REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
58
b'ooooooo_q'
52
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Node.js'
disclosed a bug submitted by
b'haxatron1'
b'CVE-2022-32213 bypass via obs-fold mechanic'
26 Oct 2022
b'Node.js'
disclosed a bug submitted by
b'mhdawson'
b'Node 18 reads openssl.cnf from /home/iojs/build/... upon startup on MacOS'
26 Oct 2022
b'Node.js'
disclosed a bug submitted by
b'shacharm'
b'HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding (improper fix for CVE-2022-32215)'
26 Oct 2022
b'PortSwigger Web Security'
disclosed a bug submitted by
b'xctzn'
b'Business Logic, currency arbitrage - Possibility to pay less than the price in USD'
26 Oct 2022
b'Adobe'
disclosed a bug submitted by
b'webcipher101'
b'Reflected Cross site scripting via Swagger UI'
25 Oct 2022
b'Linktree'
disclosed a bug submitted by
b'dewcode91'
b'A malicious admin can be able to permanently disable a Owner(Admin) to access his account'
25 Oct 2022
b'TikTok'
disclosed a bug submitted by
b'tw4v3sx'
b'Remotely Accessible Container Advisor exposed performance metrics and resource usage'
24 Oct 2022
b'Lark Technologies'
disclosed a bug submitted by
b'snapsec'
b"IDOR Allows Viewer to Delete Bin's Files"
24 Oct 2022
b'Lark Technologies'
disclosed a bug submitted by
b'snapsec'
b'Viewer is able to leak the previous versions of the file'
24 Oct 2022
b'Yelp'
disclosed a bug submitted by
b'whitehacker18'
b'installed.json sensitive file was publicly accessible on your web application which discloses information about authors and admins '
22 Oct 2022
b'U.S. General Services Administration'
disclosed a bug submitted by
b'ahmed0x0mahmoud'
b'access nagios dashboard using default credentials in ** omon1.fpki.gov, 3.220.248.203**'
21 Oct 2022
b'Krisp'
disclosed a bug submitted by
b'n0_m3rcy'
b'Full payment bypass to use premium subscription.'
21 Oct 2022
b'Hyperledger'
disclosed a bug submitted by
b'shakedreiner'
b'POOL_UPGRADE request handler may allow an unauthenticated attacker to remotely execute code on every node in the network. '
20 Oct 2022
b'Lark Technologies'
disclosed a bug submitted by
b'imran_nisar'
b'Removed user can still view comments on the file/documents.'
20 Oct 2022
b'Lark Technologies'
disclosed a bug submitted by
b'imran_nisar'
b'Ability to View Non-Permitted Admin Log'
20 Oct 2022
b'Lark Technologies'
disclosed a bug submitted by
b'imran_nisar'
b'[CSRF] No Csrf protection against sending invitation to join the team.'
20 Oct 2022
b'Stripe'
disclosed a bug submitted by
b'mr_asg'
b'Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/ '
19 Oct 2022
b'Stripe'
disclosed a bug submitted by
b'gregxsunday'
b"Local applications from user's computer can listen for webhooks via insecure gRPC server from stripe-cli"
19 Oct 2022
b'U.S. General Services Administration'
disclosed a bug submitted by
b'toormund'
b'User information disclosed via API'
19 Oct 2022
b'Stripe'
disclosed a bug submitted by
b'sim4n6'
b'Bypassing domain deny_list rule in Smokescreen via double brackets [[]] which leads to SSRF'
19 Oct 2022
1
...
97
98
99
100
101
...
730
BY DENIS WERNER - @NOBBD -
IMPRESSUM
