REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
56
b'ooooooo_q'
50
b'jon_bottarini'
49
b'haxta4ok00'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Basecamp'
disclosed a bug submitted by
b'mrm0nk'
b'Bypass "Upgrade To Add Project" Restriction in Free Account To Create Multiple Projects Without Upgrading '
20 Dec 2024
b'curl'
disclosed a bug submitted by
b'hackeriron1'
b'bypass of this Fixed #2437131 [ Inadequate Protocol Restriction Enforcement in curl ]'
19 Dec 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'shuvam321'
b' Remote Code Execution and AWS IAM Credentials Exfiltration in https:///'
18 Dec 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'br0x1337'
b'CSRF leads to Account takeover'
18 Dec 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'br0x1337'
b'CSRF leads to Account takeover'
18 Dec 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'njmulsqb'
b'Sensitive data exposure via /secure/ endpoint on '
18 Dec 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'oxylis'
b'Sensitive data exposure: candidate resumes/CVs available to download with no authentication through BAC/IDOR/Improper Salesforce config'
18 Dec 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'prakhar0x01'
b'CSRF Attack on changing security questions leads to full Account TakeOver'
18 Dec 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'prakhar0x01'
b'CSRF Attack leads to delete album at'
18 Dec 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'todayisnew-'
b'[ CVE-2018-1000129 ] RXSS At `https://` via the URI'
18 Dec 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'k0x'
b'CSRF to XSS'
18 Dec 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'k0x'
b'XSS Reflected'
18 Dec 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'prakhar0x01'
b'CSRF Attack leads to delete album at '
18 Dec 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'moha1sd'
b'Unauthorized Access Exposing Sensitive Data'
18 Dec 2024
b'LinkedIn'
disclosed a bug submitted by
b'j0r1an'
b'Forced OAuth authorization using button ID in hash and holding space'
17 Dec 2024
b'Nextcloud'
disclosed a bug submitted by
b'd-xuan'
b'X-E2EE-SIGNATURE verification can be bypassed, leading to loss of confidentiality of end-to-end encrypted files'
15 Dec 2024
b'Nextcloud'
disclosed a bug submitted by
b'pulsejet'
b'Incomplete sanitization in SVG preview provider'
15 Dec 2024
b'Nextcloud'
disclosed a bug submitted by
b'rullzer'
b'Nextcloud mail does not respect download permissions in shares'
15 Dec 2024
b'IBM'
disclosed a bug submitted by
b'facades'
b'Exposed Logs and Bearer Tokens on Test Endpoint'
12 Dec 2024
1
2
3
...
717
BY DENIS WERNER - @NOBBD -
IMPRESSUM
