REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Nextcloud'
disclosed a bug submitted by
b'c0rv4x'
b'Github wikis are editable by anyone '
07 Dec 2018
b'Phabricator'
disclosed a bug submitted by
b'insufficiententropy'
b'TOTP Key is shorter than RFC 4226 recommended minimum'
07 Dec 2018
b'SEMrush'
disclosed a bug submitted by
b'jimgogogo'
b"Stored XSS in '' Section and WAF Bypass"
07 Dec 2018
b'SEMrush'
disclosed a bug submitted by
b'ankit_singh'
b'Open Redirect'
07 Dec 2018
b'Twitter'
disclosed a bug submitted by
b'csanuragjain'
b'Global defaming of any twitter user'
06 Dec 2018
b'Shopify'
disclosed a bug submitted by
b'vijay_kumar1110'
b'Read access to hidden orders,products,customers etc. by limited access Staff member through reference page in Comments (Information disclosure )'
06 Dec 2018
b'Avito'
disclosed a bug submitted by
b'lincoln9932'
b'reflected XSS avito.ru'
06 Dec 2018
b'Discourse'
disclosed a bug submitted by
b'avinash_'
b'Account takeover at https://try.discourse.org due to no CSRF protection in connecting Yahoo account'
06 Dec 2018
b'Ruby on Rails'
disclosed a bug submitted by
b'bjeanes'
b'Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS'
05 Dec 2018
b'LocalTapiola'
disclosed a bug submitted by
b'chihuahua'
b'Reflected XSS of bbe-child-starter Theme via "value"-GET-parameter'
05 Dec 2018
b'HackerOne'
disclosed a bug submitted by
b'haxta4ok00'
b'A user can bypass approval step in Hacker Publishing feature, allowing them to publish reports immediately'
05 Dec 2018
b'GoCD'
disclosed a bug submitted by
b'4cad'
b'Imperfect CSRF To Overwrite Server Config at /go/admin/restful/configuration/file/POST/xml'
05 Dec 2018
b'Zendesk'
disclosed a bug submitted by
b'hariharan21'
b'Admin Macro Description Stored XSS'
05 Dec 2018
b'HackerOne'
disclosed a bug submitted by
b'npbhatter17'
b'Notifications sent due to "Transfer report" functionality may be sent to users who are no longer authorized to see the report'
04 Dec 2018
b'GitLab'
disclosed a bug submitted by
b'8ayac'
b'Stored XSS in merge request pages'
03 Dec 2018
b'GitLab'
disclosed a bug submitted by
b'8ayac'
b'Unauthorized users may be able to view almost all informations related to Private projects.'
03 Dec 2018
b'Zomato'
disclosed a bug submitted by
b'sandeep_hodkasia'
b'[www.zomato.com] Blind XSS in one of the Admin Dashboard'
03 Dec 2018
b'Liberapay'
disclosed a bug submitted by
b'emitrani'
b'Github Oauth is tied to username at /edit/elsewhere instead of email'
02 Dec 2018
b'HackerOne'
disclosed a bug submitted by
b'japz'
b'Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session'
30 Nov 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'asgerf'
b'Prototype pollution attack in node.extend'
30 Nov 2018
1
...
376
377
378
379
380
...
692
BY DENIS WERNER - @NOBBD -
IMPRESSUM