the unofficial HackerOne disclosure timeline.

X
b'GitLab' disclosed a bug submitted by b'uzsunny9' 
b'Project Milestones Disclosed Via Groups When the Victim disabled milestones access in project settings'
13 Dec 2019 timeline
b'LocalTapiola' disclosed a bug submitted by b'muon4' 
b'CORS misconfiguration allows to steal client\'s "password", Authorization token and the customer details e.g. names, SSN, bank account etc.'
13 Dec 2019 timeline
b'Starbucks' disclosed a bug submitted by b'l00ph0le' 
b'Store Development Resource Center was vulnerable to a Remote Code Execution - Unauthenticated Remote Command Injection (CVE-2019-0604)'
12 Dec 2019 timeline
b'Starbucks' disclosed a bug submitted by b'gnux' 
b"Reflected XSS on card.starbucks.com.sg/unsubRevert.php via the 'ct' Parameter"
12 Dec 2019 timeline
b'Starbucks' disclosed a bug submitted by b'gnux' 
b"Reflected XSS on card.starbucks.com.sg/unsub.php via the 'ct' Parameter"
12 Dec 2019 timeline
b'Starbucks' disclosed a bug submitted by b'nukedx' 
b'Bulgaria - Subdomain takeover of mail.starbucks.bg'
12 Dec 2019 timeline
b'Starbucks' disclosed a bug submitted by b'mr_intrusionist' 
b'India - An Insecure Direct Object Reference (IDOR) allowed unauthorized access to view card index number and monetary balance'
12 Dec 2019 timeline
b'GitLab' disclosed a bug submitted by b'ajxchapman' 
b'GitLab::UrlBlocker validation bypass leading to full Server Side Request Forgery'
12 Dec 2019 timeline
b'Nextcloud' disclosed a bug submitted by b'foobar7' 
b'Persistent XSS on favorite via filename'
12 Dec 2019 timeline
b'Nextcloud' disclosed a bug submitted by b'foobar7' 
b'Server-Side request forgery in New-Subscription feature of the calendar app'
12 Dec 2019 timeline
b'Avito' disclosed a bug submitted by b'hussain_0x3c' 
b'CSS injection in avito.ru via IE11 '
12 Dec 2019 timeline
b'OLX' disclosed a bug submitted by b'kishoretrommer' 
b'Bypass Rejected ads so user can view it as normal live ad.'
11 Dec 2019 timeline
b'Shopify' disclosed a bug submitted by b'vulnh0lic' 
b'Shopify Stocky App OAuth Misconfiguration'
11 Dec 2019 timeline
b'GitLab' disclosed a bug submitted by b'ajxchapman' 
b'Importing GitLab project archives can replace uploads of other users'
11 Dec 2019 timeline
b'VK.com' disclosed a bug submitted by b'qwe' 
b'????-?????????? ? ????????? ??????'
10 Dec 2019 timeline
b'WordPress' disclosed a bug submitted by b'md15ev' 
b'Stored XSS on Wordpress 5.3 via Title Post'
10 Dec 2019 timeline
b'Shopify' disclosed a bug submitted by b'chj2934' 
b'XSS on product comments in transfers'
09 Dec 2019 timeline
b'PUBG' disclosed a bug submitted by b'sr007' 
b'I found Reflected XSS(Cross site scripting) on your subdomain lite.pubg.com'
09 Dec 2019 timeline
b'PUBG' disclosed a bug submitted by b'0xfabiof' 
b'Reflected XSS in pubg.com'
09 Dec 2019 timeline
b'OWOX, Inc.' disclosed a bug submitted by b'obito_ms' 
b'The URL in "Choose a data source\'\' at "https://bi.owox.com/ui/settings/connected-services/setup/" is not filtered => reflected XSS.'
09 Dec 2019 timeline
1 ... 370 371 372 373 374 ... 765
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM