REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Dropcontact'
disclosed a bug submitted by
b'aungkyawphyo'
b'Django DEBUG mode enabled and leaked system information.'
21 Aug 2020
b'Dropcontact'
disclosed a bug submitted by
b'try___for_impossible'
b'Information Disclosure through DEBUG at Subscription [https://app.dropcontact.io/app/subscription?connector=salesforce](CRITICAL)'
21 Aug 2020
b'Dropcontact'
disclosed a bug submitted by
b'elmahdi'
b'Registering with email [ +70 Chars ] Lead to Disclose some informations [Django Debug Mode ]'
21 Aug 2020
b'GitHub Security Lab'
disclosed a bug submitted by
b'someonenobbd'
b'Java: CWE-522 Insecure basic authentication'
20 Aug 2020
b'GitHub Security Lab'
disclosed a bug submitted by
b'someonenobbd'
b'[javascript] CWE-117: CodeQL query to detect Log Injection'
20 Aug 2020
b'Dropcontact'
disclosed a bug submitted by
b'n1m0'
b"Dropcontact's disclosed report is exposing Private/Confidential information"
20 Aug 2020
b'DuckDuckGo'
disclosed a bug submitted by
b'sijisu'
b'DOM XSS on duckduckgo.com search'
20 Aug 2020
b'Dropcontact'
disclosed a bug submitted by
b'try___for_impossible'
b"API key is not validated for C.R.M integration [Pipedrive] of LOGGED IN USER, A user can use another USER'S API key for this operation."
20 Aug 2020
b'Twitter'
disclosed a bug submitted by
b'filedescriptor'
b'Insufficient validation on Digits bridge'
20 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'0x1337r00t'
b'[supermixer] Prototype pollution'
20 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[extra-ffmpeg] Command Injection via insecure command formatting'
20 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[object-path-set] Prototype pollution'
20 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[vboxmanage.js] Command Injection via insecure command concatenation'
20 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b'Ability to generate shipping labels in another store orders'
19 Aug 2020
b'WakaTime'
disclosed a bug submitted by
b'harshita174'
b'Rate Limit too lenient for endpoint sending emails'
19 Aug 2020
b'Avito'
disclosed a bug submitted by
b'harshita174'
b'Missing SPF Records'
19 Aug 2020
b'Nextcloud'
disclosed a bug submitted by
b'ja3far'
b'Denial of Service when entring an Array in email at seetings'
19 Aug 2020
b'Valve'
disclosed a bug submitted by
b'gamer7112'
b"[GoldSrc] RCE via 'spk' Console Command"
19 Aug 2020
b'Valve'
disclosed a bug submitted by
b'gamer7112'
b'[GoldSrc] RCE via malformed BSP file'
19 Aug 2020
b'Valve'
disclosed a bug submitted by
b'irukandjisecresearch'
b"Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser"
19 Aug 2020
1
...
272
273
274
275
276
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM