Skip to content
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
655 lines (655 sloc) 105 KB
Report ID Report URL Bug Title Bounty Rewarded Reporter Organization Created At Disclosed At
100186 Transactions visible on Unconfirmed devices $500 shahmeer-amir coinbase 2015-11-17T17:15:44.839Z 2015-12-11T08:20:24.051Z
104033 tokenizer crash when processing undecodable source code $500 androm3da ibb-python 2015-10-13T00:00:00.000Z 2015-11-14T00:00:00.000Z
104032 PyFloat_FromString & PyNumber_Long Buffer Over-reads $1,000 johnleitch ibb-python 2015-08-06T00:00:00.000Z 2015-11-08T00:00:00.000Z
104028 Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow) Bounty Info Not sure No Reporter Information FOund ibb-php 2015-05-13T00:00:00.000Z 2015-06-18T00:00:00.000Z
104027 Memory Corruption in phar_parse_tarfile when entry filename starts with null $500 libnex ibb-php 2015-04-15T00:00:00.000Z 2015-05-12T00:00:00.000Z
104026 invalid pointer free() in phar_tar_process_metadata() $500 libnex ibb-php 2015-04-15T00:00:00.000Z 2015-05-22T00:00:00.000Z
104025 use after free in load_newobj_ex $500 tukan ibb-python 2015-07-02T00:00:00.000Z 2015-07-02T00:00:00.000Z
104024 array.fromstring Use After Free $500 johnleitch ibb-python 2015-07-12T00:00:00.000Z 2015-07-25T00:00:00.000Z
104023 bytearray.find Buffer Over-read $1,000 johnleitch ibb-python 2015-06-17T00:00:00.000Z 2015-06-29T00:00:00.000Z
104022 hotshot pack_string Heap Buffer Overflow $500 johnleitch ibb-python 2015-06-20T00:00:00.000Z 2015-06-27T00:00:00.000Z
104021 audioop.adpcm2lin Buffer Over-read $500 johnleitch ibb-python 2015-06-15T00:00:00.000Z 2015-06-28T00:00:00.000Z
104020 audioop.lin2adpcm Buffer Over-read $500 johnleitch ibb-python 2015-06-15T00:00:00.000Z 2015-06-26T00:00:00.000Z
104019 Files extracted from archive may be placed outside of destination directory $500 stewie ibb-php 2015-07-08T00:00:00.000Z 2015-08-05T00:00:00.000Z
104018 Multiple Use After Free Vulnerabilites in unserialize() $1,500 ryat ibb-php 2015-07-30T00:00:00.000Z 2015-08-05T00:00:00.000Z
104017 Arbitrary code execution in str_ireplace function $1,000 dimitri ibb-php 2015-07-26T00:00:00.000Z 2015-08-04T00:00:00.000Z
104016 Dangling pointer in the unserialization of ArrayObject items $1,000 seanhn ibb-php 2015-07-13T00:00:00.000Z 2015-08-05T00:00:00.000Z
104015 curl_setopt_array() type confusion $500 andreapalazzo ibb-php 2015-07-29T00:00:00.000Z 2015-08-04T00:00:00.000Z
104014 libcurl duphandle read out of bounds $1,000 sparaschoudis internet 2015-09-16T00:00:00.000Z 2015-11-05T00:00:00.000Z
104013 heap buffer overflow in enchant_broker_request_dict() $500 sparaschoudis ibb-php 2014-12-05T00:00:00.000Z 2015-01-26T00:00:00.000Z
104012 Integer overflow in unserialize() (32-bits only) $500 sparaschoudis ibb-php 2015-09-18T00:00:00.000Z 2015-10-15T00:00:00.000Z
104011 AddressSanitizer reports a global buffer overflow in mkgmtime() function $500 sparaschoudis ibb-php 2015-09-16T00:00:00.000Z 2015-10-15T00:00:00.000Z
104010 SOAP serialize_function_call() type confusion / RCE $1,500 andreapalazzo ibb-php 2015-08-29T00:00:00.000Z 2015-09-02T00:00:00.000Z
104009 zend_throw_or_error() format string vulnerability $500 ryat ibb-php 2015-11-14T00:00:00.000Z 2015-11-14T00:00:00.000Z
104008 Uninitialized pointer in phar_make_dirstream $1,000 haquaman ibb-php 2015-09-05T00:00:00.000Z 2015-09-29T00:00:00.000Z
104007 Buffer over-read in exif_read_data with TIFF IFD tag $1,000 haquaman ibb-php 2015-08-28T00:00:00.000Z 2015-09-01T00:00:00.000Z
104006 Null pointer deref (segfault) in spl_autoload via ob_start $500 haquaman ibb-php 2015-08-18T00:00:00.000Z 2015-08-23T00:00:00.000Z
104005 null pointer deref (segfault) in zend_eval_const_expr $500 haquaman ibb-php 2015-08-02T00:00:00.000Z 2015-08-02T00:00:00.000Z
104004 Mem out-of-bounds write (segfault) in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER $500 haquaman ibb-php 2015-08-02T00:00:00.000Z 2015-08-02T00:00:00.000Z
104003 Python deque.index() uninitialized memory $1,000 johnleitch ibb-python 2015-08-21T00:00:00.000Z 2015-09-03T00:00:00.000Z
104002 Python scan_eol() Buffer Over-read $500 johnleitch ibb-python 2015-09-02T00:00:00.000Z 2015-09-03T00:00:00.000Z
104001 time_strftime() Buffer Over-read $500 johnleitch ibb-python 2015-08-22T00:00:00.000Z 2015-09-07T00:00:00.000Z
104000 Python xmlparse_setattro() Type Confusion $500 johnleitch ibb-python 2015-09-07T00:00:00.000Z 2015-09-07T00:00:00.000Z
103999 Use after free vulnerability in unserialize() with GMP $500 ryat ibb-php 2015-08-17T00:00:00.000Z 2015-09-01T00:00:00.000Z
103998 Use After Free Vulnerability in session deserializer $500 ryat ibb-php 2015-08-09T00:00:00.000Z 2015-09-01T00:00:00.000Z
103997 Use After Free Vulnerability in unserialize() $1,000 ryat ibb-php 2015-07-31T00:00:00.000Z 2015-09-01T00:00:00.000Z
103996 Use After Free Vulnerability in unserialize() with SplObjectStorage $1,000 ryat ibb-php 2015-08-27T00:00:00.000Z 2015-09-01T00:00:00.000Z
103995 Use After Free Vulnerability in unserialize() with SplDoublyLinkedList $1,000 ryat ibb-php 2015-08-27T00:00:00.000Z 2015-09-01T00:00:00.000Z
103994 Python 3.3 - 3.5 product_setstate() Out-of-bounds Read $500 johnleitch ibb-python 2015-09-08T00:00:00.000Z 2015-09-12T00:00:00.000Z
103993 Request Hijacking Vulnerability In RubyGems 2.4.6 And Earlier $1,500 claudijd ibb-ruby 2015-05-06T00:00:00.000Z 2015-05-14T00:00:00.000Z
103992 Integer overflow in _Unpickler_Read $500 hugbounter ibb-python 2015-09-26T00:00:00.000Z 2015-09-26T00:00:00.000Z
103991 mod_lua: Crash in websockets PING handling $500 guido ibb-apache 2015-01-28T00:00:00.000Z 2015-02-04T00:00:00.000Z
103990 Null pointer dereference in phar_get_fp_offset() $500 libnex ibb-php 2015-05-28T00:00:00.000Z 2015-09-29T00:00:00.000Z
100829 Stored-XSS in $5,000 hazimaslam coinbase 2015-11-21T10:49:01.029Z 2015-12-07T15:10:39.908Z
96470 Missing of csrf protection $500 harishkumar0394 shopify 2015-10-29T09:27:47.934Z 2015-12-07T21:26:35.535Z
101450 XSS in creating tweets $500 cj71f shopify 2015-11-24T12:34:34.454Z 2015-12-03T22:02:26.038Z
99321 [CSRF] Activate PayPal Express Checkout $500 zombiehelp54 shopify 2015-11-12T16:57:37.924Z 2015-12-03T17:26:19.144Z
97292 HTTP header injection in allows setting cookies for $1,000 harisec security 2015-11-02T17:58:35.684Z 2015-12-02T05:31:31.937Z
100509 Pre-generation of 2FA secret/backup codes seems like an unnecessary risk $1,000 danlec security 2015-11-19T16:06:20.160Z 2015-12-02T05:09:10.288Z
99708 Limited CSRF bypass. $500 harshafriend4all security 2015-11-14T19:45:05.651Z 2015-12-02T05:25:37.160Z
98469 Email Verification Link can be Used as Password Reset Link! $50 karimrahal binary 2015-11-07T15:43:12.214Z 2015-12-03T11:07:42.983Z
91604 Crossdomain.xml settings on too open $50 arbazhussain imgur 2015-10-01T10:39:07.189Z 2015-12-09T18:11:40.805Z
98499 Apps can access 'channels' beta api $500 rms shopify 2015-11-07T19:43:56.968Z 2015-11-18T21:03:22.247Z
96908 An administrator without the 'Settings' permission is able to see payment gateways $500 brakhane shopify 2015-10-30T23:46:24.189Z 2015-11-18T20:58:31.135Z
99374 deleted staff member can add his amazon marketplace web services account to the store. $500 zombiehelp54 shopify 2015-11-12T22:17:32.980Z 2015-11-18T20:23:47.415Z
98083 No password length restriction denial of service $100 secureashishpathak itbit 2015-11-05T16:10:58.745Z 2015-12-04T17:05:06.469Z
96467 Persistent XSS in and / post statistics $50 sleepprogger imgur 2015-10-29T08:57:46.145Z 2015-12-09T17:46:36.683Z
97948 Cross-domain AJAX request $2,500 ragnar security 2015-11-05T02:02:04.633Z 2015-11-14T15:22:16.880Z
97191 Send AJAX request to external domain $2,500 killr0x33d security 2015-11-02T01:07:39.782Z 2015-11-14T14:47:09.895Z
95599 Cross Site Scripting $50 paulos_ binary 2015-10-24T13:28:31.945Z 2015-11-13T16:52:29.817Z
95981 Http Response Splitting - Validate link $75 gjavado binary 2015-10-26T23:48:50.529Z 2015-11-15T12:21:01.580Z
95804 [] Authentication Data $300 bigbear_ mailru 2015-10-25T18:34:40.200Z 2015-12-01T13:18:14.165Z
96890 A 'Full access' administrator is able to see the shop owners user details $500 brakhane shopify 2015-10-30T23:05:30.461Z 2015-11-10T23:17:24.278Z
98259 'Limited' RCE in certain places where Liquid is accepted $1,500 brakhane shopify 2015-11-06T13:37:33.389Z 2015-11-10T23:17:32.596Z
97535 List of devices is accessible regardless of the account limitations $500 rms shopify 2015-11-04T00:29:53.767Z 2015-11-10T22:44:06.488Z
92481 Accessing Payments page and adding payment methods with limited access accounts $500 shahmeer-amir shopify 2015-10-05T21:22:50.988Z 2015-11-10T22:31:49.351Z
95589 Privilege escalation and circumvention of permission to limited access user $500 elamaran619 shopify 2015-10-24T12:39:14.004Z 2015-11-11T02:06:42.520Z
93680 Missing authorization check on dashboard overviews $500 shahmeer-amir shopify 2015-10-13T17:48:54.159Z 2015-11-10T22:24:59.913Z
98281 XSS Reflected in $200 hassham qiwi 2015-11-06T16:16:12.872Z 2015-12-11T17:12:28.995Z
98247 login to any user's cashier account and full account information disclosure $300 zombiehelp54 binary 2015-11-06T12:03:55.131Z 2015-11-14T21:36:47.469Z
97657 File upload XSS (Java applet) on $200 hassham slack 2015-11-04T11:10:53.600Z 2015-11-11T18:03:55.984Z
97510 Following a User After Favoriting Actually Follows Another User (related to #95243) $280 ericr twitter 2015-11-03T21:43:56.140Z 2015-12-02T17:42:20.929Z
97683 Reflected Self-XSS in Slack $100 harry_mg slack 2015-11-04T12:39:02.780Z 2015-11-10T18:32:15.422Z
81201 Reflective XSS in $100 psychomantis invision 2015-08-08T08:48:16.647Z 2015-11-23T02:38:09.770Z
96337 Stored XSS in Slack (weird, trial and error) $500 harry_mg slack 2015-10-28T14:32:33.024Z 2015-11-10T18:32:42.063Z
96855 Staff members with no permission to access domains can access them. $500 zombiehelp54 shopify 2015-10-30T20:15:33.890Z 2015-11-03T01:11:15.180Z
93616 get users information without full access $500 pouya shopify 2015-10-13T07:41:18.949Z 2015-11-04T18:50:22.488Z
93901 Bypassing password requirement during deletion of accout $500 jitendra shopify 2015-10-14T20:36:17.660Z 2015-11-03T19:06:22.953Z
95441 Unauthorized access to any Store Admin's First & Last name $500 hazimaslam shopify 2015-10-23T21:08:19.922Z 2015-11-07T21:25:00.707Z
95243 Following a User Actually Follows Another User $280 ericr twitter 2015-10-22T23:07:36.649Z 2015-12-02T17:40:51.446Z
88881 XSS:,[id]/reply _Ëãó_Ÿ __ã‰___µã‰_µ ___Á ã_Ë_µãÊ_Ÿ_Á_éãë__ã†__ ___±ãó_Á_‡____ ãã‹__ãó___Ÿãó_____Á_______µ _Ë_Ÿããë____ $500 aesteral mailru 2015-09-14T20:26:33.476Z 2015-11-16T13:22:40.987Z
95932 user-agent Content spoofing $50 behroz itbit 2015-10-26T18:10:56.713Z 2015-11-28T15:30:07.783Z
93394 Unauthenticated access to details of hidden products in any shop via title emuneration $1,000 juhhga shopify 2015-10-12T03:49:19.322Z 2015-10-23T20:08:47.691Z
94502 Some S3 Buckets are world readable (and one is world writeable) $500 brakhane shopify 2015-10-18T16:53:53.657Z 2015-10-24T14:18:02.688Z
93294 First & Last Name Disclosure of any Shopify Store Admin $500 hazimaslam shopify 2015-10-11T03:29:05.547Z 2015-11-09T20:36:37.223Z
67393 Enumeration and Guessable Email (OWASP-AT-002)T hrough Login Form $150 dipak_das invision 2015-06-11T09:22:37.581Z 2015-10-23T18:04:48.582Z
87168 XSS on blog pages via sharing buttons $500 reactors08 shopify 2015-09-03T08:09:51.486Z 2015-10-21T16:11:33.539Z
92353 CSV Injection in $75 strukt automattic 2015-10-04T23:17:40.723Z 2015-11-20T14:27:08.783Z
94899 Paid account can review\download any invoice of any other shop $4,000 dvl shopify 2015-10-20T20:15:09.077Z 2015-10-22T20:44:39.830Z
94087 Arbitrary read on s3://shopify-delivery-app-storage/files $1,500 brakhane shopify 2015-10-15T20:38:59.534Z 2015-10-20T20:27:10.858Z
93921 Unauthorized access to all collections, products, pages from other stores $2,500 pouya shopify 2015-10-14T22:52:59.241Z 2015-10-20T16:00:36.331Z
94230 Cross-site Scripting in all Zopim $1,000 mdv zopim 2015-10-16T14:56:26.648Z 2015-10-20T22:53:27.181Z
93691 Arbitrary write on s3://shopify-delivery-app-storage/files $2,000 brakhane shopify 2015-10-13T19:22:49.202Z 2015-10-15T18:55:26.436Z
90671 Privilege escalation vulnerability $500 marhvhelous shopify 2015-09-27T16:06:21.090Z 2015-10-14T20:38:55.672Z
57505 amazon aws s3 bucket content is public :- $500 pulkit_pandey shopify 2015-04-20T20:00:31.371Z 2015-10-15T03:47:27.183Z
93004 unauthorized access to all collections name $2,000 pouya shopify 2015-10-08T21:23:04.635Z 2015-10-14T19:45:27.215Z
50941 A user can enhance their videos with paid tracks without buying the track $250 satishb3 vimeo 2015-03-11T08:40:37.368Z 2015-10-14T15:41:40.723Z
92740 SPF records not found $100 brain coinbase 2015-10-07T10:03:52.049Z 2015-10-14T08:27:59.867Z
90912 Inadequate input validation on API endpoint leading to self denial of service and increased system load. $500 mantis irccloud 2015-09-29T13:59:37.609Z 2015-10-12T17:45:20.270Z
93106 Subdomain Takeover in pointing to Fastly $100 harry_mg wepay 2015-10-09T12:45:53.500Z 2015-12-10T09:04:22.900Z
62174 Internet Explorer Enhanced Protected Mode sandbox escape via a broker vulnerability $3,000 ashutoshmehra sandbox 2015-05-12T19:27:16.779Z 2015-10-09T07:00:24.622Z
66958 Microsoft Internet Explorer ActiveX Broker Allows EPM Bypass $3,000 yopwn sandbox 2015-06-09T19:16:17.803Z 2015-10-09T06:59:17.234Z
49935 rails-ujs will send CSRF tokens to other origins $1,000 mastahyeti rails 2015-03-03T18:42:54.912Z 2015-06-16T19:21:31.440Z
44513 RCE due to Web Console IP Whitelist bypass in Rails 4.0 and 4.1 $500 joernchen rails 2015-01-21T12:51:04.867Z 2015-06-16T19:21:46.422Z
92350 CSV Injection $128 strukt trello 2015-10-04T22:34:00.717Z 2015-10-13T20:43:53.539Z
92050 Normal User can add new users to group $256 sarwarjahan trello 2015-10-02T16:42:09.867Z 2015-10-14T17:08:04.277Z
92453 unauthorized access to all customers first and last name $2,500 pouya shopify 2015-10-05T18:54:10.867Z 2015-10-06T18:04:12.916Z
92344 customers password hash leak!!!! $500 pouya shopify 2015-10-04T21:38:16.541Z 2015-10-05T18:44:48.271Z
87577 Stored XSS on and $200 esevece vimeo 2015-09-05T06:28:15.228Z 2015-11-30T14:17:08.376Z
89505 Self-XSS in posts by formatting text as code $100 harry_mg slack 2015-09-18T04:55:10.911Z 2015-11-10T18:33:51.508Z
55546 Open Redirect after login at $500 dhaval shopify 2015-04-09T20:00:50.208Z 2015-10-05T18:38:33.749Z
90690 change Login Services settings without owner access $1,000 pouya shopify 2015-09-27T20:38:00.359Z 2015-10-14T19:54:09.411Z
56626 Shop admin can change external login services $1,000 satishb3 shopify 2015-04-16T09:53:14.564Z 2015-10-02T03:34:59.280Z
90753 Content Spoofing $50 girish_s_pattanashetty zendesk 2015-09-28T13:16:01.331Z 2015-11-02T22:43:27.979Z
80298 _Í___µ_Çãó_µ___Ÿ_µ _Ëãó___Ÿ_‡_____éãë________ javascript-ããÊ_µ___Áãó_Ÿã __ ã‹ã€____ãÊ_Ÿ_____Á_é_µ _Ëãó__ã____ã‰ãó_Á _Ÿ_‡___±ãó_Á___µ___Ÿ__ _____±_Ÿ_éãë______ ___µãóã_Ÿ_Ÿ ã_Á__ã‰_Á $500 bo0om vkcom 2015-08-03T11:26:58.890Z 2015-10-30T12:10:41.684Z
66121 XSS at on IE using flash files $500 tunnelshade vkcom 2015-06-05T09:56:45.013Z 2015-10-30T12:23:19.628Z
65330 __µ _Ç__ãã‰_Áã‰__ãˆ___Á㏠_Ëãó_____µãó___Á _é_____Ÿ___Á ã___Á___Ë $100 abr1k0s vkcom 2015-06-01T22:34:48.127Z 2015-10-30T11:34:43.884Z
87561 OAUTH pemission set as true= lead to authorize malicious application $100 paresh_parmar coinbase 2015-09-05T01:31:17.205Z 2015-12-01T14:26:06.718Z
90274 CSV Excel Macro Injection Vulnerability in export chat logs $100 psychomantis zopim 2015-09-24T05:20:48.138Z 2015-11-05T19:38:38.503Z
90131 CSV Excel Macro Injection Vulnerability in export customer tickets $100 psychomantis zendesk 2015-09-23T09:18:02.387Z 2015-11-02T22:43:14.705Z
56936 Notification request disclose private information about other myshopify accounts $4,000 dvl shopify 2015-04-17T14:39:07.291Z 2015-09-24T03:24:56.776Z
89624 Cross-site Scripting $100 mdv zendesk 2015-09-19T11:48:48.895Z 2015-12-09T02:06:13.759Z
67557 Bypass access restrictions from API $1,000 pouya shopify 2015-06-12T09:03:50.585Z 2015-09-18T19:44:41.027Z
56726 Invitation issue $500 frozen shopify 2015-04-16T17:36:16.848Z 2015-09-16T20:35:43.934Z
81736 XSS in WordPress $100 blinkms automattic 2015-08-11T15:25:36.288Z 2015-10-16T16:17:29.199Z
88395 Information leakage through Graphviz blocks $300 jbeta phabricator 2015-09-11T01:18:57.641Z 2015-09-13T19:55:14.805Z
87040 XSS on OAuth authorize/authenticate endpoint $2,520 filedescriptor twitter 2015-09-02T15:24:28.460Z 2015-11-20T18:49:04.664Z
85720 IDOR on remoing Share $250 crab romit 2015-08-30T18:46:30.968Z 2015-11-27T06:26:11.492Z
85720 IDOR on remoing Share $250 crab romit 2015-08-30T18:46:30.968Z 2015-11-27T06:26:11.492Z
78412 Cross site scripting $150 smitgajra007 mailru 2015-07-24T15:23:23.592Z 2015-12-11T10:54:10.198Z
56779 XSS on $500 killr0x33d shopify 2015-04-16T19:50:58.471Z 2015-09-06T20:25:01.310Z
86504 [CRITICAL] Login To Any Account Linked With Google+ With Email Only $100 egyxos anghami 2015-09-01T15:08:44.057Z 2015-10-02T23:54:35.464Z
81757 Self XSS in chat. $500 00day shopify 2015-08-11T17:25:34.010Z 2015-09-02T16:43:15.599Z
86468 [] Sql Injection $300 aaj__ anghami 2015-09-01T14:51:06.092Z 2015-10-02T11:49:34.547Z
86022 Multiple so called 'type juggling' attacks. Most notably PhabricatorUser::validateCSRFToken() is 'bypassable' in certain cases. $450 superkritisch phabricator 2015-09-01T01:08:56.393Z 2015-10-01T22:57:15.654Z
85291 XSS $500 mdv shopify 2015-08-27T22:32:52.176Z 2015-08-31T22:37:28.032Z
75357 Session Cookie without HttpOnly and secure flag set $100 pradeepch99 qiwi 2015-07-14T10:05:39.855Z 2015-09-27T08:36:43.881Z
84709 [API ISSUE] agents can Create agents even after they are disabled ! $100 harshafriend4all zopim 2015-08-25T19:41:28.508Z 2015-09-10T01:23:51.084Z
72785 CSV Injection with the CVS export feature $500 appsec3 security 2015-06-26T19:53:52.138Z 2015-09-21T22:04:25.799Z
10801 report a reflected XSS $400 faisal123 99designs 2014-05-03T13:29:28.124Z 2014-07-08T10:00:29.595Z
81441 XSS (Digital Downloads App in $500 00day shopify 2015-08-09T20:12:25.508Z 2015-08-24T22:29:00.454Z
67389 SSRF via 'Insert Image' feature of Products/Collections/Frontpage $500 alpha shopify 2015-06-11T09:05:59.151Z 2015-08-24T14:47:13.085Z
67660 Verification code issues for Two-Step Authentication $100 maverickrocky02 automattic 2015-06-12T20:58:31.999Z 2015-09-20T16:05:47.316Z
82725 Stored XSS in comments $500 zombiehelp54 zendesk 2015-08-16T06:14:48.821Z 2015-11-13T22:07:11.539Z
79393 __ã‰__ãóã†ã‰ã†__ _Ç__ãã‰ã€_Ë __ ____ãó_Ë__ãó_Áã‰_Ÿ____ã†__ _Ç_Á____ã†__. $500 sw3nlab qiwi 2015-07-29T08:05:52.425Z 2015-11-02T21:33:31.949Z
77802 TCP Source Port Pass Firewall $1,000 salmankhanchampion shopify 2015-07-22T14:55:39.324Z 2015-08-11T15:10:49.339Z
73566 Reflected XSS in chat $500 skavans shopify 2015-07-01T23:40:29.545Z 2015-08-11T16:02:24.281Z
80936 Private Program and bounty details disclosed as part of JSON search response $500 techguynoob security 2015-08-06T15:41:19.751Z 2015-08-31T04:10:14.675Z
60573 ã‰__ãóãˆ_Ÿã‰ Graphite __ ___Ÿãó $400 isox mailru 2015-05-11T11:43:04.820Z 2015-09-13T13:04:18.332Z
67161 Possible xWork classLoader RCE: $200 isox mailru 2015-06-10T09:27:21.118Z 2015-09-13T13:03:37.088Z
77076 GA code not verified on the server side allows sending Verification Documents on behalf of another user $250 crab romit 2015-07-20T20:42:07.571Z 2015-11-27T06:28:47.665Z
80597 Number of invited researchers disclosed as part of JSON search response $500 jessescitech security 2015-08-04T22:46:14.051Z 2015-08-05T00:22:04.355Z
77319 Full path disclosure at $100 s_p_q_r keybase 2015-07-21T13:27:47.914Z 2015-09-04T18:16:23.265Z
77067 No rate limiting for sensitive actions (like "forgot password") enables user enumeration $250 paresh_parmar keybase 2015-07-20T20:27:29.820Z 2015-08-04T05:11:44.793Z
77081 Content Sniffing not disabled $250 alihassanghori keybase 2015-07-20T20:48:50.106Z 2015-08-05T01:28:42.527Z
79185 Content spoofing through Referel header $25 pradeepch99 flox 2015-07-28T07:45:34.191Z 2015-08-29T03:15:17.821Z
76738 Open redirect filter bypass $25 aaj__ zaption 2015-07-19T10:59:20.289Z 2015-08-24T16:58:58.952Z
77060 SMTP protection not used $500 mom keybase 2015-07-20T20:08:46.575Z 2015-08-28T21:02:16.110Z
77060 SMTP protection not used $500 mom keybase 2015-07-20T20:08:46.575Z 2015-08-28T21:02:16.110Z
77221 Open/Unvalidated Redirect Issue $25 bugs3ra mavenlink 2015-07-21T06:41:37.203Z 2015-08-06T20:24:08.015Z
77065 Stealing CSRF Tokens $500 wesecureapp keybase 2015-07-20T20:20:11.116Z 2015-07-22T20:45:48.771Z
77231 Weak Cryptographic Hash $25 ru94mb wordpoints 2015-07-21T07:29:14.331Z 2015-07-23T06:47:08.280Z
75727 Stored Cross site scripting In $200 dipak_das zendesk 2015-07-15T23:23:44.424Z 2015-09-02T21:37:18.018Z
75702 No rate limit which leads to "Users information Disclosure" including verfification documents etc. $250 crab romit 2015-07-15T22:19:27.309Z 2015-11-27T06:24:38.895Z
71614 XSS in Myshopify Admin Site in DISCOUNTS $500 nismo shopify 2015-06-19T08:30:40.360Z 2015-07-20T14:37:18.182Z
76713 XSS - Gallery Search Listing $50 bugs3ra zaption 2015-07-19T09:28:07.837Z 2015-08-12T17:13:16.483Z
75556 Accessing title of the report of which you are marked as duplicate $500 mafia security 2015-07-15T10:04:45.012Z 2015-07-17T18:17:49.548Z
35237 Gain reputation by creating a duplicate of an existing report $500 huzaifa_jawaid security 2014-11-11T21:07:29.379Z 2015-08-14T18:08:47.019Z
67220 Expire User Sessions in Admin Site does not expire user session in Shopify Application in IOS $500 nismo shopify 2015-06-10T13:02:05.436Z 2015-07-15T17:38:10.419Z
73567 Attention! Remote Code Execution at $3,000 prakharprasad shopify 2015-07-02T00:05:27.600Z 2015-07-16T12:02:44.547Z
67377 SSRF via 'Add Image from URL' feature $500 alpha shopify 2015-06-11T07:49:05.596Z 2015-07-15T01:04:36.189Z
58679 SSL cookie without secure flag set $500 pratikpanchal_infobit shopify 2015-04-27T10:52:29.273Z 2015-07-13T19:10:32.578Z
66151 Invitation is not properly cancelled while inviting to bug reports. $500 batman security 2015-06-05T14:05:01.385Z 2015-07-10T00:32:32.240Z
37301 CSRF Token in cookies! $150 protector_47 invision 2014-11-24T20:55:06.710Z 2015-10-22T14:21:24.072Z
74147 Potential for financial loss, negative Values for "Buy fee" and "Sell Fee" $250 crab romit 2015-07-06T16:12:45.378Z 2015-11-26T20:49:47.993Z
73260 Integer overflow in _json_encode_unicode leads to crash $1,000 nilch ibb-python 2015-06-27T00:00:00.000Z 2015-06-27T00:00:00.000Z
73259 Integer overflow in _pickle.c $500 tukan ibb-python 2015-06-27T00:00:00.000Z 2015-06-27T00:00:00.000Z
73258 Python: imageop Unsafe Arithmetic $1,000 johnleitch ibb-python 2015-05-22T00:00:00.000Z 2015-05-31T00:00:00.000Z
73257 PHP yaml_parse/yaml_parse_file/yaml_parse_url Unsafe Deserialization $500 johnleitch ibb-php 2015-05-10T00:00:00.000Z 2015-05-18T00:00:00.000Z
73256 PHP yaml_parse/yaml_parse_file/yaml_parse_url Double Free $1,500 johnleitch ibb-php 2015-05-10T00:00:00.000Z 2015-05-18T00:00:00.000Z
73255 str_repeat() sign mismatch based memory corruption $500 andreapalazzo ibb-php 2015-04-09T00:00:00.000Z 2015-05-12T00:00:00.000Z
73253 Multiple type confusions in unicode error handlers $500 pakt_ ibb-python 2015-05-01T00:00:00.000Z 2015-05-18T00:00:00.000Z
73252 Use after free in get_filter $500 pakt_ ibb-python 2015-05-01T00:00:00.000Z 2015-05-03T00:00:00.000Z
73251 Multiple use after free bugs in json encoding $1,500 pakt_ ibb-python 2015-05-01T00:00:00.000Z 2015-05-03T00:00:00.000Z
73250 Multiple use after free bugs in heapq module $1,500 pakt_ ibb-python 2015-05-01T00:00:00.000Z 2015-05-03T00:00:00.000Z
73249 Multiple use after free bugs in element module $1,500 pakt_ ibb-python 2015-05-01T00:00:00.000Z 2015-05-18T00:00:00.000Z
73248 Tokenizer crash when processing undecodable source code $500 hugbounter ibb-python 2015-04-21T00:00:00.000Z 2015-04-21T00:00:00.000Z
73247 php_stream_url_wrap_http_ex() type-confusion vulnerability $500 mongo ibb-php 2015-03-31T00:00:00.000Z 2015-04-14T00:00:00.000Z
73246 Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER $500 mongo ibb-php 2015-03-27T00:00:00.000Z 2015-04-14T00:00:00.000Z
73245 Type Confusion Vulnerability in SoapClient $500 ryat ibb-php 2015-03-01T00:00:00.000Z 2015-04-16T00:00:00.000Z
73244 Use after free vulnerability in unserialize() with DateInterval $1,500 ryat ibb-php 2015-02-27T00:00:00.000Z 2015-03-17T00:00:00.000Z
73242 libcurl: URL request injection $3,000 isciurus internet 2014-12-25T00:00:00.000Z 2015-01-08T00:00:00.000Z
73241 Malformed ECParameters causes infinite loop $2,500 ctz ibb-openssl 2015-06-11T00:00:00.000Z 2015-06-11T00:00:00.000Z
73240 Integer overflow in ftp_genlist() resulting in heap overflow $1,500 ruben ibb-php 2015-04-28T00:00:00.000Z 2015-05-12T00:00:00.000Z
73239 ZIP Integer Overflow leads to writing past heap boundary $1,500 libnex ibb-php 2015-03-18T00:00:00.000Z 2015-03-18T00:00:00.000Z
73238 Buffer Over-read in unserialize when parsing Phar $1,000 libnex ibb-php 2015-03-29T00:00:00.000Z 2015-04-14T00:00:00.000Z
73237 Buffer Over flow when parsing tar/zip/phar in phar_set_inode $1,000 libnex ibb-php 2015-04-14T00:00:00.000Z 2015-04-14T00:00:00.000Z
73236 X509_to_X509_REQ NULL pointer deref $500 geeknik ibb-openssl 2015-03-15T00:00:00.000Z 2015-03-15T00:00:00.000Z
73235 Use After Free Vulnerability in unserialize() $1,500 ryat ibb-php 2015-02-03T00:00:00.000Z 2015-03-17T00:00:00.000Z
73234 out of bounds read crashes php-cgi $500 geeknik ibb-php 2014-12-17T00:00:00.000Z 2014-12-30T00:00:00.000Z
66235 _£ã_‡___Ÿ____ãã‰ãë __ _£___Á_‡_Á___Ÿ_µ ___µãã‰ ___Á ã‹__ã‰__ + ã‹_Ÿãˆ_Á + ãƒ_Á___Ÿ____ $200 pisarenko vkcom 2015-06-06T01:24:11.281Z 2015-09-07T15:53:07.286Z
64963 API: Bug in method auth.validatePhone $500 vladislav805 vkcom 2015-05-30T20:47:56.380Z 2015-07-17T22:20:17.497Z
18845 Unauthorized Access via Join Email Link $100 anshuman_bh wepay 2014-07-03T05:32:45.856Z 2015-06-24T07:05:30.591Z
72331 XSS at Bulk editing ProductVariants $500 mafia shopify 2015-06-24T07:36:00.263Z 2015-06-25T04:12:57.741Z
56494 Get email ID of any user on $216 mafia dropbox-acquisitions 2015-04-15T20:41:47.281Z 2015-07-22T06:57:46.562Z
52035 Open redirect in "Language change". $500 seifelsallamy security 2015-03-15T05:24:49.733Z 2015-06-19T21:03:20.893Z
67125 XSS at importing Product List $500 mafia shopify 2015-06-10T08:06:48.627Z 2015-06-17T15:04:11.294Z
67132 XSS at Bulk editing products $500 mafia shopify 2015-06-10T08:15:22.843Z 2015-06-17T15:04:22.964Z
63888 Cross site scripting $50 jaikeysarraf romit 2015-05-27T06:54:57.538Z 2015-07-12T18:45:43.511Z
66386 [www.*] CRLF Injection $500 bobrov shopify 2015-06-07T08:01:57.318Z 2015-06-10T17:31:32.341Z
66262 mailto: link injection on $500 ashesh security 2015-06-06T08:37:34.778Z 2015-06-10T05:03:10.438Z
63865 Potential denial of service in<program>/reward_settings $100 ashesh security 2015-05-27T04:30:15.478Z 2015-06-10T04:13:53.662Z
55911 CSRF token fixation in facebook store app that can lead to adding attacker to victim acc $500 harshafriend4all shopify 2015-04-11T14:06:20.330Z 2015-06-25T20:05:05.521Z
55716 Force 500 Internal Server Error on any shop (for one user) $500 4lemon shopify 2015-04-10T14:57:24.777Z 2015-06-09T23:43:40.005Z
62861 Bulk Discount App in exposes vulnerable to XSS $500 nismo shopify 2015-05-18T14:34:45.258Z 2015-07-23T16:45:06.222Z
62427 XSS in Admin site in TAX Overrides $500 nismo shopify 2015-05-14T17:15:39.076Z 2015-06-09T20:55:33.836Z
47223 Javascript Injection $200 ddworken invision 2015-02-09T18:23:49.489Z 2015-07-08T18:47:12.952Z
63729 Logic error with notifications: user that has left team continues to receive notifications and can not 'clean' this area on account $500 brdoors2 security 2015-05-25T19:31:24.774Z 2015-06-04T16:29:50.996Z
62544 $150 isox mailru 2015-05-15T11:34:19.314Z 2015-09-13T12:59:17.827Z
62531 Quagga (Router) : Default password and default enable password $200 isox mailru 2015-05-15T10:32:32.096Z 2015-09-13T12:58:52.194Z
55530 Authentication Failed Mobile version $500 lccunha shopify 2015-04-09T19:34:24.650Z 2015-06-02T19:26:26.134Z
57914 HTML injection in email sent by $50 crab romit 2015-04-23T17:24:46.665Z 2015-11-26T20:49:08.402Z
39486 No bruteforce protection leads to enumeration of emails in $100 niyaax mailru 2014-12-16T10:39:32.909Z 2015-06-28T14:41:06.705Z
60420 stacked blind injection $400 isox mailru 2015-05-10T08:46:45.586Z 2015-09-13T12:27:56.920Z
54719 stored XSS in agent via sticker (smile) $500 reactors08 mailru 2015-04-03T18:00:23.905Z 2015-06-28T13:29:20.074Z
57692 Server responds with the server error logs on account creation $50 crab romit 2015-04-21T23:51:02.249Z 2015-11-26T20:49:08.409Z
63537 XSS in $100 enderun07 mavenlink 2015-05-23T12:34:09.730Z 2015-06-22T22:57:42.457Z
53628 XSS in $216 mahitman dropbox-acquisitions 2015-03-27T13:05:12.179Z 2015-06-02T18:36:01.681Z
59356 XSS in dropbox main domain $512 missoum1307 dropbox 2015-05-02T20:57:19.892Z 2015-06-09T00:34:30.880Z
57459 XSS in $500 cj71f shopify 2015-04-20T12:56:43.159Z 2015-05-19T18:46:17.280Z
59179 Race condition when redeeming coupon codes $216 franjkovic dropbox 2015-05-01T06:04:52.353Z 2015-05-11T21:04:17.506Z
60402 Content Spoofing - External Link Warning Page $500 jedimaster security 2015-05-10T07:15:04.633Z 2015-05-11T20:50:41.501Z
59659 Reopen Disable Accounts/ Hidden Access After Disable $500 antrax security 2015-05-05T09:07:36.045Z 2015-06-08T20:55:21.474Z
56742 SPF whitelist of mandrill leads to email forgery $1,000 mikebrooks security 2015-04-16T18:15:09.759Z 2015-06-08T00:26:08.156Z
59369 Making any Report Failed to load $500 aj-_- security 2015-05-03T01:16:24.683Z 2015-05-09T14:06:12.170Z
59375 Homograph attack $500 filedescriptor security 2015-05-03T02:29:04.941Z 2015-05-09T02:15:41.252Z
59469 Fake URL + Additional vectors for homograph attack $500 killr0x33d security 2015-05-03T20:50:16.860Z 2015-05-09T21:03:08.050Z
58630 Content Spoofing $500 zerohat shopify 2015-04-26T20:33:30.137Z 2015-05-05T15:06:26.924Z
58612 Homograph attack $500 killr0x33d security 2015-04-26T17:58:53.549Z 2015-05-02T22:34:51.056Z
57603 API: missing invalidation of OAuth2 Authorization Code during access revocation causes authorization bypass $500 dor1s vimeo 2015-04-21T14:44:49.464Z 2015-05-31T17:40:09.964Z
59015 Stored XSS in the Shopify Discussion Forums $500 sukhjiwansingh shopify 2015-04-29T19:48:20.965Z 2015-05-31T14:54:43.895Z
51817 Post in private groups after getting removed $250 niyaax vimeo 2015-03-13T22:50:28.924Z 2015-05-01T14:21:08.112Z
52708 Share your channel to any user on vimeo without following him $250 vijay_kumar1110 vimeo 2015-03-20T07:14:08.457Z 2015-09-28T21:56:18.909Z
54631 Vulnerable to JavaScript injection. (WXS) (Javascript injection)! $100 protector_47 snapchat 2015-04-03T11:21:29.485Z 2015-10-22T14:22:09.262Z
52181 Insecure Direct Object References that allows to read any comment (even if it should be private) $150 patrik vimeo 2015-03-16T11:56:07.679Z 2015-05-04T16:51:07.517Z
52176 Insecure Direct Object References in $500 patrik vimeo 2015-03-16T10:55:05.899Z 2015-05-04T16:51:07.369Z
37593 Open Redirect in $250 masatokinugawa sucuri 2014-11-27T06:32:18.299Z 2015-05-27T16:19:33.476Z
56828 SSRF vulnerablity in app webhooks $512 haquaman dropbox 2015-04-17T02:37:51.483Z 2015-04-23T23:52:45.539Z
55670 Ex-admin of an organization can delete team members $280 satishb3 twitter 2015-04-10T09:53:25.964Z 2015-11-01T15:46:20.209Z
53858 Insecure Direct Object Reference - access to other user/group DM's $420 wesecureapp twitter 2015-03-29T17:15:04.612Z 2015-10-03T18:48:57.984Z
57163 Open-redirect on $500 killr0x33d security 2015-04-18T10:50:57.996Z 2015-04-23T15:38:54.773Z
55842 [persistent cross-site scripting] customers can target admins $1,000 wesecureapp shopify 2015-04-11T07:51:20.741Z 2015-07-01T15:35:20.996Z
44052 Hadoop Node available to public $150 isox mailru 2015-01-16T15:30:28.845Z 2015-09-13T12:17:30.116Z
49035 HDFS NameNode Public disclosure: $150 isox mailru 2015-02-24T08:32:46.730Z 2015-09-13T12:16:57.090Z
56511 IDOR expire other user sessions $1,000 sappi shopify 2015-04-15T22:02:37.726Z 2015-04-17T01:32:54.829Z
56002 Shopify android client all API request's response leakage, including access_token, cookie, response header, response body content $2,000 sukhoi shopify 2015-04-12T08:51:42.562Z 2015-07-04T15:45:09.606Z
54779 Missing spf flags for $500 jenglish shopify 2015-04-03T22:16:30.301Z 2015-04-16T10:35:32.194Z
55525 Open redirection in OAuth $500 pranav_hivarekar shopify 2015-04-09T19:26:47.044Z 2015-07-03T17:17:57.442Z
47932 Privilege Escalation at invite feature $729 daksh dropbox-acquisitions 2015-02-17T04:53:17.186Z 2015-04-04T04:30:02.046Z
53843 HTTP Response Splitting (CRLF injection) due to headers overflow $2,800 filedescriptor twitter 2015-03-29T10:52:52.117Z 2015-05-04T22:51:22.707Z
55033 Use after free vulnerability in unserialize() $3,000 sesser ibb-php 2014-12-12T00:00:00.000Z 2015-01-20T00:00:00.000Z
55030 SoapClient's __call() type confusion through unserialize() $2,500 andreapalazzo ibb-php 2015-02-19T00:00:00.000Z 2015-03-03T00:00:00.000Z
55029 Use after free vulnerability in unserialize() with DateTimeZone $2,500 ryat ibb-php 2015-01-29T00:00:00.000Z 2015-02-27T00:00:00.000Z
55028 Free called on unitialized pointer in exif.c $2,500 endeavor ibb-php 2015-01-11T00:00:00.000Z 2015-01-20T00:00:00.000Z
55018 Segmentation fault for invalid PSS parameters $3,000 geeknik ibb-openssl 2015-01-31T00:00:00.000Z 2015-03-19T00:00:00.000Z
55017 Multiple Python integer overflows $9,000 pakt_ ibb-python 2015-02-01T00:00:00.000Z 2015-02-04T00:00:00.000Z
26962 open redirect in rfc6749 $3,000 asanso internet 2014-09-04T19:15:25.612Z 2015-04-06T17:40:18.093Z
51265 Flash Cross Domain Policy Bypass by Using File Upload and Redirection - only in Chrome $2,000 irsdl ibb-flash 2015-03-12T23:35:49.486Z 2015-05-06T02:43:27.561Z
47779 Heap overflow in H. Spenceräó»s regex library on 32 bit systems $3,000 guido internet 2015-02-15T03:28:07.748Z 2015-04-06T02:42:11.446Z
31756 Drupal 7 pre auth sql injection and remote code execution $3,000 shorst internet 2014-10-17T10:50:36.095Z 2015-04-06T09:40:09.432Z
54610 Logout any user of same team $100 uttam5oren slack 2015-04-03T06:32:13.344Z 2015-05-05T05:59:54.329Z
54641 Captcha Bypass in Snapchat's Geofilter Submission Process $100 zero snapchat 2015-04-03T12:44:21.990Z 2015-05-04T01:15:06.517Z
54733 Sandboxed iframes don't show confirmation screen $1,000 homakov coinbase 2015-04-03T18:34:58.274Z 2015-04-04T15:31:37.435Z
46747 Team admin can change unauthorized team setting (require_at_for_mention) $200 satishb3 slack 2015-02-05T14:16:40.217Z 2015-04-30T06:07:57.989Z
52982 [URGENT ISSUE] Add or Delete the videos in watch later list of any user . $250 prashanth vimeo 2015-03-22T12:07:22.727Z 2015-05-01T15:46:57.935Z
50170 FREAK: Factoring RSA_EXPORT Keys to Impersonate TLS Servers $7,500 prosecco-inria internet 2015-03-05T16:18:06.711Z 2015-04-01T07:30:30.475Z
52644 confirmation bypass of 2FA devices while they are deleting $200 harshafriend4all itbit 2015-03-19T18:48:31.859Z 2015-04-29T10:03:36.379Z
52645 secretKey for OTP , is getting leaked in response of a delete request ! $200 harshafriend4all itbit 2015-03-19T18:57:30.034Z 2015-04-29T10:03:01.443Z
53098 XSS in $1,400 masatokinugawa twitter 2015-03-23T16:31:41.943Z 2015-04-03T23:31:12.903Z
52646 Insecure direct object reference - have access to deleted DM's $420 wesecureapp twitter 2015-03-19T19:01:36.118Z 2015-10-12T04:56:07.348Z
53088 SSRF vulnerability (access to metadata server on EC2 and OpenStack) $300 agarri_fr phabricator 2015-03-23T15:08:49.061Z 2015-03-26T18:37:57.571Z
38682 Delayed, fraudulent transactions possible with encrypted Square Reader devices due to lack of server-side verification of device transaction counter $500 jmoore15 square 2014-12-08T21:28:43.839Z 2015-07-24T23:58:18.431Z
46916 Markdown parsing issue enables insertion of malicious tags and event handlers $5,000 danlec security 2015-02-06T17:34:25.616Z 2015-04-07T21:12:33.546Z
52042 HTTP Response Splitting (CRLF injection) in report_story $3,500 filedescriptor twitter 2015-03-15T07:49:31.208Z 2015-04-21T17:59:23.057Z
52822 XSS with Time-of-Day Format $300 candux phabricator 2015-03-20T21:32:08.402Z 2015-04-19T21:58:26.684Z
44588 Email Length Verification $50 simon90 itbit 2015-01-21T18:05:22.462Z 2015-10-11T22:07:11.704Z
49561 Vimeo + & Vimeo PRO Unautorised Tax bypass $250 michelgaschet vimeo 2015-02-28T05:41:33.817Z 2015-04-18T08:35:39.009Z
50786 A user can add videos to other user's private groups $250 satishb3 vimeo 2015-03-10T10:32:17.246Z 2015-04-23T16:36:36.979Z
49139 Heartbleed $150 isox mailru 2015-02-25T07:49:11.753Z 2015-09-13T12:16:27.816Z
49408 RCE ãˆ_µãó_µ_‡ JDWP $300 isox mailru 2015-02-27T09:13:28.705Z 2015-09-13T12:14:53.016Z
49652 Improperly validated fields allows injection of arbitrary HTML via spoofed React objects $5,000 danlec security 2015-02-28T17:38:13.663Z 2015-03-18T13:11:50.503Z
50752 open redirect sends authenticity_token to any website or (ip address) $560 seifelsallamy twitter 2015-03-10T01:01:35.464Z 2015-03-14T02:05:46.716Z
47940 Team admin can add billing contacts $200 satishb3 slack 2015-02-17T08:46:56.981Z 2015-04-03T00:45:03.393Z
49974 The csrf token remains same after user logs in $50 crab romit 2015-03-04T05:38:37.035Z 2015-11-26T20:47:27.692Z
50884 Bypass pin(4 digit passcode on your android app) $100 adrianbelen whisper 2015-03-11T04:36:09.341Z 2015-04-12T02:24:32.481Z
48065 open authentication bug $100 prashanth coinbase 2015-02-18T13:26:26.398Z 2015-03-11T16:19:22.122Z
47536 [] XSS + Misconfiguration $200 kxyry qiwi 2015-02-12T13:09:49.842Z 2015-08-31T08:40:13.734Z
50885 CVE-2014-0224 openssl ccs vulnerability $10 paresh_parmar whisper 2015-03-11T04:42:02.964Z 2015-04-10T05:04:11.969Z
36211 Logic Issue with Reputation: Boost Reputation Points $500 prakharprasad security 2014-11-16T16:06:58.345Z 2015-04-28T04:51:43.873Z
50829 A user can post comments on other user's private videos $500 satishb3 vimeo 2015-03-10T18:13:51.208Z 2015-03-11T14:37:49.514Z
50776 A user can edit comments even after video comments are disabled $250 satishb3 vimeo 2015-03-10T09:12:26.084Z 2015-03-11T14:37:33.636Z
50134 XSS in original referrer after follow $1,400 wesecureapp twitter 2015-03-05T11:34:49.909Z 2015-03-09T18:37:58.303Z
49806 Twitter Ads Campaign information disclosure through admin without any authentication. $560 avicoder twitter 2015-03-02T15:00:30.732Z 2015-04-25T08:22:05.808Z
49759 Open Redirect leak of authenticity_token lead to full account take over. $1,400 seifelsallamy twitter 2015-03-02T01:07:46.725Z 2015-04-03T21:20:11.985Z
48516 Redirect URL in /intent/ functionality is not properly escaped $1,400 homakov twitter 2015-02-21T23:47:32.767Z 2015-02-24T21:55:21.923Z
47140 Leakage of sensitive wallet tokens to third party sites $50 shahmeer-amir itbit 2015-02-08T22:24:00.833Z 2015-03-28T20:04:45.130Z
48422 Team member invitations to sandboxed teams are not invalidated consistently (v2) $500 siddiki security 2015-02-20T23:58:42.957Z 2015-02-27T23:27:32.912Z
46429 Team member invitations to sandboxed teams are not invalidated consistently $500 mazengamal security 2015-02-04T07:46:58.687Z 2015-03-28T22:38:44.128Z
47472 CSP Bypass: Click handler for links with data-method="post" can cause authenticity_token to be sent off domain $2,000 danlec security 2015-02-11T20:03:01.597Z 2015-02-26T21:50:46.056Z
48682 Taking over a Business Account Admin $25 cliffordtrigo todoist 2015-02-23T06:49:02.108Z 2015-02-26T22:35:08.437Z
48690 Remotely removing credit cards from business accounts! $25 cliffordtrigo todoist 2015-02-23T07:02:16.342Z 2015-02-26T15:16:37.424Z
44294 Heartbleed: ( port 1433 $150 isox mailru 2015-01-19T13:54:12.505Z 2015-09-13T12:13:15.737Z
20720 File upload XSS using Content-Type header $150 isox mailru 2014-07-19T08:40:07.001Z 2015-09-13T12:10:54.947Z
47495 Same Origin Policy bypass $600 zoczus mailru 2015-02-12T00:35:46.540Z 2015-03-27T14:29:12.748Z
47627 Email Enumeration (POC) $50 kabeel romit 2015-02-13T11:07:15.303Z 2015-05-27T15:57:29.968Z
48100 Bad Write in TTF font parsing (win32k.sys) $5,000 dirtybit internet 2015-02-18T17:46:07.583Z 2015-03-01T08:29:00.467Z
47012 Adobe Flash Player Out-of-Bound Access Vulnerability $2,000 hhj4ck ibb-flash 2015-02-07T14:50:18.485Z 2015-03-25T19:39:25.200Z
47234 Use After Free in Flash MessageChannel.send can cause arbitrary code execution $7,500 biloulehibou ibb-flash 2015-02-09T18:50:52.771Z 2015-03-25T19:39:16.979Z
47232 Use after free during the StageVideoAvailabilityEvent can result in arbitrary code execution $10,000 biloulehibou ibb-flash 2015-02-09T18:44:09.226Z 2015-03-25T19:39:16.982Z
47227 Race condition in workers may cause an exploitable double free by abusing bytearray.compress() $10,000 biloulehibou ibb-flash 2015-02-09T18:36:18.158Z 2015-03-25T19:40:38.137Z
46618 Frictionless Transferring of Wallet Ownership $50 anshuman_bh romit 2015-02-05T06:03:36.983Z 2015-03-23T19:16:57.716Z
47888 Reporting user's profile by using another people's ID $140 hussein98d twitter 2015-02-16T16:05:58.583Z 2015-06-11T18:19:31.185Z
46397 Insecure Direct Object Reference vulnerability $500 anshuman_bh security 2015-02-04T02:08:22.357Z 2015-02-20T03:07:05.939Z
46485 Problem with OAuth $1,260 sandeep100928 twitter 2015-02-04T19:03:25.578Z 2015-11-14T16:50:09.783Z
46750 Team admin can change unauthorized team setting (allow_message_deletion) $100 satishb3 slack 2015-02-05T14:57:49.577Z 2015-05-30T17:17:13.155Z
46954 Red October $250 shahmeer-amir vimeo 2015-02-06T23:08:43.296Z 2015-03-13T01:28:15.402Z
41469 Error stack trace $100 4lemon romit 2014-12-20T22:58:47.669Z 2015-04-03T14:01:36.254Z
29234 Credit Card Validation Issue $100 whitj00 coinbase 2014-09-27T04:34:52.509Z 2015-03-12T19:01:21.440Z
42240 chrome allows POST requests with custom headers using flash + 307 redirect $1,000 netfuzzer ibb-flash 2014-12-31T20:18:20.632Z 2015-02-09T08:03:32.414Z
31408 Adobe Flash Player Out-of-Bound Read/Write Vulnerability $5,000 hhj4ck ibb-flash 2014-10-15T07:18:36.549Z 2015-03-11T04:19:46.285Z
30567 Adobe Flash Player MP4 Use-After-Free Vulnerability $2,000 hhj4ck ibb-flash 2014-10-08T02:03:48.260Z 2015-03-11T04:19:40.947Z
36279 Adobe Flash Player MP4 Use-After-Free Vulnerability $2,000 hhj4ck ibb-flash 2014-11-17T06:20:07.759Z 2015-03-11T04:19:11.042Z
46818 Twitter Card - Parent Window Redirection $560 batuhan twitter 2015-02-05T22:56:25.001Z 2015-05-04T22:54:25.679Z
43988 twitter android app Fragment Injection $420 miantaiduo twitter 2015-01-16T06:26:28.004Z 2015-04-11T23:57:14.017Z
44492 Flaw in login with twitter to steal Oauth tokens $140 wesecureapp twitter 2015-01-21T05:37:34.318Z 2015-02-18T18:39:53.370Z
44864 Unsecure data in "device" response - OTP $200 4lemon itbit 2015-01-23T13:47:55.296Z 2015-02-27T15:32:53.350Z
44888 Improper way of validating a program $500 aj-_- security 2015-01-23T17:15:40.717Z 2015-02-04T15:25:50.666Z
44555 Notification Emails: IP + Content-Spoofing $500 zoczus itbit 2015-01-21T16:27:17.316Z 2015-02-27T15:32:10.577Z
46072 Vulnerability with the way \ escaped characters in <> style links are rendered $5,000 danlec security 2015-02-01T23:52:18.498Z 2015-02-03T17:34:45.891Z
44909 weird bug ! ( missing validation on new email verfication ) $50 harshafriend4all itbit 2015-01-23T20:42:45.463Z 2015-02-14T17:35:21.209Z
43770 Ability to Download Music Tracks Without Paying (Missing permission check on`/musicstore/download`) $250 fin1te vimeo 2015-01-14T17:59:02.757Z 2015-03-01T23:09:50.388Z
45368 ftp upload of video allows naming that is not sanitized as the manual naming $100 testalways vimeo 2015-01-27T10:16:48.739Z 2015-01-29T16:36:13.045Z
45484 XSS on Vimeo $100 niyaax vimeo 2015-01-28T06:05:28.660Z 2015-01-29T00:16:26.664Z
44727 Insecure Data Storage in Vine Android App $140 avicoder twitter 2015-01-22T11:40:01.178Z 2015-06-24T05:07:26.161Z
44512 XSS on any site that includes the moogaloop flash player | deprecated embed code $1,000 batram vimeo 2015-01-21T12:44:31.205Z 2015-02-22T00:10:26.198Z
43065 - an app admin can delete team members from other user apps $1,120 satishb3 twitter 2015-01-09T04:26:42.758Z 2015-03-09T02:31:28.332Z
29263 Redirect while opening link in new tabs $250 niyaax square 2014-09-27T10:39:10.117Z 2015-02-19T21:51:26.624Z
29471 Privilege Escalation $250 aaj__ square 2014-09-30T12:19:57.384Z 2015-03-28T14:41:07.071Z
43998 CRITICAL full source code/config disclosure for Cameo $100 avlidienbrunn vimeo 2015-01-16T07:43:31.882Z 2015-05-11T08:07:15.130Z
43850 abusing Thumbnails( to see a private video $1,000 adrianbelen vimeo 2015-01-15T01:33:39.733Z 2015-04-03T07:33:14.053Z
43672 - Reflected XSS Vulnerability $100 dekeeu vimeo 2015-01-14T02:05:52.425Z 2015-03-09T16:00:00.050Z
43602 Buying ondemand videos that 0.1 and sometimes for free $260 harshafriend4all vimeo 2015-01-13T21:20:26.620Z 2015-02-13T15:49:58.750Z
42587 Insecure Direct Object References Reset Password $5,000 tfairane vimeo 2015-01-05T19:37:50.943Z 2015-02-26T00:13:38.080Z
42702 APIs for channels allow HTML entities that may cause XSS issue $100 artem vimeo 2015-01-06T18:33:35.843Z 2015-01-08T21:37:35.134Z
42584 - reflected xss vulnerability $100 dekeeu vimeo 2015-01-05T19:13:00.421Z 2015-03-09T03:02:57.144Z
42582 - Reflected XSS Vulnerability $100 dekeeu vimeo 2015-01-05T19:09:07.645Z 2015-04-08T01:31:52.229Z
43443 PyUnicode_FromFormatV crasher $1,000 guido ibb-python 2014-12-15T00:00:00.000Z 2014-12-15T00:00:00.000Z
43440 Arbitrary file existence disclosure in Action Pack $1,000 nahamsec rails 2014-11-04T00:00:00.000Z 2014-11-20T00:00:00.000Z
41856 HTML/XSS rendered in Android App of Crashlytics through $1,400 wesecureapp twitter 2014-12-25T09:40:56.422Z 2015-02-18T18:38:02.252Z
41240 POODLE Bug:,, $140 isox twitter 2014-12-19T14:51:03.373Z 2015-09-20T08:40:12.167Z
42236 URGENT - Subdomain Takeover on , the same issue of report #32825 $420 missoum1307 twitter 2014-12-31T18:59:44.713Z 2015-01-01T00:07:17.032Z
30015 CSRF on adding a calendar event $250 anshuman_bh square 2014-10-05T04:04:42.633Z 2015-02-04T19:01:25.829Z
30238 New Device confirmation tokens are not properly validated. $100 mohdhaji87 coinbase 2014-10-06T19:06:07.299Z 2015-05-25T18:36:59.890Z
39631 Open redirection in $280 avicoder twitter 2014-12-17T13:48:21.831Z 2014-12-18T18:17:22.364Z
38343 Issue with password change $500 dawidczagan security 2014-12-05T17:10:05.265Z 2015-05-28T04:44:05.518Z
39428 Phabricator Phame Blog Skins Local File Inclusion $500 nullsub phabricator 2014-12-15T15:52:43.735Z 2015-01-14T18:50:23.905Z
6017 Facebook Takeover using Slack using 302 from with access_token $500 fransrosen slack 2014-04-06T07:24:52.591Z 2015-01-11T15:25:45.229Z
38965 Phabricator Diffusion application allows unauthorized users to delete mirrors $300 nullsub phabricator 2014-12-10T15:33:37.117Z 2015-01-09T23:26:33.210Z
20391 _ô___Ç_Ç_µ_éã†___Á_µ__ j2me app-descriptor $100 isox mailru 2014-07-17T16:05:25.381Z 2015-09-13T12:08:11.984Z
11919 Stored XSS on $300 4lemon mailru 2014-05-13T11:05:15.908Z 2015-01-10T10:12:21.446Z
34686 __ãš_Ÿ_±___Á ã‹_Ÿ_éãëã‰ãó_ÁãÊ_Ÿ_Ÿ $500 sw3nlab mailru 2014-11-06T16:01:11.926Z 2015-11-02T21:32:07.156Z
38232 Breaking Bugs as team member $500 melvin security 2014-12-04T17:18:07.896Z 2014-12-09T19:03:12.619Z
38189 xss in /browse/contacts/ $100 harshafriend4all openfolio 2014-12-04T11:14:57.152Z 2015-01-14T18:46:53.790Z
38170 Misc Python bugs (Memory Corruption & Use After Free) $6,500 pakt_ ibb-python 2014-09-29T00:00:00.000Z 2014-10-04T00:00:00.000Z
1171 Security.allowDomain("*") in SWFs on allows data theft from Yahoo Mail (and others) $2,500 jordanmilne yahoo 2014-02-09T06:04:21.676Z 2015-08-14T20:07:44.150Z
36594 New Device Confirmation, token is valid until not used. $100 lovepakistan coinbase 2014-11-18T14:53:31.691Z 2015-05-24T21:14:41.227Z
38007 Subdomain Takeover using pointing to Hubspot $1,000 fransrosen greenhouse 2014-12-01T23:27:54.941Z 2015-02-26T13:51:15.430Z
37622 XSS in only) $10 masatokinugawa eobotcom 2014-11-27T13:32:39.807Z 2014-11-29T02:39:54.073Z
35363 [] XSS proxy.html $200 smiegles qiwi 2014-11-13T09:54:09.968Z 2014-12-27T12:37:20.525Z
35287 getting emails of users/removing them from victims account [using typical attack] $140 wesecureapp twitter 2014-11-12T13:04:55.177Z 2015-03-13T04:17:05.335Z
36986 [Stored XSS] - profile page $1,400 xorb twitter 2014-11-21T13:39:29.380Z 2015-03-26T22:34:57.111Z
36319 [] /oauth/confirm.action XSS $100 wesecureapp qiwi 2014-11-17T12:33:08.786Z 2014-12-20T15:45:06.970Z
26935 XSS via .eml file $1,337 reactors08 mailru 2014-09-04T13:15:19.995Z 2014-12-10T19:01:58.292Z
23852 _çã‰ãó_Á_______µ _Ë_____µ_Ç_µ___Ÿ_µ SMS $150 isox mailru 2014-08-12T12:54:15.183Z 2015-09-13T12:07:06.140Z
32570 OpenSSL HeartBleed (CVE-2014-0160) $200 c37hun mailru 2014-10-23T15:12:13.551Z 2014-12-10T19:29:15.198Z
8846 localStorage ___µ ãˆ_Ÿãã‰_Ÿã‰ãã _Ë__ã_é_µ __ã†ãƒ___Ç_Á $150 kamil_hism mailru 2014-04-21T21:13:28.618Z 2014-12-10T19:05:41.425Z
36450 [] Soap-based XXE vulnerability /soapserver/ $1,000 bitquark qiwi 2014-11-17T22:31:53.825Z 2014-12-18T15:05:45.315Z
33935 File Name Enumeration $500 nahamsec security 2014-11-04T20:21:36.697Z 2014-11-17T22:28:55.710Z
35413 [] XSS at auth?login= $200 psych0tr1a qiwi 2014-11-13T11:41:39.349Z 2014-12-17T17:21:53.212Z
20873 rsync hash collisions may allow an attacker to corrupt or modify files $3,000 mik internet 2014-07-20T22:42:52.832Z 2014-11-17T23:54:19.088Z
36264 mod_proxy_fcgi buffer overflow $500 talko ibb-apache 2014-09-17T00:00:00.000Z 2014-11-12T00:00:00.000Z
34084 Bad extended ascii handling in HTTP 301 redirects of $420 cqoicebordel twitter 2014-11-05T23:38:17.735Z 2015-08-09T16:10:51.215Z
30011 square google calendar integration CSRF, parameter not checking properly) $500 adrianbelen square 2014-10-05T03:13:32.524Z 2014-12-18T23:30:13.103Z
501 TLS Virtual Host Confusion $7,500 adl internet 2013-12-04T14:17:56.532Z 2014-11-10T17:57:51.107Z
35102 Locale::parseLocale Double Free $2,500 johnleitch ibb-php 2014-05-28T00:00:00.000Z 2014-06-27T00:00:00.000Z
33083 Backup of wordpress configuration file found. Leaking database users/passwords $300 internetwache invision 2014-10-28T20:57:52.265Z 2014-12-06T15:21:12.344Z
34112 SMPT Protection not used, I can hijack your email server. $150 ashesh blockio 2014-11-06T05:35:08.435Z 2015-08-13T13:36:19.065Z
30004 CSRF on adding clients $500 anshuman_bh square 2014-10-05T01:11:08.863Z 2015-02-04T19:17:48.467Z
32825 URGENT - Subdomain Takeover on due to unclaimed domain pointing to AWS $1,680 fransrosen twitter 2014-10-25T23:46:23.949Z 2014-11-03T23:37:26.039Z
33091 DOM Cross-Site Scripting ( XSS ) $1,400 avram twitter 2014-10-28T21:35:03.228Z 2014-12-03T23:28:19.558Z
29420 Horizontal Privilege Escalation $350 esamhacks wepay 2014-09-29T19:08:21.614Z 2015-06-19T13:44:14.947Z
31168 Cryptographic Side Channel in OAuth Library $50 voodookobra wp-api 2014-10-12T18:27:30.330Z 2014-10-29T19:57:02.804Z
30852 Relateiq SSLv3 deprecated protocol vulnerability. $250 hasanemrebeyy relateiq 2014-10-09T15:00:29.703Z 2014-12-24T18:18:08.583Z
32519 XSS in $280 aj-_- twitter 2014-10-22T20:05:46.941Z 2014-12-23T15:56:03.855Z
27468 Reflected XSS in widget script thru cookie $400 4lemon square 2014-09-08T19:19:59.447Z 2014-12-21T10:01:57.717Z
28832 XSS via message id $500 reactors08 mailru 2014-09-21T06:53:28.949Z 2014-12-10T18:50:41.837Z
31082 Unauthorized Tweeting on behalf of Account Owners $420 anshuman_bh twitter 2014-10-12T05:10:55.486Z 2015-05-07T15:11:16.932Z
30975 Improper Verification of email address while saving Account Settings $560 anshuman_bh twitter 2014-10-10T17:56:31.045Z 2015-08-13T13:36:18.927Z
31554 Singup Page HTML Injection Vulnerability $140 ashwarya_me twitter 2014-10-15T16:33:09.460Z 2015-03-22T14:19:25.069Z
29288 Usage of HTTP for exporting graph data as images $250 webpentest sucuri 2014-09-27T17:23:43.855Z 2014-11-17T14:30:52.724Z
31415 PoodleBleed $500 mtk relateiq 2014-10-15T07:33:57.601Z 2015-08-13T13:36:18.968Z
27357 Editing Client Details of other People $750 cliffordtrigo square 2014-09-07T16:16:25.580Z 2014-11-17T14:30:50.783Z
31383 Ability to see common response titles of other teams (limited) $1,000 prakharprasad security 2014-10-14T23:37:10.258Z 2014-10-15T14:14:10.542Z
26866 Critical : Account removing using CSRF attack $350 yassineaboukir wepay 2014-09-03T21:54:15.808Z 2015-08-13T13:36:18.460Z
26527 XSS in Client Past Activity $500 cliffordtrigo square 2014-08-30T23:26:00.227Z 2014-11-17T14:30:49.126Z
29491 homograph attack. IDNs displayed in unicode in bug reports and on external link warning page $500 mrrm security 2014-09-30T18:51:48.699Z 2014-10-09T17:08:05.146Z
12497 Adobe Flash Player FileReference Use-after-Free Vulnerability $7,500 hhj4ck ibb-flash 2014-05-19T04:49:05.660Z 2014-10-07T23:00:14.297Z
27651 Flash Local Sandbox Bypass $1,000 kinine ibb-flash 2014-09-09T20:51:19.206Z 2014-10-07T22:55:38.832Z
28500 iOS App can establish Facetime calls without user's permission $420 gepeto42 twitter 2014-09-18T18:35:13.304Z 2015-04-27T13:03:04.167Z
29360 XSS | video-js metadata $1,120 batram twitter 2014-09-29T09:49:48.027Z 2014-11-17T14:30:53.543Z
29328 XSS $1,120 batram twitter 2014-09-28T18:18:12.595Z 2014-11-17T14:30:52.825Z
27704 malicious file upload $2,000 adrianbelen square 2014-09-10T09:43:02.021Z 2014-11-17T14:30:51.689Z
29839 GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability $20,000 stephane-chazelas internet 2014-09-24T00:00:00.000Z 2014-10-01T00:00:00.000Z
29480 Unvalidated Channel names causes IRC Command Injection $300 mantis irccloud 2014-09-30T14:12:25.005Z 2014-10-01T13:47:16.521Z
29331 No email verification on username change $500 shahmeer-amir security 2014-09-28T18:50:16.476Z 2014-11-17T14:30:53.164Z
28865 Redirect FILTER bypass in report/comment $500 pranav_hivarekar security 2014-09-21T12:11:18.120Z 2014-10-19T09:00:10.712Z
18501 Session Fixation $500 anshuman_bh wepay 2014-06-30T02:14:17.065Z 2014-10-23T17:55:10.766Z
14552 Session fixation in $100 shahmeer-amir wepay 2014-06-03T00:01:38.170Z 2014-10-10T22:23:07.379Z
28150 Cross site scripting on $1,400 anand786 twitter 2014-09-15T16:03:30.235Z 2014-10-16T09:51:19.275Z
27987 Window Opener Property Bug $500 prakharprasad security 2014-09-13T17:14:26.342Z 2014-10-28T23:18:36.550Z
27704 malicious file upload $2,000 adrianbelen square 2014-09-10T09:43:02.021Z 2014-11-17T14:30:51.689Z
28450 Active Record SQL Injection Vulnerability Affecting PostgreSQL $1,500 seantheprogrammer rails 2014-07-02T00:00:00.000Z 2014-07-02T00:00:00.000Z
28449 Active Record SQL Injection Vulnerability Affecting PostgreSQL $1,500 seantheprogrammer rails 2014-07-02T00:00:00.000Z 2014-07-02T00:00:00.000Z
28445 SPL ArrayObject/SPLObjectStorage Unserialization Type Confusion Vulnerabilities $2,500 sesser ibb-php 2014-06-20T00:00:00.000Z 2014-07-04T00:00:00.000Z
15412 Leaking CSRF token over HTTP resulting in CSRF protection bypass $1,000 anshuman_bh coinbase 2014-06-07T04:44:03.487Z 2014-10-16T01:53:12.884Z
27404 Delete Credit Cards from any Twitter Account in [New Vulnerability] $2,800 secgeek twitter 2014-09-08T01:41:13.306Z 2014-09-30T21:44:48.384Z
27166 Missing Rate Limiting on $140 surgent10cross twitter 2014-09-06T09:44:22.590Z 2014-11-10T20:10:50.766Z
27511 xss $1,400 arbitrarycode twitter 2014-09-09T02:32:00.993Z 2014-11-17T14:30:51.415Z
27846 Stored xss $1,400 letshunt twitter 2014-09-11T22:17:13.781Z 2014-09-27T08:25:07.849Z
27389 Reflected XSS in $1,000 avlidienbrunn square 2014-09-07T19:50:14.183Z 2014-10-11T06:34:39.866Z
26700 CRITICAL Account takeover via AngularJS template injection in $2,000 avlidienbrunn square 2014-09-02T08:23:56.681Z 2014-11-17T14:30:49.706Z
5314 Coinbase Android Application - Bitcoin Wallet Leaks OAuth Response Code $1,000 prakharprasad coinbase 2014-03-31T06:12:33.653Z 2014-11-26T21:54:19.265Z
26825 Full path disclosure at $140 internetwache twitter 2014-09-03T18:06:44.011Z 2014-11-17T14:30:50.498Z
25332 XSS [BookFresh] $500 cliffordtrigo square 2014-08-20T03:35:18.735Z 2014-11-17T14:30:48.353Z
25334 Open Redirect [FreshBook] $250 cliffordtrigo square 2014-08-20T03:46:21.785Z 2014-10-04T07:15:55.159Z
14631 Clickjacking at main website $50 vineet mavenlink 2014-06-03T02:46:01.085Z 2014-09-19T15:34:56.815Z
17506 Default /docs folder of PHPBB3 installation on $50 michelgaschet yahoo 2014-06-25T09:14:06.612Z 2014-08-08T13:36:01.934Z
25281 Change Any username and profile link in hackerone $100 anand_m security 2014-08-19T18:28:47.434Z 2014-09-25T22:33:35.433Z
23098 Blind SQL injection in $1,500 avlidienbrunn square 2014-08-08T11:46:11.453Z 2014-10-02T12:14:01.104Z
16414 Yahoo Sports Fantasy Golf (Join Public Group) $200 mchooo yahoo 2014-06-14T09:34:15.723Z 2014-08-20T17:48:47.928Z
15762 SQL Injection on $150 bigbear mailru 2014-06-09T16:55:19.164Z 2014-09-16T05:08:14.311Z
18507 CSRF on email address operations. Also performing unintended operations. $150 anshuman_bh wepay 2014-06-30T04:09:11.578Z 2014-08-19T18:32:10.984Z
25160 Open redirection on $400 anand786 phabricator 2014-08-18T17:30:01.292Z 2014-09-17T21:28:51.834Z
21110 Clickjacking $50 cliffordtrigo mavenlink 2014-07-22T22:05:46.019Z 2014-08-21T17:13:49.708Z
12708 Testing for user enumeration (OWASPäóATäó002) - $100 cmaruti yahoo 2014-05-21T12:43:07.136Z 2014-08-20T17:47:38.886Z
23386 Redirect while opening links in new tabs $500 thetime security 2014-08-09T23:53:26.688Z 2014-09-12T22:26:42.694Z
16935 SMS spam with custom content $400 isox mailru 2014-06-19T11:29:48.024Z 2015-09-13T12:05:09.763Z
10468 SQL inj $150 vah13 mailru 2014-04-30T19:48:23.279Z 2014-09-12T13:12:19.006Z
12583 XXE and SSRF on $700 4lemon mailru 2014-05-20T01:13:14.623Z 2014-12-10T19:09:45.137Z
23363 Forgot Password Issue $300 xtross1 phabricator 2014-08-09T20:02:01.015Z 2014-09-10T19:16:02.866Z
11414 Infrastructure and Application Admin Interfaces (OWASPäóCMäó007) $250 cmaruti yahoo 2014-05-08T15:29:48.890Z 2014-08-20T17:44:21.750Z
18698 Resubmitted with POC #18685 Password reset CSRF $190 shahmeer-amir relateiq 2014-07-01T18:06:26.190Z 2014-09-16T17:46:11.996Z
17160 Password Policy issue (Weak Protect) $100 simon90 slack 2014-06-22T07:25:16.687Z 2014-09-04T09:23:07.150Z
20049 Cross-site Scripting in mailing (username) $100 melvin relateiq 2014-07-14T17:01:53.000Z 2014-12-27T13:43:20.853Z
21210 privilege escalation $50 niks mavenlink 2014-07-23T13:15:52.763Z 2014-08-05T16:33:52.257Z
17474 Broken Authentication and Session Management $300 anand786 phabricator 2014-06-24T16:46:28.892Z 2014-08-05T05:37:48.223Z
22093 Content Spoofing all Integrations in $200 asdjsonyou slack 2014-08-01T15:11:46.208Z 2014-09-03T18:12:16.123Z
16330 Multiple issues in looking-glass software (aka from web to BGP injections) $5,000 kaeso internet 2014-06-13T14:30:13.410Z 2014-09-17T19:43:06.035Z
6700 CSRF Token missing on $400 surgent10cross yahoo 2014-04-09T12:04:15.046Z 2014-08-20T17:52:07.098Z
20616 File upload "Chapito" circus $1,000 isox mailru 2014-07-18T17:21:36.410Z 2015-09-13T12:03:27.818Z
21069 Login CSRF $100 mikkz mavenlink 2014-07-22T18:30:55.925Z 2014-07-31T23:38:35.502Z
17688 LZ4 Core $6,000 donb internet 2014-06-26T20:11:22.416Z 2014-07-25T19:18:39.479Z
18279 Yahoo! Reflected XSS $250 the_pr0ph3t yahoo 2014-06-28T22:34:05.748Z 2014-08-06T21:17:18.618Z
21150 Flash XSS on swfupload.swf showing at $200 panchocosil mavenlink 2014-07-23T03:17:46.034Z 2014-07-24T17:48:10.462Z
16568 Failed Certificate Validation On Custom Server (Register) $200 pum relateiq 2014-06-15T15:54:42.012Z 2014-08-25T15:18:13.940Z
8284 information disclosure (LOAD BALANCER + URI XSS) $300 nnwakelam yahoo 2014-04-21T06:57:19.764Z 2014-08-06T01:50:46.000Z
8281 - XSS (STORED) $500 nnwakelam yahoo 2014-04-21T06:10:28.199Z 2014-08-06T01:50:33.531Z
7779 Local File Include on $2,500 redshark1802 yahoo 2014-04-16T16:59:52.320Z 2014-05-16T17:58:40.753Z
21248 Content spoofing at Stripe Integrations $100 asdjsonyou slack 2014-07-23T20:06:01.081Z 2014-08-25T21:50:02.362Z
21034 Invoice Details activate JS that filled in $1,000 sasi2103 coinbase 2014-07-22T12:11:50.502Z 2015-03-30T00:30:49.375Z
15166 Password reset token not expiring $100 siddiki mavenlink 2014-06-05T01:44:26.837Z 2014-07-10T18:23:38.608Z
15852 Non Validation of session after password reset $50 shahmeer-amir mavenlink 2014-06-10T15:30:58.282Z 2014-07-22T19:17:17.021Z
14570 Login password guessing attack $50 shahmeer-amir mavenlink 2014-06-03T00:18:07.228Z 2014-07-22T19:19:06.493Z
20861 moderate: mod_deflate denial of service $500 gianko ibb-apache 2014-02-19T00:00:00.000Z 2014-07-14T00:00:00.000Z
20671 integer overflow in 'buffer' type allows reading memory $1,500 removed ibb-python 2014-06-23T09:15:00.000Z 2014-06-24T03:01:40.000Z
10373 Bypassing Same Origin Policy With JSONP APIs and Flash $3,000 molnarg internet 2014-04-29T23:54:14.670Z 2014-07-19T17:32:22.258Z
7608 - CSRF/email disclosure $400 nnwakelam yahoo 2014-04-14T18:54:16.481Z 2014-08-06T01:50:28.511Z
6665 Comment Spoofing at $500 surgent10cross yahoo 2014-04-09T06:05:19.870Z 2014-08-20T17:52:18.961Z
1203 XSS in my yahoo $800 mildata yahoo 2014-02-10T11:08:03.986Z 2015-08-14T20:09:00.793Z
10081 SQL $150 vah13 mailru 2014-04-28T03:47:13.161Z 2014-08-16T07:22:06.669Z
14033 SSRF $300 isox mailru 2014-05-29T19:02:07.188Z 2015-09-13T12:02:27.399Z
9919 SQL injection [_Çã†ãó___Á __ _Ç___Ÿ_____µ ã‹__ãóã€___Á] $200 psych0tr1a mailru 2014-04-26T20:07:59.131Z 2014-11-16T18:46:32.947Z
9921 Time based sql injection $200 psych0tr1a mailru 2014-04-26T20:09:51.754Z 2014-12-10T18:51:39.356Z
5442 XSS in Yahoo! Web Analytics $100 cliffordtrigo yahoo 2014-04-01T07:06:10.158Z 2014-08-06T21:14:36.959Z
6702 CSRF Token is missing on DELETE message option on $200 surgent10cross yahoo 2014-04-09T12:19:36.968Z 2014-08-20T17:52:28.808Z
12685 Authorization issue on $50 cmaruti yahoo 2014-05-21T07:31:39.805Z 2014-08-06T21:19:48.676Z
17785 Denial of Service $100 pranav_hivarekar security 2014-06-27T16:23:28.815Z 2015-04-28T05:46:40.563Z
2598 configuration file disclosure $100 nnwakelam yahoo 2014-03-01T18:35:18.829Z 2014-08-06T01:50:23.780Z
8082 Password Reset Bug $100 christypriory security 2014-04-18T22:41:09.474Z 2014-09-25T22:34:35.437Z
13482 sources disclosure $1,000 isox mailru 2014-05-26T13:17:53.073Z 2015-09-13T10:29:27.802Z
13959 privilege escalation $250 niks automattic 2014-05-29T09:09:04.533Z 2014-08-10T06:00:52.864Z
18851 .NET Type Traversal Vulnerability $5,000 tyranid sandbox 2014-02-11T00:00:00.000Z 2014-02-11T00:00:00.000Z
18850 OSX ATS memory corruption may lead to App Sandbox bypass Bounty Info Not sure No Reporter Information FOund sandbox 2014-02-26T00:00:00.000Z 2014-02-26T00:00:00.000Z
18849 OSX ATS arbitrary free issue may lead to App Sandbox bypass Bounty Info Not sure No Reporter Information FOund sandbox 2014-02-26T00:00:00.000Z 2014-02-26T00:00:00.000Z
18721 Multiple Full Path Disclosure (FPD) Vulnerability on domain $25 rodgodalle dccompendium 2014-07-01T23:54:32.255Z 2014-08-02T01:44:35.749Z
17903 Error page Cross-site scripting $25 smiegles dccompendium 2014-06-28T16:33:49.737Z 2014-07-30T09:26:57.032Z
18295 source code disclosure $25 adrianbelen dccompendium 2014-06-29T02:10:17.017Z 2014-08-27T03:11:55.743Z
17909 XSS on Home page $25 xtross1 dccompendium 2014-06-28T16:37:32.090Z 2014-07-02T18:07:07.370Z
17896 Clickjacking: X-Frame-Options header missing $25 huzaifa_jawaid dccompendium 2014-06-28T16:27:55.588Z 2014-08-01T13:00:45.390Z
7264 Bypass of the Clickjacking protection on Flickr using data URL in iframes $250 joserabal yahoo 2014-04-11T21:55:10.481Z 2014-06-06T18:18:46.548Z
18691 XSS in editor by any user $1,000 tunnelshade phabricator 2014-07-01T16:57:02.513Z 2014-08-13T12:59:52.123Z
18389 Backend source code disclosure on 404 pages $50 shahmeer-amir dccompendium 2014-06-29T10:32:16.808Z 2014-08-01T14:50:31.012Z
6322 Header injection on $1,000 redshark1802 yahoo 2014-04-07T20:15:01.479Z 2014-07-31T15:54:24.273Z
6268 Cross-origin issue on $250 redshark1802 yahoo 2014-04-07T19:47:34.038Z 2014-07-31T15:54:41.481Z
6195 reflected XSS,, 4/8/14, #SpringClean $300 nnwakelam yahoo 2014-04-07T15:45:59.539Z 2014-08-06T01:52:43.763Z
6194 Significant Information Disclosure/Load balancer access,, 4/8/14, #SpringClean $500 nnwakelam yahoo 2014-04-07T15:43:38.151Z 2014-08-06T01:49:48.423Z
14699 Open Redirect $300 cliffordtrigo wepay 2014-06-03T05:35:01.692Z 2014-07-08T09:25:08.872Z
17540 Reflected XSS in Pastebin-view $500 pseudochu irccloud 2014-06-26T01:59:19.878Z 2014-06-28T13:48:03.078Z
17383 Category- Broken Authentication and Session Management (leads to account compromise if some conditions are met) $100 anand786 security 2014-06-23T19:33:37.309Z 2014-07-26T07:34:59.979Z
10563 CSRF on "Set as primary" option on the accounts page $100 anshuman_bh coinbase 2014-05-02T01:24:48.948Z 2014-07-26T00:27:57.634Z
3370 Directory traversal attack in view resolver $1,500 lautis rails 2014-03-06T11:13:20.634Z 2015-07-09T19:15:27.083Z
13748 Potential denial of service in $100 idps security 2014-05-28T06:10:49.800Z 2014-06-20T22:39:34.537Z
13388 Linux PI futex self-requeue bug $10,000 comex sandbox 2014-05-26T05:00:49.707Z 2014-06-19T19:51:27.419Z
15362 Flash Sandbox Bypass $3,000 kinine ibb-flash 2014-06-06T18:39:15.242Z 2014-06-19T18:07:45.941Z
16718 Open Redirect login account $100 asdjsonyou slack 2014-06-17T08:19:28.976Z 2014-08-25T21:58:02.476Z
16571 SSRF (Portscan) via Register Function (Custom Server) $250 pum relateiq 2014-06-15T16:19:41.558Z 2014-07-26T10:44:31.133Z
16392 Abusing daemon logs for Privilege escalation under certain scenarios $300 tunnelshade phabricator 2014-06-14T03:09:35.523Z 2014-06-18T13:44:53.500Z
16315 Abusing VCS control on phabricator $600 tunnelshade phabricator 2014-06-13T12:49:59.335Z 2014-06-13T15:04:00.726Z
4461 Server Side Request Forgery $500 santese yahoo 2014-03-20T17:00:20.714Z 2014-06-05T15:09:17.537Z
2628 CSRF vulnerability on $100 anand786 slack 2014-03-01T22:30:04.475Z 2014-07-26T20:43:19.231Z
12588 XSS in a file or folder name $500 reactors08 mailru 2014-05-20T05:26:35.769Z 2014-07-09T09:24:50.764Z
11410 XSS in (Limited use) $400 4lemon mailru 2014-05-08T14:24:00.038Z 2014-12-10T19:07:13.133Z
15785 Session not invalidated after password reset $100 guido security 2014-06-10T00:12:06.324Z 2014-06-10T01:45:10.430Z
454 PNG compression DoS $500 dutchgraa security 2013-11-23T21:21:28.099Z 2015-05-28T04:45:07.299Z
7813 readble .htaccess + Source Code Disclosure (+ .SVN repository) $250 nahamsec yahoo 2014-04-17T06:35:22.709Z 2014-08-20T17:54:30.624Z
14127 SSRF on $300 4lemon slack 2014-05-30T12:42:48.729Z 2014-12-21T10:03:57.732Z
2168 XSS on Every page $1,500 kenb yahoo 2014-02-21T19:16:17.052Z 2014-08-20T17:53:20.974Z
1533 Flickr: Invitations disclosure (resend feature) $750 d4d1a179c0f3 yahoo 2014-02-16T01:00:13.662Z 2014-04-05T19:27:10.372Z
1483 HTML Injection on flickr screename using IOS App $800 panchocosil yahoo 2014-02-15T03:12:24.991Z 2015-10-27T20:27:41.988Z
13195 XSS in login form $500 isox mailru 2014-05-24T14:41:33.459Z 2015-09-13T12:00:50.027Z
11927 Stored XSS on $150 4lemon mailru 2014-05-13T12:23:15.140Z 2014-12-10T19:09:03.423Z
13286 Host Header Injection - $100 ethicalhacker irccloud 2014-05-25T10:41:44.901Z 2014-07-08T10:00:33.687Z
7266 XSS in $500 quistertow yahoo 2014-04-11T22:07:07.361Z 2014-08-20T17:47:02.582Z
11861 SQL injection $250 vah13 mailru 2014-05-12T18:30:36.120Z 2014-05-30T11:39:42.303Z
9479 Anti-MIME-Sniffing header X-Content-Type-Options header has not been set. $100 uname security 2014-04-24T04:17:10.001Z 2015-04-28T05:06:57.061Z
5946 Marking notifications as read CSRF bug $100 redkan security 2014-04-05T12:35:00.350Z 2015-04-28T15:37:35.678Z
10554 Bypassing 2FA for BTC transfers $1,000 michiel coinbase 2014-05-01T19:58:58.192Z 2014-09-25T06:48:37.171Z
1538 SQLi on $3,705 esevece yahoo 2014-02-16T02:12:34.048Z 2014-04-05T17:37:25.241Z
6704 Open Proxy,, 4/09/14, #SpringClean $2,000 internetwache yahoo 2014-04-09T12:27:35.581Z 2014-08-20T17:53:33.824Z
10037 SQL inj $150 vah13 mailru 2014-04-27T19:12:28.460Z 2014-05-30T11:40:23.153Z
8724 Clickjacking $150 help4u mailru 2014-04-21T17:07:18.310Z 2014-06-06T09:53:17.145Z
9318 Home page reflected XSS $250 bitquark mailru 2014-04-23T10:58:46.134Z 2014-06-06T11:43:17.708Z
10829 CSRF in function "Set as primary" on accounts page $100 0ctac0der coinbase 2014-05-03T19:46:07.517Z 2014-06-06T04:56:45.797Z
6182 captcha missing $200 niks invision 2014-04-07T14:25:24.072Z 2014-07-16T09:07:14.747Z
6674 REMOTE CODE EXECUTION/LOCAL FILE INCLUSION/XSPA/SSRF, view-source:http://sb*, 4/6/14, #SpringClean $3,000 nnwakelam yahoo 2014-04-09T07:51:17.063Z 2014-08-06T01:52:37.528Z
4836 From Unrestricted File Upload to Remote Command Execution $800 santese yahoo 2014-03-26T10:36:57.922Z 2014-04-07T16:42:53.804Z
6353 Wildcard DNS in website $100 shahmeer-amir relateiq 2014-04-07T21:43:19.990Z 2014-06-01T00:31:47.303Z
10297 Stored XSS in (integrations) $500 mchooo slack 2014-04-29T15:12:00.326Z 2014-05-29T19:55:54.201Z
9774 Stored XSS Found $500 karshxz7593 slack 2014-04-25T16:26:45.261Z 2014-06-01T06:26:54.111Z
7531 Login CSRF can be bypassed (Similar approach to previous one). $100 uname irccloud 2014-04-14T13:24:23.085Z 2014-05-20T12:03:13.727Z
5933 Multiple Issues related to registering applications $1,000 anshuman_bh coinbase 2014-04-05T09:03:16.501Z 2014-05-29T01:07:30.884Z
7369 2 factor authentication design flaw $100 ryancollins coinbase 2014-04-12T17:47:25.145Z 2014-06-06T04:09:56.472Z
7357 Host Header is not validated resulting in Open Redirect $100 anshuman_bh irccloud 2014-04-12T16:54:31.765Z 2014-04-24T09:52:31.637Z
7931 Issue with remember_user_token $150 dawidczagan security 2014-04-17T21:30:55.231Z 2015-05-28T04:48:47.701Z
6883 Bruteforcing irccloud login $100 cliffordtrigo irccloud 2014-04-10T21:41:29.872Z 2014-05-26T08:35:47.565Z
4256 XSS Vulnerability ( $250 mchooo yahoo 2014-03-18T00:04:31.275Z 2014-05-07T21:51:27.195Z
9391 Xss in CampTix Event Ticketing $25 atulshedage iandunn-projects 2014-04-23T17:39:15.556Z 2014-04-24T17:50:51.204Z
9375 Stored XSS in all fields in Basic Google Maps Placemarks Settings $25 cliffordtrigo iandunn-projects 2014-04-23T16:29:12.971Z 2014-04-23T23:41:22.633Z
5928 Uncontrolled Resource Consumption with XMPP-Layer Compression $500 gianko internet 2014-04-05T07:14:39.739Z 2014-04-20T21:15:34.837Z
7803 Security bypass could lead to information disclosure $2,000 masatokinugawa ibb-flash 2014-04-08T00:00:00.000Z 2014-04-08T00:00:00.000Z
2140 Flash local-with-fileaccess Sandbox Bypass $2,000 kinine ibb-flash 2014-02-21T01:47:59.228Z 2014-04-17T00:41:53.991Z
6877 Unsecure cookies, cookie flag secure not set $100 cliffordtrigo irccloud 2014-04-10T21:34:38.332Z 2014-05-15T16:16:10.381Z
7041 iOS application does not destroy session upon logout. $100 uname irccloud 2014-04-11T05:34:06.299Z 2014-05-22T22:46:40.787Z
7036 Bug in iOS application which could lead to unauthorised access. $100 uname irccloud 2014-04-11T04:48:36.732Z 2014-05-15T14:16:41.277Z
6935 Missing X-Content-Type-Options $100 shipcode irccloud 2014-04-11T00:10:01.272Z 2014-05-15T10:51:54.878Z
6350 creating titleless and non-closable bugs $150 leander security 2014-04-07T21:37:17.452Z 2014-04-17T05:36:56.573Z
2421 Value of JSESSIONID and XSRF token parameter in cookie remains same before and after login $100 shahmeer-amir relateiq 2014-02-28T13:01:01.487Z 2014-05-14T21:58:04.296Z
6907 Session Token is not Verified while changing Account Setting's which Result In account Takeover $500 exploitprotocol irccloud 2014-04-10T22:58:58.649Z 2014-04-23T11:16:00.693Z
6872 Sign up CSRF $100 cliffordtrigo irccloud 2014-04-10T21:24:11.161Z 2014-05-14T13:01:59.583Z
6871 Login CSRF $100 cliffordtrigo irccloud 2014-04-10T21:22:34.406Z 2014-04-21T16:02:37.838Z
7121 Persistent Cross Site Scripting within the IRCCloud Pastebin $500 mantis irccloud 2014-04-11T11:31:46.703Z 2014-10-01T13:47:10.420Z
6626 TLS heartbeat read overrun Bounty Info Not sure No Reporter Information FOund ibb-openssl 2014-04-05T23:51:06.000Z 2014-04-07T16:53:31.000Z
6389 Integer overflow in strop.expandtabs $1,500 ianbeer ibb-python 2014-03-31T00:09:44.000Z 2014-03-31T00:09:44.000Z
6380 Same Origin Security Bypass Vulnerability $2,000 masatokinugawa ibb-flash 2014-03-11T00:00:00.000Z 2014-03-11T00:00:00.000Z
6002 Stored XSS in $300 aj-_- slack 2014-04-06T02:40:01.137Z 2015-03-09T18:52:47.846Z
6002 Stored XSS in $300 aj-_- slack 2014-04-06T02:40:01.137Z 2015-03-09T18:52:47.846Z
5786 Coinbase Android Security Vulnerabilities $100 bryanstern coinbase 2014-03-11T20:05:00.000Z 2014-05-07T21:58:00.252Z
4561 Stored XSS in Slackbot Direct Messages $500 prakharprasad slack 2014-03-22T10:54:27.583Z 2014-05-04T18:38:21.252Z
3039 SQL Injection ON HK.Promotion $1,000 nahamsec yahoo 2014-03-04T04:40:45.194Z 2014-03-17T16:34:36.700Z
4409 TRACE disclosure attack may be possible $100 cliffordtrigo relateiq 2014-03-19T23:20:32.245Z 2014-07-25T20:58:25.806Z
2127 HK.Yahoo.Net Remote Command Execution $1,276 nahamsec yahoo 2014-02-20T17:40:29.222Z 2014-03-17T16:31:13.256Z
4690 SPDY heap buffer overflow $3,000 lmolas ibb-nginx 2014-03-24T21:54:37.486Z 2014-03-24T21:54:37.486Z
4689 SPDY memory corruption $3,000 lmolas ibb-nginx 2014-03-24T21:54:07.136Z 2014-03-24T21:54:07.136Z
4638 Duplicate of #4550 $500 prakharprasad slack 2014-03-23T19:51:54.159Z 2014-05-21T15:08:07.830Z
3441 Captcha Bypass With Extension $100 robin relateiq 2014-03-07T09:10:27.296Z 2014-04-20T22:34:17.821Z
2427 XSRF token problem $100 shahmeer-amir relateiq 2014-02-28T13:56:52.823Z 2014-04-20T22:09:02.690Z
3986 Securing sensitive pages from SearchBots $100 siddiki security 2014-03-14T10:03:32.070Z 2014-04-20T15:13:00.462Z
4114 Persistent XSS: Editor link $300 tomvg phabricator 2014-03-16T11:30:47.494Z 2014-04-16T20:02:21.407Z
3930 OAuth Stealing Attack (New) $400 goldshlager phabricator 2014-03-13T14:08:40.477Z 2014-04-13T12:37:27.935Z
3921 Control character allowed in username $300 dawidczagan phabricator 2014-03-13T12:32:49.566Z 2014-04-12T19:55:37.054Z
2575 Slack OAuth2 "redirect_uri" Bypass $100 prakharprasad slack 2014-03-01T15:12:55.080Z 2014-05-29T22:15:44.983Z
2559 Broken Authentication (including Slack OAuth bugs) $100 anand786 slack 2014-03-01T11:56:40.224Z 2014-08-30T07:19:16.157Z
3596 OAuth access_token stealing in Phabricator $450 goldshlager phabricator 2014-03-10T12:03:49.078Z 2014-04-11T14:23:15.622Z
3227 Control Characters Not Stripped From Username on Signup $100 fin1te security 2014-03-04T21:46:39.784Z 2014-03-11T20:33:27.097Z
1675 Local file inclusion $1,390 alexandru yahoo 2014-02-17T19:27:35.477Z 2014-03-27T17:33:19.223Z
3455 flash content type sniff vulnerability in $500 netfuzzer slack 2014-03-07T14:17:25.238Z 2014-04-08T23:56:03.546Z
2439 Cross Site Scripting (XSS) - $100 quistertow relateiq 2014-02-28T17:16:44.292Z 2014-08-07T16:09:28.649Z
2735 HTML injection in "Invite Collaborators" $100 melvin relateiq 2014-03-02T19:23:13.655Z 2014-04-06T19:10:37.234Z
3356 UnAuthorized Editorial Publishing to Blogs $300 mlitchfield phabricator 2014-03-06T08:41:22.840Z 2014-04-05T22:08:45.681Z
2777 Reflected Xss $500 niks slack 2014-03-03T09:18:31.827Z 2014-05-19T08:28:09.846Z
2622 URL redirection flaw $200 anand786 slack 2014-03-01T22:03:05.186Z 2014-08-30T07:20:16.157Z
2617 Stored XSS in $200 prakharprasad slack 2014-03-01T21:29:41.229Z 2014-05-23T22:59:09.590Z
2625 Stored XSS in $500 prakharprasad slack 2014-03-01T22:11:51.624Z 2014-08-07T18:20:45.404Z
2652 Stored XSS in Channel Chat $500 prakharprasad slack 2014-03-02T00:34:11.203Z 2014-05-21T15:03:41.674Z
2584 Weird Bug - Ability to see partial of other user's notification $500 wcypierre security 2014-03-01T16:55:36.988Z 2014-04-19T20:59:45.280Z
2497 Reflective XSS can be triggered in IE $150 shahmeer-amir slack 2014-02-28T23:48:51.975Z 2015-03-15T03:32:00.231Z
2221 CSS leaks SCSS debug info $100 guido security 2014-02-23T13:23:11.998Z 2014-02-28T16:46:22.053Z
940 Store XSS Flicker main page $1,960 panchocosil yahoo 2014-02-03T20:51:52.286Z 2015-08-14T19:07:22.801Z
914 XSS Yahoo Messenger Via Calendar.Yahoo.Com $677.50 nahamsec yahoo 2014-02-03T16:52:20.123Z 2014-03-23T18:23:33.017Z
2170 Flash double free vulnerability leads to code execution $10,000 clem1 ibb-flash 2014-02-21T20:37:47.654Z 2014-02-27T21:44:27.694Z
2245 Win32k Window Handle Vulnerability (EoP) $5,000 datuzi sandbox 2014-01-14T00:00:00.000Z 2014-01-14T00:00:00.000Z
2228 Login CSRF using Twitter OAuth $300 mathias phabricator 2014-02-23T17:25:25.462Z 2014-03-26T01:09:32.610Z
2233 Bypass (2) $500 tomvg phabricator 2014-02-23T18:44:37.166Z 2014-03-26T01:04:47.585Z
2224 Bypass $1,000 tomvg phabricator 2014-02-23T16:08:39.974Z 2014-03-25T18:23:30.689Z
916 Cross-site scripting on the main page of flickr by tagging a user. $2,173.75 smiegles yahoo 2014-02-03T17:35:32.694Z 2014-03-07T00:44:02.745Z
2107 Handling of jar: URIs bypasses AllowScriptAccess=never $2,000 masatokinugawa ibb-flash 2014-01-14T00:00:00.000Z 2014-01-14T00:00:00.000Z
2106 Flash type confusion vulnerability leads to code execution $10,000 bannedit ibb-flash 2013-12-10T00:00:00.000Z 2013-12-10T00:00:00.000Z
1509 DNS Misconfiguration $100 szgru security 2014-02-15T15:52:47.317Z 2014-02-15T21:04:41.142Z
1356 PHP Heap Overflow Vulnerability in imagecrop() $1,500 kubabrecka ibb-php 2013-12-27T02:57:00.000Z 2014-02-06T00:00:00.000Z
960 Linux 3.4+: arbitrary write with CONFIG_X86_X32 $3,000 pageexec sandbox 2014-01-28T23:52:58.000Z 2014-01-31T00:11:16.000Z
842 Autocomplete enabled in Paypal preferences $100 xtross1 security 2014-02-01T09:55:39.277Z 2015-05-28T04:50:18.149Z
809 Improperly implemented password recovery link functionality $300 dawidczagan phabricator 2014-01-27T20:49:36.770Z 2014-02-27T00:54:55.437Z
774 Log in a user to another account $300 dawidczagan phabricator 2014-01-23T12:54:26.529Z 2014-02-22T22:21:32.666Z
742 A password reset page does not properly validate the authenticity token at the server side. $100 niks security 2014-01-17T14:53:50.225Z 2014-04-19T20:59:39.929Z
727 Switching the user to the attacker's account $150 dawidczagan security 2014-01-15T22:24:14.153Z 2014-02-20T00:04:27.563Z
737 Improper session management $100 dawidczagan security 2014-01-16T23:48:19.888Z 2014-02-19T23:57:04.759Z
738 Information disclosure (reset password token) and changing the user's password $100 dawidczagan security 2014-01-17T00:49:34.781Z 2014-02-19T23:44:04.883Z
575 Email spoofing $250 introvertmac security 2014-01-10T11:44:11.303Z 2015-05-28T04:51:46.358Z
713 Upload profile photo from URL $500 laceratus security 2014-01-14T17:04:41.419Z 2014-02-15T03:07:33.332Z
547 CSRF login $100 andrisatteka security 2014-01-03T11:22:33.052Z 2014-01-13T16:42:18.010Z
546 Logical issues with account settings $150 introvertmac security 2014-01-01T15:23:05.995Z 2015-05-28T04:52:35.867Z
523 PHP openssl_x509_parse() Memory Corruption Vulnerability $4,000 sesser ibb-php 2013-11-30T23:00:00.000Z 2013-12-13T00:00:00.000Z
500 OpenSSH: Memory corruption in AES-GCM support $1,500 markus internet 2013-11-07T00:00:00.000Z 2013-11-07T00:00:00.000Z
499 Ruby: Heap Overflow in Floating Point Parsing $1,500 charliesome ibb-ruby 2013-11-22T00:00:00.000Z 2013-11-22T00:00:00.000Z
487 DNS Cache Poisoning $100 michael1026 security 2013-12-01T00:58:34.856Z 2014-01-09T14:36:41.000Z
477 Flawed account creation process allows registration of usernames corresponding to existing file names $100 mortes security 2013-11-30T11:42:13.022Z 2014-04-19T20:59:27.067Z
400 GIF flooding $250 dutchgraa security 2013-11-15T01:35:22.622Z 2013-11-30T12:44:26.582Z
390 Pixel flood attack $500 dutchgraa security 2013-11-12T16:04:27.096Z 2013-11-30T12:50:43.920Z
353 Session not expired on logout $100 satishb3 security 2013-11-09T05:54:35.279Z 2014-04-19T20:59:16.332Z
321 CSP not consistently applied $250 janpaul123 security 2013-11-08T09:59:03.704Z 2013-11-30T01:10:30.353Z
298 RTL override symbol not stripped from file names $500 mathias security 2013-11-07T19:12:41.742Z 2015-05-28T04:49:32.247Z
288 Session Management $100 javidhussain21 security 2013-11-07T17:19:36.545Z 2014-04-19T20:59:20.960Z
284 Broken Authentication and session management OWASP A2 $100 anand786 security 2013-11-07T13:27:06.643Z 2014-01-09T14:36:45.000Z
280 Real impersonation $100 janpaul123 security 2013-11-07T11:05:32.899Z 2013-11-30T01:10:48.953Z
120 Missing SPF for $500 szgru security 2013-11-06T21:55:00.483Z 2014-01-09T14:36:47.000Z
You can’t perform that action at this time.