REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'concrete5'
disclosed a bug submitted by
b'arcturian'
b'Unauthenticated reflected XSS in preview_as_user function'
06 Dec 2019
b'Zomato'
disclosed a bug submitted by
b'mchinmoy'
b'Zomato Map server going out of memory while resizing map image'
05 Dec 2019
b'Razer'
disclosed a bug submitted by
b'dhakal_ananda'
b'OTP token bypass in accessing user settings'
05 Dec 2019
b'Razer'
disclosed a bug submitted by
b'so_h1'
b'[razer-assets2] Listing of Amazon S3 Bucket accessible to any AWS cli '
05 Dec 2019
b'Razer'
disclosed a bug submitted by
b'iamsahana'
b'Insecure Logging - OWASP (2016-M2)'
05 Dec 2019
b'Razer'
disclosed a bug submitted by
b'klaue'
b'Accessible Druid Monitor console on https://api.pay-staging.razer.com/'
05 Dec 2019
b'Razer'
disclosed a bug submitted by
b'cccaaasser'
b'DLL Hijacking in Synapse 2 CrashSender1402.exe via version.dll'
05 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'vineetpandey'
b'Path traversal in https://www.npmjs.com/package/http_server via symlink'
04 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'mik317'
b'[tree-kill] RCE via insecure command concatenation (only Windows)'
04 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'spengietz'
b'Lodash "difference" (possibly others) Function Denial of Service Through Unvalidated Input'
04 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'mik317'
b'[treekill] RCE via insecure command concatenation (only Windows)'
04 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'bl4de'
b'`indexFile` option passed as an argument to node-server can lead to arbitrary file read'
04 Dec 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'mik317'
b'[node-df] RCE via insecure command concatenation'
04 Dec 2019
b'Grammarly'
disclosed a bug submitted by
b'k4r4koyun'
b'Account takeover through the combination of cookie manipulation and XSS'
03 Dec 2019
b'HackerOne'
disclosed a bug submitted by
b'haxta4ok00'
b'Account takeover via leaked session cookie'
03 Dec 2019
b'Imgur'
disclosed a bug submitted by
b'alishah'
b'Password Reset Link not expiring after changing the email Leads To Account Takeover'
03 Dec 2019
b'GitLab'
disclosed a bug submitted by
b'rpadovani'
b'GraphQL query "namespace" leaks data'
03 Dec 2019
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'00utsav00'
b'http://????/data.json showing users sensitive information via json file'
02 Dec 2019
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'hexdump'
b'[Partial] SSN & [PII] exposed through iPERMs Presentation Slide.'
02 Dec 2019
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'usamasood'
b'[?????] \xe2\x80\x94 DOM-based XSS on endpoint `/?s=`'
02 Dec 2019
1
...
345
346
347
348
349
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM