REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
57
b'ooooooo_q'
50
b'haxta4ok00'
49
b'jon_bottarini'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'QIWI'
disclosed a bug submitted by
b'0x3c3e'
b'Keychain data persistence may lead to account takeover'
07 Sep 2020
b'BugPoC'
disclosed a bug submitted by
b'hackk9'
b'Reading arbitrary files via running arbitrary python code'
06 Sep 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[extend-merge] Prototype pollution'
06 Sep 2020
b'Topcoder'
disclosed a bug submitted by
b'laz0rde'
b'Reflected-XSS on https://www.topcoder.com/tc via pt parameter'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'GET request to accounts.json on support site leaks the root account license key and the browser license key to a restricted user'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Logic flaw enables restricted account to access account license key'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Synthetics] (IDOR) Ability to see full name associated with other New Relic accounts through workaround of #255894'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[Synthetics/Infrastructure/everything] Individual account permissions are not properly managed and inherited on sub accounts '
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Full name of other accounts exposed through NR API Explorer (another workaround of #476958)'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Alerts/Synthetics] IDOR through /policies.json with Synthetics exposes full name of other NR users'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Ability to view monitor names of other NR accounts through internal API (v3) via "monitor_id" parameter '
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Upgrade menu exposes the mobile application token meant to only be visible to administrators '
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Insights] IDOR - Modify the filter settings for any NR Insights dashboard through internal_api endpoint'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Restricted user can bypass permissions restriction to create NR Alert policies'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Alerts/Synthetics?] User with no Synthetics permissions can view synthetic monitor details through /internal_api/ endpoint'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Alerts] Internal API exposes Synthetics monitor details to a restricted user without view monitor permissions'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Permissions leaks the full name of other NR accounts - Regression of #267636'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Infrastructure] Restricted user can update integration provider account name via integrations API'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Insights] Data app permissions setting does not fully prevent other users from modifying/changing changing data related to your data app '
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'IDOR via internal_api "users" endpoint '
04 Sep 2020
1
...
247
248
249
250
251
...
719
BY DENIS WERNER - @NOBBD -
IMPRESSUM
