| Exposed kubernetes dashboard |
None supplied |
bugkill3r |
Medium |
2021-12-09 |
| [jitsi-meet] Authentication Bypass when using JWT w/ public keys |
Improper Authentication - Generic |
plokta |
Medium |
2021-11-20 |
| Authentication Bypass & ApacheTomcat Misconfiguration in [██] |
Improper Authentication - Generic |
thecyberguy0 |
Medium |
2021-11-04 |
| Exposed PHP dependencies at ██.8x8.com |
Information Disclosure |
ian |
Low |
2021-10-27 |
| DNS Misconfiguration (Subdomain Takeover) - █████████.8x8.com |
Privilege Escalation |
melbadry9 |
Medium |
2021-07-30 |
| Subdomain takeover of ███.wavecell.com |
Privilege Escalation |
ian |
High |
2021-05-02 |
| Open Redirect on [blog.wavecell.com] |
Open Redirect |
melbadry9 |
Low |
2020-10-26 |
| 2FA Disable With Wrong Password - Response Tampering. |
Improper Input Validation |
the_predator |
High |
2020-10-21 |
| DOM Based XSS at docs.8x8.com |
Cross-site Scripting (XSS) - DOM |
wh0ru |
Medium |
2020-09-22 |
| Default Creds Spring Boot Admin |
Information Disclosure |
testingforbugs |
High |
2020-08-14 |
| Send Phishing/Spam email from [email protected] to any email address. |
Improper Input Validation |
wisp |
High |
2020-08-06 |
| SQL injection (stacked queries) in the export to Excel functionality on Vidyo Server |
SQL Injection |
b1ackgamba |
High |
2020-07-29 |
| IDOR: Adding Contacts to Other User Groups |
Insecure Direct Object Reference (IDOR) |
ameyanekar |
Low |
2020-07-27 |
| Stored Cross Site Scripting. |
Cross-site Scripting (XSS) - Stored |
shakhawatpr99 |
High |
2020-07-21 |
| Cross-site Scripting (XSS) - Reflected |
Cross-site Scripting (XSS) - Reflected |
hein_thant |
High |
2020-07-07 |
| Stored XSS on Company Logo |
Cleartext Storage of Sensitive Information |
bugify12334 |
Medium |
2020-07-07 |
| PHPinfo page on http://█████.callstats.io |
Information Disclosure |
manantch |
Low |
2020-07-03 |
| CRLF injection agentcrm.8x8.com |
CRLF Injection |
w2w |
Medium |
2020-06-26 |
| Hardcoded credentials in Android App |
Information Disclosure |
madrobot |
High |
2020-06-22 |
| Post based XSS (Cross site scripting) on https://apimgr.8x8.com |
Cross-site Scripting (XSS) - Generic |
madrobot |
Medium |
2020-06-22 |
| Blind Command Injection #1 |
Command Injection - Generic |
bugify12334 |
High |
2020-06-22 |
| Publicly accessible .svn repository - aastraconf.packet8.net |
Information Disclosure |
madrobot |
Medium |
2020-06-22 |
| Directory listing of https://get8x8.com/ |
None supplied |
whitehatmat |
Low |
2020-06-09 |
| Xss (cross site scripting) on http://axa.dxi.eu/ |
Cross-site Scripting (XSS) - Reflected |
madrobot |
Medium |
2020-06-09 |
| [CRITICAL] Remote code execution on http://axa.dxi.eu |
Code Injection |
madrobot |
Critical |
2020-06-09 |
| Reflected xss on 8x8.com subdomain |
Cross-site Scripting (XSS) - Reflected |
everybodyhurts |
Medium |
2020-02-12 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles