REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
58
b'ooooooo_q'
52
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored XSS at APM transaction map (transactionName field)'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Cross-account stored XSS at embedded charts'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b"Ability to run monitors' jobs of other accounts and to read these jobs content (including the secure credentials values)"
13 Aug 2020
b'InnoGames'
disclosed a bug submitted by
b'aeswagyewgyes'
b'Stored XSS on recruit.innogames.de'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored admin-to-owner XSS at infrastructure alerts runbook URL leading to account takeover by malicious admin'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Disclosure of locally served nerdpacks due to nr-local.net CORS policy misconfiguration'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'NR-wide cross account access through misconfigured CORS-policy of multiple endpoints'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored XSS in notes (charts) because of insecure chart data JSON generation'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Passive stored XSS at Synthetics job result page (View resource)'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Cross-account stored XSS at notes (through "swf" note parameter)'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored XSS at Mobile (Versions tab)'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'CSRF at adding new role (user-management.service.newrelic.com)'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Site-wide clickjacking at IE11'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b"Urgent! Stored XSS at plugin's violations leading to account takeover"
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored XSS firing at transaction map (applicationName field)'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored XSS at APM key transactions list'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored XSS firing at the "Add chart to note" popup'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'CSTI at Plugin page leading to active stored XSS (Publisher name)'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'CSTI fix (#587829) bypass leading to stored XSS at plugins again'
13 Aug 2020
1
...
268
269
270
271
272
...
730
BY DENIS WERNER - @NOBBD -
IMPRESSUM
