REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Data Processing (IBB)'
disclosed a bug submitted by
b'geeknik'
b' CVE-2017-1000101: cURL: URL globbing out of bounds read'
16 May 2018
b'Data Processing (IBB)'
disclosed a bug submitted by
b'geeknik'
b'heap-buffer-overflow (buffer read overrun) in curl: ourWriteOut() src/tool_writeout.c:115'
16 May 2018
b'Shopify'
disclosed a bug submitted by
b'flashdisk'
b'ability to install paid themes for free'
16 May 2018
b'Reverb.com'
disclosed a bug submitted by
b'apapedulimu'
b'Bypassing CSRF Token On Reply Message & Send Message'
15 May 2018
b'Vimeo'
disclosed a bug submitted by
b'bugdiscloseguys'
b"Improper Authentication in Vimeo's API 'versions' endpoint."
15 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'ronperris'
b'The react-marked-markdown module allows XSS injection in href values.'
13 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`base64-url` below 2.0 allocates uninitialized Buffers when number is passed in input'
12 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`sql` does not properly escape parameters when building SQL queries, resulting in potential SQLi'
12 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`npmconf` (and `npm` js api) allocate and write to disk uninitialized memory content when a typed number is passed as input on Node.js 4.x'
12 May 2018
b'VK.com'
disclosed a bug submitted by
b'trainzment'
b'????????? ?????????? ? ??????? ?????? ??? ??????????'
12 May 2018
b'HackerOne'
disclosed a bug submitted by
b'haxta4ok00'
b'Team object in GraphQL disclosed total number of whitelisted hackers'
12 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`byte` allocates uninitialized buffers and reads data from them past the initialized length'
11 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`base64url` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below'
11 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`macaddress` concatenates unsanitized input into exec() command'
11 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`command-exists` concatenates unsanitized input into exec()/execSync() commands'
11 May 2018
b'Twitter'
disclosed a bug submitted by
b'lukeberner'
b'ms5 debug page exposing internal info (internal IPs, headers)'
11 May 2018
b'Mail.Ru'
disclosed a bug submitted by
b'xawdxawdx'
b'CSRF ?? calendar.mail.ru'
11 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'bl4de'
b"[buttle] Remote Command Execution via unsanitized PHP filename when it's run with --php-bin flag"
11 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'caioluders'
b'Bypass to defective fix of Path Traversal '
11 May 2018
b'Node.js third-party modules'
disclosed a bug submitted by
b'chalker'
b'`fs-path` concatenates unsanitized input into exec()/execSync() commands'
11 May 2018
1
...
460
461
462
463
464
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM
