the unofficial HackerOne disclosure timeline.

X
b'Node.js third-party modules' disclosed a bug submitted by b'skyn3t' 
b'[buttle] Unsafe rendering of Markdown files'
06 Jan 2019 timeline
b'Liberapay' disclosed a bug submitted by b'gouveaheitor' 
b'User Enumeration '
05 Jan 2019 timeline
b'HackerOne' disclosed a bug submitted by b'mga_bobo' 
b"User login page doesn't implement any form of rate limiting"
04 Jan 2019 timeline
b'Inflection' disclosed a bug submitted by b'csanuragjain' 
b'Malicious callback url can be set while creating application in identity'
03 Jan 2019 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'shivasurya' 
b'[static-resource-server] Path Traversal allows to read content of arbitrary file on the server'
03 Jan 2019 timeline
b'Smule' disclosed a bug submitted by b'fr_0_ank' 
b'Disclosure of information about the system, configuration files.'
03 Jan 2019 timeline
b'HackerOne' disclosed a bug submitted by b'haxta4ok00' 
b'Submitting report through Embedded Submission form gives user indefinite access to a profile'
03 Jan 2019 timeline
b'Khan Academy' disclosed a bug submitted by b'sameerphad72' 
b'Creating Unlimited Fake Accounts.'
02 Jan 2019 timeline
b'HackerOne' disclosed a bug submitted by b'thefrog' 
b'@wearehackerone.com is vulnerable to namespace attacks due to hackerone.com not being RFC2142 compliant.'
02 Jan 2019 timeline
b'RATELIMITED' disclosed a bug submitted by b'z0mb13' 
b'Local File Download'
01 Jan 2019 timeline
b'VK.com' disclosed a bug submitted by b'shell_c0de' 
b'???????? ????? WebView'
31 Dec 2018 timeline
b'RubyGems' disclosed a bug submitted by b'nmalkin' 
b'Unpacker improperly validates symlinks, allowing gems writes to arbitrary locations'
31 Dec 2018 timeline
b'RATELIMITED' disclosed a bug submitted by b'wolfdroid' 
b'Exposure of tinyMCE js source code with plugin version disclosure which can leads to exploit further attacks.'
29 Dec 2018 timeline
b'Infogram' disclosed a bug submitted by b'marataziat' 
b'User account blocking by Internal Server error'
28 Dec 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'3la2kb' 
b'[http-live-simulator] Path traversal vulnerability'
28 Dec 2018 timeline
b'Python Cryptographic Authority' disclosed a bug submitted by b'sniper302' 
b'Reflected Xss bypass Content-Type: text/plain '
28 Dec 2018 timeline
b'Ruby on Rails' disclosed a bug submitted by b'rosa' 
b"ActiveStorage service's signed URLs can be hijacked via AppCache+Cookie stuffing trick when using GCS or DiskService"
27 Dec 2018 timeline
b'Mail.ru' disclosed a bug submitted by b'm00hdi' 
b'Open Redirect In passport.maps.me/logout/?next=//fb.com/'
27 Dec 2018 timeline
b'HackerOne' disclosed a bug submitted by b'b258ea62bf297b02afa9854' 
b'Information disclosure'
27 Dec 2018 timeline
b'HackerOne' disclosed a bug submitted by b'b258ea62bf297b02afa9854' 
b'Timing attack towards endpoints on the web without CSRF '
27 Dec 2018 timeline
1 ... 446 447 448 449 450 ... 766
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM