REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Twitter'
disclosed a bug submitted by
b'lorenznickel'
b"Twitter Source Label allow 'mongolian vowel separator' U+180E (app name)"
21 Feb 2020
b'Twitter'
disclosed a bug submitted by
b'jubabaghdad'
b'Reflected XSS in twitterflightschool.com'
21 Feb 2020
b'HackerOne'
disclosed a bug submitted by
b'japz'
b'"Bounties paid in the last 90 days" discloses the undisclosed bounty amount in program statistics'
21 Feb 2020
b'NordVPN'
disclosed a bug submitted by
b'hexgold'
b'Race condition (TOCTOU) in NordVPN can result in local privilege escalation'
21 Feb 2020
b'NordVPN'
disclosed a bug submitted by
b'aplis'
b'Email address is not validated, No Rate Limit and RCE On Forgot Password Page Of affiliates.nordvpn.com'
21 Feb 2020
b'NordVPN'
disclosed a bug submitted by
b'kiriknik'
b'Html Injection and Possible XSS in main nordvpn.com domain'
21 Feb 2020
b'NordVPN'
disclosed a bug submitted by
b'hridoy-ahmed'
b'Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information'
21 Feb 2020
b'NordVPN'
disclosed a bug submitted by
b'zaitunoil'
b'Past payments using the Direct Debit method keep subscriptions active even if payments fail'
21 Feb 2020
b'NordVPN'
disclosed a bug submitted by
b'hassancypher'
b'Host header injection/redirection | signup and login page'
21 Feb 2020
b'NordVPN'
disclosed a bug submitted by
b'shardulb_23'
b'CORS Misconfiguration on nordvpn.com leading to Private Information Disclosure,Account takeover'
21 Feb 2020
b'RATELIMITED'
disclosed a bug submitted by
b'miguel_santareno'
b'Cross Site Request Forgery in auth in https://auth.ratelimited.me/'
21 Feb 2020
b'NordVPN'
disclosed a bug submitted by
b'x54xc3'
b'nordvpn Linux Desktop executable application does not use pie / no ASLR'
21 Feb 2020
b'HackerOne'
disclosed a bug submitted by
b'msdian7'
b'Email address of any user can be queried on Report Invitation GraphQL type when username is known'
20 Feb 2020
b'Open-Xchange'
disclosed a bug submitted by
b'zhutyra'
b'SSRF - Image Sources in HTML Snippets - 727234 bypass'
20 Feb 2020
b'Open-Xchange'
disclosed a bug submitted by
b'zhutyra'
b'Unchecked URL in attachment datasource'
20 Feb 2020
b'Open-Xchange'
disclosed a bug submitted by
b'zhutyra'
b'SSRF - URL Attachments - 725307 bypass'
20 Feb 2020
b'Nextcloud'
disclosed a bug submitted by
b'mayankraheja069'
b'Email Spoofing'
20 Feb 2020
b'Valve'
disclosed a bug submitted by
b'xpaw'
b'GetGlobalAchievementPercentagesForApp is missing the same release checks as GetSchemaForGame'
19 Feb 2020
b'WakaTime'
disclosed a bug submitted by
b'phhitachi'
b'Broken Authentication and session management OWASP A2'
19 Feb 2020
b'Stripo Inc'
disclosed a bug submitted by
b'pain45'
b'SSRF & unrestricted file upload on https://my.stripo.email/'
19 Feb 2020
1
...
358
359
360
361
362
...
769
BY DENIS WERNER - @NOBBD -
IMPRESSUM