REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Shopify'
disclosed a bug submitted by
b'jaka_tingkir'
b'damage to the timeline so that comment fields cannot be displayed or not available to all members in the store'
09 Sep 2020
b'Staging.every.org'
disclosed a bug submitted by
b'bugra'
b'Race Condition when following a user'
09 Sep 2020
b'InnoGames'
disclosed a bug submitted by
b'rzx007x'
b'Blind SQL Injection '
08 Sep 2020
b'GitLab'
disclosed a bug submitted by
b'jackb898'
b'EXIF metadata not stripped from JPG group logos'
08 Sep 2020
b'GitLab'
disclosed a bug submitted by
b'vakzz'
b'Injection of `http.<url>.*` git config settings leading to SSRF'
08 Sep 2020
b'GitLab'
disclosed a bug submitted by
b'kryword'
b'Members from parent group keep their access level on a subgroup transfer and are invisible'
08 Sep 2020
b'GitLab'
disclosed a bug submitted by
b'lucash-dev'
b'SSRF into Shared Runner, by replacing dockerd with malicious server in Executor'
08 Sep 2020
b'Stripo Inc'
disclosed a bug submitted by
b'binit'
b"No CSRF Protection in Resend Confirmation Email feature leads to Sending Unwanted Email in Victim's Inbox without knowing Victim's email address"
08 Sep 2020
b"Hanno's projects"
disclosed a bug submitted by
b'dragonjar'
b"[bugs.fuzzing-project.org] HTML Injection via 'custom_field_7[]' parameter in '/view_all_set.php'"
08 Sep 2020
b'Endless Hosting'
disclosed a bug submitted by
b'pirneci'
b'XSS on https://fax.pbx.itsendless.org/ (CVE-2017-18024)'
07 Sep 2020
b'QIWI'
disclosed a bug submitted by
b'0x3c3e'
b'Keychain data persistence may lead to account takeover'
07 Sep 2020
b'BugPoC'
disclosed a bug submitted by
b'hackk9'
b'Reading arbitrary files via running arbitrary python code'
06 Sep 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[extend-merge] Prototype pollution'
06 Sep 2020
b'Topcoder'
disclosed a bug submitted by
b'laz0rde'
b'Reflected-XSS on https://www.topcoder.com/tc via pt parameter'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'GET request to accounts.json on support site leaks the root account license key and the browser license key to a restricted user'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Logic flaw enables restricted account to access account license key'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Synthetics] (IDOR) Ability to see full name associated with other New Relic accounts through workaround of #255894'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[Synthetics/Infrastructure/everything] Individual account permissions are not properly managed and inherited on sub accounts '
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Full name of other accounts exposed through NR API Explorer (another workaround of #476958)'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Alerts/Synthetics] IDOR through /policies.json with Synthetics exposes full name of other NR users'
04 Sep 2020
1
...
222
223
224
225
226
...
694
BY DENIS WERNER - @NOBBD -
IMPRESSUM