REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Mail.ru'
disclosed a bug submitted by
b'kanytu'
b'Insecure storage of private files'
11 Mar 2021
b'Mail.ru'
disclosed a bug submitted by
b'bagipro'
b'[myMail Android] Access to protected app components via RegistrationPhoneActivity'
11 Mar 2021
b'RBKmoney'
disclosed a bug submitted by
b'timyun'
b'Apple Pay cryptogram replay and amount tampering'
10 Mar 2021
b'Open-Xchange'
disclosed a bug submitted by
b'ihsinme'
b'reading the stack data of the imap process'
10 Mar 2021
b'Nextcloud'
disclosed a bug submitted by
b'tinkerermaruthu'
b'Clickjacking URLS'
10 Mar 2021
b'Bitso'
disclosed a bug submitted by
b'haxs101'
b'Injecting html codes'
09 Mar 2021
b'GitLab'
disclosed a bug submitted by
b'pandaonair'
b'[information disclosure] Validate existence of a private project.'
09 Mar 2021
b'Stripo Inc'
disclosed a bug submitted by
b'solov9ev'
b'Stored XSS in the banner block description'
09 Mar 2021
b'Showmax'
disclosed a bug submitted by
b'lordjerry0x01'
b'Parental Pin Bypass'
09 Mar 2021
b'Showmax'
disclosed a bug submitted by
b'kaushikkbadri'
b'xml-rpc file open for public in the domain:https://stories.showmax.com/xmlrpc.php'
09 Mar 2021
b'Xiaomi'
disclosed a bug submitted by
b'h4x0r_dz'
b'Insecure file upload in xiaoai.mi.com Lead to Stored XSS'
09 Mar 2021
b'Status.im'
disclosed a bug submitted by
b'jackb898'
b'HTTP Parameter Pollution with semicolons in iframe allows loading external Greenhouse forms'
08 Mar 2021
b'Kartpay'
disclosed a bug submitted by
b'bugera'
b'Disclosure of Merchant_id into the source code without entered OTP code leads to Victims MID takeover.'
08 Mar 2021
b'GitLab'
disclosed a bug submitted by
b'knack2hack'
b'GraphQL Query leads to sensitive information disclosure'
08 Mar 2021
b'curl'
disclosed a bug submitted by
b'fdolev'
b'Proxy-Authorization header carried to a new host on a redirect'
08 Mar 2021
b'curl'
disclosed a bug submitted by
b'sanchitcfc'
b'Inadequate Cryptographic Key Size and Insecure Cryptographic Mode. File Name :- curl_ntlm_core.c'
08 Mar 2021
b'FetLife'
disclosed a bug submitted by
b'kapkan'
b'Stored XSS via Angular Expression injection via Subject while starting conversation with other users.'
07 Mar 2021
b'Ruby'
disclosed a bug submitted by
b'u75615'
b'DRb denial of service vulnerability'
07 Mar 2021
b'Ruby'
disclosed a bug submitted by
b'offftherecord'
b'Ruby OpenSSL Library - IV Reuse in GCM Mode'
07 Mar 2021
b'Ruby'
disclosed a bug submitted by
b'piao'
b'Command injection in OptionParser.load'
07 Mar 2021
1
...
246
247
248
249
250
...
769
BY DENIS WERNER - @NOBBD -
IMPRESSUM