REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
117
geeknik
79
linkks
75
sp1d3rs
68
jobert
66
someonenobbd
60
jon_bottarini
49
netfuzzer
48
haxta4ok00
48
ryat
47
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
respondly
disclosed a bug submitted by
atom
OAuth Bug
30 Apr 2014
HackerOne
disclosed a bug submitted by
dawidczagan
Flooding mailbox of user
30 Apr 2014
wont-fix
Detectify
disclosed a bug submitted by
shahmeer_amir
No CSRF token on domain removal or addition
30 Apr 2014
wont-fix
OkCupid
disclosed a bug submitted by
hamihax
XSS in okcupid.com by hamid
29 Apr 2014
Yahoo!
disclosed a bug submitted by
redshark1802
Open redirect on tw.money.yahoo.com
29 Apr 2014
Coinbase
disclosed a bug submitted by
anshuman_bh
Improper Validation of the Referrer header leading to Open URL Redirection
29 Apr 2014
wont-fix
Detectify
disclosed a bug submitted by
simon90
SVN file disclosure on lazer.detectify.com
29 Apr 2014
OkCupid
disclosed a bug submitted by
rajuraju14
okcupid.com vulnerable to Heartbleed attack
28 Apr 2014
IRCCloud
disclosed a bug submitted by
xss
Login page password-guessing attack(Brute-force attack-High).
26 Apr 2014
wont-fix
HackerOne
disclosed a bug submitted by
leander
Arbitrary file uploads to Amazon WS.
26 Apr 2014
wont-fix
IRCCloud
disclosed a bug submitted by
anshuman_bh
Host Header is not validated resulting in Open Redirect
24 Apr 2014
Ian Dunn
disclosed a bug submitted by
atulshedage
Xss in CampTix Event Ticketing
24 Apr 2014
ReddAPI
disclosed a bug submitted by
exploitprotocol
No Captcha or rate limit on Login Page
23 Apr 2014
IRCCloud
disclosed a bug submitted by
exploitprotocol
Session Token is not Verified while changing Account Setting's which Result In account Takeover
23 Apr 2014
respondly
disclosed a bug submitted by
atom
Deleting team members
23 Apr 2014
Localize
disclosed a bug submitted by
simon90
Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)
23 Apr 2014
Localize
disclosed a bug submitted by
faisalahmed
Atttacker can send "Invitation Request" to a Project that is not even created yet!
23 Apr 2014
respondly
disclosed a bug submitted by
mohamed_fouad
Full Path Disclosure
23 Apr 2014
Localize
disclosed a bug submitted by
faisalahmed
Full Path Disclosure (FPD) in www.localize.im
23 Apr 2014
Ian Dunn
disclosed a bug submitted by
cliffordtrigo
Stored XSS in all fields in Basic Google Maps Placemarks Settings
23 Apr 2014
1
...
616
617
618
619
620
...
628
BY DENIS WERNER - @NOBBD -
IMPRESSUM
