REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
56
b'ooooooo_q'
50
b'jon_bottarini'
49
b'haxta4ok00'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Rocket.Chat'
disclosed a bug submitted by
b'mokusou'
b'Unauthenticated full-read SSRF via Twilio integration'
04 Aug 2024
b'curl'
disclosed a bug submitted by
b'dubek'
b'CVE-2024-7264: ASN.1 date parser overread'
01 Aug 2024
b'GitHub'
disclosed a bug submitted by
b'ahacker1'
b'Access body and title of Internal Repo Issues in Projects'
31 Jul 2024
b'GitHub'
disclosed a bug submitted by
b'ahacker1'
b'GitHub Apps can access suspended installations via scoped user-to-server tokens'
31 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'Add any depot to your app and access its contents without decryption key; via /apps/setcommonredists'
30 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'Shell command injection in https://partner.steamgames.com/admin/game/publish/ via screenshot URL'
30 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'Shell command injection in https://partner.steamgames.com/bundles/savestore/ via overwriting asset_path_identifier'
30 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'Shell command injection in https://partner.steamgames.com/apps/communityitems/ via file extension of item_image_small and item_image_large'
30 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'SQL injection in /errors/viewbuild/'
30 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'/applications/dpc_(get|post) provide full access to api.steampowered.com with the Dota2 API key'
30 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'WG call injection in /economy/contextcommand'
30 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'RCE on partner.steampowered.com'
30 Jul 2024
b'Zomato'
disclosed a bug submitted by
b'suryesh_92'
b'OTP Bypass via Response Manipulation'
30 Jul 2024
b'Shopify'
disclosed a bug submitted by
b'g0lden1'
b'Exposure of shopify employee summit page allows anonymous user to place orders for free books'
29 Jul 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'renzi'
b'Open Akamai ARL XSS on http://master-config-'
26 Jul 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'renzi'
b'Open Akamai ARL XSS on http://media.'
26 Jul 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'cleanchain50'
b' (Android): Vulnerable to Javascript Injection and Open redirect'
26 Jul 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'martinvw'
b'Subdomain takeover '
26 Jul 2024
b'Mozilla'
disclosed a bug submitted by
b'd0xing'
b'Subdomain takeover on one of the subdomains under mozaws.net'
25 Jul 2024
b'Mozilla'
disclosed a bug submitted by
b'd0xing'
b'Subdomain takeover on one of the subdomains under mozaws.net'
25 Jul 2024
1
...
12
13
14
15
16
...
717
BY DENIS WERNER - @NOBBD -
IMPRESSUM