REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Central Security Project'
disclosed a bug submitted by
b'badcode_'
b'OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475)'
29 Oct 2019
b'Razer'
disclosed a bug submitted by
b'smalien'
b'Unauthenticated access to sensitive user information'
29 Oct 2019
b'Kartpay'
disclosed a bug submitted by
b'nitrozeus'
b'Referer issue in Kartpay.com'
28 Oct 2019
b'Mail.ru'
disclosed a bug submitted by
b'secator'
b'[XSS] postMessage ? jsapi/button'
28 Oct 2019
b'Weblate'
disclosed a bug submitted by
b'fr0nk'
b'no captcha for register user and weak question attacker can spam email'
26 Oct 2019
b'Zendesk'
disclosed a bug submitted by
b'geeknik'
b'SMTP user enumeration via mail.zendesk.com'
25 Oct 2019
b'Zendesk'
disclosed a bug submitted by
b'nathand'
b'"Test target" of the "HTTP target" extension can unintentionally send username and password in the Authorization header'
25 Oct 2019
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b'Reporter, external users, collaborators can mark sent swag awarded to reporter as unsent'
25 Oct 2019
b'Mail.ru'
disclosed a bug submitted by
b'harisec'
b'Reflected XSS in https://light.mail.ru/login via page'
25 Oct 2019
b'SEMrush'
disclosed a bug submitted by
b'batuhanu'
b'Open redirect in semrush.com'
25 Oct 2019
b'Moneybird'
disclosed a bug submitted by
b'rioncool22'
b'Enable 2FA without verifying the email'
25 Oct 2019
b'Ruby'
disclosed a bug submitted by
b'znz'
b'HTTP header can split /[\\r\\n]/ instead of /\\r\\n/'
25 Oct 2019
b'Perl (IBB)'
disclosed a bug submitted by
b'tmnt53'
b'Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) could lead to memory leak'
24 Oct 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'bl4de'
b'Command Injection due to lack of sanitisation of tar.gz filename passed as an argument to pm2.install() function'
24 Oct 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'bl4de'
b'Command Injection in npm module name passed as an argument to pm2.install() function'
24 Oct 2019
b'Dovecot'
disclosed a bug submitted by
b'nick_roessler'
b'Memory corruption in imap-parser.c'
24 Oct 2019
b'PayPal'
disclosed a bug submitted by
b'albinowax'
b'DoS on PayPal via web cache poisoning'
23 Oct 2019
b'Mail.ru'
disclosed a bug submitted by
b'elmahdi'
b'[ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File'
23 Oct 2019
b'HackerOne'
disclosed a bug submitted by
b'unknown_person'
b'Private program disclosure via `vpn_suspended` GraphQL query'
21 Oct 2019
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b'Any user with access to program can resume and suspend HackerOne Gateway'
21 Oct 2019
1
...
316
317
318
319
320
...
692
BY DENIS WERNER - @NOBBD -
IMPRESSUM