the unofficial HackerOne disclosure timeline.

X
b'Twitter' disclosed a bug submitted by b'lorenznickel' 
b"Twitter Source Label allow 'mongolian vowel separator' U+180E (app name)"
21 Feb 2020 timeline
b'Twitter' disclosed a bug submitted by b'jubabaghdad' 
b'Reflected XSS in twitterflightschool.com'
21 Feb 2020 timeline
b'HackerOne' disclosed a bug submitted by b'japz' 
b'"Bounties paid in the last 90 days" discloses the undisclosed bounty amount in program statistics'
21 Feb 2020 timeline
b'NordVPN' disclosed a bug submitted by b'hexgold' 
b'Race condition (TOCTOU) in NordVPN can result in local privilege escalation'
21 Feb 2020 timeline
b'NordVPN' disclosed a bug submitted by b'aplis' 
b'Email address is not validated, No Rate Limit and RCE On Forgot Password Page Of affiliates.nordvpn.com'
21 Feb 2020 timeline
b'NordVPN' disclosed a bug submitted by b'kiriknik' 
b'Html Injection and Possible XSS in main nordvpn.com domain'
21 Feb 2020 timeline
b'NordVPN' disclosed a bug submitted by b'hridoy-ahmed' 
b'Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information'
21 Feb 2020 timeline
b'NordVPN' disclosed a bug submitted by b'zaitunoil' 
b'Past payments using the Direct Debit method keep subscriptions active even if payments fail'
21 Feb 2020 timeline
b'NordVPN' disclosed a bug submitted by b'hassancypher' 
b'Host header injection/redirection | signup and login page'
21 Feb 2020 timeline
b'NordVPN' disclosed a bug submitted by b'shardulb_23' 
b'CORS Misconfiguration on nordvpn.com leading to Private Information Disclosure,Account takeover'
21 Feb 2020 timeline
b'RATELIMITED' disclosed a bug submitted by b'miguel_santareno' 
b'Cross Site Request Forgery in auth in https://auth.ratelimited.me/'
21 Feb 2020 timeline
b'NordVPN' disclosed a bug submitted by b'x54xc3' 
b'nordvpn Linux Desktop executable application does not use pie / no ASLR'
21 Feb 2020 timeline
b'HackerOne' disclosed a bug submitted by b'msdian7' 
b'Email address of any user can be queried on Report Invitation GraphQL type when username is known'
20 Feb 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'zhutyra' 
b'SSRF - Image Sources in HTML Snippets - 727234 bypass'
20 Feb 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'zhutyra' 
b'Unchecked URL in attachment datasource'
20 Feb 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'zhutyra' 
b'SSRF - URL Attachments - 725307 bypass'
20 Feb 2020 timeline
b'Nextcloud' disclosed a bug submitted by b'mayankraheja069' 
b'Email Spoofing'
20 Feb 2020 timeline
b'Valve' disclosed a bug submitted by b'xpaw' 
b'GetGlobalAchievementPercentagesForApp is missing the same release checks as GetSchemaForGame'
19 Feb 2020 timeline
b'WakaTime' disclosed a bug submitted by b'phhitachi' 
b'Broken Authentication and session management OWASP A2'
19 Feb 2020 timeline
b'Stripo Inc' disclosed a bug submitted by b'pain45' 
b'SSRF & unrestricted file upload on https://my.stripo.email/'
19 Feb 2020 timeline
1 ... 358 359 360 361 362 ... 769
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM