REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'sp1d3rs'
68
b'someonenobbd'
62
b'nyymi'
55
b'jon_bottarini'
49
b'haxta4ok00'
48
b'netfuzzer'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Mail.Ru'
disclosed a bug submitted by
b's_p_q_r'
b'[e.mail.ru] XSS ?? ???????? ???????? ????????? ????????'
16 May 2018
b'Data Processing (IBB)'
disclosed a bug submitted by
b'geeknik'
b"Out of bounds read in libcurl's IMAP FETCH response parser"
16 May 2018
b'Data Processing (IBB)'
disclosed a bug submitted by
b'geeknik'
b' CVE-2017-1000101: cURL: URL globbing out of bounds read'
16 May 2018
b'Data Processing (IBB)'
disclosed a bug submitted by
b'geeknik'
b'heap-buffer-overflow (buffer read overrun) in curl: ourWriteOut() src/tool_writeout.c:115'
16 May 2018
b'Shopify'
disclosed a bug submitted by
b'flashdisk'
b'ability to install paid themes for free'
16 May 2018
b'Reverb.com'
disclosed a bug submitted by
b'apapedulimu'
b'Bypassing CSRF Token On Reply Message & Send Message'
15 May 2018
b'Vimeo'
disclosed a bug submitted by
b'bugdiscloseguys'
b"Improper Authentication in Vimeo's API 'versions' endpoint."
15 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'ronperris'
b'The react-marked-markdown module allows XSS injection in href values.'
13 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`base64-url` below 2.0 allocates uninitialized Buffers when number is passed in input'
12 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`sql` does not properly escape parameters when building SQL queries, resulting in potential SQLi'
12 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`npmconf` (and `npm` js api) allocate and write to disk uninitialized memory content when a typed number is passed as input on Node.js 4.x'
12 May 2018
b'VK.com'
disclosed a bug submitted by
b'trainzment'
b'????????? ?????????? ? ??????? ?????? ??? ??????????'
12 May 2018
b'HackerOne'
disclosed a bug submitted by
b'haxta4ok00'
b'Team object in GraphQL disclosed total number of whitelisted hackers'
12 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`byte` allocates uninitialized buffers and reads data from them past the initialized length'
11 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`base64url` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below'
11 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`macaddress` concatenates unsanitized input into exec() command'
11 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`command-exists` concatenates unsanitized input into exec()/execSync() commands'
11 May 2018
b'Twitter'
disclosed a bug submitted by
b'lukeberner'
b'ms5 debug page exposing internal info (internal IPs, headers)'
11 May 2018
b'Mail.Ru'
disclosed a bug submitted by
b'xawdxawdx'
b'CSRF ?? calendar.mail.ru'
11 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'bl4de'
b"[buttle] Remote Command Execution via unsanitized PHP filename when it's run with --php-bin flag"
11 May 2018
1
...
413
414
415
416
417
...
691
BY DENIS WERNER - @NOBBD -
IMPRESSUM