the unofficial HackerOne disclosure timeline.

X
b'h1-ctf' disclosed a bug submitted by b'sw33tlie' 
b'[H1-2006 2020] CTF Writeup!'
17 Jun 2020 timeline
b'Engel & V\xc3\xb6lkers Technology GmbH' disclosed a bug submitted by b'organiccrap' 
b'full path disclosure on world.engelvoelkers.com via error messages'
17 Jun 2020 timeline
b'Engel & V\xc3\xb6lkers Technology GmbH' disclosed a bug submitted by b'carambax' 
b'Information disclosure at https://printshop.engelvoelkers.com/packages/.bash_history'
17 Jun 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'zhutyra' 
b'SSRF - Guard - Unchecked WKS servers'
17 Jun 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'zhutyra' 
b'SSRF - Guard - Unchecked HKP servers'
17 Jun 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'zhutyra' 
b'XSS - Guard - Insufficient escaping of User-IDs from PGP Keys'
17 Jun 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'r0hack' 
b'Time-Based SQL injection at city-mobil.ru'
17 Jun 2020 timeline
b'Engel & V\xc3\xb6lkers Technology GmbH' disclosed a bug submitted by b'j_m' 
b'[go3-stage.engelvoelkers.com] - Reflected XSS in /dGPS3/default.jsp'
17 Jun 2020 timeline
b'Engel & V\xc3\xb6lkers Technology GmbH' disclosed a bug submitted by b'j_m' 
b'[go3-intern.engelvoelkers.com] - Reflected XSS in /dGPS3/default.jsp'
17 Jun 2020 timeline
b'Engel & V\xc3\xb6lkers Technology GmbH' disclosed a bug submitted by b'j_m' 
b'[www.go3.engelvoelkers.com] - Reflected XSS in /dGPS3/default.jsp'
17 Jun 2020 timeline
b'Engel & V\xc3\xb6lkers Technology GmbH' disclosed a bug submitted by b'0xd0ff' 
b'XSS reflected in https://tableau.engelvoelkers.com/'
17 Jun 2020 timeline
b'Razer' disclosed a bug submitted by b's3cr3tsdn' 
b'???? OS Command Injection at https://sea-web.gold.razer.com/lab/ws-lookup via IP parameter'
17 Jun 2020 timeline
b'Starbucks' disclosed a bug submitted by b'neweq' 
b'Default credentials for the temporary POC site alipoc.stg.starbucks.com.cn permitted WAF bypass and RCE'
16 Jun 2020 timeline
b'Starbucks' disclosed a bug submitted by b'zlz' 
b'Misuse of an authentication cookie combined with a path traversal on app.starbucks.com permitted access to restricted data'
16 Jun 2020 timeline
b'Starbucks' disclosed a bug submitted by b'bayotop' 
b'Reflected DOM XSS on www.starbucks.co.uk'
16 Jun 2020 timeline
b'Starbucks' disclosed a bug submitted by b'bayotop' 
b'Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486)'
16 Jun 2020 timeline
b'Helium' disclosed a bug submitted by b'error___404' 
b'unpermitted user can change the device name of admin account'
16 Jun 2020 timeline
b'Ruby on Rails' disclosed a bug submitted by b'fletchto99' 
b'Rack parses encoded cookie names allowing an attacker to send malicious `__Host-` and `__Secure-` prefixed cookies'
16 Jun 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[devcert] Command Injection via insecure command formatting'
15 Jun 2020 timeline
b'Rocket.Chat' disclosed a bug submitted by b'elfiman' 
b'account takeover on 3.0.1 version'
14 Jun 2020 timeline
1 ... 325 326 327 328 329 ... 768
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM