REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'TikTok'
disclosed a bug submitted by
b'gnux'
b'HTML Injection on Company Name on Email'
31 Dec 2020
b'TikTok'
disclosed a bug submitted by
b'sniper302'
b'CORS bypass on TikTok Ads Endpoint'
31 Dec 2020
b'Mail.ru'
disclosed a bug submitted by
b'fatal0'
b'Mail.ru for Android - Theft of sensitive data'
31 Dec 2020
b'Mail.ru'
disclosed a bug submitted by
b'derision'
b'SQL Injection at https://lite.r-keeper.ru/site_api/clients/derision/?lang=ru'
31 Dec 2020
b'Mail.ru'
disclosed a bug submitted by
b'myasnikovalexey'
b'CVE-2016-6415 on api-staging.plazius.ru [46.148.201.218]'
31 Dec 2020
b'TikTok'
disclosed a bug submitted by
b'luizviana'
b'Cross Site Scripting using Email parameter in Ads endpoint 2'
30 Dec 2020
b'Badoo'
disclosed a bug submitted by
b'w2w'
b'Possible (we need to wait for some time) takeover of subdomain badootech.badoo.com which is pointing to Medium servers'
30 Dec 2020
b'TikTok'
disclosed a bug submitted by
b'chihuahua'
b'CORS misconfiguration in TikTok ads portal '
30 Dec 2020
b'Mail.ru'
disclosed a bug submitted by
b'nitin1205'
b'Un Authencitated Quartz Pannel with Scheduling tasks '
29 Dec 2020
b'TikTok'
disclosed a bug submitted by
b'luizviana'
b'Cross Site Scripting using Email parameter in Ads endpoint 1'
29 Dec 2020
b'BugPoC'
disclosed a bug submitted by
b'd3f4u17'
b'[BugPOC and Amazon XSS CTF writeup] A CSP Bypass Story'
28 Dec 2020
b'WHO COVID-19 Mobile App'
disclosed a bug submitted by
b'arnonymous'
b'Internal API endpoint is accesible for everyone'
28 Dec 2020
b'Mail.ru'
disclosed a bug submitted by
b'moonwalker'
b'IDOR zakazaka ( )'
28 Dec 2020
b'Shopify'
disclosed a bug submitted by
b'tems'
b'Inject page in admin panel via Shopify.API.pushState [New Payload]'
27 Dec 2020
b'Shopify'
disclosed a bug submitted by
b'tems'
b'Inject page in admin panel via Shopify.API.pushState with protocol invalid'
27 Dec 2020
b'Automattic'
disclosed a bug submitted by
b'subnetix'
b'Tab nabbing via window.opener.location (target "_blank")'
26 Dec 2020
b'Automattic'
disclosed a bug submitted by
b'fuzzme'
b'[tumblr.com] CSRF in /svc/user/filtered_content'
26 Dec 2020
b'Logitech'
disclosed a bug submitted by
b'sudi'
b'CSRF in changing users donation_settings [https://streamlabs.com/api/v6/viewer-portal/viewer-settings/donation_settings]'
26 Dec 2020
b'Logitech'
disclosed a bug submitted by
b'sudi'
b'Stored XSS in [https://streamlabs.com/dashboard#/*goal] pages'
26 Dec 2020
b'Nextcloud'
disclosed a bug submitted by
b'hitman_47'
b'XSS through image upload of contacts using svg file with png extension '
26 Dec 2020
1
...
267
268
269
270
271
...
769
BY DENIS WERNER - @NOBBD -
IMPRESSUM
