REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'HackerOne'
disclosed a bug submitted by
b'dawidczagan'
b'Flooding mailbox of user'
30 Apr 2014
wont-fix
b'Detectify'
disclosed a bug submitted by
b'shahmeer_amir'
b'No CSRF token on domain removal or addition'
30 Apr 2014
wont-fix
b'OkCupid'
disclosed a bug submitted by
b'hamihax'
b'XSS in okcupid.com by hamid'
29 Apr 2014
b'Yahoo!'
disclosed a bug submitted by
b'redshark1802'
b'Open redirect on tw.money.yahoo.com'
29 Apr 2014
b'Coinbase'
disclosed a bug submitted by
b'anshuman_bh'
b'Improper Validation of the Referrer header leading to Open URL Redirection'
29 Apr 2014
wont-fix
b'Detectify'
disclosed a bug submitted by
b'simon90'
b'SVN file disclosure on lazer.detectify.com'
29 Apr 2014
b'OkCupid'
disclosed a bug submitted by
b'rajuraju14'
b'okcupid.com vulnerable to Heartbleed attack'
28 Apr 2014
b'IRCCloud'
disclosed a bug submitted by
b'xss'
b'Login page password-guessing attack(Brute-force attack-High).'
26 Apr 2014
wont-fix
b'HackerOne'
disclosed a bug submitted by
b'leander'
b'Arbitrary file uploads to Amazon WS.'
26 Apr 2014
wont-fix
b'IRCCloud'
disclosed a bug submitted by
b'anshuman_bh'
b'Host Header is not validated resulting in Open Redirect'
24 Apr 2014
b'Ian Dunn'
disclosed a bug submitted by
b'atulshedage'
b'Xss in CampTix Event Ticketing'
24 Apr 2014
b'ReddAPI'
disclosed a bug submitted by
b'exploitprotocol'
b'No Captcha or rate limit on Login Page'
23 Apr 2014
b'IRCCloud'
disclosed a bug submitted by
b'exploitprotocol'
b"Session Token is not Verified while changing Account Setting's which Result In account Takeover"
23 Apr 2014
b'respondly'
disclosed a bug submitted by
b'atom'
b'Deleting team members'
23 Apr 2014
b'Localize'
disclosed a bug submitted by
b'simon90'
b'Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)'
23 Apr 2014
b'Localize'
disclosed a bug submitted by
b'faisalahmed'
b'Atttacker can send "Invitation Request" to a Project that is not even created yet!'
23 Apr 2014
b'respondly'
disclosed a bug submitted by
b'mohamed_fouad'
b'Full Path Disclosure'
23 Apr 2014
b'Localize'
disclosed a bug submitted by
b'faisalahmed'
b'Full Path Disclosure (FPD) in www.localize.im'
23 Apr 2014
b'Ian Dunn'
disclosed a bug submitted by
b'cliffordtrigo'
b'Stored XSS in all fields in Basic Google Maps Placemarks Settings'
23 Apr 2014
b'Secret'
disclosed a bug submitted by
b'simon90'
b'Strict Transport Security on secret.ly'
22 Apr 2014
1
...
696
697
698
699
700
...
708
BY DENIS WERNER - @NOBBD -
IMPRESSUM