REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'GitLab'
disclosed a bug submitted by
b'rpadovani'
b'Group search leaks private MRs, code, commits'
14 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'rpadovani'
b'Group search with Elastic search enable leaks unrelated data'
14 Dec 2019
b'Imgur'
disclosed a bug submitted by
b'soheilkhodayari'
b'De-anonymization Attack: Cross Site Information Leakage'
14 Dec 2019
b'Polymail, Inc.'
disclosed a bug submitted by
b'bluebert'
b'Bug in OAuth Success Redirect URI Validation'
13 Dec 2019
b'Twitter'
disclosed a bug submitted by
b'jlleitschuh'
b'[Twitter Open Source] Releases were & are built/executed/tested/released in the context of insecure/untrusted code'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'ngalog'
b'Bypass Email Verification using Salesforce -- Reproducible in gitlab.com'
13 Dec 2019
b'Vimeo'
disclosed a bug submitted by
b'dphoeniixx'
b'SSRF leaking internal google cloud data through upload function [SSH Keys, etc..]'
13 Dec 2019
b'Phabricator'
disclosed a bug submitted by
b'sectex'
b'Markdown parsing issue enables insertion of malicious tags'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'logan5'
b'Blocked user Git access through CI/CD token'
13 Dec 2019
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b'IDOR in Bugs overview enables attacker to determine the date range a hackathon was active'
13 Dec 2019
b'HackerOne'
disclosed a bug submitted by
b'ninetynine'
b'ActiveStorage throws exception when using whitespace as filename, may lead to denial of service of multiple pages'
13 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`open` concatenates unsanitized input into exec() command'
13 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`rgb2hex` is vulnerable to ReDoS when parsing crafted invalid colors'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'xanbanx'
b'Container scanning and Dependency scanning report leaked to unauthorized users'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'xanbanx'
b'Head pipeline leaked to unauthorized users via blocking merge request feature'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'ngalog'
b'Private System Note Disclosure using GraphQL'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'uzsunny9'
b'Project Milestones Disclosed Via Groups When the Victim disabled milestones access in project settings'
13 Dec 2019
b'LocalTapiola'
disclosed a bug submitted by
b'muon4'
b'CORS misconfiguration allows to steal client\'s "password", Authorization token and the customer details e.g. names, SSN, bank account etc.'
13 Dec 2019
b'Starbucks'
disclosed a bug submitted by
b'l00ph0le'
b'Store Development Resource Center was vulnerable to a Remote Code Execution - Unauthenticated Remote Command Injection (CVE-2019-0604)'
12 Dec 2019
b'Starbucks'
disclosed a bug submitted by
b'gnux'
b"Reflected XSS on card.starbucks.com.sg/unsubRevert.php via the 'ct' Parameter"
12 Dec 2019
1
...
297
298
299
300
301
...
692
BY DENIS WERNER - @NOBBD -
IMPRESSUM