REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Mail.ru'
disclosed a bug submitted by
b'alexeysergeevich'
b'capsula.mail.ru - Admin blind stored XSS'
20 Jul 2020
b'Mail.ru'
disclosed a bug submitted by
b'esetal'
b'[geekbrains.ru] Reflected XSS via Angular Template Injection'
20 Jul 2020
b'Weblate'
disclosed a bug submitted by
b'fr0gz0x'
b'Secret_key in GitHub'
18 Jul 2020
b'Staging.every.org'
disclosed a bug submitted by
b'dianeme'
b'No Rate Limit On Reset Password'
17 Jul 2020
b'Phabricator'
disclosed a bug submitted by
b'rhinosf1'
b'Edit Policy restriction does not prevent comments.'
17 Jul 2020
b'WordPress'
disclosed a bug submitted by
b'0_loophole_'
b'Clickjacking on donation page'
16 Jul 2020
b'WordPress'
disclosed a bug submitted by
b'lamscun'
b'CSRF on comment post'
16 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'hiffley'
b'GraphQL AdminGenerateSessionPayload is leaked to staff with no permission'
16 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'nsl182'
b'Account takeover intercepting magic link for Arrive app'
15 Jul 2020
b'MTN Group'
disclosed a bug submitted by
b'tounsi_007'
b'Accessible Restricted directory on [bcm-bcaw.mtn.cm]'
15 Jul 2020
b'New Relic'
disclosed a bug submitted by
b'ldionmarcil'
b'[synthetics.newrelic.com] SMTP header injection leads to (mass) arbitrary email sending'
15 Jul 2020
b'Zomato'
disclosed a bug submitted by
b'bigbug'
b'Possible to enumerate Addresses of users using AddressId and guessing the delivery_subzone'
15 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b"Ability to link a Google account to another staff account/store owner that isn't linked yet"
14 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'imranhudaa'
b"user with no draft order permission can still perform action on draft order's in stocky app (idor)"
14 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'priyanshuxo'
b'Subdomain Takeover of multiple *.ttcdn.co domains'
14 Jul 2020
b'Razer'
disclosed a bug submitted by
b'pandaonair'
b'Race Condition in Oauth 2.0 flow can lead to malicious applications create multiple valid sessions'
14 Jul 2020
b'Razer'
disclosed a bug submitted by
b's3cr3tsdn'
b'[api.easy2pay.co] SQL Injection in cashcard via card_no parameter ??Bypassing IP whitelist??'
14 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'sreeju_kc'
b'IDOR on stocky application-Low Stock-Varient-Settings-Columns'
14 Jul 2020
b'Shopify'
disclosed a bug submitted by
b'zonduu'
b'Open Redirect - www.shopify.com'
14 Jul 2020
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'natanalves01001'
b'(CORS) Cross-origin resource sharing misconfiguration'
14 Jul 2020
1
...
284
285
286
287
288
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM