Skip to content

Latest commit

 

History

History
302 lines (301 loc) · 41.7 KB

TOPINFODISCLOSURE.md

File metadata and controls

302 lines (301 loc) · 41.7 KB
Raw

Top Information Disclosure reports from HackerOne:

  1. Sensitive user information disclosure at bonjour.uber.com/marketplace/_rpc via the 'userUuid' parameter to Uber - 622 upvotes, $0
  2. [Grab Android/iOS] Insecure deeplink leads to sensitive information disclosure to Grab - 525 upvotes, $0
  3. Web cache poisoning attack leads to user information and more to Postmates - 343 upvotes, $500
  4. Information Disclosure in /skills call to HackerOne - 259 upvotes, $10000
  5. sdrc.starbucks.com - Information Disclosure via unsecured attachment directory to Starbucks - 194 upvotes, $0
  6. Unauthenticated access to sensitive user information to Razer - 184 upvotes, $500
  7. [IDOR] API endpoint leaking sensitive user information to Razer - 172 upvotes, $375
  8. Information Disclosure through Sentry Instance ███████ to Zomato - 171 upvotes, $750
  9. Information disclosure with sensitive data to Mail.ru - 156 upvotes, $1500
  10. Information disclosure via a misconfigured third-party product to Algolia - 152 upvotes, $0
  11. information disclosure of secret_key_base via encoding charcters to GitLab - 144 upvotes, $3500
  12. [c-api.city-mobil.ru] Client authentication bypass leads to information disclosure to Mail.ru - 143 upvotes, $0
  13. [Information Disclosure] Amazon S3 Bucket of Shopify Ping (iOS) have public access of other users image to Shopify - 129 upvotes, $2900
  14. Vine all registered user Private/sensitive information disclosure .[ Ip address/phone no/email and many other informations ] to X (Formerly Twitter) - 117 upvotes, $7560
  15. China – Limited Partner PII Regarding Work Scheduling via Unauthenticated API Endpoint to Starbucks - 112 upvotes, $0
  16. [Zomato Order] Insecure deeplink leads to sensitive information disclosure to Zomato - 107 upvotes, $750
  17. PII Disclosure At theperfumeshop.com/register/forOrder to A.S. Watson Group - 105 upvotes, $0
  18. [███████] Information disclosure due unauthenticated access to APIs and system browser functions to U.S. Dept Of Defense - 93 upvotes, $0
  19. Cross-origin resource sharing misconfig | steal user information to Semrush - 89 upvotes, $0
  20. Disclosure of User Information to Nord Security - 86 upvotes, $0
  21. ███ leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions to U.S. Dept Of Defense - 82 upvotes, $0
  22. CORS misconfiguration leads to users information disclosure at https://studyroom.line.me to LY Corporation - 72 upvotes, $0
  23. Information disclosure -> 2fa bypass -> POST exploitation to Algolia - 71 upvotes, $0
  24. Information disclosure by sending a GIF to LinkedIn - 71 upvotes, $0
  25. Information Disclosure .htaccess accesible for public to Basecamp - 70 upvotes, $0
  26. Stealing livechat token and using it to chat as the user - user information disclosure to Shopify - 67 upvotes, $0
  27. Possible PII Disclosure via Advanced Vetting Process - ██████ to HackerOne - 61 upvotes, $2500
  28. SSRF with information disclosure to Lark Technologies - 59 upvotes, $0
  29. Information disclosure on sim.starbucks.com to Starbucks - 56 upvotes, $0
  30. Chain of IDORs Between U4B and Vouchers APIs Allows Attackers to View and Modify Program/Voucher Policies and to Obtain Organization Employees' PII to Uber - 55 upvotes, $0
  31. Rider can forcefully get passenger's order accepted resulting in multiple impacts including PII reveal and more mentioned in the report. to inDrive - 54 upvotes, $0
  32. IDOR allows information disclosure to Semrush - 54 upvotes, $0
  33. PII of Users Disclosure using "/members/invite/" endpoint to Lab45 - 52 upvotes, $0
  34. CORS Misconfiguration leading to Private Information Disclosure to Ubiquiti Inc. - 51 upvotes, $0
  35. [www.werkenbijbakertilly.nl] Information Disclosure to Radancy - 48 upvotes, $0
  36. Critical Information disclosure of rtapi token for any user via https://video-support-staging.uber.com/video/api/getPopulousUser to Uber - 47 upvotes, $0
  37. Sensitive Information Disclosure to Dropcontact - 46 upvotes, $0
  38. Improper access control on easytopup.in.th transaction page leads to user's information disclosure and may lead to account hijacking to Razer - 41 upvotes, $1000
  39. [special.mail.ru] Information Disclosure to Mail.ru - 41 upvotes, $500
  40. Information disclosure-Referer leak to Brave Software - 40 upvotes, $500
  41. information disclosure of another company bug on video. to HackerOne - 40 upvotes, $0
  42. Sensitive information disclosure on grafana to JetBlue - 40 upvotes, $0
  43. User sensitive information disclosure to Shopify - 36 upvotes, $1000
  44. Information disclosure through directory listing at http://dockerhost01.maximum.nl:8080 to Radancy - 34 upvotes, $0
  45. [api-site.city-mobil.ru] Improper access control leads to information disclosure to Mail.ru - 34 upvotes, $0
  46. Information Disclosure of Garbage Collection Cycle 'Again' to Basecamp - 33 upvotes, $100
  47. Critical sensitive information Disclosure. [HtUS] to U.S. Dept Of Defense - 32 upvotes, $500
  48. Full Path and internal information disclosure+ SQLNet.log file disclose internal network information to Uber - 32 upvotes, $0
  49. Exploiting Misconfigured CORS to Steal User Information to Rockstar Games - 31 upvotes, $500
  50. Exploiting JSONP callback on /username/charts.json endpoint leads to information disclosure despite user's privacy settings to Liberapay - 31 upvotes, $0
  51. [api-site.city-mobil.ru] Improper access control leads to information disclosure (bypass of #977597 fix) to Mail.ru - 31 upvotes, $0
  52. Information disclosure in mmap module - python 2.7.12 to Internet Bug Bounty - 30 upvotes, $0
  53. Web Cache poisoning attack leads to User information Disclosure and more to Lyst - 30 upvotes, $0
  54. Information disclosure - Feedback is accessible on Public profile even after 'disallowed' at https://hackerone.com/settings/feedback to HackerOne - 29 upvotes, $0
  55. Information disclosure (No rate limting in forgot password & other login) to Imgur - 28 upvotes, $0
  56. Information Disclosure to U.S. Dept Of Defense - 28 upvotes, $0
  57. Debug information disclosure on oauth-redirector.services.greenhouse.io to Greenhouse.io - 28 upvotes, $0
  58. IDOR on www.acronis.com API lead to steal private business user information to Acronis - 27 upvotes, $100
  59. Open Redirect & Information Disclosure [mijn.werkenbijdefensie.nl] to Radancy - 27 upvotes, $0
  60. Splunk Sensitive Information Disclosure @████████ to U.S. Dept Of Defense - 27 upvotes, $0
  61. [acronis.secure.force.com] - Insecure Salesforce default/custom object permissions leads to information disclosure to Acronis - 26 upvotes, $0
  62. Information Disclosure through .DS_Store in ██████████ to X (Formerly Twitter) - 25 upvotes, $560
  63. Sensitive information disclosure to shared access user via streamlabs platform api to Logitech - 25 upvotes, $200
  64. Twitter Media Studio Source Information Disclosure With Analyst Role to X (Formerly Twitter) - 25 upvotes, $0
  65. TikTok Account Creation Date Information Disclosure to TikTok - 24 upvotes, $100
  66. CVE-2020-14179 on https://jira.theendlessweb.com/secure/QueryComponent!Default.jspa leads to information disclosure to Endless Group - 24 upvotes, $0
  67. CSRF to Information disclosure on password reset to Mozilla - 24 upvotes, $0
  68. Information Disclosure when /invitations/<token>.json is not yet accepted to HackerOne - 23 upvotes, $0
  69. Information disclosure (system username) in the x-amz-meta-s3cmd-attrs response header on federation.data.gov to GSA Bounty - 21 upvotes, $150
  70. login to any user's cashier account and full account information disclosure to Deriv.com - 21 upvotes, $0
  71. Information disclosure - emails disclosed in response > staging.seatme.us to Yelp - 21 upvotes, $0
  72. Information Disclosure of Garbage Collection Cycle to Basecamp - 21 upvotes, $0
  73. Information disclosure (reset password token) and changing the user's password to HackerOne - 20 upvotes, $100
  74. Information Disclosure at https://portal.finzfin.com/1.txt to OPPO - 20 upvotes, $50
  75. HTML injection and information disclosure in support panel to Weblate - 20 upvotes, $0
  76. Developper's websites are easily accessibles leading to massive information disclosure to Radancy - 20 upvotes, $0
  77. Information Disclosure in https://www.rockstargames.com/search to Rockstar Games - 20 upvotes, $0
  78. information disclosure lead to disclose users private notes to Automattic - 20 upvotes, $0
  79. Information Disclosure Leads To User Data Leak to MTN Group - 20 upvotes, $0
  80. Sensitive Information Disclosure https://cards-dev.twitter.com to X (Formerly Twitter) - 19 upvotes, $280
  81. User Information Disclosure via the REST API - /?_method=GET to LocalTapiola - 19 upvotes, $0
  82. critical information disclosure to U.S. Dept Of Defense - 19 upvotes, $0
  83. Read access to hidden orders,products,customers etc. by limited access Staff member through reference page in Comments (Information disclosure ) to Shopify - 18 upvotes, $500
  84. Information disclosure ( Google Sales Channel ) to Shopify - 18 upvotes, $500
  85. Forum Users Information Disclosure to Vanilla - 18 upvotes, $300
  86. F5 BIG-IP Cookie Remote Information Disclosure to LocalTapiola - 18 upvotes, $0
  87. WordPress DB Class, bad implementation of prepare method guides to sqli and information disclosure to WordPress - 17 upvotes, $0
  88. Information disclosure on https://paycard.rapida.ru to QIWI - 17 upvotes, $0
  89. PII leakage due to scrceenshot of health records to U.S. Dept Of Defense - 17 upvotes, $0
  90. Sensitive information disclosure [HtUS] to U.S. Dept Of Defense - 17 upvotes, $0
  91. Verification process done using different documents without corresponding to user information / User information can be changed after verification to EXNESS - 16 upvotes, $500
  92. Arbitrary file deletion in wp-core - guides towards RCE and information disclosure to WordPress - 16 upvotes, $0
  93. PII disclosure -- Past team members & their email ID(personal email) can be viewed by Staff member with no permissions on Partner Dashboard to Shopify - 16 upvotes, $0
  94. Username Information Disclosure via Json response - Using parameter number Intruder to Brave Software - 16 upvotes, $0
  95. Information Disclosure of Advertiser Account on TikTok Ads Portal to TikTok - 16 upvotes, $0
  96. Information Disclosure FrontPage Configuration Information to U.S. Dept Of Defense - 16 upvotes, $0
  97. Unauthorized Canceling/Unsubscribe TaxJar account & Payment information DIsclosure to Stripe - 15 upvotes, $500
  98. mailer.i.bizml.ru viber service preprod information disclosure to Mail.ru - 15 upvotes, $300
  99. Information disclosure at https://blockchain.atlassian.net to Blockchain - 15 upvotes, $100
  100. User Profiles Leak PII in HTML Document for Mobile Browser User Agents to Zomato - 15 upvotes, $0
  101. Information disclosure when trying to delete an expense's attachment on m.mavenlink.com to Mavenlink - 15 upvotes, $0
  102. Blind stored XSS due to insecure contact form at https://www.topcoder.com leads to leakage of session token and other PII to Lab45 - 15 upvotes, $0
  103. [h1-2102] Information disclosure - ShopifyPlus add user displays existing Shopify ID fullname to Shopify - 15 upvotes, $0
  104. Golang expvar Information Disclosure to Uber - 15 upvotes, $0
  105. Information Disclosure on stun.screenhero.com to Slack - 14 upvotes, $700
  106. PII leakage due to caching of Order/Contract ID's on █████████ to U.S. Dept Of Defense - 14 upvotes, $0
  107. Sensitive Information Disclosure on https://nordvpn.com/ to Nord Security - 14 upvotes, $0
  108. Minimal information disclosure of internal asset names and links which were not publicly accessible. to Starbucks - 14 upvotes, $0
  109. PII data Leakage through hackerone reports to HackerOne - 14 upvotes, $0
  110. Information disclosure on error message to PortSwigger Web Security - 14 upvotes, $0
  111. Remove Every User, Admin, And Owner Out Of Their Teams on developers.mtn.com via IDOR + Information Disclosure to MTN Group - 14 upvotes, $0
  112. PII of users can be downloaded from export pages to WordPress - 14 upvotes, $0
  113. PII leakage-Full SSN on ███ to U.S. Dept Of Defense - 13 upvotes, $0
  114. HTTP-Response-Splitting leads to information disclosure (email, firstname, lastname) at https://tz.mail.ru to Mail.ru - 13 upvotes, $0
  115. CORS Misconfiguration on nordvpn.com leading to Private Information Disclosure,Account takeover to Nord Security - 13 upvotes, $0
  116. [information disclosure] Validate existence of a private project. to GitLab - 13 upvotes, $0
  117. Bypassing SOP with XSS on account.my.games leading to steal CSRF token and user information to Mail.ru - 13 upvotes, $0
  118. [http://kiwi.youdrive.today/] Information disclosure via Kiwi TCMS vulnerability to Mail.ru - 13 upvotes, $0
  119. [U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions to U.S. Dept Of Defense - 13 upvotes, $0
  120. Information Disclosure on rate limit defense mechanism to Legal Robot - 12 upvotes, $0
  121. [qiwi.com] Information Disclosure to QIWI - 12 upvotes, $0
  122. PII Leak of USCG Designated Examiner List at https://www.███ to U.S. Dept Of Defense - 12 upvotes, $0
  123. GraphQL Query leads to sensitive information disclosure to GitLab - 12 upvotes, $0
  124. Non-revoked API Key Information disclosure via Stripo_report() to Stripo Inc - 12 upvotes, $0
  125. Sensitive Information Disclosure to Trellix - 12 upvotes, $0
  126. newrelic.atlassian.net - jira information disclosure to New Relic - 11 upvotes, $0
  127. Information Disclosure and Privilege Escalation in app.goodhire.com/member/developers/api-settings to Inflection - 11 upvotes, $0
  128. IDOR at https://fast.trychameleon.com/observe/v2/profiles/ via uid parameter discloses users' PII data to Lab45 - 11 upvotes, $0
  129. Request Access for Uber Device Returns Management Platform (https://www.eats-devicereturns.com/request-access/) Bypass Allows Access to PII to Uber - 11 upvotes, $0
  130. Cross-origin resource sharing misconfig | steal user information to UPchieve - 11 upvotes, $0
  131. IDOR leaking PII data via VendorId parameter to U.S. Dept Of Defense - 11 upvotes, $0
  132. Information Disclosure in AWS S3 Bucket to Legal Robot - 10 upvotes, $0
  133. IDOR in tender.mail.ru leading to Information Disclosure to Mail.ru - 10 upvotes, $0
  134. Information Disclosure FrontPage Configuration Information /_vti_inf.html in https://www.mtn.co.za/ to MTN Group - 10 upvotes, $0
  135. critical information disclosure to U.S. Dept Of Defense - 10 upvotes, $0
  136. Information Disclosure on https://rpc.sifchain.finance/ to Sifchain - 10 upvotes, $0
  137. Information Disclosure on TikTok Unplugged Site to TikTok - 10 upvotes, $0
  138. Account takeover leading to PII chained with stored XSS to U.S. General Services Administration - 10 upvotes, $0
  139. Sensitive Information Disclosure Through Config File to MTN Group - 10 upvotes, $0
  140. AEM misconfiguration leads to Information disclosure to U.S. Dept Of Defense - 10 upvotes, $0
  141. Information Disclosure to Yahoo! - 9 upvotes, $0
  142. Information disclosure via policy update notifications after removal from program to HackerOne - 9 upvotes, $0
  143. Personal information disclosure on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  144. Apache mod_status /server-status Information Disclosure to TomTom - 9 upvotes, $0
  145. [https://city-mobil.ru/taxiserv] IDOR leads to information disclosure to Mail.ru - 9 upvotes, $0
  146. Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298 to Internet Bug Bounty - 8 upvotes, $2000
  147. Information disclosure at http://sea-s2s.molthailand.com/status.php to Razer - 8 upvotes, $375
  148. Incomplete HTML sanitization + Session id leaking + private information disclosure to Open-Xchange - 8 upvotes, $200
  149. User Information leak allows user to bypass email verification. to Legal Robot - 8 upvotes, $0
  150. User Information sent to client through websockets to Legal Robot - 8 upvotes, $0
  151. User Information Disclosure via REST API to Nextcloud - 8 upvotes, $0
  152. User Information Disclosure via REST API to ownCloud - 8 upvotes, $0
  153. Information disclosure to HackerOne - 8 upvotes, $0
  154. Access control bypass leads to domain information disclosure to Vercel - 8 upvotes, $0
  155. Information Disclosure - Получаем доступ к работам и к приватным презентациям к курсам to Mail.ru - 8 upvotes, $0
  156. PII Leak via https://████████ to U.S. Dept Of Defense - 8 upvotes, $0
  157. PII Information Leak at https://████████.mil/ to U.S. Dept Of Defense - 8 upvotes, $0
  158. PII Leak via /████████ to U.S. Dept Of Defense - 8 upvotes, $0
  159. Information disclosure through django debug mode to MTN Group - 8 upvotes, $0
  160. Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints to New Relic - 7 upvotes, $900
  161. Information disclosure same issue #176002 to Coinbase - 7 upvotes, $100
  162. Information disclosure to "Permission as auditor" user to Visma Public - 7 upvotes, $100
  163. Private program activity timeline information disclosure to HackerOne - 7 upvotes, $0
  164. Information Disclosure to drchrono - 7 upvotes, $0
  165. Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  166. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  167. Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  168. Information Disclosure on https://theendlessweb.com/ to RATELIMITED - 7 upvotes, $0
  169. Information Disclosure (can access all ███s) within ███████ view █████████ Portal to U.S. Dept Of Defense - 7 upvotes, $0
  170. Information disclosure through Server side resource forgery to Stripo Inc - 7 upvotes, $0
  171. Information Disclosure [ https://curious.ru/api/submissions ] to Mail.ru - 7 upvotes, $0
  172. Bypassed a fix to gain access to PII of more than 100 Officers to U.S. Dept Of Defense - 7 upvotes, $0
  173. Information Disclosure of Garbage Collection Cycle 'Again' to Mail.ru - 7 upvotes, $0
  174. ████████ portal is open to enumeration once authenticated. Session ID's appear static. All PII available once a valid session ID is found. to U.S. Dept Of Defense - 7 upvotes, $0
  175. Information disclosure via Spring Boot Actuators on gonext-stage.engelvoelkers.com to Engel & Völkers Technology GmbH - 7 upvotes, $0
  176. Information disclosure of user by email using buy widget to Coinbase - 6 upvotes, $0
  177. [gitmm.corp.mail.ru] Auth Bypass, Information Disclosure to Mail.ru - 6 upvotes, $0
  178. Information Disclosure on demo.weblate.org to Weblate - 6 upvotes, $0
  179. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  180. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  181. Partial PII leakage due to public set gitlab to U.S. Dept Of Defense - 6 upvotes, $0
  182. [Information Disclosure through DEBUG at Subscription https://app.dropcontact.io/app/subscription?connector=salesforce](https://hackerone.com/reports/963921) to Dropcontact - 6 upvotes, $0
  183. View another user information with IDOR vulnerability to U.S. Dept Of Defense - 6 upvotes, $0
  184. Authentication bypass leads to Information Disclosure at U.S Air Force "https://███" to U.S. Dept Of Defense - 6 upvotes, $0
  185. LDAP Server NULL Bind Connection Information Disclosure to U.S. Dept Of Defense - 6 upvotes, $0
  186. Significant Information Disclosure/Load balancer access, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean to Yahoo! - 5 upvotes, $0
  187. reopen #128853 (Information disclosure at lite.uber.com) to Uber - 5 upvotes, $0
  188. Information Disclosure of .htaccess file in Private Server/Subdomain to Nextcloud - 5 upvotes, $0
  189. Directory index and information disclosure to Whisper - 5 upvotes, $0
  190. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  191. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  192. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  193. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  194. Information Disclosure which violate program privacy to HackerOne - 5 upvotes, $0
  195. Information disclosure through search engines (password reset token) to Upserve - 5 upvotes, $0
  196. [informatica.com]- Information Disclosure to Informatica - 5 upvotes, $0
  197. Email PII disclosure due to Insecure Password Reset field to U.S. Dept Of Defense - 5 upvotes, $0
  198. PII Leak of ████████ Personal at https://www.█████████ to U.S. Dept Of Defense - 5 upvotes, $0
  199. Improper Access Controls Allow PII Leak via ████ to U.S. Dept Of Defense - 5 upvotes, $0
  200. Support incident can be opened for any user via /███████ and PII leak via █████████ field to U.S. Dept Of Defense - 5 upvotes, $0
  201. Information Disclosure(PHPINFO/Credentials) on DoD Asset to U.S. Dept Of Defense - 5 upvotes, $0
  202. CRXDE Lite/CRX is on ██████ exposed that leads to PII disclosure to U.S. Dept Of Defense - 5 upvotes, $0
  203. Customer domain information disclosure at https://biz.mail.ru/api/domains/* to Mail.ru - 5 upvotes, $0
  204. bypassing dashboard without account + Information disclosure trough websockets to Nextcloud - 5 upvotes, $0
  205. Registered users contact information disclosure on salesforce lightning endpoint https://disposal.gsa.gov to U.S. General Services Administration - 5 upvotes, $0
  206. Unauthenticated PII leak on verified/requested to be verified profiles on ███████/app/org/{id}/profile/{id}/version/{id} [HtUS] to U.S. Dept Of Defense - 5 upvotes, $0
  207. [online.games.mail.ru] - Sensitive information disclosure to Mail.ru - 4 upvotes, $100
  208. Information Disclosure (phpinfo()) to Uzbey - 4 upvotes, $0
  209. Administrator(s) Information disclosure via JSON on wordpress.org to WordPress - 4 upvotes, $0
  210. The special code in editor has no Authority control and can lead to Information Disclosure to Phabricator - 4 upvotes, $0
  211. Server side information disclosure on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  212. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  213. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  214. Information disclosure vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  215. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  216. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  217. Possible to join any class without coache's knowledge & Little Information Disclosure to Khan Academy - 4 upvotes, $0
  218. Open port leads to information disclosure to Weblate - 4 upvotes, $0
  219. Line feed injection in get request leads AWS S3 Bucket information disclosure to RATELIMITED - 4 upvotes, $0
  220. Critical information disclosure at https://█████████ to U.S. Dept Of Defense - 4 upvotes, $0
  221. Information Disclosure on {http://pro.tracker.my.com} to Mail.ru - 4 upvotes, $0
  222. information disclosure via IDOR on "https://target.my.com/api/v2/coverage/segment.json?id={id}" endpoint to Mail.ru - 4 upvotes, $0
  223. PII Leak via /███████ to U.S. Dept Of Defense - 4 upvotes, $0
  224. PII Leak via /██████ to U.S. Dept Of Defense - 4 upvotes, $0
  225. Wrong settings in ADF Faces leads to information disclosure to U.S. Dept Of Defense - 4 upvotes, $0
  226. Broken access discloses users and PII at https://███████ [HtUS] to U.S. Dept Of Defense - 4 upvotes, $0
  227. Security bypass could lead to information disclosure to Internet Bug Bounty - 3 upvotes, $2000
  228. Twitter Ads Campaign information disclosure through admin without any authentication. to X (Formerly Twitter) - 3 upvotes, $560
  229. Information Disclosure (Directory Structure) to Localize - 3 upvotes, $0
  230. Information Disclosure That shows the webroot of CoinBase Server to Coinbase - 3 upvotes, $0
  231. Information Disclosure (FPD) - stopthehacker.com to StopTheHacker - 3 upvotes, $0
  232. information disclosure (LOAD BALANCER + URI XSS) to Yahoo! - 3 upvotes, $0
  233. CMS Information Disclosure to Uzbey - 3 upvotes, $0
  234. comment out causes information disclosure to Shopify - 3 upvotes, $0
  235. node.drchrono.com - Information Disclosure and Windows Host Exposed to drchrono - 3 upvotes, $0
  236. https://newsletter.nextcloud.com Directory listening and Information Disclosure to Nextcloud - 3 upvotes, $0
  237. Information Disclosure on lite.uber.com to Uber - 3 upvotes, $0
  238. Un-handled exception leads to Information Disclosure to Keybase - 3 upvotes, $0
  239. Information disclosure of website to Brave Software - 3 upvotes, $0
  240. Server side information disclosure to U.S. Dept Of Defense - 3 upvotes, $0
  241. Potentially sensitive information disclosure on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  242. Information disclosure to Nextcloud - 3 upvotes, $0
  243. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  244. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  245. Information disclosure to Legal Robot - 3 upvotes, $0
  246. Information Disclosure - Composer.lock to RBKmoney - 3 upvotes, $0
  247. Information Disclosure (phpinfo()) to VK.com - 3 upvotes, $0
  248. Exposed debug.log file leads to information disclosure to MariaDB - 3 upvotes, $0
  249. Information Disclosure Microsoft IIS Server service.cnf in a mtn website to MTN Group - 3 upvotes, $0
  250. tracker.my.com information disclosure via csrf bypass to Mail.ru - 3 upvotes, $0
  251. looch.tv CORS crossite user information and stream_key access to Mail.ru - 3 upvotes, $0
  252. PII Leak (such as CAC User ID) at https://████████/pages/login.aspx to U.S. Dept Of Defense - 3 upvotes, $0
  253. Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com] to Acronis - 3 upvotes, $0
  254. Unauthorized access to PII leads to MASS account Takeover to U.S. Dept Of Defense - 3 upvotes, $0
  255. User information disclosed via API to U.S. General Services Administration - 3 upvotes, $0
  256. User Information Disclosure via Json response to LocalTapiola - 2 upvotes, $50
  257. User Enumeration, Information Disclosure and Lack of Rate Limitation on API to Coinbase - 2 upvotes, $0
  258. Server header - information disclosure to Localize - 2 upvotes, $0
  259. Unproper usage of Mobile Number that will lead to Information Disclosure to Mail.ru - 2 upvotes, $0
  260. Information Disclosure, groups.yahoo.com,6-april-2014, #SpringClean to Yahoo! - 2 upvotes, $0
  261. Sensitive server-side/application information disclosure to Keybase - 2 upvotes, $0
  262. Web Server information disclosure. to Nearby Live - 2 upvotes, $0
  263. Information Disclosure in Error Page to Paragon Initiative Enterprises - 2 upvotes, $0
  264. Authentication Bypassing and Sensitive Information Disclosure on Verify Email Address in Registration Flow to Zomato - 2 upvotes, $0
  265. Information disclosure at lite.uber.com to Uber - 2 upvotes, $0
  266. Information disclosure on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  267. Information Disclosure to GlobaLeaks - 2 upvotes, $0
  268. Information disclosure (system username, server info) in the x-amz-meta-s3cmd-attrs response header on data.gov to GSA Bounty - 2 upvotes, $0
  269. Sensitive information disclosure to 8x8 - 2 upvotes, $0
  270. Information Disclosure on qa-delivery-srv.plazius.ru to Mail.ru - 2 upvotes, $0
  271. Information Disclosure on www7.promo.plazius.ru to Mail.ru - 2 upvotes, $0
  272. Information disclosure at '████████' --- CVE-2020-14179 to U.S. Dept Of Defense - 2 upvotes, $0
  273. Authorization bypass -> IDOR -> PII Leakage to U.S. Dept Of Defense - 2 upvotes, $0
  274. No rate limit which leads to "Users information Disclosure" including verfification documents etc. to Enter - 1 upvotes, $250
  275. information disclosure to Automattic - 1 upvotes, $0
  276. daily.owncloud.com: Information disclosure to ownCloud - 1 upvotes, $0
  277. information disclosure to Udemy - 1 upvotes, $0
  278. User Enumeration and Information Disclosure to Uber - 1 upvotes, $0
  279. Oracle WebCenter Sites Support Tools available and Information disclosure (/cs/Satellite) to LocalTapiola - 1 upvotes, $0
  280. User Information sent to client through websockets to Instacart - 1 upvotes, $0
  281. Sensitive information disclosure via response headers on jenkins.brew.sh to Homebrew - 1 upvotes, $0
  282. Information Disclosure on inside.gratipay.com to Gratipay - 1 upvotes, $0
  283. information disclosure which leak the apache version to RATELIMITED - 1 upvotes, $0
  284. Sensitive Information disclosure Through Config File to Kubernetes - 1 upvotes, $0
  285. Configuartion [Sensitive] Information Disclosure to Kubernetes - 1 upvotes, $0
  286. HackyHolidays 2020 Full Write-up: Information Disclosure of 12 Flags to h1-ctf - 1 upvotes, $0
  287. Information disclosure on Sifchain to Sifchain - 1 upvotes, $0
  288. Information disclosure to Brave Software - 1 upvotes, $0
  289. Unintended information disclosure in the Hubot Log files to Rocket.Chat - 1 upvotes, $0
  290. lenta_proxy information disclosure to Mail.ru - 0 upvotes, $400
  291. openssh-server Forced Command Handling Information Disclosure Vulnerability on blog.greenhouse.io to Greenhouse.io - 0 upvotes, $0
  292. Multiple information disclosure to Eobot - 0 upvotes, $0
  293. Information disclosure in coinbase android app to Coinbase - 0 upvotes, $0
  294. Sensitive information disclosure to New Relic - 0 upvotes, $0
  295. UnResolved ChangeSet are Visible to Public That also Causes Information Disclosure to WordPress - 0 upvotes, $0
  296. Information Disclosure PHPpgAdmin to RATELIMITED - 0 upvotes, $0
  297. Information Disclosure to Mail.ru - 0 upvotes, $0
  298. Information Disclosure to Mail.ru - 0 upvotes, $0
  299. information disclosure to Sifchain - 0 upvotes, $0
  300. Information Disclosure at one of your subdomain to Sifchain - 0 upvotes, $0