REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
58
b'ooooooo_q'
52
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Yelp'
disclosed a bug submitted by
b'walidhossain'
b'JDBC credentials leaked via github'
27 Jul 2020
b'Automattic'
disclosed a bug submitted by
b'keer0k'
b'DOM-Based XSS in tumblr.com'
27 Jul 2020
b'Stripo Inc'
disclosed a bug submitted by
b'3x3s'
b'Cross-Site WebSocket Hijacking Lead to Steal XSRF-TOKEN'
27 Jul 2020
b'GitLab'
disclosed a bug submitted by
b'yvvdwf'
b'Send arbitrary PUT requests when user clicks on a link'
27 Jul 2020
b'Helium'
disclosed a bug submitted by
b'w2w'
b"Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify"
26 Jul 2020
b'IRCCloud'
disclosed a bug submitted by
b'do_some_hack'
b'IDOR with Geolocation data not stripped from images'
26 Jul 2020
b'Weblate'
disclosed a bug submitted by
b'nafisaqil4'
b'Open Github Repo Leaking WEBLATE SECRET KEY'
26 Jul 2020
b'Weblate'
disclosed a bug submitted by
b'code_monkey'
b'Improper validation of unicode characters#2'
26 Jul 2020
b'Nextcloud'
disclosed a bug submitted by
b'nursoda'
b'Contacts menu (not app) fails to restrict (to local groups) for contacts from federated servers'
25 Jul 2020
b'HackerOne'
disclosed a bug submitted by
b'kunal94'
b'GraphQL field on Team node can be used to determine if External Program runs invite-only program'
25 Jul 2020
b'Ruby on Rails'
disclosed a bug submitted by
b'tenderlove'
b'Untrusted users able to run pending migrations in production'
24 Jul 2020
b'Twitter'
disclosed a bug submitted by
b'cyanpiny'
b'Denial of Service [Chrome]'
24 Jul 2020
b'HackerOne'
disclosed a bug submitted by
b'samtink'
b'SAML Response Reuse on hackerone.com/users/saml/auth'
24 Jul 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'phra'
b'SQL Injection or Denial of Service due to a Prototype Pollution'
24 Jul 2020
b'lemlist'
disclosed a bug submitted by
b'chackal'
b'CVE-2019-19935 - DOM based XSS in the froala editor'
24 Jul 2020
b'Grammarly'
disclosed a bug submitted by
b'tomtenisse'
b'Grammarly Keyboard for Android "Authorization Code with PKCE" flow implementation vulnerability that allows account takeover'
24 Jul 2020
b'lemlist'
disclosed a bug submitted by
b'try___for___impossible'
b'Stored XSS at [ https://app.lemlist.com/campaigns/cam_QRS5caF2ca7MJtiLS/leads ] in " LINKEDIN URL" Field.'
24 Jul 2020
b'Curve'
disclosed a bug submitted by
b'praseudo7'
b'Business Logic Flaw - A non premium user can change/update retailers to get cashback on all the retailers associated with Curve'
24 Jul 2020
b'NordVPN'
disclosed a bug submitted by
b'salahhasoneh'
b'Getting SmartDNS for free from - join.nordvpn.com'
24 Jul 2020
b'Kubernetes'
disclosed a bug submitted by
b'lazydog'
b'DoS for client-go jsonpath func'
24 Jul 2020
1
...
274
275
276
277
278
...
730
BY DENIS WERNER - @NOBBD -
IMPRESSUM
