REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
114
geeknik
70
linkks
69
sp1d3rs
61
jobert
50
guido
45
bl4de
41
ryat
40
bigbear_
38
zombiehelp54
37
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
Flash
disclosed a bug submitted by
hhj4ck
Adobe Flash Player MP4 Use-After-Free Vulnerability
11 Mar 2015
Coinbase
disclosed a bug submitted by
prashanthvarma
open authentication bug
11 Mar 2015
HackerOne
disclosed a bug submitted by
dragonfly
Auto Approval of Invitation to join Team as a Team member
11 Mar 2015
Vimeo
disclosed a bug submitted by
satishb3
A user can edit comments even after video comments are disabled
11 Mar 2015
Vimeo
disclosed a bug submitted by
satishb3
A user can post comments on other user's private videos
11 Mar 2015
Slack
disclosed a bug submitted by
atom
Stored XSS in Slack.com
09 Mar 2015
Vimeo
disclosed a bug submitted by
dekeeu
Vimeo.com - reflected xss vulnerability
09 Mar 2015
Twitter
disclosed a bug submitted by
satishb3
fabric.io - app member can make himself an admin
09 Mar 2015
Twitter
disclosed a bug submitted by
satishb3
Fabric.io - an app admin can delete team members from other user apps
09 Mar 2015
Vimeo
disclosed a bug submitted by
dekeeu
player.vimeo.com - Reflected XSS Vulnerability
09 Mar 2015
Twitter
disclosed a bug submitted by
wesecureapp
XSS in original referrer after follow
09 Mar 2015
Phabricator
disclosed a bug submitted by
haquaman
Server Side Request Forgery in macro creation
09 Mar 2015
wont-fix
InVision
disclosed a bug submitted by
root_z3r0
Password reset tokens is valid after changing the password by logging in the account
08 Mar 2015
wont-fix
HackerOne
disclosed a bug submitted by
srkgupta
HTTPS is not enforced for objects stored by HackerOne on Amazon S3
08 Mar 2015
Vimeo
disclosed a bug submitted by
a7medel-ma7alawy
Full account takeover via Add a New Email to account without email verified and without password confirmation.
06 Mar 2015
wont-fix
Vimeo
disclosed a bug submitted by
shahmeer_amir
Poodle bleed vulnerability in cloud sub domain
05 Mar 2015
Dropbox
disclosed a bug submitted by
nishantagarwala
Unvalidated Redirects and Stored XSS
05 Mar 2015
wont-fix
Mobile Vikings
disclosed a bug submitted by
4lemon
Stored XSS in Direct debit name
04 Mar 2015
Mobile Vikings
disclosed a bug submitted by
4lemon
Number, username and name disclosure
04 Mar 2015
Mobile Vikings
disclosed a bug submitted by
4lemon
Reflected xss in user name thru cookie
04 Mar 2015
1
...
343
344
345
346
347
...
385
BY DENIS WERNER - @NOBBD -
IMPRESSUM
