REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'HackerOne'
disclosed a bug submitted by
b'bugra'
b"Recently added 'Country' field doesn't send email notification when changed"
25 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'macasun'
b'Prototype pollution attack (lodash)'
25 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'ngalog'
b'Path Traversal in App Proxy'
24 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'mik317'
b'[windows-edge] RCE via insecure command formatting'
24 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b'Stocky App Administrator can create a backdoor admin account by using an existing POS User'
24 Aug 2020
b'Smule'
disclosed a bug submitted by
b'absshax'
b'[com.smule.autorap.*] Cloud Messaging/Push Notification service takeover due to clear-text usage of Legacy FCM Server keys in the client app '
24 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'langduvnsec'
b'STAFF "No-Permissions" on the Store can retrieve the details Order via exchangeReceiptSend'
24 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'nooblife'
b'*.shopify.com - Authentication bypass'
24 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'meow-hacker-meow'
b'Subdomain takeover in help.tictail.com pointing to Zendesk (a Shopify acquisition)'
24 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'zwail'
b'xss stored in https://your store.myshopify.com/admin/'
24 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'jaka_tingkir'
b'increased privileges on staff account'
24 Aug 2020
b'Trint Ltd'
disclosed a bug submitted by
b'dopaminedetox'
b'SSO bypass in zendesk using trint organization able to leak internal ticket information'
24 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Restricted user is able to delete filter sets of admin users in https://infrastructure.newrelic.com/accounts/{{ACC#}}/settings/filterSets'
24 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'(Prerelease UI) Stored XSS via role name in JSON chart'
24 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints'
24 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'NRQL Query allows restricted user to pull all data from Synthetics monitors without having read permissions enabled '
24 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Stored XSS via "my recent queries" selector in NRQL dashboard builder'
24 Aug 2020
b'Dropcontact'
disclosed a bug submitted by
b'harshita174'
b'No Valid SPF Records'
24 Aug 2020
b'Open-Xchange'
disclosed a bug submitted by
b'catenacyber'
b'Null dereference in mcht_relational_validate ext-relational-common.c:136'
24 Aug 2020
b'Dropcontact'
disclosed a bug submitted by
b'cyc0rpion'
b'User registration using public domain email like gmail in place of professional email.'
24 Aug 2020
1
...
225
226
227
228
229
...
692
BY DENIS WERNER - @NOBBD -
IMPRESSUM