REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
117
linkks
75
geeknik
75
sp1d3rs
66
jobert
60
jon_bottarini
48
ryat
47
netfuzzer
47
guido
45
bl4de
42
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
Lark Technologies
disclosed a bug submitted by
imran_nisar
Stealing app credentials by reflected xss on Lark Suite
26 Feb 2021
Uber
disclosed a bug submitted by
apolo2
Thumbor misconfiguration at blogapi.uber.com can lead to DoS
25 Feb 2021
Uber
disclosed a bug submitted by
mariogomez1
stack trace exposed on https://receipts.uber.com/
25 Feb 2021
Uber
disclosed a bug submitted by
corb3nik
[First 30] Stored XSS on login.uber.com/oauth/v2/authorize via redirect_uri parameter
25 Feb 2021
Uber
disclosed a bug submitted by
corb3nik
Stored XSS on auth.uber.com/oauth/v2/authorize via redirect_uri parameter leads to Account Takeover
25 Feb 2021
Uber
disclosed a bug submitted by
healdb
Outdated Wordpress installation and plugins at www.uberxgermany.com create CSRF and XSS vulnerabilities
25 Feb 2021
Uber
disclosed a bug submitted by
tomnomnom
[Pre-Submission][H1-4420-2019] API access to Phabricator on code.uberinternal.com from leaked certificate in git repo
25 Feb 2021
Uber
disclosed a bug submitted by
fawazxq
Disclosure of Co-Rider user (Uber-pooling) profile picture at Amazon AWS Cloudfront within HTTP RESPONSE
25 Feb 2021
Uber
disclosed a bug submitted by
phwd
Listing of email addresses of whitelisted business users visible at business.uber.com
25 Feb 2021
Uber
disclosed a bug submitted by
rijalrojan
Uber employees are sharing information on productforums.google.com
25 Feb 2021
Uber
disclosed a bug submitted by
0xd0m7
[usuppliers.uber.com] - Server Side Request Forgery via XXE OOB
25 Feb 2021
Uber
disclosed a bug submitted by
orange
Arbitrary File Reading on Uber SSL VPN
25 Feb 2021
Weblate
disclosed a bug submitted by
anotherhoax
Race Condition allows to get more free trials and get more than 100 languages and strings for free
25 Feb 2021
CS Money
disclosed a bug submitted by
gatolouco
Cookie poisoning leads to DOS and Privacy Violation
25 Feb 2021
Dropbox
disclosed a bug submitted by
cybxis
`account_info.read` scope OAuth app access token can change token owner's account name.
25 Feb 2021
Automattic
disclosed a bug submitted by
telaviv_h4x0r
information disclosure lead to disclose users private notes
25 Feb 2021
FetLife
disclosed a bug submitted by
kapkan
Stored XSS via `Create a Fetish` section.
25 Feb 2021
Logitech
disclosed a bug submitted by
nrockhouse
SSRF allows reading AWS EC2 metadata using "readapi" variable in Streamlabs Cloudbot
24 Feb 2021
Shopify
disclosed a bug submitted by
todayisnew
Subdomain Takeover Via unclaimed Heroku Instance tim-exclusive.shopify.com
24 Feb 2021
1
2
3
...
519
BY DENIS WERNER - @NOBBD -
IMPRESSUM