REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'they'
b'https://????? is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Bypass of #447975 - view mobile application token though "Application Information" sidebar on Installation page '
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'IDOR allows accounts to view full name of other accounts based on email through share notes feature'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Restricted user can add and delete tags of APM key transactions '
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Restricted user can remove NerdStorage documents/collections scoped to ACCOUNT or ENTITY'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Restricted user can update Apdex target for applications by leveraging the GraphQL mutation'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b"Account owner/admin can't actually delete personal users' API keys"
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Ability to buy PRO subscriptions by arbitrary reduced prices'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Cross-account reading of Insights dashboards through GraphQL'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b"Restricted user can manage the NerdGraph entities' tags"
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored XSS at Synthetics private locations (planted through location label or description)'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Attacker can create new account inside any partnership with no approve from the Partnership owner'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Secure credentials values disclosure to regular users due to access control issue in monitor creating function'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'arsene_lupin'
b'One Click Remote Code Injection - *.blog.newrelic.com'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored XSS at APM transaction map (transactionName field)'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Cross-account stored XSS at embedded charts'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b"Ability to run monitors' jobs of other accounts and to read these jobs content (including the secure credentials values)"
13 Aug 2020
b'InnoGames'
disclosed a bug submitted by
b'aeswagyewgyes'
b'Stored XSS on recruit.innogames.de'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Stored admin-to-owner XSS at infrastructure alerts runbook URL leading to account takeover by malicious admin'
13 Aug 2020
b'New Relic'
disclosed a bug submitted by
b'skavans'
b'Disclosure of locally served nerdpacks due to nr-local.net CORS policy misconfiguration'
13 Aug 2020
1
...
275
276
277
278
279
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM