REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Uber'
disclosed a bug submitted by
b'0xprial'
b'CVE-2020-3452 - unauthenticated file read on anyconnect.routematch.com'
05 Aug 2021
b'HackerOne'
disclosed a bug submitted by
b'tomvg'
b'Partial report contents leakage - via HTTP/2 concurrent stream handling'
05 Aug 2021
b'HackerOne'
disclosed a bug submitted by
b'sunil_yedla'
b'Private program disclosure through notifications'
05 Aug 2021
b'HackerOne'
disclosed a bug submitted by
b'frozensolid'
b"Mishandling of hackerone clear background checks resulting in disclosure of other hacker's information"
05 Aug 2021
b'Acronis'
disclosed a bug submitted by
b'aapo'
b'Acronis True Image (Windows) does not validate server certificate on a TLS connection'
05 Aug 2021
b'HackerOne'
disclosed a bug submitted by
b'none_of_the_above'
b'Internal Gitlab Ticket Disclosure via External Slack Channels'
04 Aug 2021
b'Snapchat'
disclosed a bug submitted by
b'sicarius'
b'Bypass Rate Limits on app.snapchat.com API Endpoint via X-Forwarded-For Header'
04 Aug 2021
b'MTN Group'
disclosed a bug submitted by
b'light4kira'
b'Disclosure of internal information using hidden NTLM authentication leading to an exploit server'
04 Aug 2021
b'Slack'
disclosed a bug submitted by
b'shell_c0de'
b'Private application files can be uploaded to Slack via malicious uploader'
04 Aug 2021
b'HackerOne'
disclosed a bug submitted by
b'brdoors3'
b"Information disclosure - Feedback is accessible on Public profile even after 'disallowed' at https://hackerone.com/settings/feedback"
03 Aug 2021
b'Elastic'
disclosed a bug submitted by
b'superman85'
b'[Swiftype] - Stored XSS via document field `url` triggers on `https://app.swiftype.com/engines/<engine>/document_types/<type>/documents/<id>`'
03 Aug 2021
b'Elastic'
disclosed a bug submitted by
b'superman85'
b'Improper authorization on `/api/as/v1/credentials/` for Dev Role User with Limited Engine Access'
03 Aug 2021
b'Informatica'
disclosed a bug submitted by
b'montypythin'
b'Improper Sanitization leads to XSS Fire on admin panel'
03 Aug 2021
b'GitHub Security Lab'
disclosed a bug submitted by
b'artem'
b'Java: Unsafe deserialization with Jackson'
02 Aug 2021
b'GitHub Security Lab'
disclosed a bug submitted by
b'someonenobbd'
b"[Java] CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')"
02 Aug 2021
b'GitHub Security Lab'
disclosed a bug submitted by
b'jorgectf'
b'[Python] CWE-287: LDAP Improper Authentication'
02 Aug 2021
b'GitHub Security Lab'
disclosed a bug submitted by
b'someonenobbd'
b'[Python]: Add SqlAlchemy support for SQL injection query'
02 Aug 2021
b'GitHub Security Lab'
disclosed a bug submitted by
b'p0wn4j'
b'[Java] CWE-601: Add Spring URL Redirect ResponseEntity sink'
02 Aug 2021
b'GitLab'
disclosed a bug submitted by
b'az3z3l'
b'CSRF on /api/graphql allows executing mutations through GET requests'
02 Aug 2021
b'Bitwarden'
disclosed a bug submitted by
b'jjlin'
b'When uploading attachments, unencrypted file names are made available to the server'
02 Aug 2021
1
...
133
134
135
136
137
...
693
BY DENIS WERNER - @NOBBD -
IMPRESSUM