REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
84
b'linkks'
75
b'jobert'
70
b'nyymi'
65
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Uber'
disclosed a bug submitted by
b'corb3nik'
b'Stored XSS on auth.uber.com/oauth/v2/authorize via redirect_uri parameter leads to Account Takeover'
25 Feb 2021
b'Uber'
disclosed a bug submitted by
b'healdb'
b'Outdated Wordpress installation and plugins at www.uberxgermany.com create CSRF and XSS vulnerabilities'
25 Feb 2021
b'Uber'
disclosed a bug submitted by
b'tomnomnom'
b'[Pre-Submission][H1-4420-2019] API access to Phabricator on code.uberinternal.com from leaked certificate in git repo'
25 Feb 2021
b'Uber'
disclosed a bug submitted by
b'fawazxq'
b'Disclosure of Co-Rider user (Uber-pooling) profile picture at Amazon AWS Cloudfront within HTTP RESPONSE '
25 Feb 2021
b'Uber'
disclosed a bug submitted by
b'phwd'
b'Listing of email addresses of whitelisted business users visible at business.uber.com'
25 Feb 2021
b'Uber'
disclosed a bug submitted by
b'rijalrojan'
b'Uber employees are sharing information on productforums.google.com'
25 Feb 2021
b'Uber'
disclosed a bug submitted by
b'0xd0m7'
b'[usuppliers.uber.com] - Server Side Request Forgery via XXE OOB'
25 Feb 2021
b'Uber'
disclosed a bug submitted by
b'orange'
b'Arbitrary File Reading on Uber SSL VPN'
25 Feb 2021
b'Weblate'
disclosed a bug submitted by
b'anotherhoax'
b'Race Condition allows to get more free trials and get more than 100 languages and strings for free'
25 Feb 2021
b'CS Money'
disclosed a bug submitted by
b'gatolouco'
b'Cookie poisoning leads to DOS and Privacy Violation'
25 Feb 2021
b'Dropbox'
disclosed a bug submitted by
b'cybxis'
b"`account_info.read` scope OAuth app access token can change token owner's account name."
25 Feb 2021
b'Automattic'
disclosed a bug submitted by
b'telaviv_h4x0r'
b'information disclosure lead to disclose users private notes'
25 Feb 2021
b'FetLife'
disclosed a bug submitted by
b'kapkan'
b'Stored XSS via `Create a Fetish` section.'
25 Feb 2021
b'Logitech'
disclosed a bug submitted by
b'nrockhouse'
b'SSRF allows reading AWS EC2 metadata using "readapi" variable in Streamlabs Cloudbot'
24 Feb 2021
b'Shopify'
disclosed a bug submitted by
b'todayisnew'
b'Subdomain Takeover Via unclaimed Heroku Instance tim-exclusive.shopify.com'
24 Feb 2021
b'Legal Robot'
disclosed a bug submitted by
b'todayisnew'
b'AWS hosting bucket for Legal Robots set as public browse and list contents: s3://legalrobot'
24 Feb 2021
b'Grab'
disclosed a bug submitted by
b'todayisnew'
b' Subdomain Takeover Via Insecure CloudFront Distribution cdn.grab.com'
24 Feb 2021
b'Uber'
disclosed a bug submitted by
b'alexbirsan'
b'RCE via npm misconfig -- installing internal libraries from the public registry'
24 Feb 2021
b'Uber'
disclosed a bug submitted by
b'orange'
b'Pre-auth Remote Code Execution on multiple Uber SSL VPN servers'
24 Feb 2021
b'Uber'
disclosed a bug submitted by
b'm4k'
b'Cookie Bombing cause DOS - businesses.uber.com'
24 Feb 2021
1
...
226
227
228
229
230
...
746
BY DENIS WERNER - @NOBBD -
IMPRESSUM
