Skip to content

Latest commit

 

History

History
35 lines (35 loc) · 3.82 KB

ibm.md

File metadata and controls

35 lines (35 loc) · 3.82 KB

Reports in ibm program:

S.No Title Bounty
1 Unauthorized Kubernetes to RCE (root) and found TEAMTNT Crypto Miner on it $0.0
2 SQL Injection in IBM access control panel & Broken access in admin panel $0.0
3 Remote Code Execution at https://169.38.86.185/ (edst.ibm.com) $0.0
4 SQL Injection and plaintext passwords via User Search $0.0
5 Reflected XSS and Blind out of band command injection at subdomain dstuid-ww.dst.ibm.com $0.0
6 Public Jenkins instance with /script enabled $0.0
7 CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability - https://esccvc.de.ibm.com $0.0
8 SQL injection in URL path processing on www.ibm.com $0.0
9 sql injection via https://setup.p2p.ihost.com/ $0.0
10 Insecure Object Permissions for Guest User leads to access to internal documents! $0.0
11 Cleartext storage of sensitive information at https://staging.status.ai-apps-comms.ibm.com/env can lead to account takeover of several IBM employees $0.0
12 Subdomain Takeover Affecting at vex.weather.com $0.0
13 Moodle XSS on s-immerscio.comprehend.ibm.com $0.0
14 response manipulation leads to bypass in register at employee website than 0 click account takeover $0.0
15 IDOR in channel ID leads to customer email disclosure on https://video.ibm.com $0.0
16 Nginx Alias Traversal - babel.bluetab.net $0.0
17 IDOR in upload videos of a Channel on https://video.ibm.com $0.0
18 Unauthenticated Remote Access to Testing Endpoint $0.0
19 IBM Maximo Asset Management could allow a remote attacker to bypass authentication due to improper access controls $0.0
20 Jenkins server access due to weak password $0.0
21 Improper Authentication on Alertmanager instance $0.0
22 XSS Refelected on jazz.net $0.0
23 RXSS in hidden parameter $0.0
24 Insecure Direct Object Reference Protection bypass by changing HTTP method in IBM Your Learning endpoint. $0.0
25 XSS in Aspera documentation website $0.0
26 S3 Bucket Takeover on apptio endpoint $0.0
27 XSS in IBM InfoCenter $0.0
28 jazz.net - publicly accessible .svn repositories $0.0
29 SSRF and secret key disclosure found on Turbonomic endpoint $0.0
30 SSRF and secret key disclosure found on Turbonomic endpoint $0.0
31 IBM OpenPages vulnerable to exposure of sensitive information $0.0
32 SSRF via host header let access localhost via https://go.dialexa.com $0.0