REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Shopify'
disclosed a bug submitted by
b'danishalkatiri'
b'Password reset token leak via "Host header" on third party website'
10 Feb 2022
b'Shopify'
disclosed a bug submitted by
b'scaramouche31'
b'Orders full read for a staff with only `Customers` permissions.'
10 Feb 2022
b'Semrush'
disclosed a bug submitted by
b'a_d_a_m'
b'Critically Sensitive Spring Boot Endpoints Exposed'
10 Feb 2022
b'GitLab'
disclosed a bug submitted by
b'iwis'
b'Sending Arbitrary Requests through Jupyter Notebooks on gitlab.com and Self-Hosted GitLab Instances'
10 Feb 2022
b'GitLab'
disclosed a bug submitted by
b'jafarakhondali'
b'Installing Gitlab runner with Docker-In-Docker allows root access'
10 Feb 2022
b'Node.js'
disclosed a bug submitted by
b'bengl'
b'Node.js Certificate Verification Bypass via String Injection'
10 Feb 2022
b'Shopify'
disclosed a bug submitted by
b'ngalog'
b'Is the Google Bucket Meant To Be Publicly Listable? https://cdn.shopify.com/shop-assets/'
09 Feb 2022
b'Shopify'
disclosed a bug submitted by
b'ngalog'
b'staffOrderNotificationSubscriptionDelete Could Be Used By Staff Member With Settings Permission'
09 Feb 2022
b'Shopify'
disclosed a bug submitted by
b'ngalog'
b'staffOrderNotificationSubscriptionCreate Is Not Blocked Entirely From Staff Member With Settings Permission'
09 Feb 2022
b'Zomato'
disclosed a bug submitted by
b'0xdexter'
b'Race condition in User comments Likes'
09 Feb 2022
b'TikTok'
disclosed a bug submitted by
b'imran_nisar'
b'Reflected xss on ads.tiktok.com using `from` parameter.'
09 Feb 2022
b'Acronis'
disclosed a bug submitted by
b'quadrant'
b'Cross-site Scripting (XSS) - Stored | forum.acronis.com'
08 Feb 2022
b'Acronis'
disclosed a bug submitted by
b'h4x0r_dz'
b'Stored Cross-site Scripting on devicelock.com/forum/'
08 Feb 2022
b'Acronis'
disclosed a bug submitted by
b'ashmek'
b'Subdomains takeover of register.acronis.com, promo.acronis.com, info.acronis.com and promosandbox.acronis.com'
08 Feb 2022
b'Acronis'
disclosed a bug submitted by
b'h4x0r_dz'
b'Attacker Can Access to any Ticket Support on https://www.devicelock.com/support/'
08 Feb 2022
b'Acronis'
disclosed a bug submitted by
b'h4x0r_dz'
b'Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com]'
08 Feb 2022
b'Reddit'
disclosed a bug submitted by
b'e100_speaks'
b'Application level DOS at Login Page ( Accepts Long Password )'
07 Feb 2022
b'Nextcloud'
disclosed a bug submitted by
b'rohitburke'
b'Leaking sensitive information through JSON file path.'
07 Feb 2022
b'Rocket.Chat'
disclosed a bug submitted by
b'sectex'
b'Arbitrary file read in Rocket.Chat-Desktop'
06 Feb 2022
b'IBM'
disclosed a bug submitted by
b'smokin-ac3z'
b'Reflected XSS and Blind out of band command injection at subdomain dstuid-ww.dst.ibm.com'
04 Feb 2022
1
...
100
101
102
103
104
...
693
BY DENIS WERNER - @NOBBD -
IMPRESSUM