REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
56
b'ooooooo_q'
50
b'jon_bottarini'
49
b'haxta4ok00'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Nextcloud'
disclosed a bug submitted by
b'everysinglusernametaken'
b'Ability to by-pass second factor '
14 Jul 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'orange'
b'important: Apache HTTP Server weakness with encoded question marks in backreferences (CVE-2024-38474)'
13 Jul 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'orange'
b'important: Apache HTTP Server on WIndows UNC SSRF (CVE-2024-38472)'
13 Jul 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'orange'
b'important: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. (CVE-2024-38475)'
13 Jul 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'orange'
b'important: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect (CVE-2024-38476)'
13 Jul 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'orange'
b'important: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request (CVE-2024-38477)'
13 Jul 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'orange'
b'moderate: Apache HTTP Server: HTTP response splitting (CVE-2023-38709)'
13 Jul 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'orange'
b'moderate: Apache HTTP Server proxy encoding problem (CVE-2024-38473)'
13 Jul 2024
b'TikTok'
disclosed a bug submitted by
b'xtt0k'
b'Account Takeover via Authentication Bypass in TikTok Account Recovery'
13 Jul 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'noentry'
b'CVE-2024-3416: MTU of 4096 or greater without fragmentation may cause NGINX worker processes to leak previously freed memory'
12 Jul 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'gronke'
b'NoSQL injection leaks visitor token and livechat messages'
11 Jul 2024
b'Mars'
disclosed a bug submitted by
b'0x999'
b'0 Click account takeover via timed requests to forgot-password (single-packet attack)'
11 Jul 2024
b'HackerOne'
disclosed a bug submitted by
b'aloneh1'
b'Reports submitted by a non 2fa setupped user account can be transferred to a 2fa require submission program '
11 Jul 2024
b'HackerOne'
disclosed a bug submitted by
b'iam_srpk'
b"2fa can't be activated on app.pullrequest.com"
11 Jul 2024
b'HackerOne'
disclosed a bug submitted by
b'pranshux0x_'
b'Two factor authentication bypass'
11 Jul 2024
b'HackerOne'
disclosed a bug submitted by
b'blakfly'
b'Session Not Expire / 2FA Bypass'
11 Jul 2024
b'HackerOne'
disclosed a bug submitted by
b'deepmarketer'
b'2FA Bypass via Leaked Cookies'
11 Jul 2024
b'HackerOne'
disclosed a bug submitted by
b'bob004x'
b'Two-factor authentication bypass lead to information disclosure about the program and all hackers participate'
11 Jul 2024
b'HackerOne'
disclosed a bug submitted by
b'5zdob13'
b'Reset the 2FA of the user which can lead to Account Takeover'
11 Jul 2024
b'HackerOne'
disclosed a bug submitted by
b'the-white-evil'
b"Bypassing the victim's phone number OTP in the account recovery process on the https://hackerone.com/settings/auth/setup_account_recovery"
11 Jul 2024
1
...
15
16
17
18
19
...
717
BY DENIS WERNER - @NOBBD -
IMPRESSUM