Top10 publishers:
bobrov107 
sp1d3rs54 
bigbear_38 
guido37 Twitter
bl4de37 
jobert37 
isox36 
4lemon35 
geeknik35 
edio34 

the unofficial HackerOne disclosure timeline.

X
Mobile Vikings disclosed a bug submitted by 4lemon 
Approve topup method by sender of this method
04 Mar 2015 timeline
PHP disclosed a bug submitted by andreapalazzo 
SoapClient's __call() type confusion through unserialize()
03 Mar 2015 timeline
Vimeo disclosed a bug submitted by fin1te 
Ability to Download Music Tracks Without Paying (Missing permission check on`/musicstore/download`)
01 Mar 2015 timeline
The Internet disclosed a bug submitted by dirtybit 
Bad Write in TTF font parsing (win32k.sys)
01 Mar 2015 timeline
Vimeo disclosed a bug submitted by dotspoted 
Serious Vulnerability Found
27 Feb 2015 timeline
wont-fix
itBit Exchange disclosed a bug submitted by zoczus 
Notification Emails: IP + Content-Spoofing
27 Feb 2015 timeline
itBit Exchange disclosed a bug submitted by 4lemon 
Unsecure data in "device" response - OTP
27 Feb 2015 timeline
HackerOne disclosed a bug submitted by siddiki Twitter
Team member invitations to sandboxed teams are not invalidated consistently (v2)
27 Feb 2015 timeline
PHP disclosed a bug submitted by ryat 
Use after free vulnerability in unserialize() with DateTimeZone
27 Feb 2015 timeline
99designs disclosed a bug submitted by pranav_hivarekar Twitter
CSRF to connect attacker's twitter account to logged in victims account
26 Feb 2015 timeline
Greenhouse.io disclosed a bug submitted by fransrosen 
Subdomain Takeover using blog.greenhouse.io pointing to Hubspot
26 Feb 2015 timeline
Vimeo disclosed a bug submitted by tfairane 
Vimeo.com Insecure Direct Object References Reset Password
26 Feb 2015 timeline
Vimeo disclosed a bug submitted by avlidienbrunn Twitter
Adding profile picture to anyone on Vimeo
26 Feb 2015 timeline
HackerOne disclosed a bug submitted by danlec 
CSP Bypass: Click handler for links with data-method="post" can cause authenticity_token to be sent off domain
26 Feb 2015 timeline
Todoist disclosed a bug submitted by cliffordtrigo Twitter
Taking over a Business Account Admin
26 Feb 2015 timeline
Todoist disclosed a bug submitted by cliffordtrigo Twitter
Remotely removing credit cards from business accounts!
26 Feb 2015 timeline
Twitter disclosed a bug submitted by config 
User's DM won't deleted after logout from Twitter for iOS (com.atebits.xxx.application-state)
25 Feb 2015 timeline
Twitter disclosed a bug submitted by homakov 
Redirect URL in /intent/ functionality is not properly escaped
24 Feb 2015 timeline
Square disclosed a bug submitted by mikkz 
XSS on bookfresh
23 Feb 2015 timeline
Square disclosed a bug submitted by avicoder Twitter
HTTP Header revealing server information.
23 Feb 2015 timeline
wont-fix
1 ... 280 281 282 283 284 ... 321
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM