REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Mail.ru'
disclosed a bug submitted by
b'secator'
b'[XSS] postMessage ? jsapi/button'
28 Oct 2019
b'Weblate'
disclosed a bug submitted by
b'fr0nk'
b'no captcha for register user and weak question attacker can spam email'
26 Oct 2019
b'Zendesk'
disclosed a bug submitted by
b'geeknik'
b'SMTP user enumeration via mail.zendesk.com'
25 Oct 2019
b'Zendesk'
disclosed a bug submitted by
b'nathand'
b'"Test target" of the "HTTP target" extension can unintentionally send username and password in the Authorization header'
25 Oct 2019
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b'Reporter, external users, collaborators can mark sent swag awarded to reporter as unsent'
25 Oct 2019
b'Mail.ru'
disclosed a bug submitted by
b'harisec'
b'Reflected XSS in https://light.mail.ru/login via page'
25 Oct 2019
b'SEMrush'
disclosed a bug submitted by
b'batuhanu'
b'Open redirect in semrush.com'
25 Oct 2019
b'Moneybird'
disclosed a bug submitted by
b'rioncool22'
b'Enable 2FA without verifying the email'
25 Oct 2019
b'Ruby'
disclosed a bug submitted by
b'znz'
b'HTTP header can split /[\\r\\n]/ instead of /\\r\\n/'
25 Oct 2019
b'Perl (IBB)'
disclosed a bug submitted by
b'tmnt53'
b'Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) could lead to memory leak'
24 Oct 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'bl4de'
b'Command Injection due to lack of sanitisation of tar.gz filename passed as an argument to pm2.install() function'
24 Oct 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'bl4de'
b'Command Injection in npm module name passed as an argument to pm2.install() function'
24 Oct 2019
b'Dovecot'
disclosed a bug submitted by
b'nick_roessler'
b'Memory corruption in imap-parser.c'
24 Oct 2019
b'PayPal'
disclosed a bug submitted by
b'albinowax'
b'DoS on PayPal via web cache poisoning'
23 Oct 2019
b'Mail.ru'
disclosed a bug submitted by
b'elmahdi'
b'[ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File'
23 Oct 2019
b'HackerOne'
disclosed a bug submitted by
b'unknown_person'
b'Private program disclosure via `vpn_suspended` GraphQL query'
21 Oct 2019
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b'Any user with access to program can resume and suspend HackerOne Gateway'
21 Oct 2019
b'Automattic'
disclosed a bug submitted by
b'poutine_hero'
b'Stored XSS vulnerability in comments on *.wordpress.com'
21 Oct 2019
b'Automattic'
disclosed a bug submitted by
b'mygf'
b'Stored Self XSS on https://app.crowdsignal.com (in Photo Insert App) + Stored XSS on https://*your-subdomain*.survey.fm'
21 Oct 2019
b'PHP (IBB)'
disclosed a bug submitted by
b'md4'
b'Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c'
21 Oct 2019
1
...
362
363
364
365
366
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM