REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
57
b'ooooooo_q'
50
b'haxta4ok00'
49
b'jon_bottarini'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'GitLab'
disclosed a bug submitted by
b'rpadovani'
b'Stealing data from customers.gitlab.com without user interaction'
26 Aug 2020
b'GitLab'
disclosed a bug submitted by
b'sky003'
b'Initial mirror user can be assigned by other user even if the mirror was removed'
26 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Internal API endpoint discloses full account name of email address associated with unconfirmed user'
26 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Adding a new user discloses their full name in the "Users" section of NR Alerts notification channels page'
26 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Synthetics] Restricted user can view synthetics monitors and user permissions through .json endpoint at /permissions/securablemetadata/{GROUP ID}'
26 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[New Relic Infrastructure] Restricted User can still integrate with AWS via forced browsing (plus, a few other bugs)'
26 Aug 2020
b'Visma Public'
disclosed a bug submitted by
b'risinghunter'
b'Information disclosure to "Permission as auditor" user'
26 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'toannc123'
b'[min-http-server] List any file in the folder by using path traversal.'
26 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'[json-bigint] DoS via `__proto__` assignment'
25 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b'Script Editor preview token still working with uninstalled application, even for unpublished script'
25 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'ryat'
b'Self XSS in Timeline '
25 Aug 2020
b'WordPress'
disclosed a bug submitted by
b'apapedulimu'
b'Stored XSS on Broken Themes via filename'
25 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'saltymermaid'
b'Ability to see password protected content by bypassing the password page of shopify preview URL for new development stores (as of August 17, 2020)'
25 Aug 2020
b'HackerOne'
disclosed a bug submitted by
b'bugra'
b"Recently added 'Country' field doesn't send email notification when changed"
25 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'macasun'
b'Prototype pollution attack (lodash)'
25 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'ngalog'
b'Path Traversal in App Proxy'
24 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'mik317'
b'[windows-edge] RCE via insecure command formatting'
24 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b'Stocky App Administrator can create a backdoor admin account by using an existing POS User'
24 Aug 2020
b'Smule'
disclosed a bug submitted by
b'absshax'
b'[com.smule.autorap.*] Cloud Messaging/Push Notification service takeover due to clear-text usage of Legacy FCM Server keys in the client app '
24 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'langduvnsec'
b'STAFF "No-Permissions" on the Store can retrieve the details Order via exchangeReceiptSend'
24 Aug 2020
1
...
251
252
253
254
255
...
719
BY DENIS WERNER - @NOBBD -
IMPRESSUM
