the unofficial HackerOne disclosure timeline.

X
b'Grammarly' disclosed a bug submitted by b'metnew' 
b'"More on Wikipedia" link disclose "Referrer" and leak `window.opener` reference for arbitrary websites'
30 Apr 2019 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'ronperris' 
b'[finalhandler] Insecure Default Configuration'
29 Apr 2019 timeline
b'Twitter' disclosed a bug submitted by b'rahulkankrale' 
b'Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect '
29 Apr 2019 timeline
b'Ubiquiti Networks' disclosed a bug submitted by b'ajxchapman' 
b'UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise'
28 Apr 2019 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'lxndr' 
b'A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module for decoding '
28 Apr 2019 timeline
b'Udemy' disclosed a bug submitted by b'toannc123' 
b'[affiliates.udemy.com] Wordpress user admin information discloure'
28 Apr 2019 timeline
b'Slack' disclosed a bug submitted by b'zemnmez' 
b'XSS in gist integration'
28 Apr 2019 timeline
b'VK.com' disclosed a bug submitted by b'page1337' 
b'???????? ?????? ? ???????? ??????????, ??????? ????????? ? ????????? ???????'
26 Apr 2019 timeline
b'Udemy' disclosed a bug submitted by b'salmon' 
b'S3 bucket unnecessarily discloses permissions'
26 Apr 2019 timeline
b'Discourse' disclosed a bug submitted by b'karimpwnz' 
b"Employee's GitHub Token Found In Travis CI Build Logs"
25 Apr 2019 timeline
b'Khan Academy' disclosed a bug submitted by b'tom2468101214' 
b'Users can make accounts with a fake email address.'
25 Apr 2019 timeline
b'Twitter' disclosed a bug submitted by b'filedescriptor' 
b'[Urgent] Invalidating OAuth2 Bearer token makes TweetDeck unavailable'
25 Apr 2019 timeline
b'HackerOne' disclosed a bug submitted by b'jobert' 
b"Moving a report to a different program doesn't reassign the Custom Field Values"
25 Apr 2019 timeline
b'Alliance of American Football ' disclosed a bug submitted by b'gujjuboy10x00' 
b'attacker can book unlimited tickets in free at https://aaf.com/checkout/order-received/21237/?key=wc_order_5bbef48fa35b2'
25 Apr 2019 timeline
b'Shopify' disclosed a bug submitted by b'filedescriptor' 
b'H1514 Session Fixation on multiple shopify-built apps on *.shopifycloud.com and *.shopifyapps.com'
25 Apr 2019 timeline
b'Shopify' disclosed a bug submitted by b'fisher' 
b'H1514 Lack of access control on edit packing slip template'
24 Apr 2019 timeline
b'Shopify' disclosed a bug submitted by b'anshuman_bh' 
b'H1514 Ability to Edit Packaging Slip Templates and View Product & Shipping Information by a low privileged staff in a Sandbox Store'
24 Apr 2019 timeline
b'HackerOne' disclosed a bug submitted by b'haxta4ok00' 
b'Discrepancy in hacker profile report count may reveal existence of a private program by publishing a report'
24 Apr 2019 timeline
b'Lob' disclosed a bug submitted by b'ajxchapman' 
b'Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE'
23 Apr 2019 timeline
b'Zendesk' disclosed a bug submitted by b'rubyroobs' 
b'Leaked artifactory_api_key via GitHub.'
23 Apr 2019 timeline
1 ... 433 434 435 436 437 ... 769
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM