REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Visma Bug Bounty Program'
disclosed a bug submitted by
b'base_64'
b'[IDOR]Ability to View/Delete/Edit (Forward to attachment archive) Email of other user if GUID is known.'
25 Mar 2020
b'Stripo Inc'
disclosed a bug submitted by
b'pain45'
b'XSRF Token is Not being validated when sending emails test request which lead to CSRF attack using the flash file + 307 redirect technique'
25 Mar 2020
b'GitLab'
disclosed a bug submitted by
b'shaileshpratapwar'
b'Email notification about login email changed is not received when using verified linked email address'
25 Mar 2020
b'Open-Xchange'
disclosed a bug submitted by
b'zhutyra'
b'SSRF - Office Documents - Image URL'
25 Mar 2020
b'Stripo Inc'
disclosed a bug submitted by
b'pain45'
b'Strored Xss on https://my.stripo.email/ ( multiple inputs)'
25 Mar 2020
b'LINE'
disclosed a bug submitted by
b'hahwul'
b'SSRF on music.line.me through getXML.php'
25 Mar 2020
b'LINE'
disclosed a bug submitted by
b'zophi'
b'DOM-based XSS on mobile.line.me'
25 Mar 2020
b'LINE'
disclosed a bug submitted by
b'ngalog'
b'Able to Become Admin for Any LINE Official Account'
25 Mar 2020
b'HackerOne'
disclosed a bug submitted by
b'red_assassin'
b'profile-picture name parameter with large value lead to DoS for other users and programs on the platform'
25 Mar 2020
b'Evernote'
disclosed a bug submitted by
b'ajdumanhug'
b'One Click Code Execution via File'
24 Mar 2020
b'Razer'
disclosed a bug submitted by
b'nnez'
b'https://zest.co.th/zestlinepay/checkproduct API endpoint suffers from Boolean-based SQL injection'
24 Mar 2020
b'Razer'
disclosed a bug submitted by
b'nnez'
b"Improper access control on easytopup.in.th transaction page leads to user's information disclosure and may lead to account hijacking"
24 Mar 2020
b'Roblox'
disclosed a bug submitted by
b'jackb898'
b'Subdomain Takeover at creatorforum.roblox.com'
24 Mar 2020
b'Roblox'
disclosed a bug submitted by
b'jackb898'
b'Reflected XSS through multiple inputs in the issue collector on Jira'
24 Mar 2020
b'Qulture.Rocks'
disclosed a bug submitted by
b'julfikar'
b'Server Name disclosure'
24 Mar 2020
b'NordVPN'
disclosed a bug submitted by
b'keshavkejriwal'
b'Account deletion requests not entirely honoured. Misinformation even after seeking clarification from customer support.'
24 Mar 2020
b'GitHub Security Lab'
disclosed a bug submitted by
b'crownpeanut'
b'Dynamic reflection class'
24 Mar 2020
b'GitHub Security Lab'
disclosed a bug submitted by
b'grzegol'
b'CodeQL query for finding ReDoS and Regex Injection vulnerabilities in Java'
24 Mar 2020
b'GitHub Security Lab'
disclosed a bug submitted by
b'crownpeanut'
b'XPath Injection query in java'
24 Mar 2020
b'GitHub Security Lab'
disclosed a bug submitted by
b'crownpeanut'
b'CWE-094 ScriptEngine in java'
24 Mar 2020
1
...
318
319
320
321
322
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM