REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
107
sp1d3rs
54
bigbear_
38
jobert
38
guido
37
bl4de
37
isox
36
geeknik
35
4lemon
35
edio
34
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
Vimeo
disclosed a bug submitted by
satishb3
A user can edit comments even after video comments are disabled
11 Mar 2015
Vimeo
disclosed a bug submitted by
satishb3
A user can post comments on other user's private videos
11 Mar 2015
Slack
disclosed a bug submitted by
atom
Stored XSS in Slack.com
09 Mar 2015
Vimeo
disclosed a bug submitted by
dekeeu
Vimeo.com - reflected xss vulnerability
09 Mar 2015
Twitter
disclosed a bug submitted by
satishb3
fabric.io - app member can make himself an admin
09 Mar 2015
Twitter
disclosed a bug submitted by
satishb3
Fabric.io - an app admin can delete team members from other user apps
09 Mar 2015
Vimeo
disclosed a bug submitted by
dekeeu
player.vimeo.com - Reflected XSS Vulnerability
09 Mar 2015
Twitter
disclosed a bug submitted by
wesecureapp
XSS in original referrer after follow
09 Mar 2015
Phabricator
disclosed a bug submitted by
haquaman
Server Side Request Forgery in macro creation
09 Mar 2015
wont-fix
InVision
disclosed a bug submitted by
root_z3r0
Password reset tokens is valid after changing the password by logging in the account
08 Mar 2015
wont-fix
HackerOne
disclosed a bug submitted by
srkgupta
HTTPS is not enforced for objects stored by HackerOne on Amazon S3
08 Mar 2015
Vimeo
disclosed a bug submitted by
a7medel-ma7alawy
Full account takeover via Add a New Email to account without email verified and without password confirmation.
06 Mar 2015
wont-fix
Vimeo
disclosed a bug submitted by
shahmeer_amir
Poodle bleed vulnerability in cloud sub domain
05 Mar 2015
Dropbox
disclosed a bug submitted by
nishantagarwala
Unvalidated Redirects and Stored XSS
05 Mar 2015
wont-fix
Mobile Vikings
disclosed a bug submitted by
4lemon
Stored XSS in Direct debit name
04 Mar 2015
Mobile Vikings
disclosed a bug submitted by
4lemon
Number, username and name disclosure
04 Mar 2015
Mobile Vikings
disclosed a bug submitted by
4lemon
Reflected xss in user name thru cookie
04 Mar 2015
Mobile Vikings
disclosed a bug submitted by
4lemon
Stored xss in user name
04 Mar 2015
wont-fix
Mobile Vikings
disclosed a bug submitted by
4lemon
Stored xss in user name (2) affected another user.
04 Mar 2015
Mobile Vikings
disclosed a bug submitted by
4lemon
Username and sim id enum
04 Mar 2015
wont-fix
1
...
283
284
285
286
287
...
325
BY DENIS WERNER - @NOBBD -
IMPRESSUM
