the unofficial HackerOne disclosure timeline.

X
b'CS Money' disclosed a bug submitted by b'khoabda1' 
b'IDOR in https://3d.cs.money/'
28 Sep 2020 timeline
b'CS Money' disclosed a bug submitted by b'khoabda1' 
b'Bypass restrict of member subscription to use custom background in https://3d.cs.money without prime subscription'
28 Sep 2020 timeline
b'Nextcloud' disclosed a bug submitted by b'warsocks' 
b'Missing server side controls when editing the board\xe2\x80\x99s sharing permissions per user'
28 Sep 2020 timeline
b'Nextcloud' disclosed a bug submitted by b'xam24' 
b'No rate limiting on sinup page'
28 Sep 2020 timeline
b'Nextcloud' disclosed a bug submitted by b'alx_il' 
b'Re-Sharing allows increase of privileges'
28 Sep 2020 timeline
b'CS Money' disclosed a bug submitted by b'khoabda1' 
b'Bypass Filter on link of build'
28 Sep 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'0xd0ff' 
b'[m-server] XSS reflected because path does not escapeHtml'
28 Sep 2020 timeline
b'concrete5' disclosed a bug submitted by b'javakhishvili' 
b'Unauthenticated HTML Injection Stored - ContactUs form'
25 Sep 2020 timeline
b'concrete5' disclosed a bug submitted by b'javakhishvili' 
b'Cross Site Scripting (XSS) Stored - Private messaging'
25 Sep 2020 timeline
b'HackerOne' disclosed a bug submitted by b'vakzz' 
b'Reflected XSS on www.hackerone.com via Wistia embed code'
24 Sep 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'mik317' 
b'[snekserve] Stored XSS via filenames HTML formatted'
24 Sep 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'mik317' 
b'[commit-msg] RCE via insecure command formatting'
24 Sep 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'mik317' 
b'[gity] RCE via insecure command formatting'
24 Sep 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'lightangel1412' 
b'[http_server] Path Traversal allowing to read any files on the server'
24 Sep 2020 timeline
b'Twitter' disclosed a bug submitted by b'alesandroortiz' 
b'Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506'
24 Sep 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'lightangel1412' 
b'[hnzserver] Path Traversal allowing to read any files on the server'
24 Sep 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'mik317' 
b'[git-lib] RCE via insecure command formatting'
24 Sep 2020 timeline
b'Visma Public' disclosed a bug submitted by b'zeop' 
b'Bypassing Business ID/VAT # validation during registration to create accounts with duplicate Business ID/VAT #'
24 Sep 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'ahihi' 
b'property-expr - Prototype pollution'
24 Sep 2020 timeline
b'Starbucks' disclosed a bug submitted by b'xmfc' 
b'China - IDOR on Reservation Staging/Non Production Site - https://reservation.stg.starbucks.com.cn'
22 Sep 2020 timeline
1 ... 290 291 292 293 294 ... 766
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM