the unofficial HackerOne disclosure timeline.

X
b'Slack' disclosed a bug submitted by b'jhancock' 
b'Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation'
01 Apr 2020 timeline
b'Razer' disclosed a bug submitted by b'sambal0x' 
b'[Razer Pay] Broken Access Control at /v1/verifyPhone/ allows enumeration of usernames and ID information'
01 Apr 2020 timeline
b'Razer' disclosed a bug submitted by b'p3rr0' 
b'Access to support tickets and payment history, impersonate razer support staff'
01 Apr 2020 timeline
b'Shopify' disclosed a bug submitted by b'ngalog' 
b'[Part II] Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation'
01 Apr 2020 timeline
b'Shopify' disclosed a bug submitted by b'ngalog' 
b'Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO'
01 Apr 2020 timeline
b'Shopify' disclosed a bug submitted by b'ngalog' 
b'Able to Takeover Merchants Accounts Even They Have Already Setup SSO, After Bypassing the Email Confirmation'
01 Apr 2020 timeline
b'Ubiquiti Inc.' disclosed a bug submitted by b'ajxchapman' 
b'UniFi Video web interface Configuration Restore user privilege escalation'
01 Apr 2020 timeline
b'Ubiquiti Inc.' disclosed a bug submitted by b'ajxchapman' 
b'UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise'
01 Apr 2020 timeline
b'Starbucks' disclosed a bug submitted by b'neweq' 
b'China - Leaked credentials permitted a limited ability to create Starbucks coupons and cards'
01 Apr 2020 timeline
b'Ubiquiti Inc.' disclosed a bug submitted by b'b0yd' 
b'UniFi Video v3.10.1 (Windows) Local Privileges Escalation to SYSTEM from arbitrary filedelete and DLL hijack vulnerabilities.'
01 Apr 2020 timeline
b'Starbucks' disclosed a bug submitted by b'0xpatrik' 
b'China \xe2\x80\x93 Limited Partner PII Regarding Work Scheduling via Unauthenticated API Endpoint'
01 Apr 2020 timeline
b'Rocket.Chat' disclosed a bug submitted by b'codermak' 
b'API Keys Hardcoded in Github repository'
01 Apr 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'catenacyber' 
b'Buffer over-reads in i_stream_zlib_read'
01 Apr 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'catenacyber' 
b' Null pointer dereference in SMTP server function smtp_command_parse_data_with_size'
01 Apr 2020 timeline
b'Endless Hosting' disclosed a bug submitted by b'pr3r00t' 
b'Lets Encrypt Certificates affected by CAA Rechecking Incident'
01 Apr 2020 timeline
b'lemlist' disclosed a bug submitted by b'ctulhu' 
b'Unrestricted File Upload on https://app.lemlist.com'
01 Apr 2020 timeline
b'Visma Bug Bounty Program' disclosed a bug submitted by b'hamzaavvvan' 
b'Open Redirection In connect.identity.stagaws.visma.com'
01 Apr 2020 timeline
b'Nextcloud' disclosed a bug submitted by b'rcejules' 
b'potential RCE and XSS via file upload requiring user account and default settings'
01 Apr 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'chiraggupta8769-' 
b'Self XSS via help.mail.ru interface'
01 Apr 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'haxta4ok00' 
b'[cfire.mail.ru] Time Based SQL Injection 2'
01 Apr 2020 timeline
1 ... 344 345 346 347 348 ... 766
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM