Top10 publishers:
bobrov114 
linkks74 
geeknik71 
sp1d3rs62 
jobert54 
guido45 Twitter
bl4de42 
ryat40 
bigbear_38 
zombiehelp5437 Twitter

the unofficial HackerOne disclosure timeline.

X
SecNews disclosed a bug submitted by malcolmx 
Content spoofing due to the improper behavior of the not-found message
09 Aug 2016 timeline
SecNews disclosed a bug submitted by sameoldstory 
Querying private posts and changing post meta
09 Aug 2016 timeline
Shopify disclosed a bug submitted by vijay_kumar1110 Twitter
Delete/modify your own comment after limited access(IDOR)
09 Aug 2016 timeline
Shopify disclosed a bug submitted by vijay_kumar1110 Twitter
Staff member can delete Private Apps
09 Aug 2016 timeline
SecNews disclosed a bug submitted by marine 
Text injection on error page.
09 Aug 2016 timeline
Shopify disclosed a bug submitted by mico02 
Unauthorized access to Zookeeper on http://locutus-zk3.ec2.shopify.com:2181
08 Aug 2016 timeline
Gratipay disclosed a bug submitted by akanshaminti 
Cookie:HttpOnly Flag not set
08 Aug 2016 timeline
Nextcloud disclosed a bug submitted by ctee 
Bookmarks: Delete all existing bookmarks of a user
08 Aug 2016 timeline
Mail.Ru disclosed a bug submitted by konqi 
[opensource.mail.ru] system accounts enumeration
08 Aug 2016 timeline
ExpressionEngine disclosed a bug submitted by strukt Twitter
Filename and directory enumeration
08 Aug 2016 timeline
Uber disclosed a bug submitted by raghav_bisht 
Blind OOB XXE At "http://ubermovement.com/"
08 Aug 2016 timeline
Gratipay disclosed a bug submitted by footstep 
Host Header Injection/Redirection Attack
07 Aug 2016 timeline
Gratipay disclosed a bug submitted by ahsantahir 
Content Spoofing/Text Injection
07 Aug 2016 timeline
ExpressionEngine disclosed a bug submitted by strukt Twitter
Full path + some back-end code disclosure
07 Aug 2016 timeline
WePay disclosed a bug submitted by eboda Twitter
Invited users can modify and/or remove account owner
06 Aug 2016 timeline
New Relic disclosed a bug submitted by daniyal_nasir 
Vulnerable Link Leaks the User Names
05 Aug 2016 timeline
New Relic disclosed a bug submitted by smil3 
All the active session should destroy when user change his password
05 Aug 2016 timeline
New Relic disclosed a bug submitted by rahul_ch 
no email confirmation on signup
05 Aug 2016 timeline
New Relic disclosed a bug submitted by rahul_ch 
newrelic.com vulnerable to clickjacking !
05 Aug 2016 timeline
Automattic disclosed a bug submitted by jouko Twitter
WordPress core stored XSS via attachment file name
05 Aug 2016 timeline
1 ... 304 305 306 307 308 ... 419
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM