REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Uber'
disclosed a bug submitted by
b'healdb'
b'Outdated Wordpress installation and plugins at www.uberxgermany.com create CSRF and XSS vulnerabilities'
25 Feb 2021
b'Uber'
disclosed a bug submitted by
b'tomnomnom'
b'[Pre-Submission][H1-4420-2019] API access to Phabricator on code.uberinternal.com from leaked certificate in git repo'
25 Feb 2021
b'Uber'
disclosed a bug submitted by
b'fawazxq'
b'Disclosure of Co-Rider user (Uber-pooling) profile picture at Amazon AWS Cloudfront within HTTP RESPONSE '
25 Feb 2021
b'Uber'
disclosed a bug submitted by
b'phwd'
b'Listing of email addresses of whitelisted business users visible at business.uber.com'
25 Feb 2021
b'Uber'
disclosed a bug submitted by
b'rijalrojan'
b'Uber employees are sharing information on productforums.google.com'
25 Feb 2021
b'Uber'
disclosed a bug submitted by
b'0xd0m7'
b'[usuppliers.uber.com] - Server Side Request Forgery via XXE OOB'
25 Feb 2021
b'Uber'
disclosed a bug submitted by
b'orange'
b'Arbitrary File Reading on Uber SSL VPN'
25 Feb 2021
b'Weblate'
disclosed a bug submitted by
b'anotherhoax'
b'Race Condition allows to get more free trials and get more than 100 languages and strings for free'
25 Feb 2021
b'CS Money'
disclosed a bug submitted by
b'gatolouco'
b'Cookie poisoning leads to DOS and Privacy Violation'
25 Feb 2021
b'Dropbox'
disclosed a bug submitted by
b'cybxis'
b"`account_info.read` scope OAuth app access token can change token owner's account name."
25 Feb 2021
b'Automattic'
disclosed a bug submitted by
b'telaviv_h4x0r'
b'information disclosure lead to disclose users private notes'
25 Feb 2021
b'FetLife'
disclosed a bug submitted by
b'kapkan'
b'Stored XSS via `Create a Fetish` section.'
25 Feb 2021
b'Logitech'
disclosed a bug submitted by
b'nrockhouse'
b'SSRF allows reading AWS EC2 metadata using "readapi" variable in Streamlabs Cloudbot'
24 Feb 2021
b'Shopify'
disclosed a bug submitted by
b'todayisnew'
b'Subdomain Takeover Via unclaimed Heroku Instance tim-exclusive.shopify.com'
24 Feb 2021
b'Legal Robot'
disclosed a bug submitted by
b'todayisnew'
b'AWS hosting bucket for Legal Robots set as public browse and list contents: s3://legalrobot'
24 Feb 2021
b'Grab'
disclosed a bug submitted by
b'todayisnew'
b' Subdomain Takeover Via Insecure CloudFront Distribution cdn.grab.com'
24 Feb 2021
b'Uber'
disclosed a bug submitted by
b'alexbirsan'
b'RCE via npm misconfig -- installing internal libraries from the public registry'
24 Feb 2021
b'Uber'
disclosed a bug submitted by
b'orange'
b'Pre-auth Remote Code Execution on multiple Uber SSL VPN servers'
24 Feb 2021
b'Uber'
disclosed a bug submitted by
b'm4k'
b'Cookie Bombing cause DOS - businesses.uber.com'
24 Feb 2021
b'Uber'
disclosed a bug submitted by
b'gamer7112'
b'Reflected XSS on https://www.uber.com'
24 Feb 2021
1
...
249
250
251
252
253
...
769
BY DENIS WERNER - @NOBBD -
IMPRESSUM