REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
58
b'ooooooo_q'
52
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Perl (IBB)'
disclosed a bug submitted by
b'tmnt53'
b'Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) could lead to memory leak'
24 Oct 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'bl4de'
b'Command Injection due to lack of sanitisation of tar.gz filename passed as an argument to pm2.install() function'
24 Oct 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'bl4de'
b'Command Injection in npm module name passed as an argument to pm2.install() function'
24 Oct 2019
b'Dovecot'
disclosed a bug submitted by
b'nick_roessler'
b'Memory corruption in imap-parser.c'
24 Oct 2019
b'PayPal'
disclosed a bug submitted by
b'albinowax'
b'DoS on PayPal via web cache poisoning'
23 Oct 2019
b'Mail.ru'
disclosed a bug submitted by
b'elmahdi'
b'[ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File'
23 Oct 2019
b'HackerOne'
disclosed a bug submitted by
b'unknown_person'
b'Private program disclosure via `vpn_suspended` GraphQL query'
21 Oct 2019
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b'Any user with access to program can resume and suspend HackerOne Gateway'
21 Oct 2019
b'Automattic'
disclosed a bug submitted by
b'poutine_hero'
b'Stored XSS vulnerability in comments on *.wordpress.com'
21 Oct 2019
b'Automattic'
disclosed a bug submitted by
b'mygf'
b'Stored Self XSS on https://app.crowdsignal.com (in Photo Insert App) + Stored XSS on https://*your-subdomain*.survey.fm'
21 Oct 2019
b'PHP (IBB)'
disclosed a bug submitted by
b'md4'
b'Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c'
21 Oct 2019
b'Semmle'
disclosed a bug submitted by
b'testanull'
b'Worker container escape lead to arbitrary file reading in host machine [again]'
21 Oct 2019
b'Python (IBB)'
disclosed a bug submitted by
b'longwenzhang'
b'A reflected XSS in python/Lib/DocXMLRPCServer.py'
19 Oct 2019
b'Flash (IBB)'
disclosed a bug submitted by
b'jouko'
b'Internet-based attacker can run Flash apps in local sandboxes by using special URL schemes (PSIRT-3299, CVE-2015-3079)'
18 Oct 2019
b'Flash (IBB)'
disclosed a bug submitted by
b'jouko'
b'Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298'
18 Oct 2019
b'Flash (IBB)'
disclosed a bug submitted by
b'jouko'
b'Double free vulnerability in Flash Player Settings Manager (CVE-2015-0346)'
18 Oct 2019
b'Flash (IBB)'
disclosed a bug submitted by
b'irsdl'
b'Flash \xe2\x80\x9clocal-with-filesystem\xe2\x80\x9d Bypass in navigateToURL'
17 Oct 2019
b'MyCrypto'
disclosed a bug submitted by
b'whitehacker18'
b'URL is vulnerable to clickjacking'
17 Oct 2019
b'Rocket.Chat'
disclosed a bug submitted by
b'w2w'
b'Blind SQL injection in third-party software, that allows to reveal user statistic from rocket.chat and possibly hack into the rocketchat.agilecrm.com'
17 Oct 2019
b'Nextcloud'
disclosed a bug submitted by
b'sohelahmed786'
b'Exposing debug.log file leads to server full path disclosure'
17 Oct 2019
1
...
354
355
356
357
358
...
730
BY DENIS WERNER - @NOBBD -
IMPRESSUM
