REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'BlockFi'
disclosed a bug submitted by
b'akitech'
b'credentials found in config file on github'
28 Apr 2021
b'Logitech'
disclosed a bug submitted by
b'mrmax4o4'
b'Privilege Escalation Leads to Control The Owner Access Token Which leads to control the stream [streamlabs.com]'
27 Apr 2021
b'VK.com'
disclosed a bug submitted by
b'whoami991'
b'Member still able close another user poll on communities topic'
27 Apr 2021
b'QIWI'
disclosed a bug submitted by
b'kalimer0x00'
b'MobileIron Unauthenticated RCE on mdm.qiwi.com with WAF bypass'
27 Apr 2021
b'Lark Technologies'
disclosed a bug submitted by
b'jin0ne'
b'SSRF with information disclosure'
27 Apr 2021
b'Node.js third-party modules'
disclosed a bug submitted by
b'0b5cur17y'
b'[i18next] Prototype pollution attack'
26 Apr 2021
b'Nextcloud'
disclosed a bug submitted by
b'rtod'
b'Unexpected federated shares added via public link'
26 Apr 2021
b'Nextcloud'
disclosed a bug submitted by
b'rtod'
b'Password policy changes not enforced for existing passwords'
26 Apr 2021
b'New Relic'
disclosed a bug submitted by
b'abhiram'
b'Getting API access key Through Introspection query Graphql'
26 Apr 2021
b'OpenMage'
disclosed a bug submitted by
b'merbin'
b'No error thrown when IDOR attempted while editing address'
26 Apr 2021
b'MTN Group'
disclosed a bug submitted by
b'tounsi_007'
b'Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-10271]'
25 Apr 2021
b'MTN Group'
disclosed a bug submitted by
b'tounsi_007'
b'Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-3506]'
25 Apr 2021
b'OpenMage'
disclosed a bug submitted by
b'grmx'
b' Sharing products with Mail allows phishing attacks due to misconfiguration.'
25 Apr 2021
b'Mail.ru'
disclosed a bug submitted by
b'p1006'
b'[Plazius] SSRF Fiddler 46.148.201.206:10121'
24 Apr 2021
b'Avito'
disclosed a bug submitted by
b'kxyry'
b'[avito.ru] ImageMagick uninitialized image palette'
24 Apr 2021
b'U.S. General Services Administration'
disclosed a bug submitted by
b'alihassam95'
b'IDOR at training.smartpay.gsa.gov/reports/quizzes-taken-by-user'
24 Apr 2021
b'Mail.ru'
disclosed a bug submitted by
b'stanhates'
b'relap.io/admin/api - API '
23 Apr 2021
b'Mail.ru'
disclosed a bug submitted by
b'tounsi_007'
b'Account Takeover on [ls5-dev.ucs.ru]'
23 Apr 2021
b'Mail.ru'
disclosed a bug submitted by
b'mkhazov'
b'Bitbucket public repo leaking credentials from the 1C Enterprise system used by Samokat'
23 Apr 2021
b'Mail.ru'
disclosed a bug submitted by
b'tounsi_007'
b'Brute Force due to Weak security credentials lead access to LICENSE SYSTEM Web Server on [l.ucs.ru]'
23 Apr 2021
1
...
233
234
235
236
237
...
769
BY DENIS WERNER - @NOBBD -
IMPRESSUM