REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'curl'
disclosed a bug submitted by
b'brumbrum'
b'Data race conditions reported by helgrind when performing parallel DNS queries in libcurl'
04 Nov 2020
b'Basecamp'
disclosed a bug submitted by
b'ahmd_halabi'
b'Information Disclosure of Garbage Collection Cycle'
04 Nov 2020
b'Brave Software'
disclosed a bug submitted by
b'sickcodes'
b'Brave Browser potentially logs the last time a Tor window was used'
04 Nov 2020
b'PortSwigger Web Security'
disclosed a bug submitted by
b'duesee'
b'SMTP interaction theft via MITM'
04 Nov 2020
b'Snapchat'
disclosed a bug submitted by
b'damian89'
b'Access to multiple production Grafana dashboards'
04 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'chaosbolt'
b'Instant open redirect on Live preview WEB Ide opening'
04 Nov 2020
b'Nextcloud'
disclosed a bug submitted by
b'kittytrace'
b'No rate limiting for confirmation email lead to huge Mass mailings'
04 Nov 2020
b'Mail.ru'
disclosed a bug submitted by
b'st00rm'
b'Path traversal on bank.mail.ru ( CVE-2013-3827 )'
04 Nov 2020
b'Mail.ru'
disclosed a bug submitted by
b'dennisleo6'
b'cross site scripting bypass session '
04 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'ajxchapman'
b'GitLab-Runner on Windows `DOCKER_AUTH_CONFIG` container host Command Injection'
04 Nov 2020
b'Mail.ru'
disclosed a bug submitted by
b'maxarr'
b'mrgs.my.games account takeover'
03 Nov 2020
b'Mail.ru'
disclosed a bug submitted by
b'jayesh25'
b'Account Takeover possibility via https://awards.donationalerts.com using login with twitch.tv'
03 Nov 2020
b'Acronis'
disclosed a bug submitted by
b'dgirlwhohacks'
b'Clickjacking on cas.acronis.com login page'
03 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'pi_hunter50'
b'PII Leak (such as CAC User ID) at https:///pages/login.aspx'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'soldawn'
b'403 Forbidden Bypass at www..mil'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'x3ph_'
b'hardcoded password stored in javascript of https://.mil'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'kaulse'
b'Access to Unclassified / FOUO Advanced Motion Platform of .mil'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'kegn'
b'Reflected XSS in https:// via search parameter'
02 Nov 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'polygon35'
b'[] SQL Injections on Referer Header exploitable via Time-Based method'
02 Nov 2020
b'GitLab'
disclosed a bug submitted by
b'vakzz'
b'SafeParamsHelper::safe_params is not so safe'
02 Nov 2020
1
...
283
284
285
286
287
...
770
BY DENIS WERNER - @NOBBD -
IMPRESSUM