REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
58
b'ooooooo_q'
52
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Internet Bug Bounty'
disclosed a bug submitted by
b'nyymi'
b'CVE-2022-32206: HTTP compression denial of service'
27 Jun 2022
b'Internet Bug Bounty'
disclosed a bug submitted by
b'nyymi'
b'CVE-2022-32205: Set-Cookie denial of service'
27 Jun 2022
b'Internet Bug Bounty'
disclosed a bug submitted by
b'nyymi'
b'CVE-2022-32207: Unpreserved file permissions'
27 Jun 2022
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'ahmd_halabi'
b'Unauthorized Access to Internal Server Panel without Authentication'
27 Jun 2022
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'mdakh404'
b'Reflected XSS via `` parameter'
27 Jun 2022
b'Cloudflare Public Bug Bounty'
disclosed a bug submitted by
b'albertspedersen'
b'HTTP request smuggling with Origin Rules using newlines in the host_header action parameter'
27 Jun 2022
b'Cloudflare Public Bug Bounty'
disclosed a bug submitted by
b'bombon'
b'Bypassing Cache Deception Armor using .avif extension file'
27 Jun 2022
b'Cloudflare Public Bug Bounty'
disclosed a bug submitted by
b'mattipv4'
b'Sign in with Apple generates long-life JWTs, seemingly irrevocable, that grant immediate access to accounts'
27 Jun 2022
b'Cloudflare Public Bug Bounty'
disclosed a bug submitted by
b'mattipv4'
b'Sign in with Apple works on existing accounts, bypasses 2FA'
27 Jun 2022
b'Cloudflare Public Bug Bounty'
disclosed a bug submitted by
b'sainaen'
b'API docs expose an active token for the sample domain theburritobot.com'
27 Jun 2022
b'Internet Bug Bounty'
disclosed a bug submitted by
b'windshock'
b'Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag'
27 Jun 2022
b'curl'
disclosed a bug submitted by
b'nyymi'
b'CVE-2022-32205: Set-Cookie denial of service'
27 Jun 2022
b'curl'
disclosed a bug submitted by
b'nyymi'
b'CVE-2022-32206: HTTP compression denial of service'
27 Jun 2022
b'curl'
disclosed a bug submitted by
b'nyymi'
b'CVE-2022-32207: Unpreserved file permissions'
27 Jun 2022
b'curl'
disclosed a bug submitted by
b'nyymi'
b'CVE-2022-32208: FTP-KRB bad message verification'
27 Jun 2022
b'curl'
disclosed a bug submitted by
b'chen172'
b'Credential leak when use two url'
27 Jun 2022
b'Phabricator'
disclosed a bug submitted by
b'foobar7'
b'User can link non-public file attachments, leading to file disclose on edit by higher-privileged user'
26 Jun 2022
b'GitLab'
disclosed a bug submitted by
b'thypon'
b'Bypass for Domain-level redirects (Unvalidated Redirects and Forwar)'
22 Jun 2022
b'Reddit'
disclosed a bug submitted by
b'bisesh'
b'Able to approve admin approval and change effective status without adding payment details . '
22 Jun 2022
b'Alohi'
disclosed a bug submitted by
b'zeesozee'
b'Weak rate limit for SIGN.PLUS email verification'
21 Jun 2022
1
...
115
116
117
118
119
...
730
BY DENIS WERNER - @NOBBD -
IMPRESSUM
