REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
56
b'ooooooo_q'
50
b'jon_bottarini'
49
b'haxta4ok00'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'Guest Privilege Escalation to admin group'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'Upload of Avatars for other Users'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'Online Status of arbitrary users can be changed'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'CSS Injection in Message Avatar'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'Unread Messages can leak Message IDs'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'Registration bypass with leaked Invite Token'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'Unauthenticated clients can modify Livechat Business Hours'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'Improper ACL in Message Starring'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'User Impersonation through sendMessage options'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'Authentication Bypass in login-token Authentication Method'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'Impersonation in Sequential Messages'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'Content-Security Policy bypass with File Uploads'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'XSS in various MessageTypes'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'Pinning leaks message content'
10 Aug 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'hackeriron1'
b'Bypassing 2FA with conventional session management - open.rocket.chat'
10 Aug 2024
b'MTN Group'
disclosed a bug submitted by
b'alitoni224'
b'Leaking usernames through endpoints Wordpress'
10 Aug 2024
b'Reddit'
disclosed a bug submitted by
b'saurabhb'
b'IDOR lets a malicious user reveal the unpinned achievement badges of any Reddit user'
09 Aug 2024
b'Node.js'
disclosed a bug submitted by
b'xion'
b'Permissions can be bypassed via arbitrary code execution through abusing libuv signal pipes'
08 Aug 2024
b'Smule'
disclosed a bug submitted by
b'cryptic_'
b'Possible Subdomain Takeover For Inbound Emails'
07 Aug 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'https://srcds.valve.net/find/ is leaking server config / API keys'
06 Aug 2024
1
...
11
12
13
14
15
...
717
BY DENIS WERNER - @NOBBD -
IMPRESSUM