REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'IRCCloud'
disclosed a bug submitted by
b'melvin'
b'Full account takeover using CSRF and password reset'
14 Apr 2014
b'Phabricator'
disclosed a bug submitted by
b'goldshlager'
b'OAuth Stealing Attack (New)'
13 Apr 2014
b'Slack'
disclosed a bug submitted by
b'sehacure'
b'CSRF on add comment section'
12 Apr 2014
b'Phabricator'
disclosed a bug submitted by
b'dawidczagan'
b'Control character allowed in username'
12 Apr 2014
b'Khan Academy'
disclosed a bug submitted by
b'internetwache'
b'Lighttpd version disclosure / directory listing'
12 Apr 2014
b'IRCCloud'
disclosed a bug submitted by
b'cliffordtrigo'
b'Leaking Referrer in Reset Password Link'
12 Apr 2014
b'OkCupid'
disclosed a bug submitted by
b'squirmy'
b'XSS on [okcupid.com]'
11 Apr 2014
b'RelateIQ'
disclosed a bug submitted by
b'anshuman_bh'
b'RelateIQ GWT based application visible to unauthenticated users'
11 Apr 2014
wont-fix
b'Phabricator'
disclosed a bug submitted by
b'goldshlager'
b'OAuth access_token stealing in Phabricator'
11 Apr 2014
b'Khan Academy'
disclosed a bug submitted by
b'squirmy'
b'Full Path Disclosure on [smarthistory.khanacademy.org]'
11 Apr 2014
b'Faceless'
disclosed a bug submitted by
b'atom'
b'Blocking yourself'
11 Apr 2014
b'IRCCloud'
disclosed a bug submitted by
b'chmosama'
b'DNS Misconfiguration'
11 Apr 2014
b'Slack'
disclosed a bug submitted by
b'pwndizzle'
b'User impersonation is possible with incoming webhooks'
10 Apr 2014
wont-fix
b'OkCupid'
disclosed a bug submitted by
b'melvin'
b'Users can easily be tricked into changing/disabling privacy and notification settings'
09 Apr 2014
b'OkCupid'
disclosed a bug submitted by
b'smiegles'
b'https://www.okcupid.com/hidden-users CSRF vulnerability.'
09 Apr 2014
b'OkCupid'
disclosed a bug submitted by
b'nahamsec'
b'XSS in "Questions" search module'
09 Apr 2014
b'Khan Academy'
disclosed a bug submitted by
b'smiegles'
b'http://smarthistory.khanacademy.org/search-results.html XSS'
09 Apr 2014
b'Khan Academy'
disclosed a bug submitted by
b'smiegles'
b'Dom based XSS https://www.khanacademy.org/'
09 Apr 2014
b'Khan Academy'
disclosed a bug submitted by
b'smiegles'
b'https://www.khanacademy.org/login open-redirect'
09 Apr 2014
b'Khan Academy'
disclosed a bug submitted by
b'smiegles'
b'Stored XSS {dangerous?} https://www.khanacademy.org/coach/roster/?listId=allStudents'
09 Apr 2014
1
...
759
760
761
762
763
...
766
BY DENIS WERNER - @NOBBD -
IMPRESSUM