Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'58 
b'ooooooo_q'52 
b'haxta4ok00'49 
b'jon_bottarini'49 

the unofficial HackerOne disclosure timeline.

X
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b"IDOR - Deleting other user's reminders just by id"
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b"IDOR - Leaking other user's folder names from /appsuite/api/import?action=ICA"
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b"IDOR - Deleting other user's signature via /appsuite/api/snippet?action=update (although an error is thrown)"
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b"IDOR - Accessing other user's attachements via PUT /appsuite/api/files?action=saveAs"
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b'RTLO character in file names'
28 Sep 2017 timeline
b'TTS Bug Bounty' disclosed a bug submitted by b'sp1d3rs' 
b"Cross-Site Request Forgery on the Federalist API (all endpoints), using Flash file on the attacker's host"
27 Sep 2017 timeline
b'Aspen' disclosed a bug submitted by b'blackpanther_akaash' 
b'Password reset token leak on third party website via Referer header'
27 Sep 2017 timeline
b'Aspen' disclosed a bug submitted by b'nhile' 
b'Cross-origin resource sharing (CORS)'
27 Sep 2017 timeline
b'Aspen' disclosed a bug submitted by b'krazyhack3r' 
b'Server Path Disclosure '
27 Sep 2017 timeline
b'Aspen' disclosed a bug submitted by b'punkit' 
b'aspen | clickjacking'
27 Sep 2017 timeline
b'OLX' disclosed a bug submitted by b'kciredor' 
b'I found a way to instantly take over ads by other users and change them (IDOR)'
27 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b'Incomplete HTML sanitization + Session id leaking + private information disclosure'
27 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b'IDOR - Folder names disclosure inside a domain, regardless of user'
27 Sep 2017 timeline
b'Nextcloud' disclosed a bug submitted by b'yckul' 
b'WordPress < 4.8.2 vulnerable to multiple attacks'
27 Sep 2017 timeline
b'Legal Robot' disclosed a bug submitted by b'samczsun' 
b'Privilege Escalation to Admin-level Account'
26 Sep 2017 timeline
b'Shopify' disclosed a bug submitted by b'jelmer' 
b'Tinymce 2.4.0'
26 Sep 2017 timeline
b'Legal Robot' disclosed a bug submitted by b'goodhackonly' 
b'Issues with Forgot password Error Handling '
26 Sep 2017 timeline
b'Legal Robot' disclosed a bug submitted by b'princesinha' 
b'No error or notification on Reset password page'
26 Sep 2017 timeline
b'Legal Robot' disclosed a bug submitted by b'bhenner_' 
b'app.legalrobot.com opens FireFox but not in FireFox ESR'
26 Sep 2017 timeline
b'WakaTime' disclosed a bug submitted by b'hackedbrain' 
b'Users with member privilege are able to see emails and membership information of other users'
25 Sep 2017 timeline
1 ... 498 499 500 501 502 ... 727
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM