REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
114
geeknik
70
linkks
69
sp1d3rs
61
jobert
50
guido
45
bl4de
41
ryat
40
bigbear_
38
zombiehelp54
37
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
HackerOne
disclosed a bug submitted by
anand_m
Change Any username and profile link in hackerone
25 Sep 2014
C2FO
disclosed a bug submitted by
faisalahmed
All Active user sessions should be destroyed when user change his password!
23 Sep 2014
Twitter
disclosed a bug submitted by
vineet
Captcha bypass with extension at http://www.mopub.com/about/contact/
22 Sep 2014
wont-fix
Square
disclosed a bug submitted by
pranav_hivarekar
CSRF login
21 Sep 2014
wont-fix
concrete5
disclosed a bug submitted by
robin
broken authentication
21 Sep 2014
Phabricator
disclosed a bug submitted by
shahmeer_amir
Content Spoofing through URL
20 Sep 2014
wont-fix
Mail.Ru
disclosed a bug submitted by
vineet
(m.mail.ru) Password type input with auto-complete enabled
19 Sep 2014
wont-fix
Mavenlink
disclosed a bug submitted by
vineet
Clickjacking & CSRF attack can be done at https://app.mavenlink.com/login
19 Sep 2014
Mavenlink
disclosed a bug submitted by
vineet
Clickjacking at https://www.mavenlink.com/ main website
19 Sep 2014
Detectify
disclosed a bug submitted by
mohdhaji87
Password reset link not validated.
19 Sep 2014
CloudFlare
disclosed a bug submitted by
mohdhaji87
User can request for password reset link without giving his website, eventhough he have it
19 Sep 2014
wont-fix
CloudFlare
disclosed a bug submitted by
jpsecurityresearch
Apache mod_negotiation filename bruteforcing
19 Sep 2014
wont-fix
WePay
disclosed a bug submitted by
pranav_hivarekar
CSRF (Make email primary) may lead to account compromise
19 Sep 2014
The Internet
disclosed a bug submitted by
kaeso
Multiple issues in looking-glass software (aka from web to BGP injections)
17 Sep 2014
Phabricator
disclosed a bug submitted by
sehacure
Open redirection on secure.phabricator.com
17 Sep 2014
Mail.Ru
disclosed a bug submitted by
bigbear
Reflected XSS in User-Agent
16 Sep 2014
Khan Academy
disclosed a bug submitted by
bigbear
Suffix of url-path is vulnerable to XSS-attack
16 Sep 2014
Detectify
disclosed a bug submitted by
shahmeer_amir
Cookie manipulation does not log attacker out of the session
16 Sep 2014
wont-fix
Mail.Ru
disclosed a bug submitted by
bigbear
SQL Injection on 11x11.mail.ru
16 Sep 2014
RelateIQ
disclosed a bug submitted by
shahmeer_amir
Resubmitted with POC #18685 Password reset CSRF
16 Sep 2014
1
...
354
355
356
357
358
...
385
BY DENIS WERNER - @NOBBD -
IMPRESSUM
