REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Helium'
disclosed a bug submitted by
b'w2w'
b"Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify"
26 Jul 2020
b'IRCCloud'
disclosed a bug submitted by
b'do_some_hack'
b'IDOR with Geolocation data not stripped from images'
26 Jul 2020
b'Weblate'
disclosed a bug submitted by
b'nafisaqil4'
b'Open Github Repo Leaking WEBLATE SECRET KEY'
26 Jul 2020
b'Weblate'
disclosed a bug submitted by
b'code_monkey'
b'Improper validation of unicode characters#2'
26 Jul 2020
b'Nextcloud'
disclosed a bug submitted by
b'nursoda'
b'Contacts menu (not app) fails to restrict (to local groups) for contacts from federated servers'
25 Jul 2020
b'HackerOne'
disclosed a bug submitted by
b'kunal94'
b'GraphQL field on Team node can be used to determine if External Program runs invite-only program'
25 Jul 2020
b'Ruby on Rails'
disclosed a bug submitted by
b'tenderlove'
b'Untrusted users able to run pending migrations in production'
24 Jul 2020
b'Twitter'
disclosed a bug submitted by
b'cyanpiny'
b'Denial of Service [Chrome]'
24 Jul 2020
b'HackerOne'
disclosed a bug submitted by
b'samtink'
b'SAML Response Reuse on hackerone.com/users/saml/auth'
24 Jul 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'phra'
b'SQL Injection or Denial of Service due to a Prototype Pollution'
24 Jul 2020
b'lemlist'
disclosed a bug submitted by
b'chackal'
b'CVE-2019-19935 - DOM based XSS in the froala editor'
24 Jul 2020
b'Grammarly'
disclosed a bug submitted by
b'tomtenisse'
b'Grammarly Keyboard for Android "Authorization Code with PKCE" flow implementation vulnerability that allows account takeover'
24 Jul 2020
b'lemlist'
disclosed a bug submitted by
b'try___for___impossible'
b'Stored XSS at [ https://app.lemlist.com/campaigns/cam_QRS5caF2ca7MJtiLS/leads ] in " LINKEDIN URL" Field.'
24 Jul 2020
b'Curve'
disclosed a bug submitted by
b'praseudo7'
b'Business Logic Flaw - A non premium user can change/update retailers to get cashback on all the retailers associated with Curve'
24 Jul 2020
b'NordVPN'
disclosed a bug submitted by
b'salahhasoneh'
b'Getting SmartDNS for free from - join.nordvpn.com'
24 Jul 2020
b'Kubernetes'
disclosed a bug submitted by
b'lazydog'
b'DoS for client-go jsonpath func'
24 Jul 2020
b'Smule'
disclosed a bug submitted by
b'done11'
b'No Rate Limiting On Phone Number Login Leads to Login Bypass'
24 Jul 2020
b'Kubernetes'
disclosed a bug submitted by
b'cyberhawksec'
b'Internal IP addresses range and AWS cluster region leaked in a Github repository '
24 Jul 2020
b'Kubernetes'
disclosed a bug submitted by
b'cyberhawksec'
b'Hard coded Username and password in GiHub commit'
24 Jul 2020
b'Kubernetes'
disclosed a bug submitted by
b'lamscun'
b'Fake email from <any_name>@kubernetes.io to any other email'
24 Jul 2020
1
...
282
283
284
285
286
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM
