Skip to content

Latest commit

 

History

History
264 lines (263 loc) · 36.4 KB

TOPDOS.md

File metadata and controls

264 lines (263 loc) · 36.4 KB
Raw

Top DoS reports from HackerOne:

  1. DoS on PayPal via web cache poisoning to PayPal - 810 upvotes, $9700
  2. profile-picture name parameter with large value lead to DoS for other users and programs on the platform to HackerOne - 462 upvotes, $0
  3. Denial of service to WP-JSON API by cache poisoning the CORS allow origin header to Automattic - 387 upvotes, $0
  4. Denial of service via cache poisoning to HackerOne - 232 upvotes, $2500
  5. Ability to DOS any organization's SSO and open up the door to account takeovers to Grammarly - 212 upvotes, $10500
  6. Uploading large payload on domain instructions causes server-side DoS to HackerOne - 193 upvotes, $2500
  7. Node disk DOS by writing to container /etc/hosts to Kubernetes - 159 upvotes, $1000
  8. xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS) to Nord Security - 153 upvotes, $0
  9. DoS on the Issue page by exploiting Mermaid. to GitLab - 138 upvotes, $3000
  10. character limitation bypass can lead to DoS on Twitter App and 500 Internal Server Error to Twitter - 138 upvotes, $560
  11. Permanent DoS with one click. to Automattic - 124 upvotes, $0
  12. a very long name in hey.com can prevent anyone from accessing their contacts and probably can cause denial of service to Basecamp - 120 upvotes, $1000
  13. HTML Injection in Swing can disclose netNTLM hash or cause DoS to PortSwigger Web Security - 113 upvotes, $1000
  14. ActiveStorage throws exception when using whitespace as filename, may lead to denial of service of multiple pages to HackerOne - 110 upvotes, $0
  15. Denial of Service via Hyperlinks in Posts to Slack - 102 upvotes, $1500
  16. Cache Poisoning DoS on downloads.exodus.com to Exodus - 93 upvotes, $2500
  17. Attacker with an Old account might still be able to DoS ctf.hacker101.com by sending a Crafted request to HackerOne - 93 upvotes, $0
  18. Denial of Service | twitter.com & mobile.twitter.com to Twitter - 86 upvotes, $1120
  19. Denial Of Service (Out Of Memory) on Updating Bounty Table [Urgent] to HackerOne - 80 upvotes, $0
  20. DoS attack via comment on Issue to GitLab - 79 upvotes, $1000
  21. [mijn.werkenbijdefensie.nl] Denial of service occurs due to lack of email length confirmation to Radancy - 79 upvotes, $0
  22. https://themes.shopify.com::: Host header web cache poisoning lead to DoS to Shopify - 72 upvotes, $2900
  23. DoS of https://nordvpn.com/ via CVE-2018-6389 exploitation to Nord Security - 71 upvotes, $0
  24. Cache Poisoning DoS on updates.rockstargames.com to Rockstar Games - 70 upvotes, $500
  25. Cache poisoning Denial of Service affecting assets.gitlab-static.net to GitLab - 69 upvotes, $4850
  26. [www.werkenbijbakertilly.nl] Denial of service due to incorrect server return can result in total denial of service. to Radancy - 67 upvotes, $0
  27. Denial of Service [Chrome] to Twitter - 65 upvotes, $560
  28. Authorization issue in Google G Suite allows DoS through HTTP redirect to Uber - 61 upvotes, $0
  29. DoS: type confusion in mrb_no_method_error to shopify-scripts - 60 upvotes, $20000
  30. Web Cache Poisoning leads to XSS and DoS to Glassdoor - 55 upvotes, $0
  31. [api.tumblr.com] Denial of Service by cookies manipulation to Automattic - 51 upvotes, $0
  32. DoS through PeerExplorer to IOVLabs - 49 upvotes, $4000
  33. DoS via markdown API from unauthenticated user to GitHub - 49 upvotes, $4000
  34. Potential DoS vulnerability in Django in multipart parser to Internet Bug Bounty - 47 upvotes, $2400
  35. DOS in stream filters to Internet Bug Bounty - 44 upvotes, $1500
  36. Arbitrary file creation with semi-controlled content (leads to DoS, EoP and others) at Steam Windows Client to Valve - 41 upvotes, $1250
  37. Google Maps API key stored as plain text leading to DOS and financial damage to Zenly - 41 upvotes, $750
  38. DoS attacks utilizing camo.stream.highwebmedia.com to Chaturbate - 40 upvotes, $400
  39. Memory Leak in OCUtil.dll library in Desktop client can lead to DoS to Nextcloud - 40 upvotes, $100
  40. Hash-Collision Denial-of-Service Vulnerability in Markdown Parser to Reddit - 39 upvotes, $500
  41. DOS via cache poisoning on [developer.mozilla.org] to Mozilla Core Services - 39 upvotes, $0
  42. iOS group chat denial of service to LINE - 36 upvotes, $300
  43. Application DOS via specially crafted payload on 3d.cs.money to CS Money - 35 upvotes, $200
  44. %0A (New line) and limitness URL leads to DoS at all system [Main adress (https://www.acronis.com/)] to Acronis - 35 upvotes, $0
  45. Regular expression denial of service in ActiveRecord's PostgreSQL Money type to Ruby on Rails - 32 upvotes, $0
  46. Remote denial of service in HyperLedger Fabric to Hyperledger - 32 upvotes, $0
  47. Chrome Extension is vulnerable to the self-DOS issues in case it process the security.txt with a big size to Ed - 31 upvotes, $0
  48. Cookie poisoning leads to DOS and Privacy Violation to CS Money - 30 upvotes, $700
  49. CryptoNote: remote node DoS to Monero - 30 upvotes, $0
  50. Use after free vulnerability in mruby Array#to_h causing DOS possible RCE to shopify-scripts - 29 upvotes, $20000
  51. DoS on the Direct Messages to Slack - 28 upvotes, $500
  52. No redirect_uri in the db for web-internal clientKey leads to one-click DoS on gitter.im to GitLab - 25 upvotes, $1000
  53. Fastify denial-of-service vulnerability with large JSON payloads to Node.js third-party modules - 25 upvotes, $500
  54. Remote Server Restart Lead to Denial of Service by only one Request. to Keybase - 25 upvotes, $250
  55. cookie injection allow dos attack to periscope.tv to Twitter - 24 upvotes, $560
  56. DOS attack by consuming all CPU and using all available memory to Tron Foundation - 23 upvotes, $1500
  57. ICQ Android APP remote DoS to Mail.ru - 23 upvotes, $1000
  58. JSON RPC methods for debugging enabled by default allow DoS to IOVLabs - 23 upvotes, $750
  59. Cache poisoning DoS to various TTS assets to GSA Bounty - 23 upvotes, $0
  60. DOS via issue preview to GitLab - 22 upvotes, $7640
  61. DoS through cache poisoning using invalid HTTP parameters to Greenhouse.io - 22 upvotes, $500
  62. xmlrpc.php FILE IS enable it will used for bruteforce attack and denial of service to LocalTapiola - 22 upvotes, $315
  63. Single User DOS by Poisoning Cookie via Get Parameter to Pornhub - 22 upvotes, $0
  64. Insecure Processing of XML leads to Denial of Service through Billion Laughs Attack to Razer - 21 upvotes, $375
  65. DoS of LINE client for Android via message containing multiple unicode characters (0x0e & 0x0f) to LINE - 21 upvotes, $250
  66. Bypass of request line length limit to DoS via cache poisoning to Greenhouse.io - 21 upvotes, $100
  67. Cookie injection leads to complete DoS over whole domain *.mackeeper.com. Injection point accountstage.mackeeper.com/ to Clario - 21 upvotes, $50
  68. XMLRPC, Enabling XPSA and Bruteforce and DOS + A file disclosing installer-logs. to MTN Group - 21 upvotes, $0
  69. DOS validator nodes of blockchain to block external connections to Hyperledger - 20 upvotes, $1500
  70. Pixel Flood Attack leads to Application level DoS to CS Money - 20 upvotes, $200
  71. scripts loader (denial of service) vulnerability to MariaDB - 20 upvotes, $0
  72. Comments Denial of Service in socialclub.rockstargames.com to Rockstar Games - 19 upvotes, $0
  73. Variant of CVE-2013-0269 (Denial of Service and Unsafe Object Creation Vulnerability in JSON) to Ruby - 18 upvotes, $500
  74. Denial of Service by requesting to reset a password to Nextcloud - 18 upvotes, $250
  75. Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS to Ruby on Rails - 17 upvotes, $1500
  76. lack of input validation that can lead Denial of Service (DOS) to Twitter - 17 upvotes, $560
  77. xmlrpc.php And /wp-json/wp/v2/users FILE IS enable it will used for bruteforce attack and denial of service to Sifchain - 17 upvotes, $50
  78. Permanent Denial of Service to MS-DOS - 17 upvotes, $0
  79. DOS via move_issue to GitLab - 16 upvotes, $2300
  80. WEBrick::HTTPAuth::DigestAuth authentication is vulnerable to regular expression denial of service (ReDoS) to Ruby - 16 upvotes, $200
  81. Race condition on the Federalist API endpoints can lead to the Denial of Service attack to GSA Bounty - 16 upvotes, $0
  82. Possible denial of service when entering a loooong password to Nextcloud - 16 upvotes, $0
  83. Server-side denial of service via large payload sent to wiki.cs.money/graphql to CS Money - 16 upvotes, $0
  84. CVE-2023-23916: HTTP multi-header compression denial of service to curl - 16 upvotes, $0
  85. [Java] CWE-755: Query to detect Local Android DoS caused by NFE to GitHub Security Lab - 15 upvotes, $1800
  86. DoS for HTTP/2 connections by crafted requests (CVE-2018-1333) to Internet Bug Bounty - 15 upvotes, $500
  87. Single user DOS on selectedLanguage -cookie (yrityspalvelu.lahitapiola.fi) to LocalTapiola - 15 upvotes, $400
  88. xmlrpc.php file is enable it will used for (Denial of Service) and bruteforce attack to BlockDev Sp. Z o.o - 15 upvotes, $0
  89. Attacker may be able to bounce enough emails which suspend HackerOne's SES service and cause a DoS of HackerOne's email service to HackerOne - 15 upvotes, $0
  90. DoS via Playbook to Mattermost - 15 upvotes, $0
  91. xmlrpc.php FILE IS enabled it will used for Bruteforce attack and Denial of Service(DoS) to BlockDev Sp. Z o.o - 14 upvotes, $500
  92. Application-level DoS on image's "size" parameter. to Gratipay - 14 upvotes, $0
  93. Resource Consumption DOS on Edgemax v1.10.6 to Ubiquiti Inc. - 14 upvotes, $0
  94. DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389 to Yelp - 14 upvotes, $0
  95. xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS) to Top Echelon Software - 14 upvotes, $0
  96. Null target_class DoS to shopify-scripts - 13 upvotes, $8000
  97. Chained vulnerabilities create DOS attack against users on desafio5estrelas.com to Uber - 13 upvotes, $1000
  98. Cookie-based client-side denial-of-service to all of the Lähitapiola domains to LocalTapiola - 13 upvotes, $400
  99. DoS via large console messages to Mattermost - 13 upvotes, $150
  100. Denial of Service with Cookie Bomb to Nord Security - 13 upvotes, $0
  101. Web Cache Poisoning leading to DoS to U.S. General Services Administration - 13 upvotes, $0
  102. CVE-2022-35252: control code in cookie denial of service to curl - 13 upvotes, $0
  103. PNG compression DoS to HackerOne - 12 upvotes, $500
  104. Possible denial of service when entering a loooong password to Nextcloud - 12 upvotes, $100
  105. No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service to U.S. Dept Of Defense - 12 upvotes, $0
  106. Cookie Bombing cause DOS - businesses.uber.com to Uber - 12 upvotes, $0
  107. User input validation can lead to DOS to Twitter - 11 upvotes, $560
  108. Pre-auth Denial-of-Service in Dovecot RPA implementation to Open-Xchange - 11 upvotes, $550
  109. Insufficient limitation of web page title leads to DoS against ICQ for Android to Mail.ru - 11 upvotes, $300
  110. Content length restriction bypass can lead to DOS by reading large files on gip.rocks to Gratipay - 11 upvotes, $0
  111. memjs allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage to Node.js third-party modules - 11 upvotes, $0
  112. Application level denial of service due to shutting down the server to Node.js third-party modules - 11 upvotes, $0
  113. Denial Of Service in Strapi Framework using argument injection to Node.js third-party modules - 11 upvotes, $0
  114. [mtn.com.af] Multiple vulnerabilities allow to Application level DoS to MTN Group - 11 upvotes, $0
  115. Remote denial of service in HyperLedger Fabric to Hyperledger - 11 upvotes, $0
  116. The parameter in the POST query allows to control size of returned page which in turn can lead to the potential DOS attack to LocalTapiola - 10 upvotes, $315
  117. DOS: out of memory from gif through upload api to Mattermost - 10 upvotes, $150
  118. Permanent DOS for new users! to Stripo Inc - 10 upvotes, $0
  119. Denial of service via cache poisoning on https://www.data.gov/ to GSA Bounty - 10 upvotes, $0
  120. Denial of service due to invalid memory access in mrb_ary_concat to shopify-scripts - 9 upvotes, $8000
  121. Rack CVE-2022-30122: Denial of Service Vulnerability in Rack Multipart Parsing to Internet Bug Bounty - 9 upvotes, $2400
  122. Single User DOS on SelectedLocale -cookie (verkkopalvelu.tapiola.fi) to LocalTapiola - 9 upvotes, $400
  123. Single user DOS on selectedLanuage -cookie at (verkkopalvelu.tapiola.fi) to LocalTapiola - 9 upvotes, $100
  124. Denial of Service through set_preference.json to Keybase - 9 upvotes, $0
  125. Fix for self-DoS in Security-txt Chrome Extension. to Ed - 9 upvotes, $0
  126. XML hash collision DoS vulnerability in Python's xml.etree module to Internet Bug Bounty - 9 upvotes, $0
  127. DoS for remote nodes using Slow Loris attack to Monero - 9 upvotes, $0
  128. Cisco ASA Denial of Service & Path Traversal (CVE-2018-0296) to ok.ru - 9 upvotes, $0
  129. Multiple HTTP/2 DOS Issues to Node.js - 9 upvotes, $0
  130. load scripts DOS vulnerability to OLX - 9 upvotes, $0
  131. xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php to U.S. Dept Of Defense - 9 upvotes, $0
  132. Permanent DoS at https://happy.tools/ when inviting a user to Automattic - 9 upvotes, $0
  133. Denial of Service in mruby due to null pointer dereference to shopify-scripts - 8 upvotes, $8000
  134. CVE-2022-32206: HTTP compression denial of service to Internet Bug Bounty - 8 upvotes, $2400
  135. potential denial of service attack via the locale parameter to Internet Bug Bounty - 8 upvotes, $2400
  136. Возможность провести DoS атаку от имени vk.com сервера to VK.com - 8 upvotes, $500
  137. CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service and Remote Command Execution to Internet Bug Bounty - 8 upvotes, $480
  138. Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests to Node.js - 8 upvotes, $250
  139. DoS in Brave browser for iOS to Brave Software - 8 upvotes, $80
  140. Proxy service crash DoS to Factlink - 8 upvotes, $0
  141. CVE-2017-8779 exploit on open rpcbind port could lead to remote DoS to Endless Group - 8 upvotes, $0
  142. scripts loader DOS vulnerability to FormAssembly - 8 upvotes, $0
  143. Cache Posioning leading to denial of service at █████████ - Bypass fix from report #1198434 to U.S. Dept Of Defense - 8 upvotes, $0
  144. CVE-2022-35252: control code in cookie denial of service to Internet Bug Bounty - 8 upvotes, $0
  145. Denial of Service in Action Pack Exception Handling to Ruby on Rails - 7 upvotes, $1500
  146. Malformed SHA512 ticket DoS (CVE-2016-6302) to Internet Bug Bounty - 7 upvotes, $500
  147. Client DoS due to large DH parameter (CVE-2018-0732) to Internet Bug Bounty - 7 upvotes, $500
  148. Lack of Packet Sanitation in Goflow Results in Multiple DoS Attack Vectors and Bugs to Cloudflare Public Bug Bounty - 7 upvotes, $500
  149. Denial of Service in anti_ransomware_service.exe via logs files to Acronis - 7 upvotes, $200
  150. DoS of www.lahitapiolarahoitus.fi via CVE-2018-6389 exploitation to LocalTapiola - 7 upvotes, $50
  151. SSRF / Local file enumeration / DoS due to improper handling of certain file formats by ffmpeg to Imgur - 7 upvotes, $0
  152. http-proxy-agent passes unsanitized options to Buffer(arg), resulting in DoS and uninitialized memory leak to Node.js third-party modules - 7 upvotes, $0
  153. Algorithmic complexity vulnerability in ZXCVBN leads to remote denial of service attack to Dropbox - 7 upvotes, $0
  154. [cloudron-surfer] Denial of Service via LDAP Injection to Node.js third-party modules - 7 upvotes, $0
  155. Application level DOS at Login Page ( Accepts Long Password ) to Reddit - 7 upvotes, $0
  156. WordPress application vulnerable to DoS attack via wp-cron.php to U.S. Dept Of Defense - 7 upvotes, $0
  157. Range constructor type confusion DoS to shopify-scripts - 6 upvotes, $10000
  158. CVE-2022-32205: Set-Cookie denial of service to Internet Bug Bounty - 6 upvotes, $480
  159. WordPress Authentication Denial of Service to Instacart - 6 upvotes, $100
  160. [DOS] denial of service using code snippet on brave browser to Brave Software - 6 upvotes, $25
  161. DoS vulnerability in mod_auth_digest CVE-2016-2161 to Internet Bug Bounty - 6 upvotes, $0
  162. WordPress core - Denial of Service via Cross Site Request Forgery to WordPress - 6 upvotes, $0
  163. https-proxy-agent passes unsanitized options to Buffer(arg), resulting in DoS and uninitialized memory leak to Node.js third-party modules - 6 upvotes, $0
  164. Lodash "difference" (possibly others) Function Denial of Service Through Unvalidated Input to Node.js third-party modules - 6 upvotes, $0
  165. HTTP/2 Denial of Service Vulnerability to Node.js - 6 upvotes, $0
  166. DoS for client-go jsonpath func to Kubernetes - 6 upvotes, $0
  167. SQL Injection or Denial of Service due to a Prototype Pollution to Node.js third-party modules - 6 upvotes, $0
  168. Camera adoption DoS - UniFi Protect to Ubiquiti Inc. - 6 upvotes, $0
  169. Regular Expression Denial of Service vulnerability to Reddit - 6 upvotes, $0
  170. DoS at ████████ (CVE-2018-6389) to U.S. Dept Of Defense - 6 upvotes, $0
  171. ruby DoS https://www.mruby.science to shopify-scripts - 5 upvotes, $8000
  172. [tor] control connection pre-auth DoS (infinite loop) with --enable-bufferevents to Tor - 5 upvotes, $100
  173. Denial of service attack on Brave Browser. to Brave Software - 5 upvotes, $50
  174. Denial of Service any Report to HackerOne - 5 upvotes, $0
  175. DOS Report FILE html inside <code> in markdown to HackerOne - 5 upvotes, $0
  176. Missing back-end user input validation can lead to DOS flaw to Liberapay - 5 upvotes, $0
  177. Remote P2P DoS to Monero - 5 upvotes, $0
  178. Ruby - Regular Expression Denial of Service Vulnerability of Date Parsing Methods to Internet Bug Bounty - 5 upvotes, $0
  179. monerod JSON RPC server remote DoS to Monero - 5 upvotes, $0
  180. DoS via Automatic Response Message to Mattermost - 5 upvotes, $0
  181. DoS at █████(CVE-2018-6389) to U.S. Dept Of Defense - 5 upvotes, $0
  182. Thumbor misconfiguration at blogapi.uber.com can lead to DoS to Uber - 4 upvotes, $500
  183. Fastify uses allErrors: true ajv configuration by default which is susceptible to DoS to Node.js third-party modules - 4 upvotes, $250
  184. help.nextcloud.com: Known DoS condition (null pointer deref) in Nginx running to Nextcloud - 4 upvotes, $0
  185. Filename enumeration && DoS to Nextcloud - 4 upvotes, $0
  186. No Password Length Restriction leads to Denial of Service to Weblate - 4 upvotes, $0
  187. Abuse of Api that causes spamming users and possible DOS due to missing rate limit on contact form to Weblate - 4 upvotes, $0
  188. Denial of service in libxml2, using malicious lzma file to consume available system memory to Internet Bug Bounty - 4 upvotes, $0
  189. Denial of Service: nghttp2 use of uninitialized pointer to Node.js - 4 upvotes, $0
  190. Application level DoS via xmlrpc.php to U.S. Dept Of Defense - 4 upvotes, $0
  191. DoS for GCSArtifact.RealAll to Kubernetes - 4 upvotes, $0
  192. DoS due to improper input validation can break the admin access into the user data will disallow him from editing that user's data. to Nextcloud - 4 upvotes, $0
  193. Slowvote and Countdown can cause Denial of Service due to recursive inclusion to Phabricator - 4 upvotes, $0
  194. CVE-2022-32206: HTTP compression denial of service to curl - 4 upvotes, $0
  195. CVE-2022-32205: Set-Cookie denial of service to curl - 4 upvotes, $0
  196. DoS via lua_read_body() [zhbug_httpd_94] to Internet Bug Bounty - 4 upvotes, $0
  197. HTTP multi-header compression denial of service to Internet Bug Bounty - 4 upvotes, $0
  198. [CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID to Internet Bug Bounty - 3 upvotes, $480
  199. Potential denial of service in hackerone.com/<program>/reward_settings to HackerOne - 3 upvotes, $100
  200. Arbitrary command execution in MS-DOS to MS-DOS - 3 upvotes, $0
  201. Denial of service (segfault) due to null pointer dereference in mrb_obj_instance_eval to shopify-scripts - 3 upvotes, $0
  202. doc.owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) to ownCloud - 3 upvotes, $0
  203. ci.nextcloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) to Nextcloud - 3 upvotes, $0
  204. Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML to Ruby - 3 upvotes, $0
  205. pngcrush double-free/segfault could result in DoS (CVE-2015-7700) to Internet Bug Bounty - 3 upvotes, $0
  206. CVE-2017-5969: libxml2 when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) to Internet Bug Bounty - 3 upvotes, $0
  207. Dos https://iandunn.name/ via CVE-2018-6389 exploitation to Ian Dunn - 3 upvotes, $0
  208. load scripts DOS vulnerability to BlockDev Sp. Z o.o - 3 upvotes, $0
  209. HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion to Node.js - 3 upvotes, $0
  210. Cache Posioning leading do Denial of Service on www.█████████ to U.S. Dept Of Defense - 3 upvotes, $0
  211. Instance Page DOS within Organization on TikTok Ads to TikTok - 3 upvotes, $0
  212. Denial of Service vulnerability in curl when parsing MQTT server response to curl - 3 upvotes, $0
  213. DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation to Adobe - 3 upvotes, $0
  214. Regular Expression Denial of Service in Headers to Node.js - 3 upvotes, $0
  215. Possible DOS in app with crashing exceptions_app to Ruby on Rails - 3 upvotes, $0
  216. Possible DoS Vulnerability in Multipart MIME parsing in rack to Internet Bug Bounty - 2 upvotes, $480
  217. [CVE-2022-44570] Possible Denial of Service Vulnerability in Rack’s Range header parsing to Internet Bug Bounty - 2 upvotes, $480
  218. [CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support’s underscore to Internet Bug Bounty - 2 upvotes, $480
  219. [CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing to Internet Bug Bounty - 2 upvotes, $480
  220. [CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing to Internet Bug Bounty - 2 upvotes, $480
  221. Denial of service in account statistics endpoint to Mapbox - 2 upvotes, $400
  222. DNS Max Responses for DOS to Node.js - 2 upvotes, $250
  223. Denial of Service to HackerOne - 2 upvotes, $100
  224. Denial of service attack(window object) on brave browser to Brave Software - 2 upvotes, $100
  225. DoS Attack in Controller Lookup Code to Ruby on Rails - 2 upvotes, $0
  226. Possible SQL injection can cause denial of service attack to Dropbox - 2 upvotes, $0
  227. Denial of service in report view. to HackerOne - 2 upvotes, $0
  228. Denial of service (segfault) due to null pointer dereference in mrb_vm_exec to shopify-scripts - 2 upvotes, $0
  229. Abuse of Api that causes spamming users and possible DOS due to missing rate limit to Weblate - 2 upvotes, $0
  230. Regular Expression Denial of Service (ReDoS) to Node.js third-party modules - 2 upvotes, $0
  231. Server side includes in https://lgtm-com.pentesting.semmle.net/internal_api/v0.2/savePublicInformation leads to 500 server error and D-DOS to Semmle - 2 upvotes, $0
  232. Node.js HTTP/2 Large Settings Frame DoS to Node.js - 2 upvotes, $0
  233. Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS to Agoric - 2 upvotes, $0
  234. DoS attack against the client when entering a long password to Nextcloud - 2 upvotes, $0
  235. API Server DoS (crash?) if many large resources (~1MB each) are concurrently/repeatedly sent to an external Validating WebHook endpoint to Kubernetes - 2 upvotes, $0
  236. [play.mtn.co.za] Application level DoS via xmlrpc.php to MTN Group - 2 upvotes, $0
  237. 1-click DOS in fastify-static via directly passing user's input to new URL() of NodeJS without try/catch to Fastify - 2 upvotes, $0
  238. Self-DoS due to template injection via email field in password reset form on access.acronis.com to Acronis - 2 upvotes, $0
  239. moderate: mod_deflate denial of service to Internet Bug Bounty - 1 upvotes, $500
  240. Potential denial of service in hackerone.com/teams/new to HackerOne - 1 upvotes, $100
  241. History Disclosure of MS-Dos to MS-DOS - 1 upvotes, $0
  242. Apache Range Header Denial of Service Attack (Confirmed PoC) to ownCloud - 1 upvotes, $0
  243. CrashPlan Backup is Vulnerable Allowing to a DoS Attack Against Uber's Backups to backup.uber.com to Uber - 1 upvotes, $0
  244. xmlrpc.php FILE IS enable it can be used for conducting a Bruteforce attack and Denial of Service(DoS) to Ian Dunn - 1 upvotes, $0
  245. "Self" DOS with large deployment and scaling to Kubernetes - 1 upvotes, $0
  246. Denial of Service when entring an Array in email at seetings to Nextcloud - 1 upvotes, $0
  247. [meemo-app] Denial of Service via LDAP Injection to Node.js third-party modules - 1 upvotes, $0
  248. [json-bigint] DoS via __proto__ assignment to Node.js third-party modules - 1 upvotes, $0
  249. [http-live-simulator] Application-level DoS to Node.js third-party modules - 1 upvotes, $0
  250. DRb denial of service vulnerability to Ruby - 1 upvotes, $0
  251. Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation to Sifchain - 1 upvotes, $0
  252. curl "globbing" can lead to denial of service attacks to curl - 1 upvotes, $0
  253. Inadequate input validation on API endpoint leading to self denial of service and increased system load. to IRCCloud - 0 upvotes, $500
  254. Dashboard panel embedded onto itself causes a denial of service to Phabricator - 0 upvotes, $0
  255. owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) to ownCloud - 0 upvotes, $0
  256. DOS in browser using window.print() function to Brave Software - 0 upvotes, $0
  257. Denial of service(POP UP Recursion) on Brave browser to Brave Software - 0 upvotes, $0
  258. Possibility of DOS Through logging System to Quora - 0 upvotes, $0
  259. Media parsing in canvas is at least vulnerable to Denial of Service through multiple vulnerabilities to Node.js third-party modules - 0 upvotes, $0
  260. DoS of https://blog.makerdao.com/ via CVE-2018-6389 to BlockDev Sp. Z o.o - 0 upvotes, $0
  261. A specifically designed sieve script can cause a DoS in lib-sieve during sieve script compilation via NULL pointer dereference to Open-Xchange - 0 upvotes, $0
  262. No Password Length Restriction leads to Denial of Service to Reddit - 0 upvotes, $0