REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
57
b'ooooooo_q'
50
b'haxta4ok00'
49
b'jon_bottarini'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Twitter'
disclosed a bug submitted by
b'soareswallace'
b'Delete direct message history without access the proper conversation_id'
20 Nov 2020
b'Endless Hosting'
disclosed a bug submitted by
b'nagli'
b'CVE-2020-14179 on https://jira.theendlessweb.com/secure/QueryComponent!Default.jspa leads to information disclosure'
20 Nov 2020
b'TikTok'
disclosed a bug submitted by
b'milly'
b'Cross-Site-Scripting on www.tiktok.com and m.tiktok.com leading to Data Exfiltration'
19 Nov 2020
b'Shopify'
disclosed a bug submitted by
b'tomorrow_future'
b'XSS stored in the Shopify Email app'
19 Nov 2020
b'Shopify'
disclosed a bug submitted by
b'tomorrow_future'
b'Self xss in product reviews'
19 Nov 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b'Order lookup features of Shopify Chat Application leads to customer orders enumeration due to lack of user input validation'
19 Nov 2020
b'Shopify'
disclosed a bug submitted by
b'ngalog'
b'Staff Member can Get POS Access Without User Interaction'
19 Nov 2020
b'Basecamp'
disclosed a bug submitted by
b'co0sin'
b'Remote Code Execution in Basecamp Windows Electron App'
19 Nov 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b'Staff with no permissions can listen to Shopify Ping conversions by registering to its different WebSocket Events'
19 Nov 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b"Customer's full name disclosure via Shopify Chat (by email lookup)"
19 Nov 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b'Privilege Escalation in Point Of Sale Application from POS Manage Staff Role to potentially Store Owner'
19 Nov 2020
b'Automattic'
disclosed a bug submitted by
b'cyanpiny'
b'Permanent DoS with one click.'
19 Nov 2020
b'BugPoC'
disclosed a bug submitted by
b'abankalarm'
b'XSS :D'
19 Nov 2020
b'Automattic'
disclosed a bug submitted by
b'bugra'
b'No Rate Limit when accessing "Password protection" enabled surveys leads to bypassing passwords via "pd-pass_surveyid" cookie'
18 Nov 2020
b'Automattic'
disclosed a bug submitted by
b'bugra'
b'IDOR when editing users leads to Account Takeover without User Interaction at CrowdSignal'
18 Nov 2020
b'Automattic'
disclosed a bug submitted by
b'bugra'
b'No Email Checking at Invitation Confirmation Link leads to Account Takeover without User Interaction at CrowdSignal'
18 Nov 2020
b'Automattic'
disclosed a bug submitted by
b'bugra'
b'IDOR when moving contents at CrowdSignal'
18 Nov 2020
b'Automattic'
disclosed a bug submitted by
b'bugra'
b'Users can bypass page restrictions via Export feature at "Share" feature in CrowdSignal'
18 Nov 2020
b'Automattic'
disclosed a bug submitted by
b'bugra'
b"IDOR at 'media_code' when addings media to questions"
18 Nov 2020
b'Automattic'
disclosed a bug submitted by
b'bugra'
b'Reflected XSS on a Atavist theme'
18 Nov 2020
1
...
226
227
228
229
230
...
718
BY DENIS WERNER - @NOBBD -
IMPRESSUM
