Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'64 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Aspen' disclosed a bug submitted by b'yumi' 
b'client_secret Token disclosure '
28 Sep 2017 timeline
b'Aspen' disclosed a bug submitted by b'saikiran-10099' 
b'No Rate Limit (Leads to huge email flooding/email bombing)'
28 Sep 2017 timeline
b'Shopify' disclosed a bug submitted by b'uzsunny' 
b'Shopify admin authentication bypass using partners.shopify.com'
28 Sep 2017 timeline
b'bitwarden' disclosed a bug submitted by b'kenziy' 
b'Export vault feature is vulnerable to CSV injection'
28 Sep 2017 timeline
b'Ubiquiti Networks' disclosed a bug submitted by b'inhibitor181' 
b'Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/'
28 Sep 2017 timeline
b'Lyst' disclosed a bug submitted by b'inhibitor181' 
b'CSRF - Adding unlimited number of saved items via GET request'
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b'IDOR - Downloading all attachements if having access to a shared link'
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b"IDOR - Deleting other user's reminders just by id"
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b"IDOR - Leaking other user's folder names from /appsuite/api/import?action=ICA"
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b"IDOR - Deleting other user's signature via /appsuite/api/snippet?action=update (although an error is thrown)"
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b"IDOR - Accessing other user's attachements via PUT /appsuite/api/files?action=saveAs"
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b'RTLO character in file names'
28 Sep 2017 timeline
b'TTS Bug Bounty' disclosed a bug submitted by b'sp1d3rs' 
b"Cross-Site Request Forgery on the Federalist API (all endpoints), using Flash file on the attacker's host"
27 Sep 2017 timeline
b'Aspen' disclosed a bug submitted by b'blackpanther_akaash' 
b'Password reset token leak on third party website via Referer header'
27 Sep 2017 timeline
b'Aspen' disclosed a bug submitted by b'nhile' 
b'Cross-origin resource sharing (CORS)'
27 Sep 2017 timeline
b'Aspen' disclosed a bug submitted by b'krazyhack3r' 
b'Server Path Disclosure '
27 Sep 2017 timeline
b'Aspen' disclosed a bug submitted by b'punkit' 
b'aspen | clickjacking'
27 Sep 2017 timeline
b'OLX' disclosed a bug submitted by b'kciredor' 
b'I found a way to instantly take over ads by other users and change them (IDOR)'
27 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b'Incomplete HTML sanitization + Session id leaking + private information disclosure'
27 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b'IDOR - Folder names disclosure inside a domain, regardless of user'
27 Sep 2017 timeline
1 ... 512 513 514 515 516 ... 741
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM