REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
56
b'ooooooo_q'
50
b'jon_bottarini'
49
b'haxta4ok00'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Snapchat'
disclosed a bug submitted by
b'jotita3'
b'HTML injection on newsroom.snap.com/* via search?q=1'
14 Aug 2023
b'Nextcloud'
disclosed a bug submitted by
b'fr4via'
b"Path traversal allows tricking the Talk Android app into writing files into it's root directory "
14 Aug 2023
b'ImpressCMS'
disclosed a bug submitted by
b'cyberinsane'
b'SQL Injection in version 1.4.3 and below'
12 Aug 2023
b'Node.js'
disclosed a bug submitted by
b'haxatron1'
b'fs.mkdtemp() and fs.mkdtempSync() are missing getValidatedPath() checks.'
11 Aug 2023
b'Node.js'
disclosed a bug submitted by
b'haxatron1'
b'Permission model bypass by specifying a path traversal sequence in a buffer, '
11 Aug 2023
b'Node.js'
disclosed a bug submitted by
b'haxatron1'
b'Policy-restricted modules can escalate to higher privileges by impersonating other modules in a policy list using module.constructor.createRequire()'
11 Aug 2023
b'Node.js'
disclosed a bug submitted by
b'haxatron1'
b'DNS rebinding in --inspect (again) via invalid IP addresses '
11 Aug 2023
b'Node.js'
disclosed a bug submitted by
b'msvrmiscovet'
b'Node 18 reads openssl.cnf from /home/iojs/build/... upon startup.'
11 Aug 2023
b'IBM'
disclosed a bug submitted by
b'dk4trin'
b'Nginx Alias Traversal - babel.bluetab.net'
11 Aug 2023
b'IBM'
disclosed a bug submitted by
b'tusnj'
b'IDOR in channel ID leads to customer email disclosure on https://video.ibm.com'
11 Aug 2023
b'HackerOne'
disclosed a bug submitted by
b'hackit_bharat'
b'Hackerone All Private Program Name Leaked to Public Via Collaborator OR Attacker can Easily Dump all Private Program Names through Collaborator '
11 Aug 2023
b'HackerOne'
disclosed a bug submitted by
b'todayisnew'
b'RXSS at image.hackerone.live via the `url` parameter'
11 Aug 2023
b'HackerOne'
disclosed a bug submitted by
b'sayaanalam'
b"Create miscellaneous support ticket on anyone's account through support@hackerone.com email"
11 Aug 2023
b'HackerOne'
disclosed a bug submitted by
b'rafsanzami'
b"HackerOne Support System Doesn't Require Any Authentication May Lead Unauthorized Action"
11 Aug 2023
b'Nintendo'
disclosed a bug submitted by
b'crazy_man123'
b'[WiiU/Switch] Remote code execution inside the ENL library'
11 Aug 2023
b'Nextcloud'
disclosed a bug submitted by
b'tareq4'
b'Notes attachments render HTML in preview mode'
10 Aug 2023
b'Nextcloud'
disclosed a bug submitted by
b'unknownsh'
b'Improper restriction of excessive authentication attempts on WebDAV endpoint '
10 Aug 2023
b'Nextcloud'
disclosed a bug submitted by
b'cult'
b'Any (non-admin) user from an instance can destroy any (user and/or global) external filesystem'
10 Aug 2023
b'Nextcloud'
disclosed a bug submitted by
b'mikaelgundersen'
b'New AppPassword can be generated without password confirmation'
10 Aug 2023
b'Nextcloud'
disclosed a bug submitted by
b'mikaelgundersen'
b'Missing brute force protection on OAuth2 API controller'
10 Aug 2023
1
...
49
50
51
52
53
...
717
BY DENIS WERNER - @NOBBD -
IMPRESSUM
