REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
107
linkks
60
sp1d3rs
54
jobert
45
bl4de
39
bigbear_
38
guido
38
isox
36
geeknik
35
4lemon
35
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
Sucuri
disclosed a bug submitted by
jitendra
Form contained inside page loaded over SSL submits its contents to another page over HTTP
29 Mar 2015
wont-fix
Vimeo
disclosed a bug submitted by
localpwn
Bypassing Email verification
29 Mar 2015
wont-fix
Square
disclosed a bug submitted by
aaj
Privilege Escalation
28 Mar 2015
HackerOne
disclosed a bug submitted by
mazengamal
Team member invitations to sandboxed teams are not invalidated consistently
28 Mar 2015
itBit Exchange
disclosed a bug submitted by
shahmeer_amir
Leakage of sensitive wallet tokens to third party sites
28 Mar 2015
Mail.Ru
disclosed a bug submitted by
zoczus
Same Origin Policy bypass
27 Mar 2015
Twitter
disclosed a bug submitted by
xorb
[Stored XSS] vine.co - profile page
26 Mar 2015
Phabricator
disclosed a bug submitted by
agarri_fr
SSRF vulnerability (access to metadata server on EC2 and OpenStack)
26 Mar 2015
Mavenlink
disclosed a bug submitted by
shahmeer_amir
DNS load balancing not enabled
25 Mar 2015
wont-fix
Flash
disclosed a bug submitted by
hhj4ck
Adobe Flash Player Out-of-Bound Access Vulnerability
25 Mar 2015
Flash
disclosed a bug submitted by
biloulehibou
Race condition in workers may cause an exploitable double free by abusing bytearray.compress()
25 Mar 2015
Flash
disclosed a bug submitted by
biloulehibou
Use after free during the StageVideoAvailabilityEvent can result in arbitrary code execution
25 Mar 2015
Flash
disclosed a bug submitted by
biloulehibou
Use After Free in Flash MessageChannel.send can cause arbitrary code execution
25 Mar 2015
HackerOne
disclosed a bug submitted by
siddiki
Restrict any user from logging into his account.
24 Mar 2015
Robocoin
disclosed a bug submitted by
anshuman_bh
Frictionless Transferring of Wallet Ownership
23 Mar 2015
Robocoin
disclosed a bug submitted by
yassineaboukir
CSRF token leakage
23 Mar 2015
wont-fix
HackerOne
disclosed a bug submitted by
smiegles
"learn more here", reward email - domain expired.
23 Mar 2015
Twitter
disclosed a bug submitted by
ashwarya_me
Singup Page HTML Injection Vulnerability
22 Mar 2015
Mail.Ru
disclosed a bug submitted by
ddworken
XSS Vulnerability in cfire.mail.ru/screen/1/
22 Mar 2015
Square
disclosed a bug submitted by
shahmeer_amir
Redirecting a victim elsewhere through shopseen 0auth
20 Mar 2015
wont-fix
1
...
301
302
303
304
305
...
345
BY DENIS WERNER - @NOBBD -
IMPRESSUM
