REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
81
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
60
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Restricted user can add and delete tags of APM key transactions '
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Restricted user can remove NerdStorage documents/collections scoped to ACCOUNT or ENTITY'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Restricted user can update Apdex target for applications by leveraging the GraphQL mutation'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b"Account owner/admin can't actually delete personal users' API keys"
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Ability to buy PRO subscriptions by arbitrary reduced prices'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Cross-account reading of Insights dashboards through GraphQL'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b"Restricted user can manage the NerdGraph entities' tags"
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored XSS at Synthetics private locations (planted through location label or description)'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Attacker can create new account inside any partnership with no approve from the Partnership owner'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Secure credentials values disclosure to regular users due to access control issue in monitor creating function'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'arsene_lupin'
b'One Click Remote Code Injection - *.blog.newrelic.com'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored XSS at APM transaction map (transactionName field)'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Cross-account stored XSS at embedded charts'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b"Ability to run monitors' jobs of other accounts and to read these jobs content (including the secure credentials values)"
13 Aug 2020
b'InnoGames'
disclosed a bug submitted by
b'aeswagyewgyes'
b'Stored XSS on recruit.innogames.de'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored admin-to-owner XSS at infrastructure alerts runbook URL leading to account takeover by malicious admin'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Disclosure of locally served nerdpacks due to nr-local.net CORS policy misconfiguration'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'NR-wide cross account access through misconfigured CORS-policy of multiple endpoints'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored XSS in notes (charts) because of insecure chart data JSON generation'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Passive stored XSS at Synthetics job result page (View resource)'
13 Aug 2020
1
...
271
272
273
274
275
...
734
BY DENIS WERNER - @NOBBD -
IMPRESSUM