REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'oxylis'
b' leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions'
22 Mar 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'archyxsec'
b'Improper Authentication (Login without Registration with any user) at '
22 Mar 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'chor4o'
b'Xss - '
22 Mar 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'chor4o'
b'Xss Parameter: /<s>/[*]/<s>.css '
22 Mar 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'dishant_singh'
b'Attacker can Add itself as admin user and can also change privileges of Existing Users []'
22 Mar 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'chor4o'
b'Parmetro XSS: Nome de usurio - '
22 Mar 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'geej'
b'Resource Injection - []'
22 Mar 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'elevenoo1'
b'Full Access to sonarQube and Docker'
22 Mar 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'anonymlss'
b'Reflective Cross Site Scripting (XSS) on /Pages'
22 Mar 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'dishant_singh'
b'DBMS information getting exposed publicly on -- [ ]'
22 Mar 2024
b'ownCloud'
disclosed a bug submitted by
b'kolokokop'
b'Authentication Bypass with usage of PreSignedURL'
22 Mar 2024
b'8x8 Bounty'
disclosed a bug submitted by
b'pentestor'
b'Open Redirect via Non-Latin Subdomain in vcc-*.8x8.com/AGUI/.php'
20 Mar 2024
b'Frontegg'
disclosed a bug submitted by
b'bugsv2'
b'PATCH method manipulation allowing the users to escalate their functionalities and edit (upgrade/downgrade) API Keys settings which is not allowed'
20 Mar 2024
b'Frontegg'
disclosed a bug submitted by
b'bugsv2'
b'Bypassing the block of Security Domain Restriction and normally invite blocked domains with special characters '
20 Mar 2024
b'New Relic'
disclosed a bug submitted by
b'archangel'
b'User without "View/Modify/Delete" permissions on "Destinations" can view/modify & delete Destinations'
19 Mar 2024
b'New Relic'
disclosed a bug submitted by
b'archangel'
b'Missing Authorization check on View permissions for Alerting Conditions via /internal_api/1/accounts/XXXXXXX/policies/YYYYYYY/conditions?offs endpoint'
19 Mar 2024
b'New Relic'
disclosed a bug submitted by
b'archangel'
b'Steal any user in your orgs private GitHub token by pointing the GH integration at an attacker controlled GHE instance'
19 Mar 2024
b'GoCD'
disclosed a bug submitted by
b'redyetihacks'
b'XSS in new.loading.page.html'
17 Mar 2024
b'HackerOne'
disclosed a bug submitted by
b'akashhamal0x01'
b'Being able to disclose IBB bounty table of any public program'
17 Mar 2024
b'Node.js'
disclosed a bug submitted by
b'maple3142'
b'Denial of Service by resource exhaustion in fetch() brotli decoding'
16 Mar 2024
1
2
3
4
5
...
692
BY DENIS WERNER - @NOBBD -
IMPRESSUM