REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Inflection'
disclosed a bug submitted by
b'exception'
b'Session ID is accessible via XSS'
30 Sep 2018
b'PullString'
disclosed a bug submitted by
b'exception'
b'Open redirect at staging.pullstring.com'
30 Sep 2018
b'Shopify'
disclosed a bug submitted by
b'tony_tsep'
b'Stored XSS on buy button'
29 Sep 2018
b'Brave Software'
disclosed a bug submitted by
b'metnew'
b'Local files reading using `link[rel="import"]`'
29 Sep 2018
b'Brave Software'
disclosed a bug submitted by
b'metnew'
b'Local files reading from the "file://" origin through `brave://`'
29 Sep 2018
b'Monero'
disclosed a bug submitted by
b'ahook'
b'Malicious get_random_rct_outs.bin rpc can cause a near-infinite loop'
28 Sep 2018
b'Monero'
disclosed a bug submitted by
b'talko'
b'Stack Overflow in JSON RPC Server'
28 Sep 2018
b'Upserve '
disclosed a bug submitted by
b'naasha'
b'Reflected xss on theacademy.upserve.com'
28 Sep 2018
b'ExpressionEngine'
disclosed a bug submitted by
b'unbaiat'
b'License verification mechanism can be bypassed'
28 Sep 2018
b'ExpressionEngine'
disclosed a bug submitted by
b'unbaiat'
b'Persistent XSS via malicious license file'
28 Sep 2018
b'Weblate'
disclosed a bug submitted by
b'crazy_wonk'
b'2nd issue>>> flood of email no rate limit on delete account confirmation email >> '
28 Sep 2018
b'Weblate'
disclosed a bug submitted by
b'crazy_wonk'
b'flood of comment no rate limit on commnets >> by using different user agent '
28 Sep 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'asgerf'
b'Prototype pollution attack (merge.recursive)'
28 Sep 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'asgerf'
b'Prototype pollution attack (defaults-deep / constructor.prototype)'
28 Sep 2018
b'WordPress'
disclosed a bug submitted by
b'm7mdharoun'
b'Reflected Swf XSS In ( plugins.svn.wordpress.org )'
27 Sep 2018
b'Redtube'
disclosed a bug submitted by
b'haythamnaamane'
b'CSRF Full Account Takeover - https://redtube.com/settings'
27 Sep 2018
b'Rocket.Chat'
disclosed a bug submitted by
b'24nitin'
b'XSS (stored) Wizard is saving executable code'
27 Sep 2018
b'Chaturbate'
disclosed a bug submitted by
b'encrypt'
b'CSRF in "send them an email and browser notification" feature'
27 Sep 2018
b'Chaturbate'
disclosed a bug submitted by
b'encrypt'
b'Bypass subdomain limits using race condition'
27 Sep 2018
b'Chaturbate'
disclosed a bug submitted by
b'encrypt'
b"Stats Token doesn't expire after deactivating account"
27 Sep 2018
1
...
389
390
391
392
393
...
692
BY DENIS WERNER - @NOBBD -
IMPRESSUM