REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'DRIVE.NET, Inc.'
disclosed a bug submitted by
b'what_web'
b'[www.drive2.ru] Insufficient Security Configurability - Notification message not sent when account is deleted'
23 Oct 2020
b'DRIVE.NET, Inc.'
disclosed a bug submitted by
b'what_web'
b'[www.drive2.ru] Insufficient Security Configurability - Notification email is not sent when email is changed.'
23 Oct 2020
b'Shopify'
disclosed a bug submitted by
b'ash_nz'
b'Undocumented `fileCopy` GraphQL API'
22 Oct 2020
b'Shopify'
disclosed a bug submitted by
b'ash_nz'
b'A staff member with no permissions can edit Store Customer Email'
22 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'barsainya'
b'Configuartion [Sensitive] Information Disclosure'
22 Oct 2020
b'Kubernetes'
disclosed a bug submitted by
b'njaysec'
b'Private RSA key and Server key exposed on the GitHub repository'
22 Oct 2020
b'Shopify'
disclosed a bug submitted by
b'a_yang'
b'User sensitive information disclosure'
22 Oct 2020
b'DRIVE.NET, Inc.'
disclosed a bug submitted by
b'what_web'
b'[www.drive2.ru] Insufficient Security Configurability - Email notification is not being sent while changing passwords'
22 Oct 2020
b'Clario'
disclosed a bug submitted by
b'mayurudiniya'
b'Cookie injection leads to complete DoS over whole domain *.mackeeper.com. Injection point accountstage.mackeeper.com/'
21 Oct 2020
b'PHP (IBB)'
disclosed a bug submitted by
b'anatoliq'
b'mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full (CVE-2020-7065)'
21 Oct 2020
b'8x8'
disclosed a bug submitted by
b'the_predator'
b'2FA Disable With Wrong Password - Response Tampering.'
21 Oct 2020
b'Dropbox'
disclosed a bug submitted by
b'u0pattern'
b'Broken OAuth leads to change photo profile users .'
21 Oct 2020
b'Acronis'
disclosed a bug submitted by
b'adr'
b'Arbitrary DLL injection in mmsminisrv (Acronis Managed Machine Service Mini)'
20 Oct 2020
b'Acronis'
disclosed a bug submitted by
b'f_m'
b'DOM based XSS in store.acronis.com/<id>/purl-corporate-standard-IT [cfg parameter]'
20 Oct 2020
b'Visma Public'
disclosed a bug submitted by
b'zeop'
b'HTTP Request Smuggling at app.workbox.dk'
20 Oct 2020
b'GitHub Security Lab'
disclosed a bug submitted by
b'someonenobbd'
b'Java: CWE-749 Unsafe resource loading in Android WebView leaking to injection attacks'
19 Oct 2020
b'Zivver'
disclosed a bug submitted by
b'nikolat3sla'
b'Two-factor authentication can be disabled when logged in without 2fa or password confirmation '
19 Oct 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'gkmr'
b'[json8-merge-patch] Prototype Pollution'
18 Oct 2020
b'Node.js'
disclosed a bug submitted by
b'underflow0'
b'Slowloris, body parsing'
17 Oct 2020
b'Node.js'
disclosed a bug submitted by
b'shogunpanda'
b'Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests'
17 Oct 2020
1
...
287
288
289
290
291
...
770
BY DENIS WERNER - @NOBBD -
IMPRESSUM