REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Maker Ecosystem Growth Holdings, Inc'
disclosed a bug submitted by
b'lalit2020'
b"A specially crafted value for the 'Cache-Digest' header causing crash in chat.makerdao.com"
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'ledz1996'
b'Insufficient Type Check leading to Developer ability to delete Project, Repository, Group, ...'
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'ledz1996'
b'Insufficient Type Check on GraphQL leading to Maintainer delete repository'
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'vaib25vicky'
b'Todos are not redacted when membership changes - Access to (confidential) issues and merge requests'
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'steppe'
b'Possibilty to purchase Ultimate - 1 Year (EDU or OSS)'
02 Nov 2020
b'Mail.ru'
disclosed a bug submitted by
b'bazzy'
b'SQL LIKE clauses wildcard injection'
31 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'mr_incompetent'
b'Kubelet resource exhaustion attack via metric label cardinality explosion from unauthenticated requests'
31 Oct 2020
b'Mail.ru'
disclosed a bug submitted by
b'bobrov'
b'[my.games, lootdog.io] XSS via MCS Bucket'
31 Oct 2020
b'Basecamp'
disclosed a bug submitted by
b'carbon61'
b'stored XSS in hey.com message content'
31 Oct 2020
b'Blueboard'
disclosed a bug submitted by
b'gururaj_r'
b'Transport security is not imposed strictly which may cause user to loose their data when they are connected in common/public networks'
31 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'lazydog'
b'Grafana Improper authorization '
31 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'alex_orange'
b'Compromise of auth via subset/superset namespace names.'
30 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'wtm'
b'Compromise of node can lead to compromise of pods on other nodes'
30 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'reeverzax'
b'Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service.'
30 Oct 2020
b'Mail.ru'
disclosed a bug submitted by
b'derision'
b'SQL Injection [unauthenticated] with direct output at https://news.mail.ru/'
30 Oct 2020
b'Basecamp'
disclosed a bug submitted by
b'carbon61'
b'CSRF on launchpad.37signals.com OAuth2 authorization endpoint'
30 Oct 2020
b'Mail.ru'
disclosed a bug submitted by
b'mainteemoforfun'
b'[api.my.games/social/chat/multi/add] Privilege escalation on adding new members to group chat '
30 Oct 2020
b'Bitwala'
disclosed a bug submitted by
b'soe_htet'
b'Open Redirect on https://go.bitwala.com/'
30 Oct 2020
b'TikTok'
disclosed a bug submitted by
b'gnux'
b'Bypass "Industry Documents" Validation'
29 Oct 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'ryotak'
b'[zenn-cli] Path traversal on Windows allows the attacker to read arbitrary .md files'
29 Oct 2020
1
...
207
208
209
210
211
...
693
BY DENIS WERNER - @NOBBD -
IMPRESSUM