the unofficial HackerOne disclosure timeline.

X
b'Automattic' disclosed a bug submitted by b'sudi' 
b'Reflected XSS in https://www.intensedebate.com/js/getCommentLink.php'
30 Jan 2021 timeline
b'Nextcloud' disclosed a bug submitted by b'nathand' 
b'nextcloud-snap CircleCI project has vulnerable configuration which can lead to exposing secrets'
29 Jan 2021 timeline
b'Mail.ru' disclosed a bug submitted by b'dgirlwhohacks' 
b'Reflected XSS & Open Redirect at mcs main domain'
29 Jan 2021 timeline
b'Automattic' disclosed a bug submitted by b'boy_child_' 
b'Permanent DoS at https://happy.tools/ when inviting a user'
29 Jan 2021 timeline
b'Mail.ru' disclosed a bug submitted by b'dawning12' 
b'CSRF on api.my.games due to improper validation of token allows an attacker to delete other users notifications'
27 Jan 2021 timeline
b'Open-Xchange' disclosed a bug submitted by b'jub0bs' 
b'Some build dependencies are downloaded over an insecure channel (without subsequent integrity checks)'
26 Jan 2021 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'ihsinme' 
b'ihsinme: CPP Add query for CWE-14 compiler removal of code to clear buffers.'
26 Jan 2021 timeline
b'Revive Adserver' disclosed a bug submitted by b'solov9ev' 
b'Reflected XSS on /admin/stats.php'
26 Jan 2021 timeline
b'Revive Adserver' disclosed a bug submitted by b'solov9ev' 
b'Reflected XSS on /admin/userlog-index.php'
26 Jan 2021 timeline
b'Nextcloud' disclosed a bug submitted by b'makerlab' 
b'Denial of Service by requesting to reset a password'
25 Jan 2021 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'val_brux' 
b'Reflected XSS www. search form'
25 Jan 2021 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'hemantsolo' 
b'Old Session Does Not Expires After Password Change'
25 Jan 2021 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'm4xp0w3r' 
b'mill is vulnerable to cross site request forgery that leads to full account take over.'
25 Jan 2021 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'raywando' 
b'Full account takeover on https://.mil'
25 Jan 2021 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'ahmedelmalky' 
b'Blind stored XSS due to insecure contact form at https://.mil leads to leakage of session token and '
25 Jan 2021 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'nagli' 
b'Reflected XSS on https://html?url'
25 Jan 2021 timeline
b'New Relic' disclosed a bug submitted by b'wi11' 
b'HTML injection at Alert email'
25 Jan 2021 timeline
b'NordVPN' disclosed a bug submitted by b'cyku' 
b'Possible RCE through Windows Custom Protocol on Windows client'
25 Jan 2021 timeline
b'Stripo Inc' disclosed a bug submitted by b'kapkan' 
b"Able to use 'PREMIUM TEMPLATES' in 'FREE PLAN' at [https://my.stripo.email/cabinet/#/my-templates/]"
25 Jan 2021 timeline
b'Ruby' disclosed a bug submitted by b'hanno' 
b'Net::SMTP with tls allows forged certificates as long as the hostname matches'
25 Jan 2021 timeline
1 ... 257 258 259 260 261 ... 769
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM