REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
58
b'ooooooo_q'
52
b'haxta4ok00'
49
b'jon_bottarini'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'GitLab'
disclosed a bug submitted by
b'yvvdwf'
b'Stored-XSS injected in Wiki page via Banzai pipeline'
28 May 2024
b'TikTok'
disclosed a bug submitted by
b'fr4via'
b'Lynxview JS interfaces Takeover via deeplink traversal'
24 May 2024
b'Teleport'
disclosed a bug submitted by
b'el1g0ld8m1th'
b'SSRF in region parameter that leads to AWS Teleport role AWS account takeover'
24 May 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'svalkanov'
b'[CVE-2024-26146] Header Parsing leads to Possible Denial of Service Vulnerability'
24 May 2024
b'HackerOne'
disclosed a bug submitted by
b'iambouali'
b'Inadequate redaction exposes sensitive information via the ShareReportViaEmail" GraphQL endpoint'
24 May 2024
b'HackerOne'
disclosed a bug submitted by
b'bate5a'
b'Insecure Direct Object Reference (IDOR) Allows Viewing Private Report Details via /bugs.json Endpoint'
23 May 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'svalkanov'
b'[CVE-2024-26142] ReDoS vulnerability in Accept header parsing in Action Dispatch '
22 May 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'svalkanov'
b'[CVE-2024-25126] Denial of Service Vulnerability in Rack Content-Type Parsing'
22 May 2024
b'Doppler'
disclosed a bug submitted by
b'zig_shark'
b'Acquisition on broken link listed on the page "https://docs.doppler.com/docs/removal-deprecated-packages-scripts in [scheduling a call]'
22 May 2024
b'HackerOne'
disclosed a bug submitted by
b'callmed0_4'
b'Able to Create Testimonials for myself using Sandbox'
22 May 2024
b'Nextcloud'
disclosed a bug submitted by
b'axosolaman'
b'Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com'
22 May 2024
b'Automattic'
disclosed a bug submitted by
b'xurizaemon0'
b'Authentication & Registration Bypass in Newspack Extended Access'
20 May 2024
b'PortSwigger Web Security'
disclosed a bug submitted by
b'osama-hamad'
b'A user with only [MODIFY_SETTINGS] permmision could takeover any user accounts'
20 May 2024
b'PortSwigger Web Security'
disclosed a bug submitted by
b'osama-hamad'
b'Changing the administrator password via admin console does not invalidate other sessions'
20 May 2024
b'Yahoo!'
disclosed a bug submitted by
b'agarri_fr'
b'YQL: From CR/LF injection to root compromise'
15 May 2024
b'Yahoo!'
disclosed a bug submitted by
b'agarri_fr'
b'Out-of-band read of arbitrary ASCII files on YQL backend servers via XML external parameter entities'
15 May 2024
b'Yahoo!'
disclosed a bug submitted by
b'agarri_fr'
b'Read arbitrary ASCII files on YQL backend servers via XSLT unparsed-entity-uri() and parameter entities'
15 May 2024
b'Yahoo!'
disclosed a bug submitted by
b'agarri_fr'
b'Read arbitrary XML files on YQL backend servers via XSLT document()'
15 May 2024
b'Yahoo!'
disclosed a bug submitted by
b'agarri_fr'
b'Code execution in "ymon" WebService, reached after bypassing the anti-loopback blacklist through YQL and HTTP redirects'
15 May 2024
b'Yahoo!'
disclosed a bug submitted by
b'claimingsouls'
b'Bitly link takeover '
15 May 2024
1
...
33
34
35
36
37
...
729
BY DENIS WERNER - @NOBBD -
IMPRESSUM
