REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Grammarly'
disclosed a bug submitted by
b'metnew'
b'"More on Wikipedia" link disclose "Referrer" and leak `window.opener` reference for arbitrary websites'
30 Apr 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'ronperris'
b'[finalhandler] Insecure Default Configuration'
29 Apr 2019
b'Twitter'
disclosed a bug submitted by
b'rahulkankrale'
b'Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect '
29 Apr 2019
b'Ubiquiti Networks'
disclosed a bug submitted by
b'ajxchapman'
b'UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise'
28 Apr 2019
b'Node.js third-party modules'
disclosed a bug submitted by
b'lxndr'
b'A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module for decoding '
28 Apr 2019
b'Udemy'
disclosed a bug submitted by
b'toannc123'
b'[affiliates.udemy.com] Wordpress user admin information discloure'
28 Apr 2019
b'Slack'
disclosed a bug submitted by
b'zemnmez'
b'XSS in gist integration'
28 Apr 2019
b'VK.com'
disclosed a bug submitted by
b'page1337'
b'???????? ?????? ? ???????? ??????????, ??????? ????????? ? ????????? ???????'
26 Apr 2019
b'Udemy'
disclosed a bug submitted by
b'salmon'
b'S3 bucket unnecessarily discloses permissions'
26 Apr 2019
b'Discourse'
disclosed a bug submitted by
b'karimpwnz'
b"Employee's GitHub Token Found In Travis CI Build Logs"
25 Apr 2019
b'Khan Academy'
disclosed a bug submitted by
b'tom2468101214'
b'Users can make accounts with a fake email address.'
25 Apr 2019
b'Twitter'
disclosed a bug submitted by
b'filedescriptor'
b'[Urgent] Invalidating OAuth2 Bearer token makes TweetDeck unavailable'
25 Apr 2019
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b"Moving a report to a different program doesn't reassign the Custom Field Values"
25 Apr 2019
b'Alliance of American Football '
disclosed a bug submitted by
b'gujjuboy10x00'
b'attacker can book unlimited tickets in free at https://aaf.com/checkout/order-received/21237/?key=wc_order_5bbef48fa35b2'
25 Apr 2019
b'Shopify'
disclosed a bug submitted by
b'filedescriptor'
b'H1514 Session Fixation on multiple shopify-built apps on *.shopifycloud.com and *.shopifyapps.com'
25 Apr 2019
b'Shopify'
disclosed a bug submitted by
b'fisher'
b'H1514 Lack of access control on edit packing slip template'
24 Apr 2019
b'Shopify'
disclosed a bug submitted by
b'anshuman_bh'
b'H1514 Ability to Edit Packaging Slip Templates and View Product & Shipping Information by a low privileged staff in a Sandbox Store'
24 Apr 2019
b'HackerOne'
disclosed a bug submitted by
b'haxta4ok00'
b'Discrepancy in hacker profile report count may reveal existence of a private program by publishing a report'
24 Apr 2019
b'Lob'
disclosed a bug submitted by
b'ajxchapman'
b'Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE'
23 Apr 2019
b'Zendesk'
disclosed a bug submitted by
b'rubyroobs'
b'Leaked artifactory_api_key via GitHub.'
23 Apr 2019
1
...
402
403
404
405
406
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM
