REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
81
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
60
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'GitLab'
disclosed a bug submitted by
b'ngalog'
b'Bypass Email Verification using Salesforce -- Reproducible in gitlab.com'
13 Dec 2019
b'Vimeo'
disclosed a bug submitted by
b'dphoeniixx'
b'SSRF leaking internal google cloud data through upload function [SSH Keys, etc..]'
13 Dec 2019
b'Phabricator'
disclosed a bug submitted by
b'sectex'
b'Markdown parsing issue enables insertion of malicious tags'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'logan5'
b'Blocked user Git access through CI/CD token'
13 Dec 2019
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b'IDOR in Bugs overview enables attacker to determine the date range a hackathon was active'
13 Dec 2019
b'HackerOne'
disclosed a bug submitted by
b'ninetynine'
b'ActiveStorage throws exception when using whitespace as filename, may lead to denial of service of multiple pages'
13 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`open` concatenates unsanitized input into exec() command'
13 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`rgb2hex` is vulnerable to ReDoS when parsing crafted invalid colors'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'xanbanx'
b'Container scanning and Dependency scanning report leaked to unauthorized users'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'xanbanx'
b'Head pipeline leaked to unauthorized users via blocking merge request feature'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'ngalog'
b'Private System Note Disclosure using GraphQL'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'uzsunny9'
b'Project Milestones Disclosed Via Groups When the Victim disabled milestones access in project settings'
13 Dec 2019
b'LocalTapiola'
disclosed a bug submitted by
b'muon4'
b'CORS misconfiguration allows to steal client\'s "password", Authorization token and the customer details e.g. names, SSN, bank account etc.'
13 Dec 2019
b'Starbucks'
disclosed a bug submitted by
b'l00ph0le'
b'Store Development Resource Center was vulnerable to a Remote Code Execution - Unauthenticated Remote Command Injection (CVE-2019-0604)'
12 Dec 2019
b'Starbucks'
disclosed a bug submitted by
b'gnux'
b"Reflected XSS on card.starbucks.com.sg/unsubRevert.php via the 'ct' Parameter"
12 Dec 2019
b'Starbucks'
disclosed a bug submitted by
b'gnux'
b"Reflected XSS on card.starbucks.com.sg/unsub.php via the 'ct' Parameter"
12 Dec 2019
b'Starbucks'
disclosed a bug submitted by
b'nukedx'
b'Bulgaria - Subdomain takeover of mail.starbucks.bg'
12 Dec 2019
b'Starbucks'
disclosed a bug submitted by
b'mr_intrusionist'
b'India - An Insecure Direct Object Reference (IDOR) allowed unauthorized access to view card index number and monetary balance'
12 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'ajxchapman'
b'GitLab::UrlBlocker validation bypass leading to full Server Side Request Forgery'
12 Dec 2019
b'Nextcloud'
disclosed a bug submitted by
b'foobar7'
b'Persistent XSS on favorite via filename'
12 Dec 2019
1
...
338
339
340
341
342
...
733
BY DENIS WERNER - @NOBBD -
IMPRESSUM