the unofficial HackerOne disclosure timeline.

X
b'SEMrush' disclosed a bug submitted by b'jimgogogo' 
b"Stored XSS in '' Section and WAF Bypass"
07 Dec 2018 timeline
b'SEMrush' disclosed a bug submitted by b'ankit_singh' 
b'Open Redirect'
07 Dec 2018 timeline
b'Twitter' disclosed a bug submitted by b'csanuragjain' 
b'Global defaming of any twitter user'
06 Dec 2018 timeline
b'Shopify' disclosed a bug submitted by b'vijay_kumar1110' 
b'Read access to hidden orders,products,customers etc. by limited access Staff member through reference page in Comments (Information disclosure )'
06 Dec 2018 timeline
b'Avito' disclosed a bug submitted by b'lincoln9932' 
b'reflected XSS avito.ru'
06 Dec 2018 timeline
b'Discourse' disclosed a bug submitted by b'avinash_' 
b'Account takeover at https://try.discourse.org due to no CSRF protection in connecting Yahoo account'
06 Dec 2018 timeline
b'Ruby on Rails' disclosed a bug submitted by b'bjeanes' 
b'Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS'
05 Dec 2018 timeline
b'LocalTapiola' disclosed a bug submitted by b'chihuahua' 
b'Reflected XSS of bbe-child-starter Theme via "value"-GET-parameter'
05 Dec 2018 timeline
b'HackerOne' disclosed a bug submitted by b'haxta4ok00' 
b'A user can bypass approval step in Hacker Publishing feature, allowing them to publish reports immediately'
05 Dec 2018 timeline
b'GoCD' disclosed a bug submitted by b'4cad' 
b'Imperfect CSRF To Overwrite Server Config at /go/admin/restful/configuration/file/POST/xml'
05 Dec 2018 timeline
b'Zendesk' disclosed a bug submitted by b'hariharan21' 
b'Admin Macro Description Stored XSS'
05 Dec 2018 timeline
b'HackerOne' disclosed a bug submitted by b'npbhatter17' 
b'Notifications sent due to "Transfer report" functionality may be sent to users who are no longer authorized to see the report'
04 Dec 2018 timeline
b'GitLab' disclosed a bug submitted by b'8ayac' 
b'Stored XSS in merge request pages'
03 Dec 2018 timeline
b'GitLab' disclosed a bug submitted by b'8ayac' 
b'Unauthorized users may be able to view almost all informations related to Private projects.'
03 Dec 2018 timeline
b'Zomato' disclosed a bug submitted by b'sandeep_hodkasia' 
b'[www.zomato.com] Blind XSS in one of the Admin Dashboard'
03 Dec 2018 timeline
b'Liberapay' disclosed a bug submitted by b'emitrani' 
b'Github Oauth is tied to username at /edit/elsewhere instead of email'
02 Dec 2018 timeline
b'HackerOne' disclosed a bug submitted by b'japz' 
b'Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session'
30 Nov 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'asgerf' 
b'Prototype pollution attack in node.extend'
30 Nov 2018 timeline
b'GoCD' disclosed a bug submitted by b'kiraak-boy' 
b'Possible SSRF at URL Parameter while creating a new package repository'
30 Nov 2018 timeline
b'GoCD' disclosed a bug submitted by b'kiraak-boy' 
b'Cross Site Scripting'
30 Nov 2018 timeline
1 ... 450 451 452 453 454 ... 766
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM