REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Mail.ru'
disclosed a bug submitted by
b'r0hack'
b'Account Takeover at worki.ru'
17 Dec 2019
b'Mail.ru'
disclosed a bug submitted by
b'agametov'
b'IDOR ? ?????? ????????????? ?? ?????? ? relap.io'
17 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'vakzz'
b'Cross-site Scripting (XSS) - Stored in RDoc wiki pages'
16 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'vakzz'
b"Git flag injection - Search API with scope 'blobs' "
15 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'rugged_info'
b'Lack of input validation and sanitization in react-autolinker-wrapper library causes XSS '
15 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'rpadovani'
b'Group search leaks private MRs, code, commits'
14 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'rpadovani'
b'Group search with Elastic search enable leaks unrelated data'
14 Dec 2019
b'Imgur'
disclosed a bug submitted by
b'soheilkhodayari'
b'De-anonymization Attack: Cross Site Information Leakage'
14 Dec 2019
b'Polymail, Inc.'
disclosed a bug submitted by
b'bluebert'
b'Bug in OAuth Success Redirect URI Validation'
13 Dec 2019
b'Twitter'
disclosed a bug submitted by
b'jlleitschuh'
b'[Twitter Open Source] Releases were & are built/executed/tested/released in the context of insecure/untrusted code'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'ngalog'
b'Bypass Email Verification using Salesforce -- Reproducible in gitlab.com'
13 Dec 2019
b'Vimeo'
disclosed a bug submitted by
b'dphoeniixx'
b'SSRF leaking internal google cloud data through upload function [SSH Keys, etc..]'
13 Dec 2019
b'Phabricator'
disclosed a bug submitted by
b'sectex'
b'Markdown parsing issue enables insertion of malicious tags'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'logan5'
b'Blocked user Git access through CI/CD token'
13 Dec 2019
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b'IDOR in Bugs overview enables attacker to determine the date range a hackathon was active'
13 Dec 2019
b'HackerOne'
disclosed a bug submitted by
b'ninetynine'
b'ActiveStorage throws exception when using whitespace as filename, may lead to denial of service of multiple pages'
13 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`open` concatenates unsanitized input into exec() command'
13 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`rgb2hex` is vulnerable to ReDoS when parsing crafted invalid colors'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'xanbanx'
b'Container scanning and Dependency scanning report leaked to unauthorized users'
13 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'xanbanx'
b'Head pipeline leaked to unauthorized users via blocking merge request feature'
13 Dec 2019
1
...
342
343
344
345
346
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM