Bug Bounty

hackerone

HackerOne Bug Bounty Disclosure: ability-to-add-and-verify-uncontrolled-mobile-numbers-leading-to-account-takeover-ato-trev-ck

March 4, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:trev0ckLink to Submitters Profile:https://hackerone.com/trev0ck Report Title:Ability to Add and Verify Uncontrolled...

Read MoreRead more about HackerOne Bug Bounty Disclosure: ability-to-add-and-verify-uncontrolled-mobile-numbers-leading-to-account-takeover-ato-trev-ck
hackerone

HackerOne Bug Bounty Disclosure: broken-access-control-leads-to-disclosure-of-transaction-history-via-v-rechargetransactionhistory-endpoint-hafiz-ng

March 2, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:hafiz-ngLink to Submitters Profile:https://hackerone.com/hafiz-ng Report Title:Broken Access Control leads to disclosure...

Read MoreRead more about HackerOne Bug Bounty Disclosure: broken-access-control-leads-to-disclosure-of-transaction-history-via-v-rechargetransactionhistory-endpoint-hafiz-ng
hackerone

HackerOne Bug Bounty Disclosure: stored-xss-via-post-tittle-enabling-non-privileged-user-to-privileged-user-exploitation-on-hxxps-forums-autodesk-com-the-white-evil

February 26, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:the-white-evilLink to Submitters Profile:https://hackerone.com/the-white-evil Report Title:Stored XSS via Post Tittle Enabling Non-Privileged...

Read MoreRead more about HackerOne Bug Bounty Disclosure: stored-xss-via-post-tittle-enabling-non-privileged-user-to-privileged-user-exploitation-on-hxxps-forums-autodesk-com-the-white-evil
hackerone

HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-datazone-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd

February 26, 2025

Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the Datazone...

Read MoreRead more about HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-datazone-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
hackerone

HackerOne Bug Bounty Disclosure: uncontrolled-resource-consumption-when-parsing-maliciously-crafted-xml-with-rexml-l-thaxor

February 20, 2025

Company Name: Ruby Company HackerOne URL: https://hackerone.com/ruby Submitted By:l33thaxorLink to Submitters Profile:https://hackerone.com/l33thaxor Report Title:Uncontrolled Resource Consumption when parsing maliciously crafted...

Read MoreRead more about HackerOne Bug Bounty Disclosure: uncontrolled-resource-consumption-when-parsing-maliciously-crafted-xml-with-rexml-l-thaxor
hackerone

HackerOne Bug Bounty Disclosure: unauthenticated-phpinfo-files-could-lead-to-ability-file-read-at-h-f-n-ips-mtn-co-ug-dashboard-offensiveops

February 20, 2025

Company Name: MTN Group Company HackerOne URL: https://hackerone.com/mtn_group Submitted By:offensiveopsLink to Submitters Profile:https://hackerone.com/offensiveops Report Title:Unauthenticated phpinfo()files could lead to ability...

Read MoreRead more about HackerOne Bug Bounty Disclosure: unauthenticated-phpinfo-files-could-lead-to-ability-file-read-at-h-f-n-ips-mtn-co-ug-dashboard-offensiveops
hackerone

HackerOne Bug Bounty Disclosure: format-string-vulnerability-curl-msnprintf-function-orcahack

February 20, 2025

Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:orcahackLink to Submitters Profile:https://hackerone.com/orcahack Report Title:Format string vulnerability, curl_msnprintf() function Report Link:https://hackerone.com/reports/2990139Date...

Read MoreRead more about HackerOne Bug Bounty Disclosure: format-string-vulnerability-curl-msnprintf-function-orcahack
hackerone

HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-idor-vulnerability-in-autodesk-user-profile-eyax

February 19, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:eyax0Link to Submitters Profile:https://hackerone.com/eyax0 Report Title:Insecure Direct Object Reference (IDOR) Vulnerability in...

Read MoreRead more about HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-idor-vulnerability-in-autodesk-user-profile-eyax
hackerone

HackerOne Bug Bounty Disclosure: idor-vulnerability-allowing-unauthorized-profile-picture-change-tasin-zucced

February 19, 2025

Company Name: Autodesk Company HackerOne URL: https://hackerone.com/autodesk Submitted By:tasin_zucced___Link to Submitters Profile:https://hackerone.com/tasin_zucced___ Report Title:IDOR Vulnerability Allowing Unauthorized Profile Picture ChangeReport...

Read MoreRead more about HackerOne Bug Bounty Disclosure: idor-vulnerability-allowing-unauthorized-profile-picture-change-tasin-zucced
hackerone

HackerOne Bug Bounty Disclosure: improper-cache-handling-allows-access-to-post-logout-pages-victim-of-life

February 10, 2025

Company Name: Basecamp Company HackerOne URL: https://hackerone.com/basecamp Submitted By:victim_of_lifeLink to Submitters Profile:https://hackerone.com/victim_of_life Report Title:Improper Cache Handling Allows Access to Post-Logout...

Read MoreRead more about HackerOne Bug Bounty Disclosure: improper-cache-handling-allows-access-to-post-logout-pages-victim-of-life

You may have missed

image

[AKIRA] – Ransomware Victim: BAF Management Consulting

July 15, 2025
image

[QILIN] – Ransomware Victim: ProActive Solutions USA

July 15, 2025
image

[QILIN] – Ransomware Victim: The Paul Wilkinson Law Firm

July 15, 2025
image

[LYNX] – Ransomware Victim: Greta Group

July 15, 2025
image

[LYNX] – Ransomware Victim: Victoria Garden

July 15, 2025