the unofficial HackerOne disclosure timeline.

X
b'Boozt Fashion AB' disclosed a bug submitted by b'0x00iam_hack3r' 
b'Http header injection'
19 Sep 2016 timeline
b'Legal Robot' disclosed a bug submitted by b'paramdham' 
b'No valid SPF record'
19 Sep 2016 timeline
b'Legal Robot' disclosed a bug submitted by b'paramdham' 
b' Rate limiting on Email confirmation link'
19 Sep 2016 timeline
b'Uber' disclosed a bug submitted by b'dups' 
b'Attacker could setup reminder remotely using brute force'
19 Sep 2016 timeline
b'Boozt Fashion AB' disclosed a bug submitted by b'yassineaboukir' 
b'Host header poisoning leads to account password reset links hijacking'
17 Sep 2016 timeline
b'OLX' disclosed a bug submitted by b'nayranama' 
b'Full Account Takeover '
17 Sep 2016 timeline
b'Instacart' disclosed a bug submitted by b'tbmnull' 
b"shopper login_code's can be brute forced"
17 Sep 2016 timeline
b'Udemy' disclosed a bug submitted by b'w3b7ricks73r' 
b'NON VALIDATION OF SESSIONS AFTER PASSWORD CHANGE'
16 Sep 2016 timeline
b'Mail.Ru' disclosed a bug submitted by b'konqi' 
b'[tidaltrek.mail.ru] SQL Injection'
16 Sep 2016 timeline
b'Legal Robot' disclosed a bug submitted by b'paramdham' 
b'- Guessing registered users in legalrobot.com'
16 Sep 2016 timeline
b'Legal Robot' disclosed a bug submitted by b'paramdham' 
b' Rate limiting on password reset links '
16 Sep 2016 timeline
b'Uber' disclosed a bug submitted by b'gopinath6' 
b'User regisrtration money wallet link issue'
16 Sep 2016 timeline
b'Uber' disclosed a bug submitted by b'temmyscript' 
b'Changing paymentProfileUuid when booking a trip allows free rides'
15 Sep 2016 timeline
b'Instacart' disclosed a bug submitted by b'trad_zero_h' 
b'CSRF To change Email Notification Settings '
15 Sep 2016 timeline
b'Instacart' disclosed a bug submitted by b'cablej' 
b'API OAuth Public Key disclosure in mobile app'
15 Sep 2016 timeline
b'Slack' disclosed a bug submitted by b'jblandino' 
b'Generate new Test token'
15 Sep 2016 timeline
b'Slack' disclosed a bug submitted by b'jobert' 
b'User can start call in a channel of an unpaid account'
15 Sep 2016 timeline
b'HackerOne' disclosed a bug submitted by b'ayoubfathi' 
b'Ability to enumerate private programs using SAML'
14 Sep 2016 timeline
b'Coinbase' disclosed a bug submitted by b'agarri_fr' 
b'Blacklist bypass on Callback URLs'
14 Sep 2016 timeline
b'Slack' disclosed a bug submitted by b'agarri_fr' 
b'Bypass of the SSRF protection (Slack commands, Phabricator integration)'
14 Sep 2016 timeline
1 ... 640 641 642 643 644 ... 766
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM