REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Uber'
disclosed a bug submitted by
b'reptou'
b'XSS in ubermovement.com via editable Google Sheets'
19 Dec 2018
b'Uber'
disclosed a bug submitted by
b'hussain_0x3c'
b'Reflected XSS in lert.uber.com'
19 Dec 2018
b'Uber'
disclosed a bug submitted by
b'hanuman1'
b'SMS URL verification link does not expire on phone number change and lacks rate limiting'
19 Dec 2018
b'Uber'
disclosed a bug submitted by
b'vijay_kumar1110'
b'Site-wide CSRF on eats.uber.com'
19 Dec 2018
b'Uber'
disclosed a bug submitted by
b'filedescryptor'
b'lert.uber.com: Few default folders/files of AURA Framework are accessible'
19 Dec 2018
b'Keybase'
disclosed a bug submitted by
b'mirchr'
b'Linux privilege escalation via trusted $PATH in keybase-redirector '
18 Dec 2018
b'Keybase'
disclosed a bug submitted by
b'xpn'
b'Privilege Escalation via Keybase Helper'
18 Dec 2018
b'Nextcloud'
disclosed a bug submitted by
b'ezkbd'
b'Ubuntu 12.04 Privilege Escalation'
18 Dec 2018
b'OLX'
disclosed a bug submitted by
b'lukeberner'
b"Able to list user's public name, username, phone number, address, facebook ID..."
17 Dec 2018
b'MyCrypto'
disclosed a bug submitted by
b'shantuman'
b'SPF Records (SMTP protection not used)'
17 Dec 2018
b'Brave Software'
disclosed a bug submitted by
b'mushicious'
b'Field Day With Protocol Handlers'
17 Dec 2018
b'YouPorn'
disclosed a bug submitted by
b'prakharprasad'
b'Add a video to favourite list of any user [via YouPorn API / FrontEnd]'
17 Dec 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'dienpv'
b'Prototype pollution attack (lutils-merge)'
17 Dec 2018
b'OLX'
disclosed a bug submitted by
b'pajoda'
b'Search Page Reflected XSS on sharjah.dubizzle.com through unencoded output of GET parameter in JavaScript'
16 Dec 2018
b'RATELIMITED'
disclosed a bug submitted by
b'whoami021'
b'Apache Version Disclosure Through Directory Indexing'
15 Dec 2018
b'RATELIMITED'
disclosed a bug submitted by
b'dhamu_harker'
b'Information Disclosure on https://theendlessweb.com/'
15 Dec 2018
b'Twitter'
disclosed a bug submitted by
b'edent'
b'Incorrect details on OAuth permissions screen allows DMs to be read without permission'
14 Dec 2018
b'Imgur'
disclosed a bug submitted by
b'sbakhour'
b'Ability to login to the Nexus Repo Manager from https://nexus.imgur.com/ '
13 Dec 2018
b'Augur'
disclosed a bug submitted by
b'michaelx'
b'Indisputable Reporting via Arbitrarily Large Initial Reports'
13 Dec 2018
b'Brave Software'
disclosed a bug submitted by
b'tvgfvghjbhunj'
b'Brave allows flash to follow 307 redirects to other origins with arbitrary content-types'
12 Dec 2018
1
...
374
375
376
377
378
...
692
BY DENIS WERNER - @NOBBD -
IMPRESSUM