REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Zomato'
disclosed a bug submitted by
b'zzzhacker13'
b'[www.zomato.com] Abusing LocalParams (city) to Inject SOLR query'
10 Aug 2020
b'Grammarly'
disclosed a bug submitted by
b'cript0nauta'
b"Unauthenticated users can access all food.grammarly.io user's data"
10 Aug 2020
b'Zomato'
disclosed a bug submitted by
b'zzzhacker13'
b'Solr Injection in `user_id` parameter at :/v2/leaderboard_v2.json'
10 Aug 2020
b'Visma Public'
disclosed a bug submitted by
b'brdoors3'
b'Access control on https://eaccounting.stage.vismaonline.com/'
09 Aug 2020
b'Zomato'
disclosed a bug submitted by
b'0xdexter'
b'Ability to manipulate price with a max threshold of `<1 Rupee` in support rider parameter'
08 Aug 2020
b'Zomato'
disclosed a bug submitted by
b'pandaaaa'
b'Availing Zomato gold by using a random third-party `wallet_id`'
07 Aug 2020
b'BugPoC'
disclosed a bug submitted by
b'acut3'
b'Improper use of "path" parameter can be used to trick testers into leaking their Front-End PoC'
07 Aug 2020
b'Topcoder'
disclosed a bug submitted by
b'mase289'
b'Blind stored XSS due to insecure contact form at https://www.topcoder.com leads to leakage of session token and other PII'
07 Aug 2020
b'Bitwarden'
disclosed a bug submitted by
b'njgadhiya'
b'Server-Side Request Forgery in "icons.bitwarden.net"'
07 Aug 2020
b'GitLab'
disclosed a bug submitted by
b'rhynorater'
b"Full Read SSRF on Gitlab's Internal Grafana"
07 Aug 2020
b'Dropcontact'
disclosed a bug submitted by
b'kapkan'
b'User can Subscribe a plan that is hidden by manipulating the value of "subscription" parameter at [ https://app.dropcontact.io/app/checkout/]'
07 Aug 2020
b'Unikrn'
disclosed a bug submitted by
b'l_user'
b'Lack of Input sanitization leads to database Character encoding configuration Disclosure'
07 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'vrechson'
b'[wappalyzer] ReDoS allows an attacker to completely break Wappalyzer'
06 Aug 2020
b'Nextcloud'
disclosed a bug submitted by
b'cwave'
b'Memory Leak in OCUtil.dll library in Desktop client can lead to DoS'
06 Aug 2020
b'LINE'
disclosed a bug submitted by
b'kazan71p'
b'Spring Actuator endpoints publicly available and broken authentication'
06 Aug 2020
b'8x8'
disclosed a bug submitted by
b'wisp'
b'Send Phishing/Spam email from support@sameroom.io to any email address.'
05 Aug 2020
b'Rockset'
disclosed a bug submitted by
b'thatquasar'
b'S3 bucket data at http://rockset-support.s3-us-west-2.amazonaws.com/ reveals user addresses based on latitudes and longitudes.'
05 Aug 2020
b'Nextcloud'
disclosed a bug submitted by
b'l00ph0le'
b'Arbitrary code execution in desktop client via OpenSSL config'
05 Aug 2020
b'Nextcloud'
disclosed a bug submitted by
b'yzy9951'
b'XSS in image metadata field'
05 Aug 2020
b'concrete5'
disclosed a bug submitted by
b'thiennv'
b'Time-base SQL Injection in Search Users'
05 Aug 2020
1
...
278
279
280
281
282
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM