REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
57
b'ooooooo_q'
50
b'jon_bottarini'
49
b'haxta4ok00'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'GitHub Security Lab'
disclosed a bug submitted by
b'someonenobbd'
b"[Java] CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')"
02 Aug 2021
b'GitHub Security Lab'
disclosed a bug submitted by
b'jorgectf'
b'[Python] CWE-287: LDAP Improper Authentication'
02 Aug 2021
b'GitHub Security Lab'
disclosed a bug submitted by
b'someonenobbd'
b'[Python]: Add SqlAlchemy support for SQL injection query'
02 Aug 2021
b'GitHub Security Lab'
disclosed a bug submitted by
b'p0wn4j'
b'[Java] CWE-601: Add Spring URL Redirect ResponseEntity sink'
02 Aug 2021
b'GitLab'
disclosed a bug submitted by
b'az3z3l'
b'CSRF on /api/graphql allows executing mutations through GET requests'
02 Aug 2021
b'Bitwarden'
disclosed a bug submitted by
b'jjlin'
b'When uploading attachments, unencrypted file names are made available to the server'
02 Aug 2021
b'Sifchain'
disclosed a bug submitted by
b'n33dm0n3y'
b'Vulnerable javascript dependency at Main domain'
02 Aug 2021
b'Nextcloud'
disclosed a bug submitted by
b'abdullah-a'
b'Two-factor authentication enforcement bypass'
31 Jul 2021
b'Rocket.Chat'
disclosed a bug submitted by
b'sonarsource'
b'Post-Auth Blind NoSQL Injection in the users.list API leads to Remote Code Execution'
31 Jul 2021
b'Snapchat'
disclosed a bug submitted by
b'rms'
b'Bitmoji source code is accessible'
31 Jul 2021
b'UPchieve'
disclosed a bug submitted by
b'ben_lay'
b'url redirection'
30 Jul 2021
b'8x8'
disclosed a bug submitted by
b'melbadry9'
b'DNS Misconfiguration (Subdomain Takeover) - .8x8.com'
30 Jul 2021
b'Stripo Inc'
disclosed a bug submitted by
b'jmrcsnchz'
b'Bypassing Content-Security-Policy leads to open-redirect and iframe xss'
30 Jul 2021
b'Snapchat'
disclosed a bug submitted by
b'txt3rob'
b'Exposed Kubernetes API - RCE/Exposed Creds'
29 Jul 2021
b'Snapchat'
disclosed a bug submitted by
b'coolboss'
b'Stealing SSO Login Tokens (snappublisher.snapchat.com)'
29 Jul 2021
b'Snapchat'
disclosed a bug submitted by
b'apfeifer27'
b'Publicly accessible Continuous Integration Tool'
29 Jul 2021
b'Snapchat'
disclosed a bug submitted by
b'sdushantha'
b'CSRF when unlocking lenses leads to lenses being forcefully installed without user interaction'
29 Jul 2021
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'nagli'
b'All private support requests to are being disclosed at https://'
29 Jul 2021
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'lu3ky-13'
b'SQL injection my method -1 OR 3*2*1=6 AND 000159=000159'
29 Jul 2021
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'fdeleite'
b' Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)'
29 Jul 2021
1
...
159
160
161
162
163
...
718
BY DENIS WERNER - @NOBBD -
IMPRESSUM