REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
114
linkks
73
geeknik
70
sp1d3rs
62
jobert
51
guido
45
bl4de
42
ryat
40
bigbear_
38
zombiehelp54
37
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
OLX
disclosed a bug submitted by
niemand
SQLi in Payment Request
16 Aug 2016
Pornhub
disclosed a bug submitted by
agarri_fr
libav (used during conversion of uploaded videos) is vulnerable to SSRF attacks
15 Aug 2016
Uber
disclosed a bug submitted by
severus
[IODR] Get business trip via organization id
15 Aug 2016
Uber
disclosed a bug submitted by
issam_rabhi
Missing authorization checks leading to the exposure of ubernihao.com administrator accounts
15 Aug 2016
Uber
disclosed a bug submitted by
parth
[CRITICAL] -- Complete Account Takeover
15 Aug 2016
Slack
disclosed a bug submitted by
d0znpp
Source code leakage through GIT web access at host '52.91.137.42'
15 Aug 2016
Dovecot
disclosed a bug submitted by
koolacac
Outdated Apache Server in www.dovecot.fi is vulnerable to various attack.
15 Aug 2016
OLX
disclosed a bug submitted by
thezawad
Manipulating joinolx.com Job Vacancy alert subscription emails (HTML Injection / Script Injection)
15 Aug 2016
Gratipay
disclosed a bug submitted by
kuskumar
csrf_token cookie don't have the flag "HttpOnly"
14 Aug 2016
Zomato
disclosed a bug submitted by
spam404
XSS on zomato.com
14 Aug 2016
Gratipay
disclosed a bug submitted by
mmyamin
bring grtp.co up to A grade on SSLLabs
13 Aug 2016
Instacart
disclosed a bug submitted by
introvertmac
CSRF with redeem coupon request
13 Aug 2016
Veris
disclosed a bug submitted by
ak1t4
Internal server error 500 at log.veris.in
13 Aug 2016
New Relic
disclosed a bug submitted by
praseudo
Login CSRF vulnerability
12 Aug 2016
New Relic
disclosed a bug submitted by
rahul_ch
All Active user sessions should be destroyed when user change his password!
12 Aug 2016
concrete5
disclosed a bug submitted by
khalidamin511
CSRF Full Account Takeover
12 Aug 2016
Twitter
disclosed a bug submitted by
filedescriptor
Bypassing callback_url validation on Digits
12 Aug 2016
Twitter
disclosed a bug submitted by
filedescriptor
Bypassing Digits web authentication's host validation with HPP
12 Aug 2016
Uber
disclosed a bug submitted by
pooja_lodaya
User Enumeration and Information Disclosure
12 Aug 2016
Uber
disclosed a bug submitted by
enmach
Brute Force Amplification Attack
12 Aug 2016
1
...
274
275
276
277
278
...
391
BY DENIS WERNER - @NOBBD -
IMPRESSUM