REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
84
b'linkks'
75
b'jobert'
70
b'nyymi'
67
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Slack'
disclosed a bug submitted by
b'cyanpiny'
b'DoS on the Direct Messages'
11 Nov 2020
b'Mail.ru'
disclosed a bug submitted by
b'olidayw'
b"Disclosure of personal support email addresses on 'support-fleet.city-mobil.ru'"
11 Nov 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'ryotak'
b'[node-downloader-helper] Path traversal via Content-Disposition header'
11 Nov 2020
b'Google'
disclosed a bug submitted by
b'oversecured'
b"CVE-2020-8913 - Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC"
11 Nov 2020
b'Slack'
disclosed a bug submitted by
b'secalert'
b'Access to some Slack workspace metadata and settings available to unauthorized parties'
10 Nov 2020
b'Slack'
disclosed a bug submitted by
b'bubbounty'
b'Possibility to freeze/crash the host system of all Slack Desktop users easily'
10 Nov 2020
b'Slack'
disclosed a bug submitted by
b'pclinger'
b'Uninstalling Slack for Windows (64-bit), then reinstalling keeps you logged in without authentication'
10 Nov 2020
b'BugPoC'
disclosed a bug submitted by
b'pirateducky'
b'csp bypass leads to xss on wacky.buggywebsite.com'
10 Nov 2020
b'VK.com'
disclosed a bug submitted by
b'davscol94'
b'XSS Reflected in m.vk.com'
10 Nov 2020
b'Basecamp'
disclosed a bug submitted by
b'tw4v3sx'
b'a very long name in hey.com can prevent anyone from accessing their contacts and probably can cause denial of service'
10 Nov 2020
b'Dropbox'
disclosed a bug submitted by
b'sayaanalam'
b'Server Side Request Forgery (SSRF) at app.hellosign.com leads to AWS private keys disclosure'
10 Nov 2020
b'Acronis'
disclosed a bug submitted by
b'sayaanalam'
b'Ticket Trick at https://account.acronis.com'
10 Nov 2020
b'GitHub Security Lab'
disclosed a bug submitted by
b'luchua'
b'Java: Detect remote source from Android intent extra'
09 Nov 2020
b'Brave Software'
disclosed a bug submitted by
b'root_geek'
b'No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org'
09 Nov 2020
b'HackerOne'
disclosed a bug submitted by
b'nahamsec'
b"Blind Stored XSS in HackerOne's Sal 4.1.4.2149 (sal..com)"
09 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'silentbreach'
b'IDOR + Account Takeover [UNAUTHENTICATED]'
09 Nov 2020
b'Badoo'
disclosed a bug submitted by
b'rijall404'
b'XSS DI BIODATA'
09 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'i_hack_everyone'
b'CSRF to account takeover in https:///'
09 Nov 2020
b'Stripo Inc'
disclosed a bug submitted by
b'bminossi'
b'Race condition on my.stripo.email at /cabinet/stripeapi/v1/projects/298427/emails/folders uri'
09 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'0xwintermute'
b'Guest users can change the confidentiality attribute on those issues that have been assigned to them'
09 Nov 2020
1
...
263
264
265
266
267
...
752
BY DENIS WERNER - @NOBBD -
IMPRESSUM
