REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Nextcloud'
disclosed a bug submitted by
b'spaceraccoon'
b'SMTP Command Injection in iCalendar Attachments to Emails via Newlines'
04 Jul 2022
b'Reddit'
disclosed a bug submitted by
b'zqyzoid'
b'Moderators can send messages to users from banned subreddits via `oauth.reddit.com/api/mod/conversations`'
04 Jul 2022
b'Nextcloud'
disclosed a bug submitted by
b'rtod'
b'Federated editing allows iframing possibly malicious remotes'
02 Jul 2022
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b'June 2022 Incident Report'
01 Jul 2022
b'Omise'
disclosed a bug submitted by
b'zombieesshx'
b'Unauthorized Access - downgraded admin roles to none can still edit projects through brupsuite'
01 Jul 2022
b'Brave Software'
disclosed a bug submitted by
b'tabaahi'
b'Open redirect found on account.brave.com'
30 Jun 2022
b'Brave Software'
disclosed a bug submitted by
b'd3f4u17'
b'Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS'
30 Jun 2022
b'Brave Software'
disclosed a bug submitted by
b'd3f4u17'
b'Arbitrary file download due to bad handling of Redirects in WebTorrent'
30 Jun 2022
b'Brave Software'
disclosed a bug submitted by
b'd3f4u17'
b'Redirecting users to malicious torrent-files/websites using WebTorrent'
30 Jun 2022
b'Brave Software'
disclosed a bug submitted by
b'abhinavsecondary'
b'Browser is not following proper flow for redirection cause open redirect '
30 Jun 2022
b'TikTok'
disclosed a bug submitted by
b'aidilarf_2000'
b'XSS Payload on TikTok Seller Center endpoint'
29 Jun 2022
b'Internet Bug Bounty'
disclosed a bug submitted by
b'nyymi'
b'CVE-2022-32208: FTP-KRB bad message verification'
27 Jun 2022
b'Internet Bug Bounty'
disclosed a bug submitted by
b'nyymi'
b'CVE-2022-32206: HTTP compression denial of service'
27 Jun 2022
b'Internet Bug Bounty'
disclosed a bug submitted by
b'nyymi'
b'CVE-2022-32205: Set-Cookie denial of service'
27 Jun 2022
b'Internet Bug Bounty'
disclosed a bug submitted by
b'nyymi'
b'CVE-2022-32207: Unpreserved file permissions'
27 Jun 2022
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'ahmd_halabi'
b'Unauthorized Access to Internal Server Panel without Authentication'
27 Jun 2022
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'mdakh404'
b'Reflected XSS via `` parameter'
27 Jun 2022
b'Cloudflare Public Bug Bounty'
disclosed a bug submitted by
b'albertspedersen'
b'HTTP request smuggling with Origin Rules using newlines in the host_header action parameter'
27 Jun 2022
b'Cloudflare Public Bug Bounty'
disclosed a bug submitted by
b'bombon'
b'Bypassing Cache Deception Armor using .avif extension file'
27 Jun 2022
b'Cloudflare Public Bug Bounty'
disclosed a bug submitted by
b'mattipv4'
b'Sign in with Apple generates long-life JWTs, seemingly irrevocable, that grant immediate access to accounts'
27 Jun 2022
1
...
154
155
156
157
158
...
769
BY DENIS WERNER - @NOBBD -
IMPRESSUM