the unofficial HackerOne disclosure timeline.

X
b'Mail.Ru' disclosed a bug submitted by b'aietix' 
b'Attacker can send requests from mail.ru server'
16 Jul 2018 timeline
b'ICQ' disclosed a bug submitted by b's3r3n3storm' 
b'XSS at https://icq.com/people'
16 Jul 2018 timeline
b'Mail.Ru' disclosed a bug submitted by b'c37hun' 
b'CSRF ?? biz.mail.ru'
16 Jul 2018 timeline
b'Ubiquiti Networks' disclosed a bug submitted by b'amans' 
b'Two Factor Authentication Bypass'
16 Jul 2018 timeline
b'Mail.Ru' disclosed a bug submitted by b'webr0ck' 
b'????? ???????? ?????????? Nginx ? ???? ????????'
16 Jul 2018 timeline
b'Node.js' disclosed a bug submitted by b'joy271' 
b'Your page has 2 blocking CSS resources. This causes a delay in rendering your page.'
15 Jul 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'bl4de' 
b'[statics-server] XSS via injected iframe in file name when statics-server displays directory index in the browser'
14 Jul 2018 timeline
b'Slack' disclosed a bug submitted by b'albatraoz' 
b'Internal SSRF bypass using slash commands at api.slack.com'
12 Jul 2018 timeline
b'Passit' disclosed a bug submitted by b'retcyb' 
b'Old sessions does not expire On changing password via https://app.passit.io/account/change-password '
12 Jul 2018 timeline
b'Nextcloud' disclosed a bug submitted by b'samix' 
b'Accessing to download.nextcloud.com from original ip adreess | insecure Download'
12 Jul 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'bl4de' 
b'[m-server] HTML Injection in filenames displayed as directory listing in the browser allows to embed iframe with malicious JavaScript code'
12 Jul 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'bl4de' 
b'[m-server] Path Traversal allows to display content of arbitrary file(s) from the server'
12 Jul 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'patrickrbc' 
b'Privilege escalation allows any user to add an administrator'
12 Jul 2018 timeline
b'Shopify' disclosed a bug submitted by b'bored-engineer' 
b'[out-of-scope] toxiproxy: Lack of CSRF protection allows an attacker to gain access to internal Shopify network'
11 Jul 2018 timeline
b'OLX' disclosed a bug submitted by b'konduru-jashwanth' 
b'Cross Site Scripting -> Reflected XSS'
11 Jul 2018 timeline
b'Brave Software' disclosed a bug submitted by b'skanthak' 
b'Arbitrary local code execution via DLL hijacking from executable installer'
09 Jul 2018 timeline
b'Brave Software' disclosed a bug submitted by b'skanthak' 
b'Download of (later executed) .NET installer over insecure channel'
09 Jul 2018 timeline
b'Brave Software' disclosed a bug submitted by b'testingforbugs' 
b'Directory Listing on https://promo-services-staging.brave.com'
09 Jul 2018 timeline
b'Discourse' disclosed a bug submitted by b'luigigubello' 
b'Stored XSS in "post last edited" option'
09 Jul 2018 timeline
b'Y Combinator' disclosed a bug submitted by b'nthack' 
b'Stored Cross Site Scripting'
09 Jul 2018 timeline
1 ... 478 479 480 481 482 ... 766
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM