REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Mail.ru'
disclosed a bug submitted by
b'iframe'
b'[garnier-olia.lady.mail.ru] Reflected XSS /exp/ bypass "/"'
01 Sep 2020
b'Mail.ru'
disclosed a bug submitted by
b'iframe'
b'warofdragons.my.games: configuration files with database account are accessible'
01 Sep 2020
b'Mail.ru'
disclosed a bug submitted by
b'iframe'
b'IDOR ????????? ???????? ?????????? ? ????????????.'
01 Sep 2020
b'Mail.ru'
disclosed a bug submitted by
b'organdonor'
b'Access to information about any video and its owner via GraphQL endpoint [dictor.mail.ru]'
01 Sep 2020
b'Mail.ru'
disclosed a bug submitted by
b'pisarenko'
b' [self?] XSS ? ?????? ???????????? [sbermarket.ru]'
31 Aug 2020
b'Mail.ru'
disclosed a bug submitted by
b'jianjun'
b'An implementation flaw in Mail.ru can be exploited for DKIM signature spoofing and email spoofing'
31 Aug 2020
b'QIWI'
disclosed a bug submitted by
b'honoki'
b'DOM XSS triggered in secure support desk'
31 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'bp0lr'
b'[hangersteak] Web Server Directory Traversal via Crafted GET Request'
30 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'bp0lr'
b'[sirloin] Web Server Directory Traversal via Crafted GET Request'
30 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'zerox4'
b'XSS Stored via Upload avatar PNG [HTML] File in accounts.shopify.com'
30 Aug 2020
b'WakaTime'
disclosed a bug submitted by
b'hy76t56f565'
b'Private leaderboard owner email disclosure when sending invites'
28 Aug 2020
b'Slack'
disclosed a bug submitted by
b'oskarsv'
b'Remote Code Execution in Slack desktop apps + bonus'
28 Aug 2020
b'WordPress'
disclosed a bug submitted by
b'kahoots'
b'XSS via unicode characters in upload filename'
28 Aug 2020
b'Qulture.Rocks'
disclosed a bug submitted by
b'wisp'
b'XSS from arbitrary attachment upload.'
28 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'saltymermaid'
b'Ability to publish a paid theme without purchasing it.'
27 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'saltymermaid'
b'Ability to publish a paid theme without purchasing it.'
27 Aug 2020
b'Khan Academy'
disclosed a bug submitted by
b'demonia'
b'CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files'
27 Aug 2020
b'Ruby on Rails'
disclosed a bug submitted by
b'jregele'
b'The authenticity_token can be reversed and used to forge valid per_form_csrf_tokens for arbitrary routes'
27 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'phra'
b'notevil - Sandbox Escape Lead to RCE on Node.js and XSS in the Browser'
27 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'[bl] Uninitialized memory exposure via negative .consume()'
27 Aug 2020
1
...
224
225
226
227
228
...
693
BY DENIS WERNER - @NOBBD -
IMPRESSUM