REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Harvest'
disclosed a bug submitted by
b'0xamir'
b'Users enumeration is possible through cycling through recurring[client_id] argument value.'
10 Sep 2016
b'Mail.Ru'
disclosed a bug submitted by
b'ahsantahir'
b"[cfire.mail.ru] CSRF Bypassed - Changing anyone's 'User Info'"
09 Sep 2016
b'Veris'
disclosed a bug submitted by
b'xenon'
b'[XSS] sandbox.veris.in'
09 Sep 2016
b'Legal Robot'
disclosed a bug submitted by
b'paramdham'
b'CSRF'
09 Sep 2016
b'Instacart'
disclosed a bug submitted by
b's44mux'
b'Stored XSS'
09 Sep 2016
b'Uber'
disclosed a bug submitted by
b'apara'
b'Bulk UUID enumeration via invite codes'
08 Sep 2016
b'Mapbox'
disclosed a bug submitted by
b'n0rb3r7'
b'target="_blank" Vulnerability Resulting in Critical Phishing Vector'
07 Sep 2016
b'Algolia'
disclosed a bug submitted by
b'rishi62'
b'Stored xss'
07 Sep 2016
b'Algolia'
disclosed a bug submitted by
b'ctee'
b'Stored XSS from Display Settings triggered on Save and viewing realtime search demo'
07 Sep 2016
b'Algolia'
disclosed a bug submitted by
b'ctee'
b'Stored XSS triggered by json key during UI generation'
07 Sep 2016
b'Algolia'
disclosed a bug submitted by
b'rajauzairabdullah'
b'No Rate Limit In Inviting Similar Contact Multiple Times'
07 Sep 2016
b'New Relic'
disclosed a bug submitted by
b'hassham'
b'Basic Authorization over HTTP'
07 Sep 2016
b'HackerOne'
disclosed a bug submitted by
b'abdullah'
b'Users contents on AWS is cacheable '
06 Sep 2016
b'Legal Robot'
disclosed a bug submitted by
b'paramdham'
b'clickjacking'
06 Sep 2016
b'Legal Robot'
disclosed a bug submitted by
b'paramdham'
b'Registration bypass using OAuth logical bug'
06 Sep 2016
b'Shopify'
disclosed a bug submitted by
b'sacurifity'
b'Subdomain Takeover in http://genghis-cdn.shopify.io/ pointing to Fastly '
06 Sep 2016
b'Legal Robot'
disclosed a bug submitted by
b'surajmulik'
b'content spoofing'
06 Sep 2016
b'LocalTapiola'
disclosed a bug submitted by
b'putsi'
b'The PdfServlet-functionality used by the "Tee vakuutustodistus" allows injection of custom PDF-content via CSRF-attack'
05 Sep 2016
b'Vimeo'
disclosed a bug submitted by
b'gazza'
b'Downloading password protected / restricted videos'
05 Sep 2016
b'New Relic'
disclosed a bug submitted by
b'ylujion'
b'SSRF on synthetics.newrelic.com permitting access to sensitive data'
05 Sep 2016
1
...
646
647
648
649
650
...
770
BY DENIS WERNER - @NOBBD -
IMPRESSUM