REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Discourse'
disclosed a bug submitted by
b'karimpwnz'
b"Employee's GitHub Token Found In Travis CI Build Logs"
25 Apr 2019
b'Khan Academy'
disclosed a bug submitted by
b'tom2468101214'
b'Users can make accounts with a fake email address.'
25 Apr 2019
b'Twitter'
disclosed a bug submitted by
b'filedescriptor'
b'[Urgent] Invalidating OAuth2 Bearer token makes TweetDeck unavailable'
25 Apr 2019
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b"Moving a report to a different program doesn't reassign the Custom Field Values"
25 Apr 2019
b'Alliance of American Football '
disclosed a bug submitted by
b'gujjuboy10x00'
b'attacker can book unlimited tickets in free at https://aaf.com/checkout/order-received/21237/?key=wc_order_5bbef48fa35b2'
25 Apr 2019
b'Shopify'
disclosed a bug submitted by
b'filedescriptor'
b'H1514 Session Fixation on multiple shopify-built apps on *.shopifycloud.com and *.shopifyapps.com'
25 Apr 2019
b'Shopify'
disclosed a bug submitted by
b'fisher'
b'H1514 Lack of access control on edit packing slip template'
24 Apr 2019
b'Shopify'
disclosed a bug submitted by
b'anshuman_bh'
b'H1514 Ability to Edit Packaging Slip Templates and View Product & Shipping Information by a low privileged staff in a Sandbox Store'
24 Apr 2019
b'HackerOne'
disclosed a bug submitted by
b'haxta4ok00'
b'Discrepancy in hacker profile report count may reveal existence of a private program by publishing a report'
24 Apr 2019
b'Lob'
disclosed a bug submitted by
b'ajxchapman'
b'Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE'
23 Apr 2019
b'Zendesk'
disclosed a bug submitted by
b'rubyroobs'
b'Leaked artifactory_api_key via GitHub.'
23 Apr 2019
b'Zendesk'
disclosed a bug submitted by
b'rubyroobs'
b'Leaked artifactory_key, artifactory_api_key, and gcloud refresh_token via GitHub.'
23 Apr 2019
b'Revive Adserver'
disclosed a bug submitted by
b'mbeccati'
b'Deserialization of Untrusted Data in www/delivery/adxmlrpc.php'
23 Apr 2019
b'Revive Adserver'
disclosed a bug submitted by
b'mbeccati'
b'Deserialization of Untrusted Data in www/delivery/dxmlrpc.php'
23 Apr 2019
b'Revive Adserver'
disclosed a bug submitted by
b'sumni'
b'Open redirect in switch account functionality'
23 Apr 2019
b'Grammarly'
disclosed a bug submitted by
b'metnew'
b'`open-url` command allows opening unlimited number of tabs pointing to arbitrary URLs'
23 Apr 2019
b'HackerOne'
disclosed a bug submitted by
b'spaceraccoon'
b'Unreleased CTF Levels are Revealed on /group/user/ID1?user=USERID endpoint'
23 Apr 2019
b'Shipt'
disclosed a bug submitted by
b'mdspr99'
b'Sensitive Clickjacking on admin login page.'
22 Apr 2019
b'Monero'
disclosed a bug submitted by
b'organdonor1'
b'RingCT malformed tx prevents target from being able to sweep balance'
20 Apr 2019
b'GitLab'
disclosed a bug submitted by
b'jobert'
b'JSON serialization of any Project model results in all Runner tokens being exposed through Quick Actions'
20 Apr 2019
1
...
357
358
359
360
361
...
692
BY DENIS WERNER - @NOBBD -
IMPRESSUM