REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'WordPress'
disclosed a bug submitted by
b'0_loophole_'
b'Clickjacking on donation page'
16 Jul 2020
b'WordPress'
disclosed a bug submitted by
b'lamscun'
b'CSRF on comment post'
16 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'hiffley'
b'GraphQL AdminGenerateSessionPayload is leaked to staff with no permission'
16 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'nsl182'
b'Account takeover intercepting magic link for Arrive app'
15 Jul 2020
b'MTN Group'
disclosed a bug submitted by
b'tounsi_007'
b'Accessible Restricted directory on [bcm-bcaw.mtn.cm]'
15 Jul 2020
b'New Relic'
disclosed a bug submitted by
b'ldionmarcil'
b'[synthetics.newrelic.com] SMTP header injection leads to (mass) arbitrary email sending'
15 Jul 2020
b'Zomato'
disclosed a bug submitted by
b'bigbug'
b'Possible to enumerate Addresses of users using AddressId and guessing the delivery_subzone'
15 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b"Ability to link a Google account to another staff account/store owner that isn't linked yet"
14 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'imranhudaa'
b"user with no draft order permission can still perform action on draft order's in stocky app (idor)"
14 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'priyanshuxo'
b'Subdomain Takeover of multiple *.ttcdn.co domains'
14 Jul 2020
b'Razer'
disclosed a bug submitted by
b'pandaonair'
b'Race Condition in Oauth 2.0 flow can lead to malicious applications create multiple valid sessions'
14 Jul 2020
b'Razer'
disclosed a bug submitted by
b's3cr3tsdn'
b'[api.easy2pay.co] SQL Injection in cashcard via card_no parameter ??Bypassing IP whitelist??'
14 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'sreeju_kc'
b'IDOR on stocky application-Low Stock-Varient-Settings-Columns'
14 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'zonduu'
b'Open Redirect - www.shopify.com'
14 Jul 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'natanalves01001'
b'(CORS) Cross-origin resource sharing misconfiguration'
14 Jul 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'balisong'
b' SharePoint Web Services Exposed to Anonymous Access Users'
14 Jul 2020
b'Mail.ru'
disclosed a bug submitted by
b'woj_ciech'
b'Sensitive information exposure via git commit'
13 Jul 2020
b'Mail.ru'
disclosed a bug submitted by
b'hunter_py'
b'Reflected XSS on http://info.ucs.ru/settings/check/'
13 Jul 2020
b'Mail.ru'
disclosed a bug submitted by
b'weev3kyaw'
b'Stored XSS that allow an attacker to read victim mailboxes contacts in mail.ru and my.com application'
13 Jul 2020
b'Mail.ru'
disclosed a bug submitted by
b'm7mdharoun'
b'Subdomain Takeover at blog.instamart.ru'
13 Jul 2020
1
...
241
242
243
244
245
...
694
BY DENIS WERNER - @NOBBD -
IMPRESSUM