REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'GitHub Security Lab'
disclosed a bug submitted by
b'grzegol'
b'LDAP injection vulnerability in Java'
11 Aug 2020
b'GitHub Security Lab'
disclosed a bug submitted by
b'porcupineyhairs'
b'Golang : Improvements to Golang SSRF query'
11 Aug 2020
b'Zomato'
disclosed a bug submitted by
b'cybrot'
b'Lack of Password Confirmation for Account Deletion'
11 Aug 2020
b'Dropcontact'
disclosed a bug submitted by
b'omarelfarsaoui'
b'Unrestricted File Upload on https://app.dropcontact.io/app/upload/'
11 Aug 2020
b'Dropcontact'
disclosed a bug submitted by
b'kapkan'
b'Host Header Injection.'
11 Aug 2020
b'Dropcontact'
disclosed a bug submitted by
b'kapkan'
b'Unauthorized Access and updation of EMAIL settings of other user at https://app.dropcontact.io/app/sponsorship/ by changing the " email " parameter.'
11 Aug 2020
b'Visma Public'
disclosed a bug submitted by
b'vapour'
b'Missing authorization allows sales only user to record payment.'
11 Aug 2020
b'Zomato'
disclosed a bug submitted by
b'zzzhacker13'
b'[api.zomato.com] Abusing LocalParams (city_id) to Inject SOLR query'
11 Aug 2020
b'Zomato'
disclosed a bug submitted by
b'zzzhacker13'
b'[www.zomato.com] Blind SQL Injection in /php/widgets_handler.php'
10 Aug 2020
b'Zomato'
disclosed a bug submitted by
b'zzzhacker13'
b'[www.zomato.com] Blind SQL Injection in /php/geto2banner'
10 Aug 2020
b'Zomato'
disclosed a bug submitted by
b'zzzhacker13'
b'[www.zomato.com] Abusing LocalParams (city) to Inject SOLR query'
10 Aug 2020
b'Grammarly'
disclosed a bug submitted by
b'cript0nauta'
b"Unauthenticated users can access all food.grammarly.io user's data"
10 Aug 2020
b'Zomato'
disclosed a bug submitted by
b'zzzhacker13'
b'Solr Injection in `user_id` parameter at :/v2/leaderboard_v2.json'
10 Aug 2020
b'Visma Public'
disclosed a bug submitted by
b'brdoors3'
b'Access control on https://eaccounting.stage.vismaonline.com/'
09 Aug 2020
b'Zomato'
disclosed a bug submitted by
b'0xdexter'
b'Ability to manipulate price with a max threshold of `<1 Rupee` in support rider parameter'
08 Aug 2020
b'Zomato'
disclosed a bug submitted by
b'pandaaaa'
b'Availing Zomato gold by using a random third-party `wallet_id`'
07 Aug 2020
b'BugPoC'
disclosed a bug submitted by
b'acut3'
b'Improper use of "path" parameter can be used to trick testers into leaking their Front-End PoC'
07 Aug 2020
b'Topcoder'
disclosed a bug submitted by
b'mase289'
b'Blind stored XSS due to insecure contact form at https://www.topcoder.com leads to leakage of session token and other PII'
07 Aug 2020
b'Bitwarden'
disclosed a bug submitted by
b'njgadhiya'
b'Server-Side Request Forgery in "icons.bitwarden.net"'
07 Aug 2020
b'GitLab'
disclosed a bug submitted by
b'rhynorater'
b"Full Read SSRF on Gitlab's Internal Grafana"
07 Aug 2020
1
...
233
234
235
236
237
...
693
BY DENIS WERNER - @NOBBD -
IMPRESSUM