Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

BlockDev Sp. Z o.o - HackerOne Reports

View on HackerOne

19

Total Reports

6

Critical

6

High

0

Medium

3

Low

DoS of https://blog.makerdao.com/ via CVE-2018-6389

Reported by: khoabda1 | Disclosed:

xmlrpc.php FILE IS enable it will used for Bruteforce attack

Reported by: khoabda1 | Disclosed:

SQL Injection leads to retrieve the contents of an entire database.

Reported by: u-itachi | Disclosed:

Critical

Weakness: SQL Injection

Steal all MKR from `flap` during liquidation by exploiting lack of validation in `flap.kick`

Reported by: lucash-dev | Disclosed:

High

Weakness: Improper Input Validation

Steal ALL collateral during liquidation by exploiting lack of validation in `flip.kick`

Reported by: lucash-dev | Disclosed:

Critical

Weakness: Improper Input Validation

Wordpress users disclosure on blog.makerdao.con

Reported by: ardi4x | Disclosed:

Low

Weakness: Information Disclosure

App Takeover ( makerdao.herokuapp.com )

Reported by: m7mdharoun | Disclosed:

High

Weakness: Privilege Escalation

xmlrpc.php file is enable it will used for (Denial of Service) and bruteforce attack

Reported by: sourceflow | Disclosed:

Weakness: Uncontrolled Resource Consumption

A specially crafted value for the 'Cache-Digest' header causing crash in chat.makerdao.com

Reported by: lalit2020 | Disclosed:

Critical

Weakness: Improper Restriction of Authentication Attempts

Earn free DAI interest (inflation) through instant CDP+DSR in one tx

Reported by: lucash-dev | Disclosed:

High

Weakness: Business Logic Errors

Two-factor authentication (2FA) Bypass

Reported by: offensive-security | Disclosed:

Critical

Weakness: Authentication Bypass Using an Alternate Path or Channel

[blog.makerdao.com] Multiple Vulnerabilities - Leads to leakage user admin sensitive exposure

Reported by: deb0con | Disclosed:

Weakness: Business Logic Errors

Email HTML injection

Reported by: m4ngofloat | Disclosed:

Low

xmlrpc.php FILE IS enabled it will used for Bruteforce attack and Denial of Service(DoS)

Reported by: harsithsivanandham | Disclosed:

Critical

Weakness: Uncontrolled Resource Consumption

Bounty: $500.00

Blind SSRF at https://chat.makerdao.com/account/profile

Reported by: losthacker | Disclosed:

Critical

Weakness: Server-Side Request Forgery (SSRF)

Steal collateral during `end` process, by earning DSR interest after `flow`.

Reported by: lucash-dev | Disclosed:

High

Weakness: Business Logic Errors

UNRESTRICTED FILE UPLOAD AT chat.makerdao.com

Reported by: 0xbugger | Disclosed:

High

Weakness: Insecure Temporary File

load scripts DOS vulnerability

Reported by: th3cyb3rc0p | Disclosed:

High

Weakness: Improper Restriction of Authentication Attempts

.git file accessible

Reported by: nitrozeus0x01 | Disclosed:

Low

Weakness: Information Disclosure