REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Imgur'
disclosed a bug submitted by
b'giddsec'
b'Stored XSS on imgur profile'
02 Mar 2019
b'Twitter'
disclosed a bug submitted by
b'mik317'
b'CSRF on https://www.niche.co leads to "account disconnection"'
02 Mar 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'skyn3t'
b'[glance] Access unlisted internal files/folders revealing sensitive information'
28 Feb 2019
b'Twitter'
disclosed a bug submitted by
b'healdb'
b'Takeover of Twitter-owned domain at mobileapplinking.com'
28 Feb 2019
b'Twitter'
disclosed a bug submitted by
b'mik317'
b'CSRF and probable account takeover on https://www.niche.co'
28 Feb 2019
b'Mavenlink'
disclosed a bug submitted by
b'tolo7010'
b'User uploaded portfolio files can be accessed by any user even after deleted'
27 Feb 2019
b'Mavenlink'
disclosed a bug submitted by
b'tolo7010'
b'CSRF Add user templates'
27 Feb 2019
b'Instacart'
disclosed a bug submitted by
b'tolo7010'
b'CSRF Trial 14 days express subscription'
27 Feb 2019
b'Mail.ru'
disclosed a bug submitted by
b'bagipro'
b'[Mail.Ru Android] Typo in permission name allows to write contacts without user knowledge'
26 Feb 2019
b'Postmates'
disclosed a bug submitted by
b'davidalbert'
b'Web cache poisoning attack leads to user information and more'
26 Feb 2019
b'DuckDuckGo'
disclosed a bug submitted by
b'mik317'
b'Partial bypass of #483774 with Blind XXE on https://duckduckgo.com'
25 Feb 2019
b'InnoGames'
disclosed a bug submitted by
b'wwshack'
b'Information disclosure via ".htaccess" at https://login.innogames.de'
25 Feb 2019
b'VK.com'
disclosed a bug submitted by
b'page1337'
b'Page replacement and redirect loop'
24 Feb 2019
b'Gatecoin'
disclosed a bug submitted by
b'p4fg'
b'API request signature can be reused with other parameters/data than the original in certain cases'
23 Feb 2019
b'Slack'
disclosed a bug submitted by
b'kiyell'
b'AWS bucket leading to iOS test build code and configuration exposure'
23 Feb 2019
b'Slack'
disclosed a bug submitted by
b'elber'
b'Bypass of the SSRF protection in Event Subscriptions parameter.'
22 Feb 2019
b'Slack'
disclosed a bug submitted by
b'elber'
b'SSRF in api.slack.com, using slash commands and bypassing the protections.'
22 Feb 2019
b'Liberapay'
disclosed a bug submitted by
b'doug18'
b'Session Cookie without HttpOnly and secure flag set'
21 Feb 2019
b'Monero'
disclosed a bug submitted by
b'sobhraj_charles'
b'DoS for remote nodes using Slow Loris attack'
21 Feb 2019
b'MariaDB'
disclosed a bug submitted by
b'sergeybelove'
b'CRLF injection at https://mariadb.org/.'
21 Feb 2019
1
...
366
367
368
369
370
...
692
BY DENIS WERNER - @NOBBD -
IMPRESSUM