REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Mail.Ru'
disclosed a bug submitted by
b'bobrov'
b'[mobs.mail.ru] nginx path traversal via misconfigured alias'
22 May 2018
b'LocalTapiola'
disclosed a bug submitted by
b'victorrocha'
b'Disclosure of Users Information via Wordpress API (?rest_route)'
22 May 2018
b'Phabricator'
disclosed a bug submitted by
b'ivh'
b'Administrator can create user without entering high security mode'
22 May 2018
b'ExpressionEngine'
disclosed a bug submitted by
b'lawrenceamer'
b'XML Member Proccessing - Local File inclusion Vulnerability '
21 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'brainpanic'
b'[hekto] open redirect when target domain name is used as html filename on server'
20 May 2018
b'The Internet'
disclosed a bug submitted by
b'fransrosen'
b'ACME TLS-SNI-01/02 challenge vulnerable when combined with shared hosting providers'
19 May 2018
b'Perl (IBB)'
disclosed a bug submitted by
b'geeknik'
b'CVE-2018-6797: A crafted regular expression can cause a heap buffer write overflow in Perl 5 giving a remote attacker control over bytes written'
19 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'bl4de'
b'[html-pages] Path Traversal in html-pages module allows to read any file from the server with curl'
19 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'bl4de'
b'[query-mysql] SQL Injection due to lack of user input sanitization allows to run arbitrary SQL queries when fetching data from database'
19 May 2018
b'Coursera'
disclosed a bug submitted by
b'nohack'
b'No Password Verification on Changing Email Address Cause Account takeover '
19 May 2018
b'QIWI'
disclosed a bug submitted by
b'bigbear_'
b'[wallet.rapida.ru] Mass SMS flood'
18 May 2018
b'Twitter'
disclosed a bug submitted by
b'filedescriptor'
b'Highly wormable clickjacking in player card'
17 May 2018
b'ExpressionEngine'
disclosed a bug submitted by
b'lawrenceamer'
b'Import File Converter - local File inclusion '
17 May 2018
b'Starbucks'
disclosed a bug submitted by
b'samidrif'
b'Leaking sensitive files on Github leads to internal files (python scripts,SQL files)'
17 May 2018
b'Nextcloud'
disclosed a bug submitted by
b'cybertiger'
b'Banner Grabbing - Apache Server Version Disclousure'
17 May 2018
b'Nextcloud'
disclosed a bug submitted by
b'kistimat'
b'Banner Grabbing - Apache Server Version Disclosure'
17 May 2018
b'Nextcloud'
disclosed a bug submitted by
b'mobius07'
b'Information Exposure Through Directory Listing'
17 May 2018
b'Reverb.com'
disclosed a bug submitted by
b'albatraoz'
b"Api token exposed in Reverb.com's public github repository"
16 May 2018
b'Mail.Ru'
disclosed a bug submitted by
b's_p_q_r'
b'[e.mail.ru] XSS ?? ???????? ???????? ????????? ????????'
16 May 2018
b'Data Processing (IBB)'
disclosed a bug submitted by
b'geeknik'
b"Out of bounds read in libcurl's IMAP FETCH response parser"
16 May 2018
1
...
459
460
461
462
463
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM
