REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'VK.com'
disclosed a bug submitted by
b'onlymalelove'
b' vk.com. ( , .)'
09 Apr 2021
b'Shopify'
disclosed a bug submitted by
b'fatal0'
b'XSS at https://exchangemarketplace.com/blogsearch'
09 Apr 2021
b'Shopify'
disclosed a bug submitted by
b'g4mm4'
b'https://themes.shopify.com::: Host header web cache poisoning lead to DoS'
08 Apr 2021
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b"[h1-2102] Partner's team member with no permission can retrieve services financial data"
08 Apr 2021
b'Shopify'
disclosed a bug submitted by
b'ramsexy'
b"[h1-2102] [Yaworski's Broskis] Low privilege user can read POS PINs via graphql and elevate his privilege"
08 Apr 2021
b'Shopify'
disclosed a bug submitted by
b'luc1d'
b'Stored XSS on apps.shopify.com'
08 Apr 2021
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'skarsom'
b'Sending trusted and emails through public API endpoint in site'
08 Apr 2021
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'skarsom'
b'RCE in subdomain via CVE-2017-1000486'
08 Apr 2021
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'skarsom'
b'IDOR on https:// via POST UID enables database scraping'
08 Apr 2021
b'Shopify'
disclosed a bug submitted by
b'fr4via'
b"The POS app doesn't revoke the Xauth token "
08 Apr 2021
b'Shopify'
disclosed a bug submitted by
b'saltymermaid'
b'Staff with no permissions could possibly list and accept billing promotions'
08 Apr 2021
b'OpenSSL (IBB)'
disclosed a bug submitted by
b'reaperhulk'
b'Integer overflow in CipherUpdate'
08 Apr 2021
b'Ruby'
disclosed a bug submitted by
b'bugdiscloseguys'
b'Path traversal in Tempfile on windows OS due to unsanitized backslashes'
07 Apr 2021
b'Tube8'
disclosed a bug submitted by
b'bubbounty'
b'CRITICAL ISSUE : Leak of all accounts mail login md5 pass and more'
06 Apr 2021
b'Mail.ru'
disclosed a bug submitted by
b'kwel'
b'XSS " " [city-mobil.ru/taxiserv]'
06 Apr 2021
b'Mail.ru'
disclosed a bug submitted by
b'homosec'
b'DOM based XSS via postMessage at store.my.games'
06 Apr 2021
b'Mail.ru'
disclosed a bug submitted by
b'p4fg'
b'DOM XSS on https://biz.mail.ru/domains/goto/mail/ via parameter pollution'
06 Apr 2021
b'Mail.ru'
disclosed a bug submitted by
b'gevakun'
b'Exposed Credentials May Leads to Tarantool Infrastructure Leak'
06 Apr 2021
b'Mail.ru'
disclosed a bug submitted by
b'gevakun'
b'"blog.skillfactory.ru" Vulnerable to Directory Traversal '
06 Apr 2021
b'Mail.ru'
disclosed a bug submitted by
b'gevakun'
b'This Github Repository Seems Leaking Incoming Samokat Project'
06 Apr 2021
1
...
237
238
239
240
241
...
769
BY DENIS WERNER - @NOBBD -
IMPRESSUM