REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'8x8'
disclosed a bug submitted by
b'ian'
b'Subdomain takeover of .wavecell.com'
02 May 2021
b'Kubernetes'
disclosed a bug submitted by
b'r44mb00'
b'Code Injection via Insecure Yaml.load'
01 May 2021
b'Open-Xchange'
disclosed a bug submitted by
b'zhutyra'
b'SSRF - Unchecked Snippet IDs for distributed files'
01 May 2021
b'Open-Xchange'
disclosed a bug submitted by
b'zhutyra'
b'XSS - Calendar - Unescaped common name of appointment participant'
01 May 2021
b'Open-Xchange'
disclosed a bug submitted by
b'zhutyra'
b'XSS - Notes - Attribute injection through overlapping tags'
01 May 2021
b'Open-Xchange'
disclosed a bug submitted by
b'zhutyra'
b'XSS - Search - Unescaped contact job'
01 May 2021
b'Twitter'
disclosed a bug submitted by
b'nagli'
b'Open Redirect on https://www.twitterflightschool.com/widgets/experience?destination_url=https://evil.com'
01 May 2021
b'Nextcloud'
disclosed a bug submitted by
b'rtod'
b'Nextcloud update checks leaks information'
01 May 2021
b'PayPal'
disclosed a bug submitted by
b'bagipro'
b'Unsafe deserialization leads to token leakage in PayPal & PayPal for Business [Android]'
30 Apr 2021
b'Mail.ru'
disclosed a bug submitted by
b'0x7'
b'[web.icq.com] Stored XSS in Account Name'
30 Apr 2021
b'Mail.ru'
disclosed a bug submitted by
b'order1000'
b'Gitlab search exposing personal data of employees on gitlab-edu.geekbrains.ru'
30 Apr 2021
b'Homebrew'
disclosed a bug submitted by
b'nightwatch-cybersecurity'
b'Brew bootstrap process is insecure'
30 Apr 2021
b'curl'
disclosed a bug submitted by
b'mingtao'
b'CVE-2021-22890: TLS 1.3 session ticket proxy host mixup'
30 Apr 2021
b'curl'
disclosed a bug submitted by
b'vsz'
b'CVE-2021-22876: Automatic referer leaks credentials'
30 Apr 2021
b'HackerOne'
disclosed a bug submitted by
b'nukedx'
b'Improper data update process on UpdatePhabricatorIntegration mutation leads to leak of Phabricator Conduit API token.'
30 Apr 2021
b'Imgur'
disclosed a bug submitted by
b'malek'
b'HTML Injection with XSS possible '
29 Apr 2021
b'Uber'
disclosed a bug submitted by
b'm7mdharoun'
b'4 Subdomains Takeover on 2 domains ( muberscolombia.com & ubereats.pl )'
29 Apr 2021
b'Uber'
disclosed a bug submitted by
b'0xprial'
b'IDOR leads to leak analytics of any restaurant'
29 Apr 2021
b'Rocket.Chat'
disclosed a bug submitted by
b'khekhe'
b"Hi! Security Team Rocket.Chat, It's possible to get information about the users emails without authentication"
29 Apr 2021
b'OpenMage'
disclosed a bug submitted by
b'prolib'
b'Very long names on demo.openmage.org could redirect victim users to malicious url redirects via email contacts.'
29 Apr 2021
1
...
232
233
234
235
236
...
769
BY DENIS WERNER - @NOBBD -
IMPRESSUM