the unofficial HackerOne disclosure timeline.

X
b'Shopify' disclosed a bug submitted by b'francisbeaudoin' 
b'Stocky App Administrator can create a backdoor admin account by using an existing POS User'
24 Aug 2020 timeline
b'Smule' disclosed a bug submitted by b'absshax' 
b'[com.smule.autorap.*] Cloud Messaging/Push Notification service takeover due to clear-text usage of Legacy FCM Server keys in the client app '
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'langduvnsec' 
b'STAFF "No-Permissions" on the Store can retrieve the details Order via exchangeReceiptSend'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'nooblife' 
b'*.shopify.com - Authentication bypass'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'meow-hacker-meow' 
b'Subdomain takeover in help.tictail.com pointing to Zendesk (a Shopify acquisition)'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'zwail' 
b'xss stored in https://your store.myshopify.com/admin/'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'jaka_tingkir' 
b'increased privileges on staff account'
24 Aug 2020 timeline
b'Trint Ltd' disclosed a bug submitted by b'dopaminedetox' 
b'SSO bypass in zendesk using trint organization able to leak internal ticket information'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Restricted user is able to delete filter sets of admin users in https://infrastructure.newrelic.com/accounts/{{ACC#}}/settings/filterSets'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'(Prerelease UI) Stored XSS via role name in JSON chart'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'NRQL Query allows restricted user to pull all data from Synthetics monitors without having read permissions enabled '
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Stored XSS via "my recent queries" selector in NRQL dashboard builder'
24 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'harshita174' 
b'No Valid SPF Records'
24 Aug 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'catenacyber' 
b'Null dereference in mcht_relational_validate ext-relational-common.c:136'
24 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'cyc0rpion' 
b'User registration using public domain email like gmail in place of professional email.'
24 Aug 2020 timeline
b'HackerOne' disclosed a bug submitted by b'haxta4ok00' 
b"Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted"
24 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[cloudron-surfer] Denial of Service via LDAP Injection'
22 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[meemo-app] Denial of Service via LDAP Injection'
22 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[extra-asciinema] Command Injection via insecure command formatting'
22 Aug 2020 timeline
1 ... 299 300 301 302 303 ... 766
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM