the unofficial HackerOne disclosure timeline.

X
b'Shopify' disclosed a bug submitted by b'hiffley' 
b'GraphQL AdminGenerateSessionPayload is leaked to staff with no permission'
16 Jul 2020 timeline
b'Shopify' disclosed a bug submitted by b'nsl182' 
b'Account takeover intercepting magic link for Arrive app'
15 Jul 2020 timeline
b'MTN Group' disclosed a bug submitted by b'tounsi_007' 
b'Accessible Restricted directory on [bcm-bcaw.mtn.cm]'
15 Jul 2020 timeline
b'New Relic' disclosed a bug submitted by b'ldionmarcil' 
b'[synthetics.newrelic.com] SMTP header injection leads to (mass) arbitrary email sending'
15 Jul 2020 timeline
b'Zomato' disclosed a bug submitted by b'bigbug' 
b'Possible to enumerate Addresses of users using AddressId and guessing the delivery_subzone'
15 Jul 2020 timeline
b'Shopify' disclosed a bug submitted by b'francisbeaudoin' 
b"Ability to link a Google account to another staff account/store owner that isn't linked yet"
14 Jul 2020 timeline
b'Shopify' disclosed a bug submitted by b'imranhudaa' 
b"user with no draft order permission can still perform action on draft order's in stocky app (idor)"
14 Jul 2020 timeline
b'Shopify' disclosed a bug submitted by b'priyanshuxo' 
b'Subdomain Takeover of multiple *.ttcdn.co domains'
14 Jul 2020 timeline
b'Razer' disclosed a bug submitted by b'pandaonair' 
b'Race Condition in Oauth 2.0 flow can lead to malicious applications create multiple valid sessions'
14 Jul 2020 timeline
b'Razer' disclosed a bug submitted by b's3cr3tsdn' 
b'[api.easy2pay.co] SQL Injection in cashcard via card_no parameter ??Bypassing IP whitelist??'
14 Jul 2020 timeline
b'Shopify' disclosed a bug submitted by b'sreeju_kc' 
b'IDOR on stocky application-Low Stock-Varient-Settings-Columns'
14 Jul 2020 timeline
b'Shopify' disclosed a bug submitted by b'zonduu' 
b'Open Redirect - www.shopify.com'
14 Jul 2020 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'natanalves01001' 
b'(CORS) Cross-origin resource sharing misconfiguration'
14 Jul 2020 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'balisong' 
b' SharePoint Web Services Exposed to Anonymous Access Users'
14 Jul 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'woj_ciech' 
b'Sensitive information exposure via git commit'
13 Jul 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'hunter_py' 
b'Reflected XSS on http://info.ucs.ru/settings/check/'
13 Jul 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'weev3kyaw' 
b'Stored XSS that allow an attacker to read victim mailboxes contacts in mail.ru and my.com application'
13 Jul 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'm7mdharoun' 
b'Subdomain Takeover at blog.instamart.ru'
13 Jul 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'r0hack' 
b'Cross-organization data access in city-mobil.ru'
13 Jul 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'justchillin' 
b'Reflected XSS in city-mobil.ru/'
13 Jul 2020 timeline
1 ... 315 316 317 318 319 ... 768
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM