REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
84
b'linkks'
75
b'jobert'
70
b'nyymi'
64
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Node.js third-party modules'
disclosed a bug submitted by
b'0x1337r00t'
b'[supermixer] Prototype pollution'
20 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[extra-ffmpeg] Command Injection via insecure command formatting'
20 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[object-path-set] Prototype pollution'
20 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'd3lla'
b'[vboxmanage.js] Command Injection via insecure command concatenation'
20 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b'Ability to generate shipping labels in another store orders'
19 Aug 2020
b'WakaTime'
disclosed a bug submitted by
b'harshita174'
b'Rate Limit too lenient for endpoint sending emails'
19 Aug 2020
b'Avito'
disclosed a bug submitted by
b'harshita174'
b'Missing SPF Records'
19 Aug 2020
b'Nextcloud'
disclosed a bug submitted by
b'ja3far'
b'Denial of Service when entring an Array in email at seetings'
19 Aug 2020
b'Valve'
disclosed a bug submitted by
b'gamer7112'
b"[GoldSrc] RCE via 'spk' Console Command"
19 Aug 2020
b'Valve'
disclosed a bug submitted by
b'gamer7112'
b'[GoldSrc] RCE via malformed BSP file'
19 Aug 2020
b'Valve'
disclosed a bug submitted by
b'irukandjisecresearch'
b"Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser"
19 Aug 2020
b'Yelp'
disclosed a bug submitted by
b'hk755a'
b"CRITICAL Insecure Direct Object Reference (I.D.O.R) - Link Other User's Credit Card "
19 Aug 2020
b'Yelp'
disclosed a bug submitted by
b'hk755a'
b"I.D.O.R To Order,Book,Buy,reserve On YELP FOR FREE (UNAUTHORIZED USE OF OTHER USER'S CREDIT CARD)"
19 Aug 2020
b'Yelp'
disclosed a bug submitted by
b'hk755a'
b"I.D.O.R TO EDIT ALL USER'S CREDIT CARD INFORMATION+(Partial credit card info disclosure)"
19 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'ayyoub'
b'Password reset link not expired at Stocky App'
18 Aug 2020
b'Starbucks'
disclosed a bug submitted by
b'rexvuz'
b'Korea - Reflected XSS on https://www.istarbucks.co.kr/app/getGiftStock.do via "skuNo" and "skuImgUrl" parameters'
18 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'tolo7010'
b'Some store settings/data are accessible to "No Access" permission users on GraphQL LiveView operation'
18 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'jmp_35p'
b'Get analytics token using only apps permission'
18 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'sreeju_kc'
b'OrderListInitial leaks order details'
18 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'jaka_tingkir'
b'access permission is not revoked even if the email has been deleted or changed on the partner account -partners.shopify-'
18 Aug 2020
1
...
276
277
278
279
280
...
741
BY DENIS WERNER - @NOBBD -
IMPRESSUM
