REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Semrush'
disclosed a bug submitted by
b'a_d_a_m'
b'API key (api.semrush.com) leak in JS-file'
05 Sep 2022
b'MTN Group'
disclosed a bug submitted by
b'theranger'
b'IDOR Leads To Account Takeover Without User Interaction'
04 Sep 2022
b'MTN Group'
disclosed a bug submitted by
b'a-heybati'
b'path traversal vulnerability in Grafana 8.x allows " local file read "'
03 Sep 2022
b'Nextcloud'
disclosed a bug submitted by
b'eg42'
b'Unauthenticated SSRF in 3rd party module "cerdic/csstidy"'
03 Sep 2022
b'Nextcloud'
disclosed a bug submitted by
b'nickvergessen'
b"Brute force protections don't work"
03 Sep 2022
b'Nextcloud'
disclosed a bug submitted by
b'anna_larch'
b'Password disclosure in initial setup of Mail App'
03 Sep 2022
b'Nextcloud'
disclosed a bug submitted by
b'rtod'
b'Federated share accepting/declining is not logged in audit log'
03 Sep 2022
b'MTN Group'
disclosed a bug submitted by
b'harrisoft'
b'Weak/Auto Fill Password'
03 Sep 2022
b'MTN Group'
disclosed a bug submitted by
b'drak3hft7'
b'Wordpress users disclosure from json and xml file'
02 Sep 2022
b'TikTok'
disclosed a bug submitted by
b'sinayeganeh'
b'IDOR on TikTok Ads Endpoint'
01 Sep 2022
b'MTN Group'
disclosed a bug submitted by
b'dh0pe'
b'Sensitive Information Disclosure Through Config File'
01 Sep 2022
b'MTN Group'
disclosed a bug submitted by
b'dh0pe'
b'Default Admin Username and Password on remedysso.mtncameroon.net'
01 Sep 2022
b'MTN Group'
disclosed a bug submitted by
b'ibrahimatix0x01'
b'Password reset token leak on third party website via Referer header [cloudivr.mtnbusiness.com.ng]'
01 Sep 2022
b'MTN Group'
disclosed a bug submitted by
b'aliyugombe'
b'Remote code execution due to unvalidated file upload'
01 Sep 2022
b'Adobe'
disclosed a bug submitted by
b'aneeeketh'
b'API Key reported in #1465145 not rotated and thus is still valid and can be used by anyone'
01 Sep 2022
b'Hyperledger'
disclosed a bug submitted by
b'fatal0'
b'Remote denial of service in HyperLedger Fabric'
01 Sep 2022
b'Acronis'
disclosed a bug submitted by
b'mrccrqr'
b'Any expired reset password link can still be used to reset the password'
01 Sep 2022
b'Snapchat'
disclosed a bug submitted by
b'mahfujwhh'
b'Password reset tokens sent to CSP reporting endpoints'
31 Aug 2022
b'Cloudflare Public Bug Bounty'
disclosed a bug submitted by
b'motu-vai'
b'Enable 2Fa verification without verifying email leads account takeover'
31 Aug 2022
b'curl'
disclosed a bug submitted by
b'haxatron1'
b'CVE-2022-35252: control code in cookie denial of service'
31 Aug 2022
1
...
146
147
148
149
150
...
769
BY DENIS WERNER - @NOBBD -
IMPRESSUM