REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[extra-ffmpeg] Command Injection via insecure command formatting'
20 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[object-path-set] Prototype pollution'
20 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[vboxmanage.js] Command Injection via insecure command concatenation'
20 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b'Ability to generate shipping labels in another store orders'
19 Aug 2020
b'WakaTime'
disclosed a bug submitted by
b'harshita174'
b'Rate Limit too lenient for endpoint sending emails'
19 Aug 2020
b'Avito'
disclosed a bug submitted by
b'harshita174'
b'Missing SPF Records'
19 Aug 2020
b'Nextcloud'
disclosed a bug submitted by
b'ja3far'
b'Denial of Service when entring an Array in email at seetings'
19 Aug 2020
b'Valve'
disclosed a bug submitted by
b'gamer7112'
b"[GoldSrc] RCE via 'spk' Console Command"
19 Aug 2020
b'Valve'
disclosed a bug submitted by
b'gamer7112'
b'[GoldSrc] RCE via malformed BSP file'
19 Aug 2020
b'Valve'
disclosed a bug submitted by
b'irukandjisecresearch'
b"Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser"
19 Aug 2020
b'Yelp'
disclosed a bug submitted by
b'hk755a'
b"CRITICAL Insecure Direct Object Reference (I.D.O.R) - Link Other User's Credit Card "
19 Aug 2020
b'Yelp'
disclosed a bug submitted by
b'hk755a'
b"I.D.O.R To Order,Book,Buy,reserve On YELP FOR FREE (UNAUTHORIZED USE OF OTHER USER'S CREDIT CARD)"
19 Aug 2020
b'Yelp'
disclosed a bug submitted by
b'hk755a'
b"I.D.O.R TO EDIT ALL USER'S CREDIT CARD INFORMATION+(Partial credit card info disclosure)"
19 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'ayyoub'
b'Password reset link not expired at Stocky App'
18 Aug 2020
b'Starbucks'
disclosed a bug submitted by
b'rexvuz'
b'Korea - Reflected XSS on https://www.istarbucks.co.kr/app/getGiftStock.do via "skuNo" and "skuImgUrl" parameters'
18 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'tolo7010'
b'Some store settings/data are accessible to "No Access" permission users on GraphQL LiveView operation'
18 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'jmp_35p'
b'Get analytics token using only apps permission'
18 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'sreeju_kc'
b'OrderListInitial leaks order details'
18 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'jaka_tingkir'
b'access permission is not revoked even if the email has been deleted or changed on the partner account -partners.shopify-'
18 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'rioncool22'
b'Blind Stored XSS Via Staff Name'
18 Aug 2020
1
...
227
228
229
230
231
...
692
BY DENIS WERNER - @NOBBD -
IMPRESSUM