REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
114
linkks
73
geeknik
70
sp1d3rs
62
jobert
51
guido
45
bl4de
42
ryat
40
bigbear_
38
zombiehelp54
37
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
HackerOne
disclosed a bug submitted by
haxta4ok00
Session hijacking attack
06 Dec 2019
concrete5
disclosed a bug submitted by
arcturian
Unauthenticated reflected XSS in preview_as_user function
06 Dec 2019
Zomato
disclosed a bug submitted by
mchinmoy
Zomato Map server going out of memory while resizing map image
05 Dec 2019
Razer
disclosed a bug submitted by
dhakal_ananda
OTP token bypass in accessing user settings
05 Dec 2019
Razer
disclosed a bug submitted by
so_h1
[razer-assets2] Listing of Amazon S3 Bucket accessible to any AWS cli
05 Dec 2019
Razer
disclosed a bug submitted by
iamsahana
Insecure Logging - OWASP (2016-M2)
05 Dec 2019
Razer
disclosed a bug submitted by
klaue
Accessible Druid Monitor console on https://api.pay-staging.razer.com/
05 Dec 2019
Razer
disclosed a bug submitted by
cccaaasser
DLL Hijacking in Synapse 2 CrashSender1402.exe via version.dll
05 Dec 2019
Node.js third-party modules
disclosed a bug submitted by
vineetpandey
Path traversal in https://www.npmjs.com/package/http_server via symlink
04 Dec 2019
Node.js third-party modules
disclosed a bug submitted by
mik317
[tree-kill] RCE via insecure command concatenation (only Windows)
04 Dec 2019
Node.js third-party modules
disclosed a bug submitted by
spengietz
Lodash "difference" (possibly others) Function Denial of Service Through Unvalidated Input
04 Dec 2019
Node.js third-party modules
disclosed a bug submitted by
mik317
[treekill] RCE via insecure command concatenation (only Windows)
04 Dec 2019
Node.js third-party modules
disclosed a bug submitted by
bl4de
`indexFile` option passed as an argument to node-server can lead to arbitrary file read
04 Dec 2019
Node.js third-party modules
disclosed a bug submitted by
mik317
[node-df] RCE via insecure command concatenation
04 Dec 2019
Grammarly
disclosed a bug submitted by
k4r4koyun
Account takeover through the combination of cookie manipulation and XSS
03 Dec 2019
HackerOne
disclosed a bug submitted by
haxta4ok00
Account takeover via leaked session cookie
03 Dec 2019
Imgur
disclosed a bug submitted by
alishah
Password Reset Link not expiring after changing the email Leads To Account Takeover
03 Dec 2019
GitLab
disclosed a bug submitted by
rpadovani
GraphQL query "namespace" leaks data
03 Dec 2019
U.S. Dept Of Defense
disclosed a bug submitted by
00utsav00
http://????/data.json showing users sensitive information via json file
02 Dec 2019
U.S. Dept Of Defense
disclosed a bug submitted by
hexdump
[Partial] SSN & [PII] exposed through iPERMs Presentation Slide.
02 Dec 2019
1
2
3
4
...
391
BY DENIS WERNER - @NOBBD -
IMPRESSUM