Top10 publishers:
bobrov107 
sp1d3rs54 
jobert45 
bl4de39 
bigbear_38 
guido38 Twitter
isox36 
4lemon35 
linkks35 
geeknik35 

the unofficial HackerOne disclosure timeline.

X
Mail.Ru disclosed a bug submitted by bigbear 
????????? ????? ??????? ?? ???? ??????????????? ??????? ? ???????? /home/berserk-online.com/public_html/forum/Themes/berserker/Profile.template.php
27 Sep 2014 timeline
Twitter disclosed a bug submitted by secanaly 
Stored xss
27 Sep 2014 timeline
HackerOne disclosed a bug submitted by christypriory 
Password Reset Bug
25 Sep 2014 timeline
Coinbase disclosed a bug submitted by michiel 
Bypassing 2FA for BTC transfers
25 Sep 2014 timeline
HackerOne disclosed a bug submitted by anand_m 
Change Any username and profile link in hackerone
25 Sep 2014 timeline
C2FO disclosed a bug submitted by faisalahmed 
All Active user sessions should be destroyed when user change his password!
23 Sep 2014 timeline
Twitter disclosed a bug submitted by vineet 
Captcha bypass with extension at http://www.mopub.com/about/contact/
22 Sep 2014 timeline
wont-fix
Square disclosed a bug submitted by pranav_hivarekar Twitter
CSRF login
21 Sep 2014 timeline
wont-fix
concrete5 disclosed a bug submitted by robin 
broken authentication
21 Sep 2014 timeline
Phabricator disclosed a bug submitted by shahmeer_amir 
Content Spoofing through URL
20 Sep 2014 timeline
wont-fix
Mail.Ru disclosed a bug submitted by vineet 
(m.mail.ru) Password type input with auto-complete enabled
19 Sep 2014 timeline
wont-fix
Mavenlink disclosed a bug submitted by vineet 
Clickjacking & CSRF attack can be done at https://app.mavenlink.com/login
19 Sep 2014 timeline
Mavenlink disclosed a bug submitted by vineet 
Clickjacking at https://www.mavenlink.com/ main website
19 Sep 2014 timeline
Detectify disclosed a bug submitted by mohdhaji87 
Password reset link not validated.
19 Sep 2014 timeline
CloudFlare disclosed a bug submitted by mohdhaji87 
User can request for password reset link without giving his website, eventhough he have it
19 Sep 2014 timeline
wont-fix
CloudFlare disclosed a bug submitted by jpsecurityresearch 
Apache mod_negotiation filename bruteforcing
19 Sep 2014 timeline
wont-fix
WePay disclosed a bug submitted by pranav_hivarekar Twitter
CSRF (Make email primary) may lead to account compromise
19 Sep 2014 timeline
The Internet disclosed a bug submitted by kaeso 
Multiple issues in looking-glass software (aka from web to BGP injections)
17 Sep 2014 timeline
Phabricator disclosed a bug submitted by sehacure Twitter
Open redirection on secure.phabricator.com
17 Sep 2014 timeline
Mail.Ru disclosed a bug submitted by bigbear 
Reflected XSS in User-Agent
16 Sep 2014 timeline
1 ... 308 309 310 311 312 ... 339
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM