REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'The Internet'
disclosed a bug submitted by
b'skyn3t'
b'[bower] Arbitrary File Write through improper validation of symlinks while package extraction'
10 Sep 2019
b'Kaspersky'
disclosed a bug submitted by
b'alesandroortiz'
b'Stored credentials instantly autofilled within sandboxed iframes'
10 Sep 2019
b'Nextcloud'
disclosed a bug submitted by
b'laxe'
b'Veracode and security audit record are publicly available'
10 Sep 2019
b'Mail.ru'
disclosed a bug submitted by
b'chajer'
b'Delete images of users with clickjacking in https://pw.mail.ru'
09 Sep 2019
b'Maker Ecosystem Growth Holding'
disclosed a bug submitted by
b'lucash-dev'
b'Steal collateral during `end` process, by earning DSR interest after `flow`.'
09 Sep 2019
b'Shopify'
disclosed a bug submitted by
b'tems'
b'Inject page in admin panel via Shopify.API.pushState'
09 Sep 2019
b'Uber'
disclosed a bug submitted by
b'appsecure_in'
b"Sensitive user information disclosure at bonjour.uber.com/marketplace/_rpc via the 'userUuid' parameter"
09 Sep 2019
b'HackerOne'
disclosed a bug submitted by
b'japz'
b'[Bypass #645264] Report title disclosure despite the program settings for email notification is set to "No Content"'
09 Sep 2019
b'Trint Ltd'
disclosed a bug submitted by
b'xh3n1'
b'Insecure Zendesk SSO implementation by generating JWT client-side'
08 Sep 2019
b'HackerOne'
disclosed a bug submitted by
b'jobert'
b'IDOR in Report CSV export discloses the IDs of Custom Field Attributes of Programs'
06 Sep 2019
b'HackerOne'
disclosed a bug submitted by
b'hisokamorou'
b'Disclosure of Program email Title Report when being removed as contributor. Bypass for Report #645264'
06 Sep 2019
b'Kaspersky'
disclosed a bug submitted by
b'palant'
b'MitM attacks on HSTS-protected hosts are possible'
05 Sep 2019
b'Nextcloud'
disclosed a bug submitted by
b'pamper'
b'Content Spoofing /Text Injection in https://docs.nextcloud.com'
05 Sep 2019
b'shopify-scripts'
disclosed a bug submitted by
b'dgaletic'
b'NULL pointer dereference in `mrb_check_frozen`'
04 Sep 2019
b'shopify-scripts'
disclosed a bug submitted by
b'dgaletic'
b'Buffer overflow in yywarning_s'
04 Sep 2019
b'shopify-scripts'
disclosed a bug submitted by
b'dgaletic'
b'Invalid read in `str_replace_partial`'
04 Sep 2019
b'shopify-scripts'
disclosed a bug submitted by
b'dgaletic'
b'Crash in mrb_ary_push'
04 Sep 2019
b'Omise'
disclosed a bug submitted by
b'sheerwood'
b'Email enumeration at SignUp page'
04 Sep 2019
b'Twitter'
disclosed a bug submitted by
b'faceless_man'
b'Html Injection and Possible XSS via MathML'
03 Sep 2019
b'Imgur'
disclosed a bug submitted by
b'madrobot'
b'Xss on community.imgur.com'
03 Sep 2019
1
...
408
409
410
411
412
...
769
BY DENIS WERNER - @NOBBD -
IMPRESSUM