REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
56
b'ooooooo_q'
50
b'jon_bottarini'
49
b'haxta4ok00'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Nextcloud'
disclosed a bug submitted by
b'rullzer'
b'Download permissions can be changed by resharer'
24 Feb 2023
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b'Users querying dim_hacker_reports table through Analytics API can determine data from dim_reports table using WHERE or HAVING query'
22 Feb 2023
b'Krisp'
disclosed a bug submitted by
b'mikemyers'
b'SQL Injection + Insecure Deserialization leads to Remote Code Execution on https://krisp.ai'
22 Feb 2023
b'Node.js'
disclosed a bug submitted by
b'timon8'
b'CRLF Injection in Nodejs undici via host'
22 Feb 2023
b'curl'
disclosed a bug submitted by
b'monnerat'
b'CVE-2023-23916: HTTP multi-header compression denial of service'
20 Feb 2023
b'U.S. Department of State'
disclosed a bug submitted by
b'ismailu'
b'xss and html injection on ( https://labs.history.state.gov)'
20 Feb 2023
b'GitLab'
disclosed a bug submitted by
b'yvvdwf'
b"Stored-XSS with CSP-bypass via labels' color"
19 Feb 2023
b'GitLab'
disclosed a bug submitted by
b'yvvdwf'
b"Bypass: Stored-XSS with CSP-bypass via scoped labels' color"
19 Feb 2023
b'Slack'
disclosed a bug submitted by
b'analyz3r'
b'Bypass invite accept for victim'
17 Feb 2023
b'TikTok'
disclosed a bug submitted by
b'amans'
b'View thumbnail of any private video (friends or followers only) of Private/Public account '
17 Feb 2023
b'Node.js'
disclosed a bug submitted by
b'mjones-vsat'
b'Multiple OpenSSL error handling issues in nodejs crypto library'
17 Feb 2023
b'Rocket.Chat'
disclosed a bug submitted by
b'f0ns1'
b'Low authorization level at server side API operation e2e.updateGroupKey, let an attacker break the E2E architecture.'
16 Feb 2023
b'Cosmos'
disclosed a bug submitted by
b'bhatiagaurav1211'
b'Unclaimed official s3 bucket of tendermint(tendermint-packages) which is used by many other blockchain companies in their code'
15 Feb 2023
b'curl'
disclosed a bug submitted by
b'nyymi'
b'CVE-2023-23914: curl HSTS ignored on multiple requests'
15 Feb 2023
b'curl'
disclosed a bug submitted by
b'nyymi'
b'CVE-2023-23915: HSTS amnesia with --parallel'
15 Feb 2023
b'8x8 Bounty'
disclosed a bug submitted by
b'emperor'
b'connect.8x8.com: Users with no permission can track/access restricted details/data via GET /api/v2/support/requests/<ticket number >HTTP/2'
15 Feb 2023
b'8x8 Bounty'
disclosed a bug submitted by
b'emperor'
b'connect.8x8.com: admin user can send invites on behalf of another admin user via POST /api/v1/users/<User ID>/invites'
15 Feb 2023
b'8x8 Bounty'
disclosed a bug submitted by
b'emperor'
b'connect.8x8.com: deactivated users remain access to /api/v1/users/UUID/roles'
15 Feb 2023
b'8x8 Bounty'
disclosed a bug submitted by
b'emperor'
b'jaas.8x8.vc: Removed users can still have READ/WRITE access to the workspace via different API endpoints'
15 Feb 2023
b'8x8 Bounty'
disclosed a bug submitted by
b'emperor'
b'admin.8x8.vc: Member users with no permission can integrate email to connect calendar via GET /meet-external/spot-roomkeeper/v1/calendar/auth/init?..'
15 Feb 2023
1
...
71
72
73
74
75
...
717
BY DENIS WERNER - @NOBBD -
IMPRESSUM
