REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Mail.ru'
disclosed a bug submitted by
b'derision'
b'SQL Injection [unauthenticated] with direct output at https://news.mail.ru/'
30 Oct 2020
b'Basecamp'
disclosed a bug submitted by
b'carbon61'
b'CSRF on launchpad.37signals.com OAuth2 authorization endpoint'
30 Oct 2020
b'Mail.ru'
disclosed a bug submitted by
b'mainteemoforfun'
b'[api.my.games/social/chat/multi/add] Privilege escalation on adding new members to group chat '
30 Oct 2020
b'Bitwala'
disclosed a bug submitted by
b'soe_htet'
b'Open Redirect on https://go.bitwala.com/'
30 Oct 2020
b'TikTok'
disclosed a bug submitted by
b'gnux'
b'Bypass "Industry Documents" Validation'
29 Oct 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'ryotak'
b'[zenn-cli] Path traversal on Windows allows the attacker to read arbitrary .md files'
29 Oct 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'mik317'
b'[expressjs-ip-control] Whitelist IP bypass leads to authorization bypass and sensitive info disclosure'
29 Oct 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'prathis'
b' [ts-dot-prop] Prototype Pollution'
29 Oct 2020
b'Mail.ru'
disclosed a bug submitted by
b'haxonaut'
b'Multiple SQL Injections and constrained LFI in esk-static.3igames.mail.ru'
29 Oct 2020
b'curl'
disclosed a bug submitted by
b'brumbrum'
b'Parallel upload hangs curl if upload file not found'
29 Oct 2020
b'Ruby'
disclosed a bug submitted by
b'piao'
b'Potential HTTP Request Smuggling in ruby webrick'
29 Oct 2020
b'Tube8'
disclosed a bug submitted by
b'ramsexy'
b'Blind SQL injection in Hall of Fap'
29 Oct 2020
b'Agoric'
disclosed a bug submitted by
b'sickcodes'
b'Stored XSS in agoric-sdk - malicious iframes, malicious svg'
28 Oct 2020
b'Agoric'
disclosed a bug submitted by
b'sickcodes'
b'Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS'
28 Oct 2020
b'Basecamp'
disclosed a bug submitted by
b'hazimaslam'
b'HTTP request smuggling on Basecamp 2 allows web cache poisoning'
28 Oct 2020
b'Basecamp'
disclosed a bug submitted by
b'hazimaslam'
b'Unauthenticated request smuggling on launchpad.37signals.com'
28 Oct 2020
b'Mail.ru'
disclosed a bug submitted by
b'devirok'
b' http://login.aa.mail.ru/logs/'
28 Oct 2020
b'Nextcloud'
disclosed a bug submitted by
b'dschuermann'
b'PIN for passwordless WebAuthn is asked for but not verified'
28 Oct 2020
b'Nextcloud'
disclosed a bug submitted by
b'daniel_calvino_sanchez'
b'The password of a mail share is not hashed if the password is given when the share is created'
28 Oct 2020
b'Nextcloud'
disclosed a bug submitted by
b'lynn-stephenson'
b'Reduced purmations on encryption'
28 Oct 2020
1
...
253
254
255
256
257
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM
