REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
81
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
60
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'Fastify uses allErrors: true ajv configuration by default which is susceptible to DoS'
29 Jul 2020
b'Nextcloud'
disclosed a bug submitted by
b'xcheater'
b'Possible denial of service when entering a loooong password'
29 Jul 2020
b'Courier'
disclosed a bug submitted by
b'ahmed_almalky'
b'Missing rate limit in signup Form '
28 Jul 2020
b'Razer'
disclosed a bug submitted by
b'dredd_589'
b'User Access Control Bypass Via Razer elevated service ( RzKLService.exe ) which loads exe in misconfigured way.'
28 Jul 2020
b'Razer'
disclosed a bug submitted by
b'stealthy'
b'SQL injection in Razer Gold List Admin at /lists/index.php via the `list[]` parameter. '
28 Jul 2020
b'Starbucks'
disclosed a bug submitted by
b'ko2sec'
b'Singapore - Account Takeover via IDOR'
28 Jul 2020
b'Mapbox'
disclosed a bug submitted by
b'fransrosen'
b'Test-scripts for postgis in mason-repository using unsafe unzip of content from unclaimed bucket creates potential RCE-issues'
28 Jul 2020
b'Mail.ru'
disclosed a bug submitted by
b'hunter_py'
b'HTML/iframe/XSS injection on https://www.ucs.ru/online/shelter/settings/check/'
28 Jul 2020
b'Mail.ru'
disclosed a bug submitted by
b'sayaanalam'
b"Blindy Replace User's Session with Attacker's Session"
28 Jul 2020
b'Mail.ru'
disclosed a bug submitted by
b'samet'
b'"????" + Unauthenticated Stored XSS in API at https://api.my.games/comments/v1/comments/update/'
28 Jul 2020
b'Mail.ru'
disclosed a bug submitted by
b'urban_tramp'
b'Content injection on shared event (calendar.mail.ru)'
28 Jul 2020
b'Mail.ru'
disclosed a bug submitted by
b'sniper302'
b'Stored XSS In mlbootcamp.ru'
28 Jul 2020
b'TTS Bug Bounty'
disclosed a bug submitted by
b'nagli'
b'Wordpress Users Disclosure (/wp-json/wp/v2/users/) on data.gov'
28 Jul 2020
b'GitHub Security Lab'
disclosed a bug submitted by
b'porcupineyhairs'
b'Python : Add query to detect Server Side Template Injection'
27 Jul 2020
b'8x8'
disclosed a bug submitted by
b'ameyanekar'
b'IDOR: Adding Contacts to Other User Groups'
27 Jul 2020
b'Yelp'
disclosed a bug submitted by
b'walidhossain'
b'JDBC credentials leaked via github'
27 Jul 2020
b'Automattic'
disclosed a bug submitted by
b'keer0k'
b'DOM-Based XSS in tumblr.com'
27 Jul 2020
b'Stripo Inc'
disclosed a bug submitted by
b'3x3s'
b'Cross-Site WebSocket Hijacking Lead to Steal XSRF-TOKEN'
27 Jul 2020
b'GitLab'
disclosed a bug submitted by
b'yvvdwf'
b'Send arbitrary PUT requests when user clicks on a link'
27 Jul 2020
b'Helium'
disclosed a bug submitted by
b'w2w'
b"Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify"
26 Jul 2020
1
...
276
277
278
279
280
...
733
BY DENIS WERNER - @NOBBD -
IMPRESSUM