REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
84
b'linkks'
75
b'jobert'
70
b'nyymi'
67
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Mail.ru'
disclosed a bug submitted by
b'jayesh25'
b'Account Takeover possibility via https://awards.donationalerts.com using login with twitch.tv'
03 Nov 2020
b'Acronis'
disclosed a bug submitted by
b'dgirlwhohacks'
b'Clickjacking on cas.acronis.com login page'
03 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'pi_hunter50'
b'PII Leak (such as CAC User ID) at https:///pages/login.aspx'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'soldawn'
b'403 Forbidden Bypass at www..mil'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'x3ph_'
b'hardcoded password stored in javascript of https://.mil'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'kaulse'
b'Access to Unclassified / FOUO Advanced Motion Platform of .mil'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'kegn'
b'Reflected XSS in https:// via search parameter'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'polygon35'
b'[] SQL Injections on Referer Header exploitable via Time-Based method'
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'vakzz'
b'SafeParamsHelper::safe_params is not so safe'
02 Nov 2020
b'Maker Ecosystem Growth Holdings, Inc'
disclosed a bug submitted by
b'lalit2020'
b"A specially crafted value for the 'Cache-Digest' header causing crash in chat.makerdao.com"
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'ledz1996'
b'Insufficient Type Check leading to Developer ability to delete Project, Repository, Group, ...'
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'ledz1996'
b'Insufficient Type Check on GraphQL leading to Maintainer delete repository'
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'vaib25vicky'
b'Todos are not redacted when membership changes - Access to (confidential) issues and merge requests'
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'steppe'
b'Possibilty to purchase Ultimate - 1 Year (EDU or OSS)'
02 Nov 2020
b'Mail.ru'
disclosed a bug submitted by
b'bazzy'
b'SQL LIKE clauses wildcard injection'
31 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'mr_incompetent'
b'Kubelet resource exhaustion attack via metric label cardinality explosion from unauthenticated requests'
31 Oct 2020
b'Mail.ru'
disclosed a bug submitted by
b'bobrov'
b'[my.games, lootdog.io] XSS via MCS Bucket'
31 Oct 2020
b'Basecamp'
disclosed a bug submitted by
b'carbon61'
b'stored XSS in hey.com message content'
31 Oct 2020
b'Blueboard'
disclosed a bug submitted by
b'gururaj_r'
b'Transport security is not imposed strictly which may cause user to loose their data when they are connected in common/public networks'
31 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'lazydog'
b'Grafana Improper authorization '
31 Oct 2020
1
...
275
276
277
278
279
...
761
BY DENIS WERNER - @NOBBD -
IMPRESSUM
