the unofficial HackerOne disclosure timeline.

X
b'Trint Ltd' disclosed a bug submitted by b'dopaminedetox' 
b'SSO bypass in zendesk using trint organization able to leak internal ticket information'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Restricted user is able to delete filter sets of admin users in https://infrastructure.newrelic.com/accounts/{{ACC#}}/settings/filterSets'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'(Prerelease UI) Stored XSS via role name in JSON chart'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'NRQL Query allows restricted user to pull all data from Synthetics monitors without having read permissions enabled '
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Stored XSS via "my recent queries" selector in NRQL dashboard builder'
24 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'harshita174' 
b'No Valid SPF Records'
24 Aug 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'catenacyber' 
b'Null dereference in mcht_relational_validate ext-relational-common.c:136'
24 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'cyc0rpion' 
b'User registration using public domain email like gmail in place of professional email.'
24 Aug 2020 timeline
b'HackerOne' disclosed a bug submitted by b'haxta4ok00' 
b"Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted"
24 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[cloudron-surfer] Denial of Service via LDAP Injection'
22 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[meemo-app] Denial of Service via LDAP Injection'
22 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[extra-asciinema] Command Injection via insecure command formatting'
22 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b'CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse. '
21 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b'ClickJacking on IMPORTANT Functions of Yelp'
21 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b'Unauthorized Use of Victim Credit Card'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'vbdev' 
b'Django debug enabled showing information about system, database, configuration files.'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'higbee' 
b'Django should not have debug mode enabled'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'exploit_db' 
b'Sensitive Information Disclosure'
21 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'awarau' 
b'Prototype Pollution lodash 4.17.15'
21 Aug 2020 timeline
1 ... 298 299 300 301 302 ... 765
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM