REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'HackerOne'
disclosed a bug submitted by
b'p4fg'
b'404-response contains debug-information with all headers'
16 May 2020
b'ok.ru'
disclosed a bug submitted by
b'iframe'
b'?????????? CSRF ????? ?? ??????? ???????? ???????.'
15 May 2020
b'HackerOne'
disclosed a bug submitted by
b'amans'
b'Subdomain takeover of resources.hackerone.com'
15 May 2020
b'HackerOne'
disclosed a bug submitted by
b'haxta4ok00'
b'Customer private program can disclose email any users through invited via username'
15 May 2020
b'HackerOne'
disclosed a bug submitted by
b'haxta4ok00'
b'Changes to data in a CVE request after draft via GraphQL query'
15 May 2020
b'HackerOne'
disclosed a bug submitted by
b'haxta4ok00'
b'Rounding errors on rewarding a bounty leads to bypassing the 20% H1 commission fee'
15 May 2020
b'HackerOne'
disclosed a bug submitted by
b'haxta4ok00'
b'A team member of the program with Report rights can ban the Admin'
15 May 2020
b'HackerOne'
disclosed a bug submitted by
b'haxta4ok00'
b'Mismatch between frontend and backend validation via `ban_researcher` leads to H1 support and hackers email spam'
15 May 2020
b'GitLab'
disclosed a bug submitted by
b'gregxsunday'
b'No redirect_uri in the db for web-internal clientKey leads to one-click DoS on gitter.im'
15 May 2020
b'Phabricator'
disclosed a bug submitted by
b'codeprivate'
b'SSRF in notifications.server configuration'
15 May 2020
b'Visma Public'
disclosed a bug submitted by
b'base_64'
b'Read-only user can access payroll information without having access to payroll.'
15 May 2020
b'Clario'
disclosed a bug submitted by
b'rumiljonov'
b'Bypass front server restrictions and access to forbidden files and directories through X-Rewrite-Url/X-original-url header on account.mackeeper.com'
15 May 2020
b'Clario'
disclosed a bug submitted by
b'm_4_l_l_0_k'
b'CSS Injection on static.mackeeper.com - Potential XSS'
15 May 2020
b'Clario'
disclosed a bug submitted by
b'm_4_l_l_0_k'
b'IDOR at https://account.mackeeper.com/at/load-reports/profile/<profile_id> leaks information about devices/licenses'
15 May 2020
b'Clario'
disclosed a bug submitted by
b'karna__'
b'No rate limiting on password reset page'
15 May 2020
b'Clario'
disclosed a bug submitted by
b'karna__'
b'Account Takeover because of the mis-configuration on the Password Reset Page'
15 May 2020
b'Clario'
disclosed a bug submitted by
b'darkerhack'
b'Information disclosure of Internal php files on [mackeeper.com/blog/api/send-event]'
15 May 2020
b'Clario'
disclosed a bug submitted by
b'adelin30'
b'MK Site Cross-Site Scripting (XSS) in script context'
15 May 2020
b'Clario'
disclosed a bug submitted by
b'karna__'
b'Reflected XSS on stage.mackeeper.com'
15 May 2020
b'Ruby on Rails'
disclosed a bug submitted by
b'jessecampos'
b'XSS due to incomplete JS escaping'
14 May 2020
1
...
303
304
305
306
307
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM