REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
56
b'ooooooo_q'
50
b'jon_bottarini'
49
b'haxta4ok00'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Internet Bug Bounty'
disclosed a bug submitted by
b'cxshakal'
b'curl HSTS long file name clears contents '
20 Jan 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'marshallofsound'
b'ASAR Integrity bypass via filetype confusion'
20 Jan 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'ranjit_p'
b'Cookie headers are not cleared in cross-domain redirect in undici-fetch'
20 Jan 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'tniessen'
b'Path traversal through path stored in Uint8Array in Node.js 20'
20 Jan 2024
b'Mozilla Critical Services'
disclosed a bug submitted by
b'0x90security'
b'Remote code execution and exfiltration of secret tokens by poisoning the mozilla/fxa CI build cache'
20 Jan 2024
b'HackerOne'
disclosed a bug submitted by
b'aleklebio7'
b'Some limited confidential information can still be accessed after a user exits a private program'
19 Jan 2024
b'Enjin'
disclosed a bug submitted by
b'alpernae'
b'Weak Email Verification: Newly Registered Users Can Bypass Email Verification Step and Log In'
19 Jan 2024
b'Enjin'
disclosed a bug submitted by
b'alpernae'
b'Revocation API Token by Bypassing The XSRF Token'
19 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'ryotak'
b'Authentication bypass in Global Site Selector allows an attacker to log in as any user'
18 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'ryotak'
b'Improper handling of request URLs in nextcloud/guests allows guest users to bypass app allowlist'
18 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'ryotak'
b'Non-admin users can reset app allowlist to the default'
18 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'ryotak'
b'Open redirect in user_saml via RelayState parameter'
18 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'hackit_bharat'
b'Self XSS when sending HTML as a comment in the Deck app'
18 Jan 2024
b'LY Corporation'
disclosed a bug submitted by
b'mheranco'
b'Reflected XSS on https://travel.line.me'
18 Jan 2024
b'Shopify'
disclosed a bug submitted by
b'boy_child_'
b'Non-store owners can transfer Shopify-managed domain to another domain provider'
17 Jan 2024
b'Shopify'
disclosed a bug submitted by
b'archangel'
b"[h1-2102] [Oberlo] Least privileged user can cancel account owner's subscription via POST on /payments/subscribe "
17 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'taise'
b'Bruteforce protection in password verification can be bypassed'
17 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'st0nzyy'
b' Bypass password confirmation via Context-dependent access control (CDCA)'
17 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'st0nzyy'
b'Error when editing a calendar appointment returns stacktrace and query'
17 Jan 2024
b'inDrive'
disclosed a bug submitted by
b'cypher-28'
b'SSRF in https://couriers.indrive.com/api/file-storage'
16 Jan 2024
1
...
32
33
34
35
36
...
717
BY DENIS WERNER - @NOBBD -
IMPRESSUM
