Bugpoint Webview Telegram

Any organization's assets pending review can be downloaded

👉 https://hackerone.com/reports/1787644

🔹 Severity: High
🔹 Reported To: HackerOne
🔹 Reported By: #jobert
🔹 State: 🟢 Resolved
🔹 Disclosed: November 29, 2022, 6:36pm (UTC)

412 views19:22

Bugpoint

Stored XSS Payload when sending videos

👉 https://hackerone.com/reports/1536046

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #aidilarf_2000
🔹 State: 🟢 Resolved
🔹 Disclosed: November 29, 2022, 9:30pm (UTC)

384 views02:52

Bugpoint

If the website does not impose additional defense against CSRF attacks, failing to use the 'Lax' or 'Strict' values could increase the risk of exposur

👉 https://hackerone.com/reports/1707680

🔹 Severity: Low
🔹 Reported To: Yelp
🔹 Reported By: #shubhangirathore836
🔹 State: 🔴 N/A
🔹 Disclosed: November 30, 2022, 3:15pm (UTC)

372 views18:43

Bugpoint

Campaign Account Balance and History Disclosed in API Response

👉 https://hackerone.com/reports/1587374

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: LinkedIn
🔹 Reported By: #sachin_kumar_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 30, 2022, 7:31pm (UTC)

387 views19:40

Bugpoint

Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands

👉 https://hackerone.com/reports/1785378

🔹 Severity: High | 💰 300 USD
🔹 Reported To: Ian Dunn
🔹 Reported By: #ryotak
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2022, 4:00am (UTC)

426 views04:31

Bugpoint

CVE-2022-45402: Apache Airflow: Open redirect during login

👉 https://hackerone.com/reports/1782514

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #bugra
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2022, 9:41am (UTC)

401 views12:13

Bugpoint

Calendar name length not validated before writing to database

👉 https://hackerone.com/reports/1596148

🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #errorx404
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2022, 9:49am (UTC)

397 views12:13

Bugpoint

Firebase Database Takeover in https://pulseradio.mtn.co.ug/

👉 https://hackerone.com/reports/1447751

🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #shuvam321
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2022, 10:52am (UTC)

408 views12:13

Bugpoint

Unprotected Direct Object Reference

👉 https://hackerone.com/reports/1536936

🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #coyemerald
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2022, 5:24pm (UTC)

409 views18:52

Bugpoint

Remove Every User, Admin, And Owner Out Of Their Teams on developers.mtn.com via IDOR + Information Disclosure

👉 https://hackerone.com/reports/1448550

🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #wallotry
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2022, 5:34pm (UTC)

438 views18:52

Bugpoint

Subdomain Takeover at course.oberlo.com

👉 https://hackerone.com/reports/1690951

🔹 Severity: No Rating
🔹 Reported To: Shopify
🔹 Reported By: #m7mdharoun
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2022, 7:22pm (UTC)

461 views02:34

Bugpoint

Read/Write arbitrary (non-HttpOnly) cookies on checkout pages via GoogleAnalyticsAdditionalScripts postMessage handler

👉 https://hackerone.com/reports/1081167

🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #bored-engineer
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2022, 7:34pm (UTC)

477 views02:34

Bugpoint

Disconnecting an external login provider does not revoke session

👉 https://hackerone.com/reports/1547684

🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #attackerbhai
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2022, 7:50pm (UTC)

514 views05:07

Bugpoint

Stored XSS in /admin/product and /admin/collections

👉 https://hackerone.com/reports/1147433

🔹 Severity: Medium | 💰 5,300 USD
🔹 Reported To: Shopify
🔹 Reported By: #ashketchum
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2022, 10:44pm (UTC)

587 views05:07

Bugpoint

Authentication bypass in https://nin.mtn.ng

👉 https://hackerone.com/reports/1747146

🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #roland_hack
🔹 State: 🟢 Resolved
🔹 Disclosed: December 2, 2022, 1:00pm (UTC)

698 views15:19

Bugpoint

XSS in Acronis Cloud Manager Admin Portal

👉 https://hackerone.com/reports/1388788

🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #mooimacow
🔹 State: 🟢 Resolved
🔹 Disclosed: December 2, 2022, 7:48pm (UTC)

822 views22:25

Bugpoint

POST following PUT confusion

👉 https://hackerone.com/reports/1752146

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #robbotic
🔹 State: 🟢 Resolved
🔹 Disclosed: December 2, 2022, 9:03pm (UTC)

1.1K views22:25

Bugpoint

Exposed Cortex API at https://cortex-ingest.shopifycloud.com/

👉 https://hackerone.com/reports/1258871

🔹 Severity: Medium | 💰 6,300 USD
🔹 Reported To: Shopify
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: December 2, 2022, 10:25pm (UTC)

1.2K views23:01

Bugpoint

CVE-2022-35260: .netrc parser out-of-bounds access

👉 https://hackerone.com/reports/1753224

🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #kurohiro
🔹 State: 🟢 Resolved
🔹 Disclosed: December 3, 2022, 12:20am (UTC)

1.8K views01:10

Bugpoint

IDOR in Stats API Endpoint Allows Viewing Equity or Net Profit of Any MT Account

👉 https://hackerone.com/reports/1644436

🔹 Severity: No Rating | 💰 1,000 USD
🔹 Reported To: EXNESS
🔹 Reported By: #ashwarya
🔹 State: 🟢 Resolved
🔹 Disclosed: December 5, 2022, 3:50pm (UTC)

2.0K views16:37

HTML Embed Code:

<iframe width="100%" src="https://www.hottg.com/buyppe/webview?embed=1" title="Telegram Webview" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

2024/06/08 21:47:29
Back to Top