REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'soldawn'
b'403 Forbidden Bypass at www..mil'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'x3ph_'
b'hardcoded password stored in javascript of https://.mil'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'kaulse'
b'Access to Unclassified / FOUO Advanced Motion Platform of .mil'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'kegn'
b'Reflected XSS in https:// via search parameter'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'polygon35'
b'[] SQL Injections on Referer Header exploitable via Time-Based method'
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'vakzz'
b'SafeParamsHelper::safe_params is not so safe'
02 Nov 2020
b'Maker Ecosystem Growth Holdings, Inc'
disclosed a bug submitted by
b'lalit2020'
b"A specially crafted value for the 'Cache-Digest' header causing crash in chat.makerdao.com"
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'ledz1996'
b'Insufficient Type Check leading to Developer ability to delete Project, Repository, Group, ...'
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'ledz1996'
b'Insufficient Type Check on GraphQL leading to Maintainer delete repository'
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'vaib25vicky'
b'Todos are not redacted when membership changes - Access to (confidential) issues and merge requests'
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'steppe'
b'Possibilty to purchase Ultimate - 1 Year (EDU or OSS)'
02 Nov 2020
b'Mail.ru'
disclosed a bug submitted by
b'bazzy'
b'SQL LIKE clauses wildcard injection'
31 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'mr_incompetent'
b'Kubelet resource exhaustion attack via metric label cardinality explosion from unauthenticated requests'
31 Oct 2020
b'Mail.ru'
disclosed a bug submitted by
b'bobrov'
b'[my.games, lootdog.io] XSS via MCS Bucket'
31 Oct 2020
b'Basecamp'
disclosed a bug submitted by
b'carbon61'
b'stored XSS in hey.com message content'
31 Oct 2020
b'Blueboard'
disclosed a bug submitted by
b'gururaj_r'
b'Transport security is not imposed strictly which may cause user to loose their data when they are connected in common/public networks'
31 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'lazydog'
b'Grafana Improper authorization '
31 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'alex_orange'
b'Compromise of auth via subset/superset namespace names.'
30 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'wtm'
b'Compromise of node can lead to compromise of pods on other nodes'
30 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'reeverzax'
b'Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service.'
30 Oct 2020
1
...
206
207
208
209
210
...
692
BY DENIS WERNER - @NOBBD -
IMPRESSUM