Bug Bounty

HackerOne Bug Bounty Disclosure: host-header-injection-internal-qa-delivery-indrive-com-mega

February 12, 2024

Company Name: inDrive Company HackerOne URL: https://hackerone.com/indrive Submitted By:mega9Link to Submitters Profile:https://hackerone.com/mega9 Report Title:Host Header Injection - internalqadeliveryindrivecomReport Link:https://hackerone.com/reports/2076786Date Submitted:12...

HackerOne Bug Bounty Disclosure: subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-proabiral

February 11, 2024

Company Name: Mozilla Core Services Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:proabiralLink to Submitters Profile:https://hackerone.com/proabiral Report Title:Subdomain takeover on one of...

HackerOne Bug Bounty Disclosure: subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-d-xing

February 11, 2024

Company Name: Mozilla Core Services Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:d0xingLink to Submitters Profile:https://hackerone.com/d0xing Report Title:Subdomain takeover on one of...

HackerOne Bug Bounty Disclosure: subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-d-xing

February 11, 2024

HackerOne Bug Bounty Disclosure: subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-d-xing

February 11, 2024

HackerOne Bug Bounty Disclosure: subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-d-xing

February 11, 2024

HackerOne Bug Bounty Disclosure: subdomain-takeover-on-one-of-the-subdomain-under-mozgcp-net-d-xing

February 11, 2024

HackerOne Bug Bounty Disclosure: file-listing-through-scripts-folder-itssixtynein

February 9, 2024

Company Name: Tennessee Valley Authority Company HackerOne URL: https://hackerone.com/tennessee-valley-authority Submitted By:itssixtyneinLink to Submitters Profile:https://hackerone.com/itssixtynein Report Title:File listing through scripts folderReport...

HackerOne Bug Bounty Disclosure: blind-stored-xss-in-shopify-internal-parquet-viewer-testingforbugs

February 8, 2024

Company Name: Shopify Company HackerOne URL: https://hackerone.com/shopify Submitted By:testingforbugsLink to Submitters Profile:https://hackerone.com/testingforbugs Report Title:Blind Stored XSS in shopify internal Parquet...

HackerOne Bug Bounty Disclosure: xmlrpc-php-wp-cron-php-files-are-enabled-and-will-used-for-ddos-dos-and-broutforce-users-attack-cyber-tech

February 8, 2024

Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:cyber-techLink to Submitters Profile:https://hackerone.com/cyber-tech Report Title:xmlrpcphp &wp-cronphp files are enabled, and will...

HackerOne Bug Bounty Disclosure: idor-on-graphql-queries-billingdocumentdownload-and-billdetails-blaklis

February 8, 2024

Company Name: Shopify Company HackerOne URL: https://hackerone.com/shopify Submitted By:blaklisLink to Submitters Profile:https://hackerone.com/blaklis Report Title:IDOR on GraphQL queries BillingDocumentDownload and BillDetailsReport...

HackerOne Bug Bounty Disclosure: request-smuggling-in-apache-tomcat-important-cve-mukeran

February 7, 2024

Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:mukeranLink to Submitters Profile:https://hackerone.com/mukeran Report Title:Request Smuggling in Apache Tomcat...

HackerOne Bug Bounty Disclosure: infromation-disclosure-to-use-of-hard-coded-cryptographic-key-ahmed-abdo

February 6, 2024

Company Name: Reddit Company HackerOne URL: https://hackerone.com/reddit Submitted By:ahmed-abdoLink to Submitters Profile:https://hackerone.com/ahmed-abdo Report Title:Infromation Disclosure To Use of Hard-coded Cryptographic...

HackerOne Bug Bounty Disclosure: csrf-to-delete-a-pet-on-dr-m

February 5, 2024

Company Name: Mars Company HackerOne URL: https://hackerone.com/mars Submitted By:dr34m14Link to Submitters Profile:https://hackerone.com/dr34m14 Report Title:CSRF to delete a pet on Report...

HackerOne Bug Bounty Disclosure: account-creation-with-invalid-email-addresses-email-is-accepting-and-d-a-line-termination-chars-resett-r

February 4, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:resett3rLink to Submitters Profile:https://hackerone.com/resett3r Report Title:Account creation with invalid email addresses /...

HackerOne Bug Bounty Disclosure: hackerone-saml-signup-domain-enforcement-bypass-results-in-unauthorized-access-to-hackerone-pullrequest-organization–xacb

February 4, 2024

Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:0xacbLink to Submitters Profile:https://hackerone.com/0xacb Report Title:HackerOne SAML signup domain enforcement bypass results...

HackerOne Bug Bounty Disclosure: vulnerability-report-no-rate-limit-password-reset-cyb-r-assass-n

February 2, 2024

Company Name: Trellix Company HackerOne URL: https://hackerone.com/trellix Submitted By:cyb3r_assass1nLink to Submitters Profile:https://hackerone.com/cyb3r_assass1n Report Title:Vulnerability Report: NO RATE LIMIT Password RESETReport...

HackerOne Bug Bounty Disclosure: b-memory-corruption-via-large-pixels-b-mr-r-boot

February 1, 2024

Company Name: b'Infogram' Company HackerOne URL: https://hackerone.com/infogram Submitted By:b'mr_r3boot'Link to Submitters Profile:https://hackerone.com/b'mr_r3boot' Report Title:b'Memory Corruption via Large Pixels'Report Link:https://hackerone.com/reports/282518Date Submitted:01...

HackerOne Bug Bounty Disclosure: b-default-credentials-at-https-b-forcedrofes

February 1, 2024

Company Name: b'Trellix' Company HackerOne URL: https://hackerone.com/trellix Submitted By:b'forcedrofes'Link to Submitters Profile:https://hackerone.com/b'forcedrofes' Report Title:b'default credentials at https://52.42.105.71/'Report Link:https://hackerone.com/reports/2160178Date Submitted:01 February...

HackerOne Bug Bounty Disclosure: b-port-smpt-open-can-send-any-mail-remotely-from-the-internal-mail-users-to-company-mail-id-s-b-harshniture

February 1, 2024

Company Name: b'SideFX' Company HackerOne URL: https://hackerone.com/sidefx Submitted By:b'harshniture12'Link to Submitters Profile:https://hackerone.com/b'harshniture12' Report Title:b"Port 587 SMPT Open: Can send any...

HackerOne Bug Bounty Disclosure: b-xss-in-subdomain-of-duckduckgo-b-mr-r-boot

February 1, 2024

Company Name: b'DuckDuckGo' Company HackerOne URL: https://hackerone.com/duckduckgo Submitted By:b'mr_r3boot'Link to Submitters Profile:https://hackerone.com/b'mr_r3boot' Report Title:b'XSS in Subdomain of DuckDuckGo'Report Link:https://hackerone.com/reports/395734Date Submitted:01...

HackerOne Bug Bounty Disclosure: b-cve-ocsp-verification-bypass-with-tls-session-reuse-b-kurohiro

January 31, 2024

Company Name: b'curl' Company HackerOne URL: https://hackerone.com/curl Submitted By:b'kurohiro'Link to Submitters Profile:https://hackerone.com/b'kurohiro' Report Title:b'CVE-2024-0853: OCSP verification bypass with TLS session...

HackerOne Bug Bounty Disclosure: b-cors-misconfiguration-on-b-k-hacker

January 31, 2024

Company Name: b'Publitas' Company HackerOne URL: https://hackerone.com/publitas Submitted By:b'2k_hacker'Link to Submitters Profile:https://hackerone.com/b'2k_hacker' Report Title:b'CORS Misconfiguration on 'Report Link:https://hackerone.com/reports/2332728Date Submitted:31 January...

HackerOne Bug Bounty Disclosure: b-pickle-deserialization-vulnerability-in-xcoms-b-zpbrent

January 29, 2024

Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'zpbrent'Link to Submitters Profile:https://hackerone.com/b'zpbrent' Report Title:b'Pickle deserialization vulnerability in XComs'Report...

Bug Bounty

HackerOne Bug Bounty Disclosure: host-header-injection-internal-qa-delivery-indrive-com-mega

HackerOne Bug Bounty Disclosure: subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-proabiral

HackerOne Bug Bounty Disclosure: subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-d-xing

HackerOne Bug Bounty Disclosure: subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-d-xing

HackerOne Bug Bounty Disclosure: subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-d-xing

HackerOne Bug Bounty Disclosure: subdomain-takeover-on-one-of-the-subdomain-under-mozaws-net-d-xing

HackerOne Bug Bounty Disclosure: subdomain-takeover-on-one-of-the-subdomain-under-mozgcp-net-d-xing

HackerOne Bug Bounty Disclosure: file-listing-through-scripts-folder-itssixtynein

HackerOne Bug Bounty Disclosure: blind-stored-xss-in-shopify-internal-parquet-viewer-testingforbugs

HackerOne Bug Bounty Disclosure: xmlrpc-php-wp-cron-php-files-are-enabled-and-will-used-for-ddos-dos-and-broutforce-users-attack-cyber-tech

HackerOne Bug Bounty Disclosure: idor-on-graphql-queries-billingdocumentdownload-and-billdetails-blaklis

HackerOne Bug Bounty Disclosure: request-smuggling-in-apache-tomcat-important-cve-mukeran

HackerOne Bug Bounty Disclosure: infromation-disclosure-to-use-of-hard-coded-cryptographic-key-ahmed-abdo

HackerOne Bug Bounty Disclosure: csrf-to-delete-a-pet-on-dr-m

HackerOne Bug Bounty Disclosure: account-creation-with-invalid-email-addresses-email-is-accepting-and-d-a-line-termination-chars-resett-r

HackerOne Bug Bounty Disclosure: hackerone-saml-signup-domain-enforcement-bypass-results-in-unauthorized-access-to-hackerone-pullrequest-organization–xacb

HackerOne Bug Bounty Disclosure: vulnerability-report-no-rate-limit-password-reset-cyb-r-assass-n

HackerOne Bug Bounty Disclosure: b-memory-corruption-via-large-pixels-b-mr-r-boot

HackerOne Bug Bounty Disclosure: b-default-credentials-at-https-b-forcedrofes

HackerOne Bug Bounty Disclosure: b-port-smpt-open-can-send-any-mail-remotely-from-the-internal-mail-users-to-company-mail-id-s-b-harshniture

HackerOne Bug Bounty Disclosure: b-xss-in-subdomain-of-duckduckgo-b-mr-r-boot

HackerOne Bug Bounty Disclosure: b-cve-ocsp-verification-bypass-with-tls-session-reuse-b-kurohiro

HackerOne Bug Bounty Disclosure: b-cors-misconfiguration-on-b-k-hacker

HackerOne Bug Bounty Disclosure: b-pickle-deserialization-vulnerability-in-xcoms-b-zpbrent

Cobalt Strike Beacon Detected – 47[.]76[.]30[.]15:80

Cobalt Strike Beacon Detected – 52[.]140[.]245[.]31:80

Cobalt Strike Beacon Detected – 120[.]27[.]235[.]78:80

Cobalt Strike Beacon Detected – 8[.]138[.]47[.]245:80

Cobalt Strike Beacon Detected – 158[.]41[.]106[.]139:443

You may have missed