REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'Shell command injection in https://partner.steamgames.com/admin/game/publish/ via screenshot URL'
30 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'Shell command injection in https://partner.steamgames.com/bundles/savestore/ via overwriting asset_path_identifier'
30 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'Shell command injection in https://partner.steamgames.com/apps/communityitems/ via file extension of item_image_small and item_image_large'
30 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'SQL injection in /errors/viewbuild/'
30 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'/applications/dpc_(get|post) provide full access to api.steampowered.com with the Dota2 API key'
30 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'WG call injection in /economy/contextcommand'
30 Jul 2024
b'Valve'
disclosed a bug submitted by
b'njbooher'
b'RCE on partner.steampowered.com'
30 Jul 2024
b'Zomato'
disclosed a bug submitted by
b'suryesh_92'
b'OTP Bypass via Response Manipulation'
30 Jul 2024
b'Shopify'
disclosed a bug submitted by
b'g0lden1'
b'Exposure of shopify employee summit page allows anonymous user to place orders for free books'
29 Jul 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'renzi'
b'Open Akamai ARL XSS on http://master-config-'
26 Jul 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'renzi'
b'Open Akamai ARL XSS on http://media.'
26 Jul 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'cleanchain50'
b' (Android): Vulnerable to Javascript Injection and Open redirect'
26 Jul 2024
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'martinvw'
b'Subdomain takeover '
26 Jul 2024
b'Mozilla'
disclosed a bug submitted by
b'd0xing'
b'Subdomain takeover on one of the subdomains under mozaws.net'
25 Jul 2024
b'Mozilla'
disclosed a bug submitted by
b'd0xing'
b'Subdomain takeover on one of the subdomains under mozaws.net'
25 Jul 2024
b'curl'
disclosed a bug submitted by
b'z2_'
b'CVE-2024-6197: freeing stack buffer in utf8asn1str'
24 Jul 2024
b'curl'
disclosed a bug submitted by
b'z2_'
b'CVE-2024-6874: macidn punycode buffer overread'
24 Jul 2024
b'GitHub'
disclosed a bug submitted by
b'ahacker1'
b'View private repository NWO of deploy key via internal LFS API'
23 Jul 2024
b'MercadoLibre'
disclosed a bug submitted by
b'madara_'
b'Reflected Cross Site Scripting'
23 Jul 2024
b'HackerOne'
disclosed a bug submitted by
b'tedix'
b'Payload delivery via Social Media urls on H1 profile'
23 Jul 2024
1
...
34
35
36
37
38
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM
