Hackersone disclosures 20th August 2020
Hacktivity from d3lla
\[vboxmanage\.js\] Command Injection via insecure command concatenation
https://hackerone.com/reports/864777
Disclosed at: 2020-08-20 09:08:23 UTC+0
Created at: 2020-05-02 14:21:33 UTC+0
Bug Bounty Channel, [20.08.20 14:38]
Hacktivity from d3lla
\[object\-path\-set\] Prototype pollution
https://hackerone.com/reports/878332
Disclosed at: 2020-08-20 09:08:31 UTC+0
Created at: 2020-05-19 19:17:47 UTC+0
Bug Bounty Channel, [20.08.20 14:38]
Hacktivity from d3lla
\[extra\-ffmpeg\] Command Injection via insecure command formatting
https://hackerone.com/reports/863944
Disclosed at: 2020-08-20 09:08:41 UTC+0
Created at: 2020-05-01 11:15:06 UTC+0
Bug Bounty Channel, [20.08.20 16:40]
Hacktivity from 0x1337r00t
\[supermixer\] Prototype pollution
https://hackerone.com/reports/959987
Disclosed at: 2020-08-20 11:10:40 UTC+0
Created at: 2020-08-16 18:25:28 UTC+0
Bug Bounty Channel, [20.08.20 16:50]
Hacktivity from filedescriptor
Insufficient validation on Digits bridge
https://hackerone.com/reports/168116
Disclosed at: 2020-08-20 11:20:39 UTC+0
Created at: 2016-09-13 19:44:33 UTC+0
Bug Bounty Channel, [20.08.20 19:46]
Hacktivity from try\_\_\_for\_impossible
API key is not validated for C\.R\.M integration \[Pipedrive\] of LOGGED IN USER, A user can use another USER'S API key for this operation\.
Hackersone disclosures 20th August 2020
https://hackerone.com/reports/962033
Disclosed at: 2020-08-20 14:16:16 UTC+0
Created at: 2020-08-19 04:53:12 UTC+0
Bug Bounty Channel, [20.08.20 21:20]
Hacktivity from sijisu
DOM XSS on duckduckgo\.com search
https://hackerone.com/reports/921635
Disclosed at: 2020-08-20 15:49:37 UTC+0
Created at: 2020-07-12 18:07:27 UTC+0
Bug Bounty Channel, [20.08.20 21:46]
Hacktivity from n1m0
Dropcontact's disclosed report is exposing Private/Confidential information
https://hackerone.com/reports/963327
Disclosed at: 2020-08-20 16:16:01 UTC+0
Created at: 2020-08-20 14:45:05 UTC+0
0 Comments