REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
58
b'ooooooo_q'
52
b'haxta4ok00'
49
b'jon_bottarini'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Enjin'
disclosed a bug submitted by
b'19whoami19'
b'Cloudflare /cdn-cgi/ path allows resizing images from unauthorised sources on enjinusercontent.com'
19 Jun 2024
b'HackerOne'
disclosed a bug submitted by
b'0x999'
b'Ability to bulk submit reports via query named based batching'
19 Jun 2024
b'LinkedIn'
disclosed a bug submitted by
b'find_me_here'
b'Attackers can *Upgrade and claim offer* on the Premium Trial Subscription with a total price of *IDR0.00* from the original *IDR7,022,061.82*'
18 Jun 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'sp1d3rs'
b'[HTAF4-213] [Pre-submission] HTTPOnly session cookie exposure on the /csstest endpoint'
18 Jun 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'sp1d3rs'
b'Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https:// ()'
18 Jun 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'sp1d3rs'
b'[CVE-2018-0296] Cisco VPN path traversal on the https:/// (..mil)'
18 Jun 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'sp1d3rs'
b'[HTAF4-213] [Pre-submission] Unsafe AMF deserialization (CVE-2017-5641) in Apache Flex BlazeDS at the https://www./daip/messagebroker/amf'
18 Jun 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'sp1d3rs'
b'[CVE-2018-0296] Cisco VPN path traversal on the https://'
18 Jun 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'sp1d3rs'
b'[CVE-2018-0296] Cisco VPN path traversal on the https:/// (.mil)'
18 Jun 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'maskedpersian'
b'Out-Of-Bounds Memory Read on '
18 Jun 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'ezequielpuig'
b'Subdomain Takeover via Host Header Injection on www.'
18 Jun 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'sp1d3rs'
b'[HTAF4-213] [Pre-submission] XSS via arbitrary cookie name at the https://www2./nssi/core/dot_stu_reg/Registration.aspx'
18 Jun 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'adam_wallwork'
b'CVE-2021-39226 Discovered on endpoint https:///api/snapshots'
18 Jun 2024
b'curl'
disclosed a bug submitted by
b'splitline'
b'Unicode-to-ASCII conversion on Windows can lead to argument injection and more'
18 Jun 2024
b'curl'
disclosed a bug submitted by
b'z3r0yu'
b'Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities'
18 Jun 2024
b'curl'
disclosed a bug submitted by
b'stux3net08'
b'Denial of Service in curl Request - HTTP headers eat all memory'
18 Jun 2024
b'Nextcloud'
disclosed a bug submitted by
b'mohs3n'
b'see card comments after remove shared board'
18 Jun 2024
b'HackerOne'
disclosed a bug submitted by
b'akashhamal0x01'
b'Access Control Vulnerability Enabling Unauthorized Access to Limited Disclosure Reports'
17 Jun 2024
b'Mozilla'
disclosed a bug submitted by
b'erdy'
b'Account deletion using the /v1/account/destroy API endpoint using account password without 2FA verification'
17 Jun 2024
b'Drugs.com'
disclosed a bug submitted by
b'akhan8041'
b'Email OTP/2FA Bypass'
16 Jun 2024
1
...
26
27
28
29
30
...
724
BY DENIS WERNER - @NOBBD -
IMPRESSUM
