REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'HackerOne'
disclosed a bug submitted by
b'haxta4ok00'
b'Discrepancy in hacker profile report count may reveal existence of a private program by publishing a report'
24 Apr 2019
b'Lob'
disclosed a bug submitted by
b'ajxchapman'
b'Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE'
23 Apr 2019
b'Zendesk'
disclosed a bug submitted by
b'rubyroobs'
b'Leaked artifactory_api_key via GitHub.'
23 Apr 2019
b'Zendesk'
disclosed a bug submitted by
b'rubyroobs'
b'Leaked artifactory_key, artifactory_api_key, and gcloud refresh_token via GitHub.'
23 Apr 2019
b'Revive Adserver'
disclosed a bug submitted by
b'mbeccati'
b'Deserialization of Untrusted Data in www/delivery/adxmlrpc.php'
23 Apr 2019
b'Revive Adserver'
disclosed a bug submitted by
b'mbeccati'
b'Deserialization of Untrusted Data in www/delivery/dxmlrpc.php'
23 Apr 2019
b'Revive Adserver'
disclosed a bug submitted by
b'sumni'
b'Open redirect in switch account functionality'
23 Apr 2019
b'Grammarly'
disclosed a bug submitted by
b'metnew'
b'`open-url` command allows opening unlimited number of tabs pointing to arbitrary URLs'
23 Apr 2019
b'HackerOne'
disclosed a bug submitted by
b'spaceraccoon'
b'Unreleased CTF Levels are Revealed on /group/user/ID1?user=USERID endpoint'
23 Apr 2019
b'Shipt'
disclosed a bug submitted by
b'mdspr99'
b'Sensitive Clickjacking on admin login page.'
22 Apr 2019
b'Monero'
disclosed a bug submitted by
b'organdonor1'
b'RingCT malformed tx prevents target from being able to sweep balance'
20 Apr 2019
b'GitLab'
disclosed a bug submitted by
b'jobert'
b'JSON serialization of any Project model results in all Runner tokens being exposed through Quick Actions'
20 Apr 2019
b'concrete5'
disclosed a bug submitted by
b'hexife'
b'SVG file that HTML Included is able to upload via File Manager'
20 Apr 2019
b'HackerOne'
disclosed a bug submitted by
b'constructor2019'
b'Homograph attack in escalate report'
19 Apr 2019
b'Twitter'
disclosed a bug submitted by
b'terjanq'
b'Protected tweets exposure through the URL'
19 Apr 2019
b'GitLab'
disclosed a bug submitted by
b'rijalrojan'
b'Full access to internal Gitlab instances at redash.gitlab.com, dashboards.gitlab.com, prometheus.gitlab.com'
19 Apr 2019
b'Shopify'
disclosed a bug submitted by
b'filedescriptor'
b'H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing'
17 Apr 2019
b'Nextcloud'
disclosed a bug submitted by
b'foobar7'
b'Talk / spreed: Disclosure of Room names and participants for password protected rooms'
17 Apr 2019
b'Central Security Project'
disclosed a bug submitted by
b'amassey'
b'c3p0 may be exploited by a Billion Laughs Attack when loading XML configuration'
16 Apr 2019
b'Zomato'
disclosed a bug submitted by
b'pasw'
b'[api.zomato.com] Able to manipulate order amount'
16 Apr 2019
1
...
356
357
358
359
360
...
691
BY DENIS WERNER - @NOBBD -
IMPRESSUM