Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

LY Corporation - HackerOne Reports

View on HackerOne

41

Total Reports

6

Critical

8

High

17

Medium

8

Low

Request smuggling on admin-official.line.me could lead to account takeover

Reported by: shaolin_tw | Disclosed:

High

Weakness: HTTP Request Smuggling

Improper Access Control in LINE Timeline API that returns a list of hidden friends

Reported by: aki__0421 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $1346.85

Theft of arbitrary files in LINE Lite client for Android

Reported by: hulkvision_ | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Use of unreleased features in programming education service (https://entry.line.me)

Reported by: tosun | Disclosed:

Medium

Weakness: Business Logic Errors

Path traversal in ZIP extract routine on LINE Android

Reported by: kanytu | Disclosed:

Medium

Weakness: Path Traversal

Bounty: $475.00

Reflected XSS on https://travel.line.me

Reported by: mheranco | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $100.00

Password reset by malicious input on air.line.me

Reported by: tosun | Disclosed:

Weakness: Improper Access Control - Generic

SSRF restricted to HTTP/HTML on LINE Social Plugins (https://social-plugins.line.me/)

Reported by: duahaubadao | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

CORS misconfiguration leads to users information disclosure at https://studyroom.line.me

Reported by: duahaubadao | Disclosed:

Medium

Weakness: Information Disclosure

iOS group chat denial of service

Reported by: yinmo | Disclosed:

Low

Weakness: Use of a Broken or Risky Cryptographic Algorithm

Bounty: $300.00

Missing authentication in buddy group API of LINE TIMELINE

Reported by: e26174222 | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Bounty: $3000.00

Debugging panel exposure

Reported by: tosun | Disclosed:

Low

Weakness: Improper Access Control - Generic

DOM-based XSS on mobile.line.me

Reported by: zophi | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - DOM

Insufficient access control on all BCRM instances leading to the ability to create admin accounts using the API

Reported by: j0eii | Disclosed:

High

Weakness: Improper Access Control - Generic

SSRF on music.line.me through getXML.php

Reported by: hahwul | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

Stored XSS Via Filename On https://partners.line.me/

Reported by: rioncool22 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $100.00

Developer uploaded files missing authentication on LINE GAME Developers site(gdc.game.line.me)

Reported by: tosun | Disclosed:

High

Weakness: Improper Access Control - Generic

Path traversal in a Tomcat server

Reported by: tosun | Disclosed:

Weakness: Information Disclosure

Webview in LINE client for iOS will render application/octet-stream files as HTML

Reported by: s5s | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $500.00

SSRF occurrence in website preview used by LINE Official Account Manager (https://manager.line.biz)

Reported by: jafarakhondali | Disclosed:

Low

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $100.00

Previous Page 2 of 3 Next