REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
56
b'ooooooo_q'
50
b'jon_bottarini'
49
b'haxta4ok00'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Shopify'
disclosed a bug submitted by
b'bored-engineer'
b'Read/Write arbitrary (non-HttpOnly) cookies on checkout pages via GoogleAnalyticsAdditionalScripts postMessage handler'
01 Dec 2022
b'Shopify'
disclosed a bug submitted by
b'm7mdharoun'
b'Subdomain Takeover at course.oberlo.com'
01 Dec 2022
b'MTN Group'
disclosed a bug submitted by
b'wallotry'
b'Remove Every User, Admin, And Owner Out Of Their Teams on developers.mtn.com via IDOR + Information Disclosure'
01 Dec 2022
b'MTN Group'
disclosed a bug submitted by
b'coyemerald'
b'Unprotected Direct Object Reference'
01 Dec 2022
b'MTN Group'
disclosed a bug submitted by
b'shuvam321'
b'Firebase Database Takeover in https://pulseradio.mtn.co.ug/'
01 Dec 2022
b'Nextcloud'
disclosed a bug submitted by
b'errorx404'
b'Calendar name length not validated before writing to database'
01 Dec 2022
b'Internet Bug Bounty'
disclosed a bug submitted by
b'bugra'
b'CVE-2022-45402: Apache Airflow: Open redirect during login'
01 Dec 2022
b'Ian Dunn'
disclosed a bug submitted by
b'ryotak'
b'Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands'
01 Dec 2022
b'LinkedIn'
disclosed a bug submitted by
b'sachin_kumar_'
b'Campaign Account Balance and History Disclosed in API Response'
30 Nov 2022
b'Yelp'
disclosed a bug submitted by
b'shubhangirathore836'
b"If the website does not impose additional defense against CSRF attacks, failing to use the 'Lax' or 'Strict' values could increase the risk of exposur"
30 Nov 2022
b'TikTok'
disclosed a bug submitted by
b'aidilarf_2000'
b'Stored XSS Payload when sending videos '
29 Nov 2022
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b"Any organization's assets pending review can be downloaded"
29 Nov 2022
b'Shopify'
disclosed a bug submitted by
b'kun_19'
b'Stored XSS in Dovetale by application of creator'
29 Nov 2022
b'AMBER AI'
disclosed a bug submitted by
b'orange_h'
b'I found some api keys in js files ,huge leak of token addresses and huge amount of js files are not forbidden '
29 Nov 2022
b'Internet Bug Bounty'
disclosed a bug submitted by
b'benjaoming_realone'
b'potential denial of service attack via the locale parameter'
28 Nov 2022
b'MTN Group'
disclosed a bug submitted by
b'shubham_srt'
b'Wordpress users Disclosure [ /wp-json/wp/v2/users/ ]'
27 Nov 2022
b'Nextcloud'
disclosed a bug submitted by
b'kichernde_erbse'
b'Exception logging in Sharepoint app reveals clear-text connection details'
26 Nov 2022
b'curl'
disclosed a bug submitted by
b'bagder'
b'CVE-2022-42915: HTTP proxy double-free'
26 Nov 2022
b'curl'
disclosed a bug submitted by
b'robbotic'
b'CVE-2022-32221: POST following PUT confusion'
26 Nov 2022
b'Nextcloud'
disclosed a bug submitted by
b'mikaelgundersen'
b'Profile of disabled user stays accessible'
26 Nov 2022
1
...
80
81
82
83
84
...
717
BY DENIS WERNER - @NOBBD -
IMPRESSUM
