Top10 publishers:
bobrov114 
linkks73 
geeknik70 
sp1d3rs62 
jobert51 
guido45 Twitter
bl4de42 
ryat40 
bigbear_38 
zombiehelp5437 Twitter

the unofficial HackerOne disclosure timeline.

X
OLX disclosed a bug submitted by niemand 
SQLi in Payment Request
16 Aug 2016 timeline
Pornhub disclosed a bug submitted by agarri_fr 
libav (used during conversion of uploaded videos) is vulnerable to SSRF attacks
15 Aug 2016 timeline
Uber disclosed a bug submitted by severus 
[IODR] Get business trip via organization id
15 Aug 2016 timeline
Uber disclosed a bug submitted by issam_rabhi 
Missing authorization checks leading to the exposure of ubernihao.com administrator accounts
15 Aug 2016 timeline
Uber disclosed a bug submitted by parth Twitter
[CRITICAL] -- Complete Account Takeover
15 Aug 2016 timeline
Slack disclosed a bug submitted by d0znpp 
Source code leakage through GIT web access at host '52.91.137.42'
15 Aug 2016 timeline
Dovecot disclosed a bug submitted by koolacac 
Outdated Apache Server in www.dovecot.fi is vulnerable to various attack.
15 Aug 2016 timeline
OLX disclosed a bug submitted by thezawad Twitter
Manipulating joinolx.com Job Vacancy alert subscription emails (HTML Injection / Script Injection)
15 Aug 2016 timeline
Gratipay disclosed a bug submitted by kuskumar 
csrf_token cookie don't have the flag "HttpOnly"
14 Aug 2016 timeline
Zomato disclosed a bug submitted by spam404 
XSS on zomato.com
14 Aug 2016 timeline
Gratipay disclosed a bug submitted by mmyamin 
bring grtp.co up to A grade on SSLLabs
13 Aug 2016 timeline
Instacart disclosed a bug submitted by introvertmac 
CSRF with redeem coupon request
13 Aug 2016 timeline
Veris disclosed a bug submitted by ak1t4 
Internal server error 500 at log.veris.in
13 Aug 2016 timeline
New Relic disclosed a bug submitted by praseudo Twitter
Login CSRF vulnerability
12 Aug 2016 timeline
New Relic disclosed a bug submitted by rahul_ch 
All Active user sessions should be destroyed when user change his password!
12 Aug 2016 timeline
concrete5 disclosed a bug submitted by khalidamin511 
CSRF Full Account Takeover
12 Aug 2016 timeline
Twitter disclosed a bug submitted by filedescriptor 
Bypassing callback_url validation on Digits
12 Aug 2016 timeline
Twitter disclosed a bug submitted by filedescriptor 
Bypassing Digits web authentication's host validation with HPP
12 Aug 2016 timeline
Uber disclosed a bug submitted by pooja_lodaya 
User Enumeration and Information Disclosure
12 Aug 2016 timeline
Uber disclosed a bug submitted by enmach 
Brute Force Amplification Attack
12 Aug 2016 timeline
1 ... 274 275 276 277 278 ... 391
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM