REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
107
sp1d3rs
54
bigbear_
38
guido
37
bl4de
37
jobert
37
isox
36
4lemon
35
geeknik
35
edio
34
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
RATELIMITED
disclosed a bug submitted by
yasinylcn17
Hackerone1
21 Dec 2018
FanDuel
disclosed a bug submitted by
mobius07
Passive mixed content issues on the site https://*.fanduel.com
21 Dec 2018
SEMrush
disclosed a bug submitted by
saya
User Controllable Cookie
21 Dec 2018
Starbucks
disclosed a bug submitted by
ozzyoz
Able to bypass information requirements before launching a Chat.
20 Dec 2018
RATELIMITED
disclosed a bug submitted by
hamad_iheb
Editable Wiki repo by anyone
20 Dec 2018
Uber
disclosed a bug submitted by
vijay_kumar1110
IDOR on partners.uber.com allows for a driver to override administrator documents
19 Dec 2018
Uber
disclosed a bug submitted by
reptou
XSS in ubermovement.com via editable Google Sheets
19 Dec 2018
Uber
disclosed a bug submitted by
hussain_0x3c
Reflected XSS in lert.uber.com
19 Dec 2018
Uber
disclosed a bug submitted by
hanuman1
SMS URL verification link does not expire on phone number change and lacks rate limiting
19 Dec 2018
Uber
disclosed a bug submitted by
vijay_kumar1110
Site-wide CSRF on eats.uber.com
19 Dec 2018
Uber
disclosed a bug submitted by
filedescryptor
lert.uber.com: Few default folders/files of AURA Framework are accessible
19 Dec 2018
Keybase
disclosed a bug submitted by
mirchr
Linux privilege escalation via trusted $PATH in keybase-redirector
18 Dec 2018
Keybase
disclosed a bug submitted by
xpn
Privilege Escalation via Keybase Helper
18 Dec 2018
Nextcloud
disclosed a bug submitted by
ezkbd
Ubuntu 12.04 Privilege Escalation
18 Dec 2018
OLX
disclosed a bug submitted by
lukeberner
Able to list user's public name, username, phone number, address, facebook ID...
17 Dec 2018
MyCrypto
disclosed a bug submitted by
shantuman
SPF Records (SMTP protection not used)
17 Dec 2018
Brave Software
disclosed a bug submitted by
mushicious
Field Day With Protocol Handlers
17 Dec 2018
YouPorn
disclosed a bug submitted by
prakharprasad
Add a video to favourite list of any user [via YouPorn API / FrontEnd]
17 Dec 2018
Node.js third-party modules
disclosed a bug submitted by
dienpv
Prototype pollution attack (lutils-merge)
17 Dec 2018
OLX
disclosed a bug submitted by
pajoda
Search Page Reflected XSS on sharjah.dubizzle.com through unencoded output of GET parameter in JavaScript
16 Dec 2018
1
2
3
4
5
6
...
321
BY DENIS WERNER - @NOBBD -
IMPRESSUM
