REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Logitech'
disclosed a bug submitted by
b'sudi'
b'Steal any users `access_token` via open redirect in https://streamlabs.com/global/identity?popup=1&r='
04 Nov 2021
b'MCUboot'
disclosed a bug submitted by
b'rofes'
b'private keys exposed on the GitHub repository'
04 Nov 2021
b'IBM'
disclosed a bug submitted by
b'haxor31337'
b'Remote Code Execution at https://169.38.86.185/ (edst.ibm.com)'
04 Nov 2021
b'8x8'
disclosed a bug submitted by
b'thecyberguy0'
b'Authentication Bypass & ApacheTomcat Misconfiguration in []'
04 Nov 2021
b'OneWeb'
disclosed a bug submitted by
b'melbadry9'
b'Subdomain Takeover - pmp.oneweb.net'
04 Nov 2021
b'Lark Technologies'
disclosed a bug submitted by
b'imran_nisar'
b'Attacker is able to join any tenant on larksuite and view personal files/chats.'
03 Nov 2021
b'Mail.ru'
disclosed a bug submitted by
b'andridev_'
b'[samokat.ru] PHP modules path disclosure due to lack of error handling'
03 Nov 2021
b'Node.js'
disclosed a bug submitted by
b'mkg'
b'HTTP Request Smuggling due to ignoring chunk extensions'
02 Nov 2021
b'GitHub Security Lab'
disclosed a bug submitted by
b'someonenobbd'
b'C# : Add query to detect Server Side Request Forgery'
02 Nov 2021
b'Flickr'
disclosed a bug submitted by
b'mr_robert'
b'critical server misconfiguration lead to access to any user sensitive data which include user email and password'
02 Nov 2021
b'Mail.ru'
disclosed a bug submitted by
b's_kustm'
b'[play.skillbox.ru] CRLF Injection'
30 Oct 2021
b'TikTok'
disclosed a bug submitted by
b'siratsami'
b'HTML Injection on tiktoktutorials via firstName parameter'
30 Oct 2021
b'Grammarly'
disclosed a bug submitted by
b'evilksandr'
b'Bypassing the Grammarly plagiarism checker by simply replacing characters in the source text'
28 Oct 2021
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'al-madjus'
b'AWS subdomain takeover of www.'
28 Oct 2021
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'zhenwarx'
b'Reflected XSS at via = parameter '
28 Oct 2021
b'Agoric'
disclosed a bug submitted by
b'pacmanx'
b'Dependency on private SSH keys in public github'
27 Oct 2021
b'8x8'
disclosed a bug submitted by
b'ian'
b'Exposed PHP dependencies at .8x8.com'
27 Oct 2021
b'Reddit'
disclosed a bug submitted by
b'm0hacks'
b'Missing rate limit in current password change settings leads to Account takeover'
27 Oct 2021
b'Reddit'
disclosed a bug submitted by
b'karthik86'
b'Content Spoofing/Text Injection at https://gateway-production.dubsmash.com'
27 Oct 2021
b'Reddit'
disclosed a bug submitted by
b'rahulkankrale'
b'Third party app could steal access token as well as protected files using inAppBrowser'
27 Oct 2021
1
...
116
117
118
119
120
...
692
BY DENIS WERNER - @NOBBD -
IMPRESSUM