporter
h1ch3ro
Bounty paid
null
Title
[H1-2006 2020] Multiple vulnerabilities leading account takeover
URL
https://hackerone.com/reports/887700
Severity score
null
Reporter
nukedx
Bounty paid
null
Title
Users with guest access can post notes to private merge requests, issues, and snippets
URL
https://hackerone.com/reports/195140
Severity score
4.3
Reporter
jobert
Bounty paid
null
Title
Abusing VCS control on phabricator
URL
https://hackerone.com/reports/16315
Severity score
null
Reporter
tunnelshade
Bounty paid
$600
Title
Privilege escalation allows to use iframe functionality w/o upgrade
URL
https://hackerone.com/reports/594080
Severity score
null
Reporter
muon4
Bounty paid
null
Title
A user can add videos to other user's private groups
URL
https://hackerone.com/reports/50786
Severity score
null
Reporter
satishb3
Bounty paid
$250
Title
Team Member(s) associated with a Group have Read-only permission (Post internal comments) can post comment to all the participants
URL
https://hackerone.com/reports/107336
Severity score
null
Reporter
dz_samir
Bounty paid
$500
Title
[NR Synthetics] Restricted user can view synthetics monitors and user permissions through .json endpoint at /permissions/securablemetadata/{GROUP ID}
URL
https://hackerone.com/reports/320689
Severity score
null
Reporter
jon_bottarini
Bounty paid
$750
Title
Every user can delete public deploy keys
URL
https://hackerone.com/reports/195088
Severity score
6.5
Reporter
jobert
Bounty paid
null
Title
UniFi Video web interface Configuration Restore user privilege escalation
URL
https://hackerone.com/reports/329659
Severity score
8
Reporter
ajxchapman
Bounty paid
$1,500
Title
UniFi Video v3.10.1 (Windows) Local Privileges Escalation to SYSTEM from arbitrary filedelete and DLL hijack vulnerabilities.
URL
https://hackerone.com/reports/530967
Severity score
6.7
Reporter
b0yd
Bounty paid
$667
Title
Subdomain takeover on rider.uber.com due to non-existent distribution on Cloudfront
URL
https://hackerone.com/reports/175070
Severity score
null
Reporter
fransrosen
Bounty paid
$1,000
Title
User to Admin privilege escalation in Infrastructure Conditions - /v2/accounts/1835740/alerts/conditions
URL
https://hackerone.com/reports/300879
Severity score
5.4
Reporter
michiel
Bounty paid
$500
Title
Upgrade menu exposes the mobile application token meant to only be visible to administrators
URL
https://hackerone.com/reports/447975
Severity score
null
Reporter
jon_bottarini
Bounty paid
$750
Title
subdomain takeover at status0.stripo.email
URL
https://hackerone.com/reports/737695
Severity score
null
Reporter
haxorpunk
Bounty paid
null
Title
WooCommerce Blacklist in 'map_meta_cap' leads to Privilege Escalation of Shopmanagers
URL
https://hackerone.com/reports/403039
Severity score
null
Reporter
simonscannell
Bounty paid
$350
Title
Abusing and Hacking the SMTP Server secure.lahitapiola.fi
URL
https://hackerone.com/reports/138315
Severity score
null
Reporter
aaditya_purani
Bounty paid
$300
Title
IDOR allows accounts to view full name of other accounts based on email through share notes feature
URL
https://hackerone.com/reports/476958
Severity score
4.3
Reporter
jon_bottarini
Bounty paid
$750
Title
Subdomain takeover at iosota.razersynapse.com via Amazon S3
URL
https://hackerone.com/reports/813313
Severity score
7.5
Reporter
e4366eolywrgpidfbio
Bounty paid
$200
Title
Invite any user to your group without even following him
URL
https://hackerone.com/reports/52707
Severity score
null
Reporter
indoappsec
Bounty paid
$250
Title
Subdomain Takeover (moderator.ubnt.com)
URL
https://hackerone.com/reports/181665
Severity score
null
Reporter
madrobot
Bounty paid
$500
Title
Subdomain takeover of ████
URL
https://hackerone.com/reports/900062
Severity score
null
Reporter
flav_
Bounty paid
null
Title
Create and Update patients vulnerability
URL
https://hackerone.com/reports/59505
Severity score
null
Reporter
techintheprovince
Bounty paid
$150
Title
Subdomain takeover #4 at info.hacker.one
URL
https://hackerone.com/reports/220002
Severity score
3.5
Reporter
ak1t4
Bounty paid
$500
Title
Subdomain takeover #3 at info.hacker.one
URL
https://hackerone.com/reports/217358
Severity score
3.5
Reporter
ak1t4
Bounty paid
$1,000
Title
profile photo update bypass
URL
https://hackerone.com/reports/43758
Severity score
null
Reporter
defmax
Bounty paid
null
Title
A user can post comments on other user's private videos
URL
https://hackerone.com/reports/50829
Severity score
null
Reporter
satishb3
Bounty paid
$500
Title
Privilege escalation due to insecure use of logrotate
URL
https://hackerone.com/reports/578119
Severity score
null
Reporter
petee
Bounty paid
$1,000
Title
Drupal admin takeover via install.php not being performed prior to install.
URL
https://hackerone.com/reports/329407
Severity score
null
Reporter
grampae
Bounty paid
null
Title
Privilege escalation from any user (including external) to gitlab admin when admin impersonates you
URL
https://hackerone.com/reports/493324
Severity score
null
Reporter
skavans
Bounty paid
$10,000
Title
[api.my.games/social/chat/multi/add] Privilege escalation on adding new members to group chat
URL
https://hackerone.com/reports/974878
Severity score
0
Reporter
mainteemoforfun
Bounty paid
$150
Title
User with Read-Only permissions can edit the Internal comment Activities on Bug Reports After Revoke the team access permissions
URL
https://hackerone.com/reports/119221
Severity score
null
Reporter
techguynoob
Bounty paid
$500
Title
Making groups in any project without permission
URL
https://hackerone.com/reports/8102
Severity score
null
Reporter
daksh
Bounty paid
null
Title
Web cache deception attack - expose token information
URL
https://hackerone.com/reports/397508
Severity score
6.5
Reporter
memon
Bounty paid
$500
Title
Enumeration in unsubscribe -function of /omatalousuk (viestinta.lahitapiola.fi)
URL
https://hackerone.com/reports/201314
Severity score
5.3
Reporter
frankiexote
Bounty paid
$100
Title
get users information without full access
URL
https://hackerone.com/reports/93616
Severity score
null
Reporter
supernatural
Bounty paid
$500
Title
show control page if you insert ' at http://viestinta.lahitapiola.fi/
URL
https://hackerone.com/reports/205920
Severity score
null
Reporter
huntertxt
Bounty paid
$50
Title
Critical IDOR - Get venue data of any organization remotely
URL
https://hackerone.com/reports/120305
Severity score
null
Reporter
itly
Bounty paid
null
Title
[Privilege Escalation] Authenticated users can manipulate others fullname without their knowledge
URL
https://hackerone.com/reports/244567
Severity score
null
Reporter
r3y
Bounty paid
null
Title
Privilege escalation - Normal user can somehow make admin to delete shared folders
URL
https://hackerone.com/reports/166581
Severity score
null
Reporter
egrep
Bounty paid
null
Title
[h1-2006 2020] Writeup h12006 CTF
URL
https://hackerone.com/reports/895795
Severity score
null
Reporter
0xxl
Bounty paid
null
Title
IDOR - Disable sharing
URL
https://hackerone.com/reports/153905
Severity score
2.6
Reporter
byeu
Bounty paid
$100
Title
Critical IDOR - Can select any Parent while creating new Venue
URL
https://hackerone.com/reports/120312
Severity score
null
Reporter
itly
Bounty paid
null
Title
Subdomain takeover of translate.uber.com, de.uber.com and fr.uber.com
URL
https://hackerone.com/reports/149679
Severity score
null
Reporter
rojansec
Bounty paid
$2,250
Title
Subdomain Takeover at analyticstest.geekbrains.ru
URL
https://hackerone.com/reports/942179
Severity score
null
Reporter
steal_wart
Bounty paid
null
Title
Missing rate limit on critical user actions e.g. reset password, change email, disable account.
URL
https://hackerone.com/reports/157750
Severity score
null
Reporter
rohitdua
Bounty paid
null
Title
Subdomain Takeover at http://gameday.websummit.net
URL
https://hackerone.com/reports/193056
Severity score
null
Reporter
filedeletor1
Bounty paid
$20
Title
Privilege Escalation - A MEMBER with no ACCESS to ORDERS can still access the orders by using Order Printer APP
URL
https://hackerone.com/reports/64164
Severity score
null
Reporter
coolboss
Bounty paid
$1,000
Title
Cheating at gallery rating
URL
https://hackerone.com/reports/76784
Severity score
null
Reporter
sobolev
Bounty paid
null
Title
Arbitrary File Write as SYSTEM from unprivileged user
URL
https://hackerone.com/reports/583184
Severity score
7.8
Reporter
b0yd
Bounty paid
$1,250
Title
Subdomain Takeover
URL
https://hackerone.com/reports/289051
Severity score
null
Reporter
picklepwns
Bounty paid
null
Title
[alerts.newrelic.com] Scanning local network via notification channel
URL
https://hackerone.com/reports/153634
Severity score
null
Reporter
s_p_q_r
Bounty paid
null
Title
Shopify Stocky App OAuth Misconfiguration
URL
https://hackerone.com/reports/740989
Severity score
null
Reporter
vulnh0lic
Bounty paid
$5,000
Title
First & Last Name Disclosure of any Shopify Store Admin
URL
https://hackerone.com/reports/93294
Severity score
null
Reporter
hazimaslam
Bounty paid
$500
Title
Subdomain take-over of {REDACTED}.18f.gov
URL
https://hackerone.com/reports/263542
Severity score
null
Reporter
jackds
Bounty paid
null
Title
[H1-2006 2020] Solution for the h1-2006 CTF challenge
URL
https://hackerone.com/reports/891093
Severity score
7.5
Reporter
thehackerish
Bounty paid
null
Title
Privilege Escalation via Keybase Helper
URL
https://hackerone.com/reports/397478
Severity score
null
Reporter
xpn
Bounty paid
$5,000
Title
privilege escalation
URL
https://hackerone.com/reports/21210
Severity score
null
Reporter
niks
Bounty paid
$50
Title
User can start call in a channel of an unpaid account
URL
https://hackerone.com/reports/147369
Severity score
null
Reporter
jobert
Bounty paid
$100
Title
Privilege escalation allows any user to add an administrator
URL
https://hackerone.com/reports/343626
Severity score
9.9
Reporter
patrickrbc
Bounty paid
null
Title
Subdomain takeover on svcgatewaydevus.starbucks.com and svcgatewayloadus.starbucks.com
URL
https://hackerone.com/reports/383564
Severity score
null
Reporter
blurbdust
Bounty paid
$4,000
Title
unauthorized access to all collections name
URL
https://hackerone.com/reports/93004
Severity score
null
Reporter
supernatural
Bounty paid
$2,000
Title
[API ISSUE] agents can Create agents even after they are disabled !
URL
https://hackerone.com/reports/84709
Severity score
null
Reporter
defmax
Bounty paid
$100
Title
Subdomain takeover on wfmnarptpc.starbucks.com
URL
https://hackerone.com/reports/388622
Severity score
null
Reporter
0xpatrik
Bounty paid
$2,000
Title
A sales only user can edit the purchase invoice drafts.
URL
https://hackerone.com/reports/918938
Severity score
null
Reporter
vapour
Bounty paid
$100
Title
Fabric.io - an app admin can delete team members from other user apps
URL
https://hackerone.com/reports/43065
Severity score
null
Reporter
satishb3
Bounty paid
$1,120
Title
apps.owncloud.com: Edit Question didn't check ACLs
URL
https://hackerone.com/reports/85532
Severity score
null
Reporter
dz_samir
Bounty paid
null
Title
Abusing daemon logs for Privilege escalation under certain scenarios
URL
https://hackerone.com/reports/16392
Severity score
null
Reporter
tunnelshade
Bounty paid
$300
Title
[flintcms] Account takeover due to blind MongoDB injection in password reset
URL
https://hackerone.com/reports/386807
Severity score
9
Reporter
becojo
Bounty paid
null
Title
A non-administrator user can change his email even when it is restricted by an administrator
URL
https://hackerone.com/reports/805943
Severity score
null
Reporter
agnidevan
Bounty paid
$250
Title
Bypass pin(4 digit passcode on your android app)
URL
https://hackerone.com/reports/50884
Severity score
null
Reporter
adrianbelen
Bounty paid
$100
Title
Privilege Escalation via Keybase Helper (incomplete security fix)
URL
https://hackerone.com/reports/470003
Severity score
null
Reporter
0xcccc
Bounty paid
$3,250
Title
[NR Synthetics] Restricted User can add/modify alert conditions on monitors without any synthetics privileges
URL
https://hackerone.com/reports/334143
Severity score
null
Reporter
jon_bottarini
Bounty paid
$750
Title
Написать от имени любого пользователя на его стене, если он перейдет по ссылке. https://vk.com/al_video.php
URL
https://hackerone.com/reports/211072
Severity score
null
Reporter
circuit
Bounty paid
$200
Title
Privilege escalation in workers container
URL
https://hackerone.com/reports/692603
Severity score
null
Reporter
testanull
Bounty paid
$1,500
Title
Team member invitations to sandboxed teams are not invalidated consistently (v2)
URL
https://hackerone.com/reports/48422
Severity score
null
Reporter
siddiki
Bounty paid
$500
Title
[NR Alerts] Internal API exposes Synthetics monitor details to a restricted user without view monitor permissions
URL
https://hackerone.com/reports/386556
Severity score
null
Reporter
jon_bottarini
Bounty paid
$750
Title
Requesting Mediation possible on reports that are too old for mediation
URL
https://hackerone.com/reports/159512
Severity score
null
Reporter
troubleshooter
Bounty paid
$500
Title
Local privilege escalation bug using Keybase redirector on macOS
URL
https://hackerone.com/reports/470398
Severity score
7.8
Reporter
votava
Bounty paid
$2,500
Title
Critical IDOR - Make Rule for Any Group & Any Venue remotely
URL
https://hackerone.com/reports/120318
Severity score
null
Reporter
itly
Bounty paid
null
Title
SaaS admin can modify/delete/get user information.
URL
https://hackerone.com/reports/324006
Severity score
8.8
Reporter
rijalrojan
Bounty paid
$750
Title
Subdomain takeover at ftp.thx.com
URL
https://hackerone.com/reports/703591
Severity score
8.3
Reporter
jackb898
Bounty paid
$250
Title
Паблики: Модератор паблика может удалять добавленные редакторами материалы с таймером на публикацию.
URL
https://hackerone.com/reports/148467
Severity score
null
Reporter
povargek
Bounty paid
$100
Title
A user can edit comments even after video comments are disabled
URL
https://hackerone.com/reports/50776
Severity score
null
Reporter
satishb3
Bounty paid
$250
Title
Privilege Escalation in Default Notification Preferences
URL
https://hackerone.com/reports/210298
Severity score
null
Reporter
r0x33d
Bounty paid
null
Title
Users can enable API access for free via mass assignment
URL
https://hackerone.com/reports/267781
Severity score
null
Reporter
albinowax
Bounty paid
null
Title
Private Photo Disclosure - /user/stream_photo_attach?load=album&id= endpoint
URL
https://hackerone.com/reports/141868
Severity score
null
Reporter
mikkz
Bounty paid
$1,000
Title
User with Read-Only permissions can edit the SwagAwarded Activities on Bug Reports
URL
https://hackerone.com/reports/118731
Severity score
null
Reporter
techguynoob
Bounty paid
null
Title
macOS privilege escalation
URL
https://hackerone.com/reports/490960
Severity score
null
Reporter
u3mur4
Bounty paid
$2,000
Title
Able to download arbitrary PHP files at yelpblog.com
URL
https://hackerone.com/reports/194351
Severity score
null
Reporter
ret2jazzy
Bounty paid
$100
Title
Subdomain Takeover uptime
URL
https://hackerone.com/reports/824909
Severity score
null
Reporter
sniper302
Bounty paid
$100
Title
Unauthorized User Can Delete Any User Account
URL
https://hackerone.com/reports/803141
Severity score
null
Reporter
d4rk_g1rl
Bounty paid
$100
Title
[okl.lt] Раскрытие администраторских функций в .js + Возможность использования этих функций.
URL
https://hackerone.com/reports/547145
Severity score
null
Reporter
iframe
Bounty paid
$500
Title
[H1-2006 2020] Bypassing access control checks by modifying the URL, internal application state, or the HTML page, or using a custom API attack tool
URL
https://hackerone.com/reports/895172
Severity score
null
Reporter
bcobain23
Bounty paid
null
Title
Privilege Escalation in Share Report
URL
https://hackerone.com/reports/210304
Severity score
null
Reporter
r0x33d
Bounty paid
null
Title
Share your channel to any user on vimeo without following him
URL
https://hackerone.com/reports/52708
Severity score
null
Reporter
indoappsec
Bounty paid
$250
Title
Privilege-0 to Root Privilege Escalation on EdgeSwitch
URL
https://hackerone.com/reports/511025
Severity score
7.5
Reporter
fr33rh
Bounty paid
$1,604
Title
Privilege Escalation.
URL
https://hackerone.com/reports/240562
Severity score
3
Reporter
leet-boy
Bounty paid
$100
Title
abusing Thumbnails(https://vimeo.com/upload/select_thumb) to see a private video
URL
https://hackerone.com/reports/43850
Severity score
null
Reporter
adrianbelen
Bounty paid
$1,000
Title
Privilege escalation to access all private groups and repositories
URL
https://hackerone.com/reports/131210
Severity score
null
Reporter
jobert
Bounty paid
null
Title
Email Forwarding invitations for Drafts are not marked as accepted, allowing multiple users to join a program after disabling Email Forwarding
URL
https://hackerone.com/reports/331691
Severity score
3.8
Reporter
d4rk_g1rl
Bounty paid
$500
Title
From nobody to somebody
URL
https://hackerone.com/reports/485407
Severity score
6.1
Reporter
u3mur4
Bounty paid
$750
Title
Bookmarks: Delete all existing bookmarks of a user
URL
https://hackerone.com/reports/154529
Severity score
null
Reporter
ctee
Bounty paid
null
Title
Privilege escalation-User who does not have access is able to add notes to the contact
URL
https://hackerone.com/reports/235059
Severity score
null
Reporter
syntax-error
Bounty paid
null
Title
Staff member can delete Private Apps
URL
https://hackerone.com/reports/155704
Severity score
null
Reporter
indoappsec
Bounty paid
$500
Title
Privilege escalation from member user ( editor ) to admin user
URL
https://hackerone.com/reports/827595
Severity score
null
Reporter
pain45
Bounty paid
null
Title
Critical IDOR - Delete any group of any organization remotely
URL
https://hackerone.com/reports/120121
Severity score
null
Reporter
itly
Bounty paid
null
Title
[www.zomato.com] Privilege Escalation - /php/restaurant_menus_handler.php
URL
https://hackerone.com/reports/300454
Severity score
null
Reporter
gerben_javado
Bounty paid
$200
Title
Git available containing passwords.
URL
https://hackerone.com/reports/173811
Severity score
null
Reporter
xpathmaster
Bounty paid
$400
Title
HackerOne customer submitted sensitive link to VirusTotal, exposing confidential information
URL
https://hackerone.com/reports/378122
Severity score
null
Reporter
tester2020
Bounty paid
$350
Title
Privilege Escalation by abusing non-existent path. (Windows)
URL
https://hackerone.com/reports/440963
Severity score
6.3
Reporter
0x09al
Bounty paid
null
Title
Staff members with no permission can access to the files, uploaded by the administrator
URL
https://hackerone.com/reports/97452
Severity score
null
Reporter
hexrby
Bounty paid
$500
Title
[Critical] Possibility to takeover any user account #2 without interaction on the https://██████████
URL
https://hackerone.com/reports/544334
Severity score
null
Reporter
sp1d3rs
Bounty paid
null
Title
H1514 Ability to Edit Packaging Slip Templates and View Product & Shipping Information by a low privileged staff in a Sandbox Store
URL
https://hackerone.com/reports/423198
Severity score
null
Reporter
anshuman_bh
Bounty paid
$500
Title
Nextcloud 10.0 privilege escalation issue - Normal user can mask external storage shared by admin
URL
https://hackerone.com/reports/165229
Severity score
5.4
Reporter
egrep
Bounty paid
$50
Title
Deleting groups in any project without permission
URL
https://hackerone.com/reports/8104
Severity score
null
Reporter
daksh
Bounty paid
null
Title
Mailgun misconfiguration leads to email snooping and postmaster@-access on email.mg.gitlab.com
URL
https://hackerone.com/reports/174983
Severity score
null
Reporter
fransrosen
Bounty paid
null
Title
Subdomain takeover of storybook.lystit.com
URL
https://hackerone.com/reports/779442
Severity score
7.3
Reporter
parzel
Bounty paid
$1,000
Title
Способ узнать имя человека и ВУЗ удаленной страницы
URL
https://hackerone.com/reports/93020
Severity score
null
Reporter
grande
Bounty paid
$100
Title
Account members can re-add themselve after has been deleted by administrator
URL
https://hackerone.com/reports/300881
Severity score
null
Reporter
tolo7010
Bounty paid
$150
Title
Insecure Direct Object Reference on badoo.com
URL
https://hackerone.com/reports/126861
Severity score
null
Reporter
b6117130df17feef13481e3
Bounty paid
null
Title
Bypassing quota limit
URL
https://hackerone.com/reports/173622
Severity score
0
Reporter
nordin
Bounty paid
null
Title
Mailgun misconfiguration
URL
https://hackerone.com/reports/244474
Severity score
null
Reporter
eavesdr0pp3r
Bounty paid
null
Title
Privilege Escalation through Keybase Installer via Helper
URL
https://hackerone.com/reports/473252
Severity score
8.2
Reporter
jinmo123
Bounty paid
$2,500
Title
Re-Sharing allows increase of privileges
URL
https://hackerone.com/reports/889243
Severity score
5.5
Reporter
alx_il
Bounty paid
$750
Title
Privilege Escalation: Read-Only to Admin
URL
https://hackerone.com/reports/277138
Severity score
8.2
Reporter
foobar7
Bounty paid
$750
Title
Critical IDOR - Set anyone's Terminal Data remotely
URL
https://hackerone.com/reports/120291
Severity score
null
Reporter
itly
Bounty paid
null
Title
Arbitrary DLL injection in mmsminisrv (Acronis Managed Machine Service Mini)
URL
https://hackerone.com/reports/944735
Severity score
8.1
Reporter
adr
Bounty paid
$250
Title
Local file inclusion vulnerability on a DoD website
URL
https://hackerone.com/reports/196448
Severity score
null
Reporter
fransrosen
Bounty paid
null
Title
Infrastructure and Application Admin Interfaces (OWASP‐CM‐007)
URL
https://hackerone.com/reports/11414
Severity score
null
Reporter
cmaruti
Bounty paid
$250
Title
able to login into login.topechelon.com
URL
https://hackerone.com/reports/712318
Severity score
null
Reporter
darkshadow1733
Bounty paid
null
Title
Team admin can add billing contacts
URL
https://hackerone.com/reports/47940
Severity score
null
Reporter
satishb3
Bounty paid
$200
Title
User with only Viewing Privilege can send message to Room
URL
https://hackerone.com/reports/202499
Severity score
null
Reporter
lucasveigaf
Bounty paid
$300
Title
Reading arbitrary files via running arbitrary python code
URL
https://hackerone.com/reports/974697
Severity score
null
Reporter
kkp_hackk9
Bounty paid
null
Title
Bypass User Interaction to initiate a VoIP call to Another User
URL
https://hackerone.com/reports/386144
Severity score
null
Reporter
heeeeen
Bounty paid
$500.01
Title
[download.newrelic.com] Access to private directories
URL
https://hackerone.com/reports/115922
Severity score
null
Reporter
s_p_q_r
Bounty paid
null
Title
Business/Functional logic bypass: Remove admins from admin group.
URL
https://hackerone.com/reports/145745
Severity score
null
Reporter
paglababa
Bounty paid
null
Title
UniFi Video Server - Broken access control on system configuration
URL
https://hackerone.com/reports/129698
Severity score
7.7
Reporter
hamlon
Bounty paid
$1,000
Title
Bypass permissions
URL
https://hackerone.com/reports/169680
Severity score
5.4
Reporter
secator
Bounty paid
$750
Title
Administrators can add other administrators
URL
https://hackerone.com/reports/304642
Severity score
null
Reporter
gamliel
Bounty paid
null
Title
Доступ к чужим приватным фотографиям (3) через обложку видео
URL
https://hackerone.com/reports/78516
Severity score
null
Reporter
4lemon
Bounty paid
$200
Title
PM can delete the company logo image (Vertical Privilege Escalation )
URL
https://hackerone.com/reports/159387
Severity score
null
Reporter
indoappsec
Bounty paid
$100
Title
Privilege escalation in the client impersonation functionality
URL
https://hackerone.com/reports/221454
Severity score
null
Reporter
twicedi
Bounty paid
$1,500
Title
macOS privilege escalation via keybase install
URL
https://hackerone.com/reports/471739
Severity score
6.3
Reporter
mirchr
Bounty paid
$1,250
Title
Insecure direct object reference vulnerability on a DoD website
URL
https://hackerone.com/reports/184933
Severity score
null
Reporter
rijalrojan
Bounty paid
null
Title
Staff member with no permission can delete POS staff from account settings
URL
https://hackerone.com/reports/860348
Severity score
null
Reporter
kunal94
Bounty paid
$500
Title
Unquoted Service Path in "Rockstar Game Library Service"
URL
https://hackerone.com/reports/716448
Severity score
6.7
Reporter
adr
Bounty paid
$750
Title
Subdomain takeover on usclsapipma.cv.ford.com
URL
https://hackerone.com/reports/484420
Severity score
null
Reporter
march
Bounty paid
null
Title
Обход: "Аудиозапись недоступна для прослушивания в Вашем регионе."
URL
https://hackerone.com/reports/208654
Severity score
null
Reporter
shady-r
Bounty paid
$100
Title
subdomain takeover at status-stage0.stripo.email
URL
https://hackerone.com/reports/781614
Severity score
null
Reporter
laz0rde
Bounty paid
null
Title
Team admin can change unauthorized team setting (allow_message_deletion)
URL
https://hackerone.com/reports/46750
Severity score
null
Reporter
satishb3
Bounty paid
$100
Title
Subdomain takeover in help.tictail.com pointing to Zendesk (a Shopify acquisition)
URL
https://hackerone.com/reports/869605
Severity score
null
Reporter
meow-hacker-meow
Bounty paid
null
Title
Project Template functionality can be used to copy private project data, such as repository, confidential issues, snippets, and merge requests
URL
https://hackerone.com/reports/689314
Severity score
null
Reporter
jobert
Bounty paid
$12,000
Title
Allow authenticated users can edit, trash,and add new in BuddyPress Emails function
URL
https://hackerone.com/reports/833782
Severity score
null
Reporter
hoangkien1020
Bounty paid
$225
Title
[NR Alerts/Synthetics?] User with no Synthetics permissions can view synthetic monitor details through /internal_api/ endpoint
URL
https://hackerone.com/reports/320200
Severity score
null
Reporter
jon_bottarini
Bounty paid
$750
Title
Ubuntu 12.04 Privilege Escalation
URL
https://hackerone.com/reports/380782
Severity score
null
Reporter
ezkbd
Bounty paid
null
Title
Editing a project (LIMITED)
URL
https://hackerone.com/reports/176899
Severity score
null
Reporter
bugdiscloseguys
Bounty paid
$100
Title
Apps can access 'channels' beta api
URL
https://hackerone.com/reports/98499
Severity score
null
Reporter
rms
Bounty paid
$500
Title
Critical - Insecure Direct Object Reference - Deleting any member of any organization remotely
URL
https://hackerone.com/reports/120115
Severity score
null
Reporter
itly
Bounty paid
null
Title
Unprivileged alliance member is able to recruit new members to his alliance and accepting them (xs1.grepolis.com)
URL
https://hackerone.com/reports/511275
Severity score
4.6
Reporter
batee5a
Bounty paid
$550
Title
Android MailRu Email: Thirdparty can access private data files with small user interaction
URL
https://hackerone.com/reports/226191
Severity score
4.4
Reporter
dzmitry
Bounty paid
$300
Title
CRITICAL vulnerability - Insecure Direct Object Reference - Unauthorized access to Videos of Channel whose privacy is set to Private.
URL
https://hackerone.com/reports/45960
Severity score
null
Reporter
coolboss
Bounty paid
$250
Title
[docs-ra.newrelic.com] subdomain and Drupal takeover via unconfigured endpoint
URL
https://hackerone.com/reports/207381
Severity score
null
Reporter
ysx
Bounty paid
null
Title
Accessing Payments page and adding payment methods with limited access accounts
URL
https://hackerone.com/reports/92481
Severity score
null
Reporter
shahmeer-amir
Bounty paid
$500
Title
Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass
URL
https://hackerone.com/reports/374106
Severity score
null
Reporter
metnew
Bounty paid
$50
Title
[NR Insights] Data app permissions setting does not fully prevent other users from modifying/changing changing data related to your data app
URL
https://hackerone.com/reports/388743
Severity score
null
Reporter
jon_bottarini
Bounty paid
$750
Title
Dav sharing permissions issue
URL
https://hackerone.com/reports/174896
Severity score
4.6
Reporter
nickvergessen
Bounty paid
null
Title
China - president-starbucks.com.cn DNS configuration reported as takeover
URL
https://hackerone.com/reports/423269
Severity score
7.5
Reporter
k3mlol
Bounty paid
$1,000
Title
Missing authorization check on dashboard overviews
URL
https://hackerone.com/reports/93680
Severity score
null
Reporter
shahmeer-amir
Bounty paid
$500
Title
ACME TLS-SNI-01/02 challenge vulnerable when combined with shared hosting providers
URL
https://hackerone.com/reports/304378
Severity score
9.9
Reporter
fransrosen
Bounty paid
null
Title
DLL Hijacking in Burp Suite Pro 2.0.19 Installer
URL
https://hackerone.com/reports/518837
Severity score
null
Reporter
freetom
Bounty paid
null
Title
Incorrect Permission Assignment for Critical Resource
URL
https://hackerone.com/reports/394861
Severity score
null
Reporter
dhiraj-mishra
Bounty paid
null
Title
Privilege Escalation удаляем все созданные ссылки с okl.lt
URL
https://hackerone.com/reports/478621
Severity score
null
Reporter
iframe
Bounty paid
$500
Title
Авторизуюсь от имени любого пользователя parapa.mail.ru
URL
https://hackerone.com/reports/31418
Severity score
null
Reporter
c37hun
Bounty paid
null
Title
Change Any username and profile link in hackerone
URL
https://hackerone.com/reports/25281
Severity score
null
Reporter
abuseing
Bounty paid
$100
Title
Logic flaw enables restricted account to access account license key
URL
https://hackerone.com/reports/200576
Severity score
null
Reporter
jon_bottarini
Bounty paid
$500
Title
Subdomain takeover on svcgatewayus.starbucks.com
URL
https://hackerone.com/reports/325336
Severity score
9.3
Reporter
0xpatrik
Bounty paid
$2,000
Title
Full access to any list
URL
https://hackerone.com/reports/173969
Severity score
null
Reporter
sameoldstory
Bounty paid
$150
Title
Critical IDOR - Get Authentication Details of any Terminal/Gatekeeper
URL
https://hackerone.com/reports/120293
Severity score
null
Reporter
itly
Bounty paid
null
Title
Subdomain takeover #2 at info.hacker.one
URL
https://hackerone.com/reports/209004
Severity score
3.5
Reporter
ak1t4
Bounty paid
$1,000
Title
Normal user can set "Job title" of other users by Direct Object Reference
URL
https://hackerone.com/reports/123435
Severity score
null
Reporter
sarwarjahan
Bounty paid
null
Title
Missing rate limit on private videos password
URL
https://hackerone.com/reports/124564
Severity score
null
Reporter
saeedhashem
Bounty paid
null
Title
Invitation issue
URL
https://hackerone.com/reports/56726
Severity score
null
Reporter
frozen
Bounty paid
$500
Title
Insecure Direct Object Reference - access to other user/group DM's
URL
https://hackerone.com/reports/53858
Severity score
null
Reporter
akhil-reni
Bounty paid
$420
Title
Ability to monitor reports' submission in real time
URL
https://hackerone.com/reports/159890
Severity score
null
Reporter
saeedhashem
Bounty paid
null
Title
Post in private groups after getting removed
URL
https://hackerone.com/reports/51817
Severity score
null
Reporter
niyaax
Bounty paid
$250
Title
Critical IDOR - Delete any rule of any organization remotely
URL
https://hackerone.com/reports/120126
Severity score
null
Reporter
itly
Bounty paid
null
Title
[h1-415 2020] @_bayotop h1-415-ctf writeup
URL
https://hackerone.com/reports/779113
Severity score
null
Reporter
bayotop
Bounty paid
null
Title
Subdomain takeover of d02-1-ag.productioncontroller.starbucks.com
URL
https://hackerone.com/reports/661751
Severity score
8.4
Reporter
mindtrick
Bounty paid
$2,000
Title
Creating Post on a restricted channel
URL
https://hackerone.com/reports/151459
Severity score
null
Reporter
thisishrsh
Bounty paid
$500
Title
File upload over private IM channel
URL
https://hackerone.com/reports/143903
Severity score
null
Reporter
thisishrsh
Bounty paid
$500
Title
User with read-only access to a share can gain write access to sub-folders in the share
URL
https://hackerone.com/reports/619484
Severity score
4.8
Reporter
phil-davis
Bounty paid
$250
Title
Delete/modify your own comment after limited access(IDOR)
URL
https://hackerone.com/reports/154410
Severity score
null
Reporter
indoappsec
Bounty paid
$500