the unofficial HackerOne disclosure timeline.

X
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[NR Infrastructure] Bypass of #200576 through GraphQL query abuse - allows restricted user access to root account license key'
02 May 2018 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Manipulation of submit payment request allows me to obtain Infrastructure Pro/Other Services for free or at greatly reduced price'
02 May 2018 timeline
b'New Relic' disclosed a bug submitted by b'kunal_bahl' 
b'Newrelic s3 bucket is writeable and deleteable by authorized AWS users'
02 May 2018 timeline
b'New Relic' disclosed a bug submitted by b'ho_nc' 
b'Broken Authentication and session management OWASP A2'
02 May 2018 timeline
b'New Relic' disclosed a bug submitted by b'japz' 
b'Hyperlink Injection on adding active users'
02 May 2018 timeline
b'New Relic' disclosed a bug submitted by b'mr_sharma_' 
b'XSS (Reflected)'
02 May 2018 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'NR Internal_API call allows me to read the events/violations/policies/messages of ANY New Relic account (AND pull data from infrastructure)'
02 May 2018 timeline
b'Greenhouse.io' disclosed a bug submitted by b'irvinlim' 
b'DoS through cache poisoning using invalid HTTP parameters'
02 May 2018 timeline
b'Shopify' disclosed a bug submitted by b'richardf' 
b'Potential to abuse pricing errors in saved carts'
02 May 2018 timeline
b'Vend' disclosed a bug submitted by b'al88nsk' 
b'Improper access control on adding a Register to an Outlet'
02 May 2018 timeline
b'Shopify' disclosed a bug submitted by b'rijalrojan' 
b'Replace other user files in Inbox messages '
01 May 2018 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Bypass of my three other reports #267636 + #255894 + #271861 - (IDOR) Ability to see full name associated with other New Relic accounts'
01 May 2018 timeline
b'Rockstar Games' disclosed a bug submitted by b'europa' 
b'Client-side Template Injection in Search, user email/token leak and maybe sandbox escape'
01 May 2018 timeline
b'Ruby' disclosed a bug submitted by b'mrtc0' 
b"Invalid URL parsing '#'"
01 May 2018 timeline
b'Dropbox' disclosed a bug submitted by b'oaidjoaisdjoaisjdioasfsdhfuios' 
b'User Impersonation - Create Support Ticket With Any Registered Account Email'
01 May 2018 timeline
b'GitLab' disclosed a bug submitted by b'wuqidashi' 
b'SSRF vulnerability in gitlab.com webhook'
30 Apr 2018 timeline
b'Informatica' disclosed a bug submitted by b'strukt' 
b'XXE at Informatica sub-domain'
30 Apr 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'`superstatic` is vulnerable to path traversal on Windows'
29 Apr 2018 timeline
b'Ruby' disclosed a bug submitted by b'tenderlove' 
b'Response splitting vulnerability in WEBrick'
29 Apr 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'`foreman` is vulnerable to ReDoS in path'
28 Apr 2018 timeline
1 ... 491 492 493 494 495 ... 766
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM