REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'SEMrush'
disclosed a bug submitted by
b'yashrs'
b'An attacker can buy marketplace articles for lower prices as it allows for negative quantity values leading to business loss'
02 Apr 2020
b'SEMrush'
disclosed a bug submitted by
b'nikitastupin'
b'Content Injection on api.semrush.com to Reflected XSS'
02 Apr 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'sontungatm'
b'[utils-extend] Prototype pollution '
02 Apr 2020
b'Slack'
disclosed a bug submitted by
b'jhancock'
b'Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation'
01 Apr 2020
b'Razer'
disclosed a bug submitted by
b'sambal0x'
b'[Razer Pay] Broken Access Control at /v1/verifyPhone/ allows enumeration of usernames and ID information'
01 Apr 2020
b'Razer'
disclosed a bug submitted by
b'p3rr0'
b'Access to support tickets and payment history, impersonate razer support staff'
01 Apr 2020
b'Shopify'
disclosed a bug submitted by
b'ngalog'
b'[Part II] Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation'
01 Apr 2020
b'Shopify'
disclosed a bug submitted by
b'ngalog'
b'Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO'
01 Apr 2020
b'Shopify'
disclosed a bug submitted by
b'ngalog'
b'Able to Takeover Merchants Accounts Even They Have Already Setup SSO, After Bypassing the Email Confirmation'
01 Apr 2020
b'Ubiquiti Inc.'
disclosed a bug submitted by
b'ajxchapman'
b'UniFi Video web interface Configuration Restore user privilege escalation'
01 Apr 2020
b'Ubiquiti Inc.'
disclosed a bug submitted by
b'ajxchapman'
b'UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise'
01 Apr 2020
b'Starbucks'
disclosed a bug submitted by
b'neweq'
b'China - Leaked credentials permitted a limited ability to create Starbucks coupons and cards'
01 Apr 2020
b'Ubiquiti Inc.'
disclosed a bug submitted by
b'b0yd'
b'UniFi Video v3.10.1 (Windows) Local Privileges Escalation to SYSTEM from arbitrary filedelete and DLL hijack vulnerabilities.'
01 Apr 2020
b'Starbucks'
disclosed a bug submitted by
b'0xpatrik'
b'China \xe2\x80\x93 Limited Partner PII Regarding Work Scheduling via Unauthenticated API Endpoint'
01 Apr 2020
b'Rocket.Chat'
disclosed a bug submitted by
b'codermak'
b'API Keys Hardcoded in Github repository'
01 Apr 2020
b'Open-Xchange'
disclosed a bug submitted by
b'catenacyber'
b'Buffer over-reads in i_stream_zlib_read'
01 Apr 2020
b'Open-Xchange'
disclosed a bug submitted by
b'catenacyber'
b' Null pointer dereference in SMTP server function smtp_command_parse_data_with_size'
01 Apr 2020
b'Endless Hosting'
disclosed a bug submitted by
b'pr3r00t'
b'Lets Encrypt Certificates affected by CAA Rechecking Incident'
01 Apr 2020
b'lemlist'
disclosed a bug submitted by
b'ctulhu'
b'Unrestricted File Upload on https://app.lemlist.com'
01 Apr 2020
b'Visma Bug Bounty Program'
disclosed a bug submitted by
b'hamzaavvvan'
b'Open Redirection In connect.identity.stagaws.visma.com'
01 Apr 2020
1
...
270
271
272
273
274
...
692
BY DENIS WERNER - @NOBBD -
IMPRESSUM