REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Shopify'
disclosed a bug submitted by
b'jaka_tingkir'
b'Admin web sessions remain active after logout of Shopify ID'
14 Sep 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b'Password protection can be removed for newly created development store '
14 Sep 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[flsaba] Stored XSS in the file and directory name when directories listing'
14 Sep 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[objtools] Prototype pollution'
14 Sep 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[keyd] Prototype pollution'
14 Sep 2020
b'Shopify'
disclosed a bug submitted by
b'dakitu'
b'Cache poisoning via X-Forwarded-Host in www.shopify.com/partners/blog'
11 Sep 2020
b'CS Money'
disclosed a bug submitted by
b'mr_vrush'
b'Internal Path Disclosure'
11 Sep 2020
b'Bitwarden'
disclosed a bug submitted by
b'shielder'
b'Blind HTTP GET SSRF via website icon fetch (bypass of pull#812)'
11 Sep 2020
b'Twitter'
disclosed a bug submitted by
b'protostar0'
b'http request smuggling in pscp.tv and periscope.tv'
10 Sep 2020
b'Central Security Project'
disclosed a bug submitted by
b'c0d3p1ut0s'
b'Unsafe deserialization in Nexus Repository helm plugin'
10 Sep 2020
b'HackerOne'
disclosed a bug submitted by
b'haxta4ok00'
b'Team object in GraphQL disclosed private_comment'
10 Sep 2020
b'Twitter'
disclosed a bug submitted by
b'cyanpiny'
b'Safe Redirect Bypass '
10 Sep 2020
b'Shipt'
disclosed a bug submitted by
b'tester1231233'
b'bypass the [OKTA] login redirect can lead to disclosing limited-information about the sub-domain at [ shiptsec.com ]'
10 Sep 2020
b'Razer'
disclosed a bug submitted by
b'jackb898'
b'THX Tuneup Survey feedback disclosure via Google cached content for apps.thx.com'
10 Sep 2020
b'Topcoder'
disclosed a bug submitted by
b'mase289'
b'SSRF at https://cognitive.topcoder.com leads to AWS instance metadata due to vulnerable email subscription feature'
10 Sep 2020
b'Smartsheet'
disclosed a bug submitted by
b'soareswallace'
b'Smartsheet employees email disclosure through enpoint after login.'
09 Sep 2020
b'GitLab'
disclosed a bug submitted by
b'vakzz'
b'Stored XSS in markdown when redacting references'
09 Sep 2020
b'GitLab'
disclosed a bug submitted by
b'vakzz'
b'Stored XSS on PyPi simple API endpoint'
09 Sep 2020
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'Unauthorized updates to extended_info properties in /store/ajaxpackagesave'
09 Sep 2020
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'Add apps to packages 0, 61, 62 with /store/ajaxpackagemerge'
09 Sep 2020
1
...
221
222
223
224
225
...
694
BY DENIS WERNER - @NOBBD -
IMPRESSUM