Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'57 
b'ooooooo_q'50 
b'haxta4ok00'49 
b'jon_bottarini'49 

the unofficial HackerOne disclosure timeline.

X
b'Shopify' disclosed a bug submitted by b'nooblife' 
b'*.shopify.com - Authentication bypass'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'meow-hacker-meow' 
b'Subdomain takeover in help.tictail.com pointing to Zendesk (a Shopify acquisition)'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'zwail' 
b'xss stored in https://your store.myshopify.com/admin/'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'jaka_tingkir' 
b'increased privileges on staff account'
24 Aug 2020 timeline
b'Trint Ltd' disclosed a bug submitted by b'dopaminedetox' 
b'SSO bypass in zendesk using trint organization able to leak internal ticket information'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Restricted user is able to delete filter sets of admin users in https://infrastructure.newrelic.com/accounts/{{ACC#}}/settings/filterSets'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'(Prerelease UI) Stored XSS via role name in JSON chart'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'NRQL Query allows restricted user to pull all data from Synthetics monitors without having read permissions enabled '
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Stored XSS via "my recent queries" selector in NRQL dashboard builder'
24 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'harshita174' 
b'No Valid SPF Records'
24 Aug 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'catenacyber' 
b'Null dereference in mcht_relational_validate ext-relational-common.c:136'
24 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'cyc0rpion' 
b'User registration using public domain email like gmail in place of professional email.'
24 Aug 2020 timeline
b'HackerOne' disclosed a bug submitted by b'haxta4ok00' 
b"Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted"
24 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[cloudron-surfer] Denial of Service via LDAP Injection'
22 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[meemo-app] Denial of Service via LDAP Injection'
22 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[extra-asciinema] Command Injection via insecure command formatting'
22 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b'CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse. '
21 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b'ClickJacking on IMPORTANT Functions of Yelp'
21 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b'Unauthorized Use of Victim Credit Card'
21 Aug 2020 timeline
1 ... 252 253 254 255 256 ... 719
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM