REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'GitLab'
disclosed a bug submitted by
b'logan5'
b'Blocked user Git access through CI/CD token'
13 Dec 2019
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b'IDOR in Bugs overview enables attacker to determine the date range a hackathon was active'
13 Dec 2019
b'HackerOne'
disclosed a bug submitted by
b'ninetynine'
b'ActiveStorage throws exception when using whitespace as filename, may lead to denial of service of multiple pages'
13 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`open` concatenates unsanitized input into exec() command'
13 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`rgb2hex` is vulnerable to ReDoS when parsing crafted invalid colors'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'xanbanx'
b'Container scanning and Dependency scanning report leaked to unauthorized users'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'xanbanx'
b'Head pipeline leaked to unauthorized users via blocking merge request feature'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'ngalog'
b'Private System Note Disclosure using GraphQL'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'uzsunny9'
b'Project Milestones Disclosed Via Groups When the Victim disabled milestones access in project settings'
13 Dec 2019
b'LocalTapiola'
disclosed a bug submitted by
b'muon4'
b'CORS misconfiguration allows to steal client\'s "password", Authorization token and the customer details e.g. names, SSN, bank account etc.'
13 Dec 2019
b'Starbucks'
disclosed a bug submitted by
b'l00ph0le'
b'Store Development Resource Center was vulnerable to a Remote Code Execution - Unauthenticated Remote Command Injection (CVE-2019-0604)'
12 Dec 2019
b'Starbucks'
disclosed a bug submitted by
b'gnux'
b"Reflected XSS on card.starbucks.com.sg/unsubRevert.php via the 'ct' Parameter"
12 Dec 2019
b'Starbucks'
disclosed a bug submitted by
b'gnux'
b"Reflected XSS on card.starbucks.com.sg/unsub.php via the 'ct' Parameter"
12 Dec 2019
b'Starbucks'
disclosed a bug submitted by
b'nukedx'
b'Bulgaria - Subdomain takeover of mail.starbucks.bg'
12 Dec 2019
b'Starbucks'
disclosed a bug submitted by
b'mr_intrusionist'
b'India - An Insecure Direct Object Reference (IDOR) allowed unauthorized access to view card index number and monetary balance'
12 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'ajxchapman'
b'GitLab::UrlBlocker validation bypass leading to full Server Side Request Forgery'
12 Dec 2019
b'Nextcloud'
disclosed a bug submitted by
b'foobar7'
b'Persistent XSS on favorite via filename'
12 Dec 2019
b'Nextcloud'
disclosed a bug submitted by
b'foobar7'
b'Server-Side request forgery in New-Subscription feature of the calendar app'
12 Dec 2019
b'Avito'
disclosed a bug submitted by
b'hussain_0x3c'
b'CSS injection in avito.ru via IE11 '
12 Dec 2019
b'OLX'
disclosed a bug submitted by
b'kishoretrommer'
b'Bypass Rejected ads so user can view it as normal live ad.'
11 Dec 2019
1
...
296
297
298
299
300
...
691
BY DENIS WERNER - @NOBBD -
IMPRESSUM