Top Information Disclosure reports from HackerOne:
- Sensitive user information disclosure at bonjour.uber.com/marketplace/_rpc via the 'userUuid' parameter to Uber - 622 upvotes, $0
- [Grab Android/iOS] Insecure deeplink leads to sensitive information disclosure to Grab - 525 upvotes, $0
- Web cache poisoning attack leads to user information and more to Postmates - 343 upvotes, $500
- Information Disclosure in /skills call to HackerOne - 259 upvotes, $10000
- sdrc.starbucks.com - Information Disclosure via unsecured attachment directory to Starbucks - 194 upvotes, $0
- Unauthenticated access to sensitive user information to Razer - 184 upvotes, $500
- [IDOR] API endpoint leaking sensitive user information to Razer - 172 upvotes, $375
- Information Disclosure through Sentry Instance ███████ to Zomato - 171 upvotes, $750
- Information disclosure with sensitive data to Mail.ru - 156 upvotes, $1500
- Information disclosure via a misconfigured third-party product to Algolia - 152 upvotes, $0
- information disclosure of secret_key_base via encoding charcters to GitLab - 144 upvotes, $3500
- [c-api.city-mobil.ru] Client authentication bypass leads to information disclosure to Mail.ru - 143 upvotes, $0
- [Information Disclosure] Amazon S3 Bucket of Shopify Ping (iOS) have public access of other users image to Shopify - 129 upvotes, $2900
- Vine all registered user Private/sensitive information disclosure .[ Ip address/phone no/email and many other informations ] to X (Formerly Twitter) - 117 upvotes, $7560
- China – Limited Partner PII Regarding Work Scheduling via Unauthenticated API Endpoint to Starbucks - 112 upvotes, $0
- [Zomato Order] Insecure deeplink leads to sensitive information disclosure to Zomato - 107 upvotes, $750
- PII Disclosure At
theperfumeshop.com/register/forOrder
to A.S. Watson Group - 105 upvotes, $0 - [███████] Information disclosure due unauthenticated access to APIs and system browser functions to U.S. Dept Of Defense - 93 upvotes, $0
- Cross-origin resource sharing misconfig | steal user information to Semrush - 89 upvotes, $0
- Disclosure of User Information to Nord Security - 86 upvotes, $0
- ███ leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions to U.S. Dept Of Defense - 82 upvotes, $0
- CORS misconfiguration leads to users information disclosure at https://studyroom.line.me to LY Corporation - 72 upvotes, $0
- Information disclosure -> 2fa bypass -> POST exploitation to Algolia - 71 upvotes, $0
- Information disclosure by sending a GIF to LinkedIn - 71 upvotes, $0
- Information Disclosure .htaccess accesible for public to Basecamp - 70 upvotes, $0
- Stealing livechat token and using it to chat as the user - user information disclosure to Shopify - 67 upvotes, $0
- Possible PII Disclosure via Advanced Vetting Process - ██████ to HackerOne - 61 upvotes, $2500
- SSRF with information disclosure to Lark Technologies - 59 upvotes, $0
- Information disclosure on sim.starbucks.com to Starbucks - 56 upvotes, $0
- Chain of IDORs Between U4B and Vouchers APIs Allows Attackers to View and Modify Program/Voucher Policies and to Obtain Organization Employees' PII to Uber - 55 upvotes, $0
- Rider can forcefully get passenger's order accepted resulting in multiple impacts including PII reveal and more mentioned in the report. to inDrive - 54 upvotes, $0
- IDOR allows information disclosure to Semrush - 54 upvotes, $0
- PII of Users Disclosure using "/members/invite/" endpoint to Lab45 - 52 upvotes, $0
- CORS Misconfiguration leading to Private Information Disclosure to Ubiquiti Inc. - 51 upvotes, $0
- [www.werkenbijbakertilly.nl] Information Disclosure to Radancy - 48 upvotes, $0
- Critical Information disclosure of rtapi token for any user via https://video-support-staging.uber.com/video/api/getPopulousUser to Uber - 47 upvotes, $0
- Sensitive Information Disclosure to Dropcontact - 46 upvotes, $0
- Improper access control on easytopup.in.th transaction page leads to user's information disclosure and may lead to account hijacking to Razer - 41 upvotes, $1000
- [special.mail.ru] Information Disclosure to Mail.ru - 41 upvotes, $500
- Information disclosure-Referer leak to Brave Software - 40 upvotes, $500
- information disclosure of another company bug on video. to HackerOne - 40 upvotes, $0
- Sensitive information disclosure on grafana to JetBlue - 40 upvotes, $0
- User sensitive information disclosure to Shopify - 36 upvotes, $1000
- Information disclosure through directory listing at http://dockerhost01.maximum.nl:8080 to Radancy - 34 upvotes, $0
- [api-site.city-mobil.ru] Improper access control leads to information disclosure to Mail.ru - 34 upvotes, $0
- Information Disclosure of Garbage Collection Cycle 'Again' to Basecamp - 33 upvotes, $100
- Critical sensitive information Disclosure. [HtUS] to U.S. Dept Of Defense - 32 upvotes, $500
- Full Path and internal information disclosure+ SQLNet.log file disclose internal network information to Uber - 32 upvotes, $0
- Exploiting Misconfigured CORS to Steal User Information to Rockstar Games - 31 upvotes, $500
- Exploiting JSONP callback on /username/charts.json endpoint leads to information disclosure despite user's privacy settings to Liberapay - 31 upvotes, $0
- [api-site.city-mobil.ru] Improper access control leads to information disclosure (bypass of #977597 fix) to Mail.ru - 31 upvotes, $0
- Information disclosure in mmap module - python 2.7.12 to Internet Bug Bounty - 30 upvotes, $0
- Web Cache poisoning attack leads to User information Disclosure and more to Lyst - 30 upvotes, $0
- Information disclosure - Feedback is accessible on Public profile even after 'disallowed' at https://hackerone.com/settings/feedback to HackerOne - 29 upvotes, $0
- Information disclosure (No rate limting in forgot password & other login) to Imgur - 28 upvotes, $0
- Information Disclosure to U.S. Dept Of Defense - 28 upvotes, $0
- Debug information disclosure on oauth-redirector.services.greenhouse.io to Greenhouse.io - 28 upvotes, $0
- IDOR on www.acronis.com API lead to steal private business user information to Acronis - 27 upvotes, $100
- Open Redirect & Information Disclosure [mijn.werkenbijdefensie.nl] to Radancy - 27 upvotes, $0
- Splunk Sensitive Information Disclosure @████████ to U.S. Dept Of Defense - 27 upvotes, $0
- [acronis.secure.force.com] - Insecure Salesforce default/custom object permissions leads to information disclosure to Acronis - 26 upvotes, $0
- Information Disclosure through .DS_Store in ██████████ to X (Formerly Twitter) - 25 upvotes, $560
- Sensitive information disclosure to shared access user via streamlabs platform api to Logitech - 25 upvotes, $200
- Twitter Media Studio Source Information Disclosure With Analyst Role to X (Formerly Twitter) - 25 upvotes, $0
- TikTok Account Creation Date Information Disclosure to TikTok - 24 upvotes, $100
- CVE-2020-14179 on https://jira.theendlessweb.com/secure/QueryComponent!Default.jspa leads to information disclosure to Endless Group - 24 upvotes, $0
- CSRF to Information disclosure on password reset to Mozilla - 24 upvotes, $0
- Information Disclosure when /invitations/<token>.json is not yet accepted to HackerOne - 23 upvotes, $0
- Information disclosure (system username) in the x-amz-meta-s3cmd-attrs response header on federation.data.gov to GSA Bounty - 21 upvotes, $150
- login to any user's cashier account and full account information disclosure to Deriv.com - 21 upvotes, $0
- Information disclosure - emails disclosed in response > staging.seatme.us to Yelp - 21 upvotes, $0
- Information Disclosure of Garbage Collection Cycle to Basecamp - 21 upvotes, $0
- Information disclosure (reset password token) and changing the user's password to HackerOne - 20 upvotes, $100
- Information Disclosure at https://portal.finzfin.com/1.txt to OPPO - 20 upvotes, $50
- HTML injection and information disclosure in support panel to Weblate - 20 upvotes, $0
- Developper's websites are easily accessibles leading to massive information disclosure to Radancy - 20 upvotes, $0
- Information Disclosure in https://www.rockstargames.com/search to Rockstar Games - 20 upvotes, $0
- information disclosure lead to disclose users private notes to Automattic - 20 upvotes, $0
- Information Disclosure Leads To User Data Leak to MTN Group - 20 upvotes, $0
- Sensitive Information Disclosure https://cards-dev.twitter.com to X (Formerly Twitter) - 19 upvotes, $280
- User Information Disclosure via the REST API - /?_method=GET to LocalTapiola - 19 upvotes, $0
- critical information disclosure to U.S. Dept Of Defense - 19 upvotes, $0
- Read access to hidden orders,products,customers etc. by limited access Staff member through reference page in Comments (Information disclosure ) to Shopify - 18 upvotes, $500
- Information disclosure ( Google Sales Channel ) to Shopify - 18 upvotes, $500
- Forum Users Information Disclosure to Vanilla - 18 upvotes, $300
- F5 BIG-IP Cookie Remote Information Disclosure to LocalTapiola - 18 upvotes, $0
- WordPress DB Class, bad implementation of prepare method guides to sqli and information disclosure to WordPress - 17 upvotes, $0
- Information disclosure on https://paycard.rapida.ru to QIWI - 17 upvotes, $0
- PII leakage due to scrceenshot of health records to U.S. Dept Of Defense - 17 upvotes, $0
- Sensitive information disclosure [HtUS] to U.S. Dept Of Defense - 17 upvotes, $0
- Verification process done using different documents without corresponding to user information / User information can be changed after verification to EXNESS - 16 upvotes, $500
- Arbitrary file deletion in wp-core - guides towards RCE and information disclosure to WordPress - 16 upvotes, $0
- PII disclosure -- Past team members & their email ID(personal email) can be viewed by Staff member with no permissions on Partner Dashboard to Shopify - 16 upvotes, $0
- Username Information Disclosure via Json response - Using parameter number Intruder to Brave Software - 16 upvotes, $0
- Information Disclosure of Advertiser Account on TikTok Ads Portal to TikTok - 16 upvotes, $0
- Information Disclosure FrontPage Configuration Information to U.S. Dept Of Defense - 16 upvotes, $0
- Unauthorized Canceling/Unsubscribe TaxJar account & Payment information DIsclosure to Stripe - 15 upvotes, $500
- mailer.i.bizml.ru viber service preprod information disclosure to Mail.ru - 15 upvotes, $300
- Information disclosure at https://blockchain.atlassian.net to Blockchain - 15 upvotes, $100
- User Profiles Leak PII in HTML Document for Mobile Browser User Agents to Zomato - 15 upvotes, $0
- Information disclosure when trying to delete an expense's attachment on m.mavenlink.com to Mavenlink - 15 upvotes, $0
- Blind stored XSS due to insecure contact form at https://www.topcoder.com leads to leakage of session token and other PII to Lab45 - 15 upvotes, $0
- [h1-2102] Information disclosure - ShopifyPlus add user displays existing Shopify ID fullname to Shopify - 15 upvotes, $0
- Golang expvar Information Disclosure to Uber - 15 upvotes, $0
- Information Disclosure on stun.screenhero.com to Slack - 14 upvotes, $700
- PII leakage due to caching of Order/Contract ID's on █████████ to U.S. Dept Of Defense - 14 upvotes, $0
- Sensitive Information Disclosure on https://nordvpn.com/ to Nord Security - 14 upvotes, $0
- Minimal information disclosure of internal asset names and links which were not publicly accessible. to Starbucks - 14 upvotes, $0
- PII data Leakage through hackerone reports to HackerOne - 14 upvotes, $0
- Information disclosure on error message to PortSwigger Web Security - 14 upvotes, $0
- Remove Every User, Admin, And Owner Out Of Their Teams on developers.mtn.com via IDOR + Information Disclosure to MTN Group - 14 upvotes, $0
- PII of users can be downloaded from export pages to WordPress - 14 upvotes, $0
- PII leakage-Full SSN on ███ to U.S. Dept Of Defense - 13 upvotes, $0
- HTTP-Response-Splitting leads to information disclosure (email, firstname, lastname) at https://tz.mail.ru to Mail.ru - 13 upvotes, $0
- CORS Misconfiguration on nordvpn.com leading to Private Information Disclosure,Account takeover to Nord Security - 13 upvotes, $0
- [information disclosure] Validate existence of a private project. to GitLab - 13 upvotes, $0
- Bypassing SOP with XSS on account.my.games leading to steal CSRF token and user information to Mail.ru - 13 upvotes, $0
- [http://kiwi.youdrive.today/] Information disclosure via Kiwi TCMS vulnerability to Mail.ru - 13 upvotes, $0
- [U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions to U.S. Dept Of Defense - 13 upvotes, $0
- Information Disclosure on rate limit defense mechanism to Legal Robot - 12 upvotes, $0
- [qiwi.com] Information Disclosure to QIWI - 12 upvotes, $0
- PII Leak of USCG Designated Examiner List at https://www.███ to U.S. Dept Of Defense - 12 upvotes, $0
- GraphQL Query leads to sensitive information disclosure to GitLab - 12 upvotes, $0
- Non-revoked API Key Information disclosure via Stripo_report() to Stripo Inc - 12 upvotes, $0
- Sensitive Information Disclosure to Trellix - 12 upvotes, $0
- newrelic.atlassian.net - jira information disclosure to New Relic - 11 upvotes, $0
- Information Disclosure and Privilege Escalation in app.goodhire.com/member/developers/api-settings to Inflection - 11 upvotes, $0
- IDOR at https://fast.trychameleon.com/observe/v2/profiles/ via uid parameter discloses users' PII data to Lab45 - 11 upvotes, $0
- Request Access for Uber Device Returns Management Platform (https://www.eats-devicereturns.com/request-access/) Bypass Allows Access to PII to Uber - 11 upvotes, $0
- Cross-origin resource sharing misconfig | steal user information to UPchieve - 11 upvotes, $0
- IDOR leaking PII data via VendorId parameter to U.S. Dept Of Defense - 11 upvotes, $0
- Information Disclosure in AWS S3 Bucket to Legal Robot - 10 upvotes, $0
- IDOR in tender.mail.ru leading to Information Disclosure to Mail.ru - 10 upvotes, $0
- Information Disclosure FrontPage Configuration Information /_vti_inf.html in https://www.mtn.co.za/ to MTN Group - 10 upvotes, $0
- critical information disclosure to U.S. Dept Of Defense - 10 upvotes, $0
- Information Disclosure on https://rpc.sifchain.finance/ to Sifchain - 10 upvotes, $0
- Information Disclosure on TikTok Unplugged Site to TikTok - 10 upvotes, $0
- Account takeover leading to PII chained with stored XSS to U.S. General Services Administration - 10 upvotes, $0
- Sensitive Information Disclosure Through Config File to MTN Group - 10 upvotes, $0
- AEM misconfiguration leads to Information disclosure to U.S. Dept Of Defense - 10 upvotes, $0
- Information Disclosure to Yahoo! - 9 upvotes, $0
- Information disclosure via policy update notifications after removal from program to HackerOne - 9 upvotes, $0
- Personal information disclosure on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
- Apache mod_status /server-status Information Disclosure to TomTom - 9 upvotes, $0
- [https://city-mobil.ru/taxiserv] IDOR leads to information disclosure to Mail.ru - 9 upvotes, $0
- Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298 to Internet Bug Bounty - 8 upvotes, $2000
- Information disclosure at http://sea-s2s.molthailand.com/status.php to Razer - 8 upvotes, $375
- Incomplete HTML sanitization + Session id leaking + private information disclosure to Open-Xchange - 8 upvotes, $200
- User Information leak allows user to bypass email verification. to Legal Robot - 8 upvotes, $0
- User Information sent to client through websockets to Legal Robot - 8 upvotes, $0
- User Information Disclosure via REST API to Nextcloud - 8 upvotes, $0
- User Information Disclosure via REST API to ownCloud - 8 upvotes, $0
- Information disclosure to HackerOne - 8 upvotes, $0
- Access control bypass leads to domain information disclosure to Vercel - 8 upvotes, $0
- Information Disclosure - Получаем доступ к работам и к приватным презентациям к курсам to Mail.ru - 8 upvotes, $0
- PII Leak via https://████████ to U.S. Dept Of Defense - 8 upvotes, $0
- PII Information Leak at https://████████.mil/ to U.S. Dept Of Defense - 8 upvotes, $0
- PII Leak via /████████ to U.S. Dept Of Defense - 8 upvotes, $0
- Information disclosure through django debug mode to MTN Group - 8 upvotes, $0
- Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints to New Relic - 7 upvotes, $900
- Information disclosure same issue #176002 to Coinbase - 7 upvotes, $100
- Information disclosure to "Permission as auditor" user to Visma Public - 7 upvotes, $100
- Private program activity timeline information disclosure to HackerOne - 7 upvotes, $0
- Information Disclosure to drchrono - 7 upvotes, $0
- Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
- Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
- Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
- Information Disclosure on https://theendlessweb.com/ to RATELIMITED - 7 upvotes, $0
- Information Disclosure (can access all ███s) within ███████ view █████████ Portal to U.S. Dept Of Defense - 7 upvotes, $0
- Information disclosure through Server side resource forgery to Stripo Inc - 7 upvotes, $0
- Information Disclosure [ https://curious.ru/api/submissions ] to Mail.ru - 7 upvotes, $0
- Bypassed a fix to gain access to PII of more than 100 Officers to U.S. Dept Of Defense - 7 upvotes, $0
- Information Disclosure of Garbage Collection Cycle 'Again' to Mail.ru - 7 upvotes, $0
- ████████ portal is open to enumeration once authenticated. Session ID's appear static. All PII available once a valid session ID is found. to U.S. Dept Of Defense - 7 upvotes, $0
- Information disclosure via Spring Boot Actuators on gonext-stage.engelvoelkers.com to Engel & Völkers Technology GmbH - 7 upvotes, $0
- Information disclosure of user by email using buy widget to Coinbase - 6 upvotes, $0
- [gitmm.corp.mail.ru] Auth Bypass, Information Disclosure to Mail.ru - 6 upvotes, $0
- Information Disclosure on demo.weblate.org to Weblate - 6 upvotes, $0
- Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
- Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
- Partial PII leakage due to public set gitlab to U.S. Dept Of Defense - 6 upvotes, $0
- [Information Disclosure through DEBUG at Subscription https://app.dropcontact.io/app/subscription?connector=salesforce](https://hackerone.com/reports/963921) to Dropcontact - 6 upvotes, $0
- View another user information with IDOR vulnerability to U.S. Dept Of Defense - 6 upvotes, $0
- Authentication bypass leads to Information Disclosure at U.S Air Force "https://███" to U.S. Dept Of Defense - 6 upvotes, $0
- LDAP Server NULL Bind Connection Information Disclosure to U.S. Dept Of Defense - 6 upvotes, $0
- Significant Information Disclosure/Load balancer access, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean to Yahoo! - 5 upvotes, $0
- reopen #128853 (Information disclosure at lite.uber.com) to Uber - 5 upvotes, $0
- Information Disclosure of .htaccess file in Private Server/Subdomain to Nextcloud - 5 upvotes, $0
- Directory index and information disclosure to Whisper - 5 upvotes, $0
- Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
- Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
- Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
- Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
- Information Disclosure which violate program privacy to HackerOne - 5 upvotes, $0
- Information disclosure through search engines (password reset token) to Upserve - 5 upvotes, $0
- [informatica.com]- Information Disclosure to Informatica - 5 upvotes, $0
- Email PII disclosure due to Insecure Password Reset field to U.S. Dept Of Defense - 5 upvotes, $0
- PII Leak of ████████ Personal at https://www.█████████ to U.S. Dept Of Defense - 5 upvotes, $0
- Improper Access Controls Allow PII Leak via ████ to U.S. Dept Of Defense - 5 upvotes, $0
- Support incident can be opened for any user via /███████ and PII leak via █████████ field to U.S. Dept Of Defense - 5 upvotes, $0
- Information Disclosure(PHPINFO/Credentials) on DoD Asset to U.S. Dept Of Defense - 5 upvotes, $0
- CRXDE Lite/CRX is on ██████ exposed that leads to PII disclosure to U.S. Dept Of Defense - 5 upvotes, $0
- Customer domain information disclosure at https://biz.mail.ru/api/domains/* to Mail.ru - 5 upvotes, $0
- bypassing dashboard without account + Information disclosure trough websockets to Nextcloud - 5 upvotes, $0
- Registered users contact information disclosure on salesforce lightning endpoint https://disposal.gsa.gov to U.S. General Services Administration - 5 upvotes, $0
- Unauthenticated PII leak on verified/requested to be verified profiles on ███████/app/org/{id}/profile/{id}/version/{id} [HtUS] to U.S. Dept Of Defense - 5 upvotes, $0
- [online.games.mail.ru] - Sensitive information disclosure to Mail.ru - 4 upvotes, $100
- Information Disclosure (phpinfo()) to Uzbey - 4 upvotes, $0
- Administrator(s) Information disclosure via JSON on wordpress.org to WordPress - 4 upvotes, $0
- The special code in editor has no Authority control and can lead to Information Disclosure to Phabricator - 4 upvotes, $0
- Server side information disclosure on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- Information disclosure vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- Possible to join any class without coache's knowledge & Little Information Disclosure to Khan Academy - 4 upvotes, $0
- Open port leads to information disclosure to Weblate - 4 upvotes, $0
- Line feed injection in get request leads AWS S3 Bucket information disclosure to RATELIMITED - 4 upvotes, $0
- Critical information disclosure at https://█████████ to U.S. Dept Of Defense - 4 upvotes, $0
- Information Disclosure on {http://pro.tracker.my.com} to Mail.ru - 4 upvotes, $0
- information disclosure via IDOR on "https://target.my.com/api/v2/coverage/segment.json?id={id}" endpoint to Mail.ru - 4 upvotes, $0
- PII Leak via /███████ to U.S. Dept Of Defense - 4 upvotes, $0
- PII Leak via /██████ to U.S. Dept Of Defense - 4 upvotes, $0
- Wrong settings in ADF Faces leads to information disclosure to U.S. Dept Of Defense - 4 upvotes, $0
- Broken access discloses users and PII at https://███████ [HtUS] to U.S. Dept Of Defense - 4 upvotes, $0
- Security bypass could lead to information disclosure to Internet Bug Bounty - 3 upvotes, $2000
- Twitter Ads Campaign information disclosure through admin without any authentication. to X (Formerly Twitter) - 3 upvotes, $560
- Information Disclosure (Directory Structure) to Localize - 3 upvotes, $0
- Information Disclosure That shows the webroot of CoinBase Server to Coinbase - 3 upvotes, $0
- Information Disclosure (FPD) - stopthehacker.com to StopTheHacker - 3 upvotes, $0
- information disclosure (LOAD BALANCER + URI XSS) to Yahoo! - 3 upvotes, $0
- CMS Information Disclosure to Uzbey - 3 upvotes, $0
- comment out causes information disclosure to Shopify - 3 upvotes, $0
- node.drchrono.com - Information Disclosure and Windows Host Exposed to drchrono - 3 upvotes, $0
- https://newsletter.nextcloud.com Directory listening and Information Disclosure to Nextcloud - 3 upvotes, $0
- Information Disclosure on lite.uber.com to Uber - 3 upvotes, $0
- Un-handled exception leads to Information Disclosure to Keybase - 3 upvotes, $0
- Information disclosure of website to Brave Software - 3 upvotes, $0
- Server side information disclosure to U.S. Dept Of Defense - 3 upvotes, $0
- Potentially sensitive information disclosure on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
- Information disclosure to Nextcloud - 3 upvotes, $0
- Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
- Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
- Information disclosure to Legal Robot - 3 upvotes, $0
- Information Disclosure - Composer.lock to RBKmoney - 3 upvotes, $0
- Information Disclosure (phpinfo()) to VK.com - 3 upvotes, $0
- Exposed debug.log file leads to information disclosure to MariaDB - 3 upvotes, $0
- Information Disclosure Microsoft IIS Server service.cnf in a mtn website to MTN Group - 3 upvotes, $0
- tracker.my.com information disclosure via csrf bypass to Mail.ru - 3 upvotes, $0
- looch.tv CORS crossite user information and stream_key access to Mail.ru - 3 upvotes, $0
- PII Leak (such as CAC User ID) at https://████████/pages/login.aspx to U.S. Dept Of Defense - 3 upvotes, $0
- Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com] to Acronis - 3 upvotes, $0
- Unauthorized access to PII leads to MASS account Takeover to U.S. Dept Of Defense - 3 upvotes, $0
- User information disclosed via API to U.S. General Services Administration - 3 upvotes, $0
- User Information Disclosure via Json response to LocalTapiola - 2 upvotes, $50
- User Enumeration, Information Disclosure and Lack of Rate Limitation on API to Coinbase - 2 upvotes, $0
- Server header - information disclosure to Localize - 2 upvotes, $0
- Unproper usage of Mobile Number that will lead to Information Disclosure to Mail.ru - 2 upvotes, $0
- Information Disclosure, groups.yahoo.com,6-april-2014, #SpringClean to Yahoo! - 2 upvotes, $0
- Sensitive server-side/application information disclosure to Keybase - 2 upvotes, $0
- Web Server information disclosure. to Nearby Live - 2 upvotes, $0
- Information Disclosure in Error Page to Paragon Initiative Enterprises - 2 upvotes, $0
- Authentication Bypassing and Sensitive Information Disclosure on Verify Email Address in Registration Flow to Zomato - 2 upvotes, $0
- Information disclosure at lite.uber.com to Uber - 2 upvotes, $0
- Information disclosure on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
- Information Disclosure to GlobaLeaks - 2 upvotes, $0
- Information disclosure (system username, server info) in the x-amz-meta-s3cmd-attrs response header on data.gov to GSA Bounty - 2 upvotes, $0
- Sensitive information disclosure to 8x8 - 2 upvotes, $0
- Information Disclosure on qa-delivery-srv.plazius.ru to Mail.ru - 2 upvotes, $0
- Information Disclosure on www7.promo.plazius.ru to Mail.ru - 2 upvotes, $0
- Information disclosure at '████████' --- CVE-2020-14179 to U.S. Dept Of Defense - 2 upvotes, $0
- Authorization bypass -> IDOR -> PII Leakage to U.S. Dept Of Defense - 2 upvotes, $0
- No rate limit which leads to "Users information Disclosure" including verfification documents etc. to Enter - 1 upvotes, $250
- information disclosure to Automattic - 1 upvotes, $0
- daily.owncloud.com: Information disclosure to ownCloud - 1 upvotes, $0
- information disclosure to Udemy - 1 upvotes, $0
- User Enumeration and Information Disclosure to Uber - 1 upvotes, $0
- Oracle WebCenter Sites Support Tools available and Information disclosure (/cs/Satellite) to LocalTapiola - 1 upvotes, $0
- User Information sent to client through websockets to Instacart - 1 upvotes, $0
- Sensitive information disclosure via response headers on jenkins.brew.sh to Homebrew - 1 upvotes, $0
- Information Disclosure on inside.gratipay.com to Gratipay - 1 upvotes, $0
- information disclosure which leak the apache version to RATELIMITED - 1 upvotes, $0
- Sensitive Information disclosure Through Config File to Kubernetes - 1 upvotes, $0
- Configuartion [Sensitive] Information Disclosure to Kubernetes - 1 upvotes, $0
- HackyHolidays 2020 Full Write-up: Information Disclosure of 12 Flags to h1-ctf - 1 upvotes, $0
- Information disclosure on Sifchain to Sifchain - 1 upvotes, $0
- Information disclosure to Brave Software - 1 upvotes, $0
- Unintended information disclosure in the Hubot Log files to Rocket.Chat - 1 upvotes, $0
- lenta_proxy information disclosure to Mail.ru - 0 upvotes, $400
- openssh-server Forced Command Handling Information Disclosure Vulnerability on blog.greenhouse.io to Greenhouse.io - 0 upvotes, $0
- Multiple information disclosure to Eobot - 0 upvotes, $0
- Information disclosure in coinbase android app to Coinbase - 0 upvotes, $0
- Sensitive information disclosure to New Relic - 0 upvotes, $0
- UnResolved ChangeSet are Visible to Public That also Causes Information Disclosure to WordPress - 0 upvotes, $0
- Information Disclosure PHPpgAdmin to RATELIMITED - 0 upvotes, $0
- Information Disclosure to Mail.ru - 0 upvotes, $0
- Information Disclosure to Mail.ru - 0 upvotes, $0
- information disclosure to Sifchain - 0 upvotes, $0
- Information Disclosure at one of your subdomain to Sifchain - 0 upvotes, $0