Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
655 lines (655 sloc) 105 KB
Report ID Report URL Bug Title Bounty Rewarded Reporter Organization Created At Disclosed At
100186 https://hackerone.com/reports/100186 Transactions visible on Unconfirmed devices $500 shahmeer-amir coinbase 2015-11-17T17:15:44.839Z 2015-12-11T08:20:24.051Z
104033 https://hackerone.com/reports/104033 tokenizer crash when processing undecodable source code $500 androm3da ibb-python 2015-10-13T00:00:00.000Z 2015-11-14T00:00:00.000Z
104032 https://hackerone.com/reports/104032 PyFloat_FromString & PyNumber_Long Buffer Over-reads $1,000 johnleitch ibb-python 2015-08-06T00:00:00.000Z 2015-11-08T00:00:00.000Z
104028 https://hackerone.com/reports/104028 Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow) Bounty Info Not sure No Reporter Information FOund ibb-php 2015-05-13T00:00:00.000Z 2015-06-18T00:00:00.000Z
104027 https://hackerone.com/reports/104027 Memory Corruption in phar_parse_tarfile when entry filename starts with null $500 libnex ibb-php 2015-04-15T00:00:00.000Z 2015-05-12T00:00:00.000Z
104026 https://hackerone.com/reports/104026 invalid pointer free() in phar_tar_process_metadata() $500 libnex ibb-php 2015-04-15T00:00:00.000Z 2015-05-22T00:00:00.000Z
104025 https://hackerone.com/reports/104025 use after free in load_newobj_ex $500 tukan ibb-python 2015-07-02T00:00:00.000Z 2015-07-02T00:00:00.000Z
104024 https://hackerone.com/reports/104024 array.fromstring Use After Free $500 johnleitch ibb-python 2015-07-12T00:00:00.000Z 2015-07-25T00:00:00.000Z
104023 https://hackerone.com/reports/104023 bytearray.find Buffer Over-read $1,000 johnleitch ibb-python 2015-06-17T00:00:00.000Z 2015-06-29T00:00:00.000Z
104022 https://hackerone.com/reports/104022 hotshot pack_string Heap Buffer Overflow $500 johnleitch ibb-python 2015-06-20T00:00:00.000Z 2015-06-27T00:00:00.000Z
104021 https://hackerone.com/reports/104021 audioop.adpcm2lin Buffer Over-read $500 johnleitch ibb-python 2015-06-15T00:00:00.000Z 2015-06-28T00:00:00.000Z
104020 https://hackerone.com/reports/104020 audioop.lin2adpcm Buffer Over-read $500 johnleitch ibb-python 2015-06-15T00:00:00.000Z 2015-06-26T00:00:00.000Z
104019 https://hackerone.com/reports/104019 Files extracted from archive may be placed outside of destination directory $500 stewie ibb-php 2015-07-08T00:00:00.000Z 2015-08-05T00:00:00.000Z
104018 https://hackerone.com/reports/104018 Multiple Use After Free Vulnerabilites in unserialize() $1,500 ryat ibb-php 2015-07-30T00:00:00.000Z 2015-08-05T00:00:00.000Z
104017 https://hackerone.com/reports/104017 Arbitrary code execution in str_ireplace function $1,000 dimitri ibb-php 2015-07-26T00:00:00.000Z 2015-08-04T00:00:00.000Z
104016 https://hackerone.com/reports/104016 Dangling pointer in the unserialization of ArrayObject items $1,000 seanhn ibb-php 2015-07-13T00:00:00.000Z 2015-08-05T00:00:00.000Z
104015 https://hackerone.com/reports/104015 curl_setopt_array() type confusion $500 andreapalazzo ibb-php 2015-07-29T00:00:00.000Z 2015-08-04T00:00:00.000Z
104014 https://hackerone.com/reports/104014 libcurl duphandle read out of bounds $1,000 sparaschoudis internet 2015-09-16T00:00:00.000Z 2015-11-05T00:00:00.000Z
104013 https://hackerone.com/reports/104013 heap buffer overflow in enchant_broker_request_dict() $500 sparaschoudis ibb-php 2014-12-05T00:00:00.000Z 2015-01-26T00:00:00.000Z
104012 https://hackerone.com/reports/104012 Integer overflow in unserialize() (32-bits only) $500 sparaschoudis ibb-php 2015-09-18T00:00:00.000Z 2015-10-15T00:00:00.000Z
104011 https://hackerone.com/reports/104011 AddressSanitizer reports a global buffer overflow in mkgmtime() function $500 sparaschoudis ibb-php 2015-09-16T00:00:00.000Z 2015-10-15T00:00:00.000Z
104010 https://hackerone.com/reports/104010 SOAP serialize_function_call() type confusion / RCE $1,500 andreapalazzo ibb-php 2015-08-29T00:00:00.000Z 2015-09-02T00:00:00.000Z
104009 https://hackerone.com/reports/104009 zend_throw_or_error() format string vulnerability $500 ryat ibb-php 2015-11-14T00:00:00.000Z 2015-11-14T00:00:00.000Z
104008 https://hackerone.com/reports/104008 Uninitialized pointer in phar_make_dirstream $1,000 haquaman ibb-php 2015-09-05T00:00:00.000Z 2015-09-29T00:00:00.000Z
104007 https://hackerone.com/reports/104007 Buffer over-read in exif_read_data with TIFF IFD tag $1,000 haquaman ibb-php 2015-08-28T00:00:00.000Z 2015-09-01T00:00:00.000Z
104006 https://hackerone.com/reports/104006 Null pointer deref (segfault) in spl_autoload via ob_start $500 haquaman ibb-php 2015-08-18T00:00:00.000Z 2015-08-23T00:00:00.000Z
104005 https://hackerone.com/reports/104005 null pointer deref (segfault) in zend_eval_const_expr $500 haquaman ibb-php 2015-08-02T00:00:00.000Z 2015-08-02T00:00:00.000Z
104004 https://hackerone.com/reports/104004 Mem out-of-bounds write (segfault) in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER $500 haquaman ibb-php 2015-08-02T00:00:00.000Z 2015-08-02T00:00:00.000Z
104003 https://hackerone.com/reports/104003 Python deque.index() uninitialized memory $1,000 johnleitch ibb-python 2015-08-21T00:00:00.000Z 2015-09-03T00:00:00.000Z
104002 https://hackerone.com/reports/104002 Python scan_eol() Buffer Over-read $500 johnleitch ibb-python 2015-09-02T00:00:00.000Z 2015-09-03T00:00:00.000Z
104001 https://hackerone.com/reports/104001 time_strftime() Buffer Over-read $500 johnleitch ibb-python 2015-08-22T00:00:00.000Z 2015-09-07T00:00:00.000Z
104000 https://hackerone.com/reports/104000 Python xmlparse_setattro() Type Confusion $500 johnleitch ibb-python 2015-09-07T00:00:00.000Z 2015-09-07T00:00:00.000Z
103999 https://hackerone.com/reports/103999 Use after free vulnerability in unserialize() with GMP $500 ryat ibb-php 2015-08-17T00:00:00.000Z 2015-09-01T00:00:00.000Z
103998 https://hackerone.com/reports/103998 Use After Free Vulnerability in session deserializer $500 ryat ibb-php 2015-08-09T00:00:00.000Z 2015-09-01T00:00:00.000Z
103997 https://hackerone.com/reports/103997 Use After Free Vulnerability in unserialize() $1,000 ryat ibb-php 2015-07-31T00:00:00.000Z 2015-09-01T00:00:00.000Z
103996 https://hackerone.com/reports/103996 Use After Free Vulnerability in unserialize() with SplObjectStorage $1,000 ryat ibb-php 2015-08-27T00:00:00.000Z 2015-09-01T00:00:00.000Z
103995 https://hackerone.com/reports/103995 Use After Free Vulnerability in unserialize() with SplDoublyLinkedList $1,000 ryat ibb-php 2015-08-27T00:00:00.000Z 2015-09-01T00:00:00.000Z
103994 https://hackerone.com/reports/103994 Python 3.3 - 3.5 product_setstate() Out-of-bounds Read $500 johnleitch ibb-python 2015-09-08T00:00:00.000Z 2015-09-12T00:00:00.000Z
103993 https://hackerone.com/reports/103993 Request Hijacking Vulnerability In RubyGems 2.4.6 And Earlier $1,500 claudijd ibb-ruby 2015-05-06T00:00:00.000Z 2015-05-14T00:00:00.000Z
103992 https://hackerone.com/reports/103992 Integer overflow in _Unpickler_Read $500 hugbounter ibb-python 2015-09-26T00:00:00.000Z 2015-09-26T00:00:00.000Z
103991 https://hackerone.com/reports/103991 mod_lua: Crash in websockets PING handling $500 guido ibb-apache 2015-01-28T00:00:00.000Z 2015-02-04T00:00:00.000Z
103990 https://hackerone.com/reports/103990 Null pointer dereference in phar_get_fp_offset() $500 libnex ibb-php 2015-05-28T00:00:00.000Z 2015-09-29T00:00:00.000Z
100829 https://hackerone.com/reports/100829 Stored-XSS in https://www.coinbase.com/ $5,000 hazimaslam coinbase 2015-11-21T10:49:01.029Z 2015-12-07T15:10:39.908Z
96470 https://hackerone.com/reports/96470 Missing of csrf protection $500 harishkumar0394 shopify 2015-10-29T09:27:47.934Z 2015-12-07T21:26:35.535Z
101450 https://hackerone.com/reports/101450 XSS in creating tweets $500 cj71f shopify 2015-11-24T12:34:34.454Z 2015-12-03T22:02:26.038Z
99321 https://hackerone.com/reports/99321 [CSRF] Activate PayPal Express Checkout $500 zombiehelp54 shopify 2015-11-12T16:57:37.924Z 2015-12-03T17:26:19.144Z
97292 https://hackerone.com/reports/97292 HTTP header injection in info.hackerone.com allows setting cookies for hackerone.com $1,000 harisec security 2015-11-02T17:58:35.684Z 2015-12-02T05:31:31.937Z
100509 https://hackerone.com/reports/100509 Pre-generation of 2FA secret/backup codes seems like an unnecessary risk $1,000 danlec security 2015-11-19T16:06:20.160Z 2015-12-02T05:09:10.288Z
99708 https://hackerone.com/reports/99708 Limited CSRF bypass. $500 harshafriend4all security 2015-11-14T19:45:05.651Z 2015-12-02T05:25:37.160Z
98469 https://hackerone.com/reports/98469 Email Verification Link can be Used as Password Reset Link! $50 karimrahal binary 2015-11-07T15:43:12.214Z 2015-12-03T11:07:42.983Z
91604 https://hackerone.com/reports/91604 Crossdomain.xml settings on api.imgur.com too open $50 arbazhussain imgur 2015-10-01T10:39:07.189Z 2015-12-09T18:11:40.805Z
98499 https://hackerone.com/reports/98499 Apps can access 'channels' beta api $500 rms shopify 2015-11-07T19:43:56.968Z 2015-11-18T21:03:22.247Z
96908 https://hackerone.com/reports/96908 An administrator without the 'Settings' permission is able to see payment gateways $500 brakhane shopify 2015-10-30T23:46:24.189Z 2015-11-18T20:58:31.135Z
99374 https://hackerone.com/reports/99374 deleted staff member can add his amazon marketplace web services account to the store. $500 zombiehelp54 shopify 2015-11-12T22:17:32.980Z 2015-11-18T20:23:47.415Z
98083 https://hackerone.com/reports/98083 No password length restriction denial of service $100 secureashishpathak itbit 2015-11-05T16:10:58.745Z 2015-12-04T17:05:06.469Z
96467 https://hackerone.com/reports/96467 Persistent XSS in https://p.imgur.com/albumview.gif and http://p.imgur.com/imageview.gif / post statistics $50 sleepprogger imgur 2015-10-29T08:57:46.145Z 2015-12-09T17:46:36.683Z
97948 https://hackerone.com/reports/97948 Cross-domain AJAX request $2,500 ragnar security 2015-11-05T02:02:04.633Z 2015-11-14T15:22:16.880Z
97191 https://hackerone.com/reports/97191 Send AJAX request to external domain $2,500 killr0x33d security 2015-11-02T01:07:39.782Z 2015-11-14T14:47:09.895Z
95599 https://hackerone.com/reports/95599 Cross Site Scripting $50 paulos_ binary 2015-10-24T13:28:31.945Z 2015-11-13T16:52:29.817Z
95981 https://hackerone.com/reports/95981 Http Response Splitting - Validate link $75 gjavado binary 2015-10-26T23:48:50.529Z 2015-11-15T12:21:01.580Z
95804 https://hackerone.com/reports/95804 [api.allodsteam.com] Authentication Data $300 bigbear_ mailru 2015-10-25T18:34:40.200Z 2015-12-01T13:18:14.165Z
96890 https://hackerone.com/reports/96890 A 'Full access' administrator is able to see the shop owners user details $500 brakhane shopify 2015-10-30T23:05:30.461Z 2015-11-10T23:17:24.278Z
98259 https://hackerone.com/reports/98259 'Limited' RCE in certain places where Liquid is accepted $1,500 brakhane shopify 2015-11-06T13:37:33.389Z 2015-11-10T23:17:32.596Z
97535 https://hackerone.com/reports/97535 List of devices is accessible regardless of the account limitations $500 rms shopify 2015-11-04T00:29:53.767Z 2015-11-10T22:44:06.488Z
92481 https://hackerone.com/reports/92481 Accessing Payments page and adding payment methods with limited access accounts $500 shahmeer-amir shopify 2015-10-05T21:22:50.988Z 2015-11-10T22:31:49.351Z
95589 https://hackerone.com/reports/95589 Privilege escalation and circumvention of permission to limited access user $500 elamaran619 shopify 2015-10-24T12:39:14.004Z 2015-11-11T02:06:42.520Z
93680 https://hackerone.com/reports/93680 Missing authorization check on dashboard overviews $500 shahmeer-amir shopify 2015-10-13T17:48:54.159Z 2015-11-10T22:24:59.913Z
98281 https://hackerone.com/reports/98281 XSS Reflected in test.qiwi.ru $200 hassham qiwi 2015-11-06T16:16:12.872Z 2015-12-11T17:12:28.995Z
98247 https://hackerone.com/reports/98247 login to any user's cashier account and full account information disclosure $300 zombiehelp54 binary 2015-11-06T12:03:55.131Z 2015-11-14T21:36:47.469Z
97657 https://hackerone.com/reports/97657 File upload XSS (Java applet) on http://slackatwork.com/ $200 hassham slack 2015-11-04T11:10:53.600Z 2015-11-11T18:03:55.984Z
97510 https://hackerone.com/reports/97510 Following a User After Favoriting Actually Follows Another User (related to #95243) $280 ericr twitter 2015-11-03T21:43:56.140Z 2015-12-02T17:42:20.929Z
97683 https://hackerone.com/reports/97683 Reflected Self-XSS in Slack $100 harry_mg slack 2015-11-04T12:39:02.780Z 2015-11-10T18:32:15.422Z
81201 https://hackerone.com/reports/81201 Reflective XSS in projects.invisionapp.com $100 psychomantis invision 2015-08-08T08:48:16.647Z 2015-11-23T02:38:09.770Z
96337 https://hackerone.com/reports/96337 Stored XSS in Slack (weird, trial and error) $500 harry_mg slack 2015-10-28T14:32:33.024Z 2015-11-10T18:32:42.063Z
96855 https://hackerone.com/reports/96855 Staff members with no permission to access domains can access them. $500 zombiehelp54 shopify 2015-10-30T20:15:33.890Z 2015-11-03T01:11:15.180Z
93616 https://hackerone.com/reports/93616 get users information without full access $500 pouya shopify 2015-10-13T07:41:18.949Z 2015-11-04T18:50:22.488Z
93901 https://hackerone.com/reports/93901 Bypassing password requirement during deletion of accout $500 jitendra shopify 2015-10-14T20:36:17.660Z 2015-11-03T19:06:22.953Z
95441 https://hackerone.com/reports/95441 Unauthorized access to any Store Admin's First & Last name $500 hazimaslam shopify 2015-10-23T21:08:19.922Z 2015-11-07T21:25:00.707Z
95243 https://hackerone.com/reports/95243 Following a User Actually Follows Another User $280 ericr twitter 2015-10-22T23:07:36.649Z 2015-12-02T17:40:51.446Z
88881 https://hackerone.com/reports/88881 XSS: https://light.mail.ru/compose, https://m.mail.ru/compose/[id]/reply _Ëãó_Ÿ __ã‰___µã‰_µ ___Á ã_Ë_µãÊ_Ÿ_Á_éãë__ã†__ ___±ãó_Á_‡____ ãã‹__ãó___Ÿãó_____Á_______µ _Ë_Ÿããë____ $500 aesteral mailru 2015-09-14T20:26:33.476Z 2015-11-16T13:22:40.987Z
95932 https://hackerone.com/reports/95932 user-agent Content spoofing $50 behroz itbit 2015-10-26T18:10:56.713Z 2015-11-28T15:30:07.783Z
93394 https://hackerone.com/reports/93394 Unauthenticated access to details of hidden products in any shop via title emuneration $1,000 juhhga shopify 2015-10-12T03:49:19.322Z 2015-10-23T20:08:47.691Z
94502 https://hackerone.com/reports/94502 Some S3 Buckets are world readable (and one is world writeable) $500 brakhane shopify 2015-10-18T16:53:53.657Z 2015-10-24T14:18:02.688Z
93294 https://hackerone.com/reports/93294 First & Last Name Disclosure of any Shopify Store Admin $500 hazimaslam shopify 2015-10-11T03:29:05.547Z 2015-11-09T20:36:37.223Z
67393 https://hackerone.com/reports/67393 Enumeration and Guessable Email (OWASP-AT-002)T hrough Login Form $150 dipak_das invision 2015-06-11T09:22:37.581Z 2015-10-23T18:04:48.582Z
87168 https://hackerone.com/reports/87168 www.shopify.com XSS on blog pages via sharing buttons $500 reactors08 shopify 2015-09-03T08:09:51.486Z 2015-10-21T16:11:33.539Z
92353 https://hackerone.com/reports/92353 CSV Injection in polldaddy.com $75 strukt automattic 2015-10-04T23:17:40.723Z 2015-11-20T14:27:08.783Z
94899 https://hackerone.com/reports/94899 Paid account can review\download any invoice of any other shop $4,000 dvl shopify 2015-10-20T20:15:09.077Z 2015-10-22T20:44:39.830Z
94087 https://hackerone.com/reports/94087 Arbitrary read on s3://shopify-delivery-app-storage/files $1,500 brakhane shopify 2015-10-15T20:38:59.534Z 2015-10-20T20:27:10.858Z
93921 https://hackerone.com/reports/93921 Unauthorized access to all collections, products, pages from other stores $2,500 pouya shopify 2015-10-14T22:52:59.241Z 2015-10-20T16:00:36.331Z
94230 https://hackerone.com/reports/94230 Cross-site Scripting in all Zopim $1,000 mdv zopim 2015-10-16T14:56:26.648Z 2015-10-20T22:53:27.181Z
93691 https://hackerone.com/reports/93691 Arbitrary write on s3://shopify-delivery-app-storage/files $2,000 brakhane shopify 2015-10-13T19:22:49.202Z 2015-10-15T18:55:26.436Z
90671 https://hackerone.com/reports/90671 Privilege escalation vulnerability $500 marhvhelous shopify 2015-09-27T16:06:21.090Z 2015-10-14T20:38:55.672Z
57505 https://hackerone.com/reports/57505 amazon aws s3 bucket content is public :- http://shopify.com.s3.amazonaws.com/ $500 pulkit_pandey shopify 2015-04-20T20:00:31.371Z 2015-10-15T03:47:27.183Z
93004 https://hackerone.com/reports/93004 unauthorized access to all collections name $2,000 pouya shopify 2015-10-08T21:23:04.635Z 2015-10-14T19:45:27.215Z
50941 https://hackerone.com/reports/50941 A user can enhance their videos with paid tracks without buying the track $250 satishb3 vimeo 2015-03-11T08:40:37.368Z 2015-10-14T15:41:40.723Z
92740 https://hackerone.com/reports/92740 SPF records not found $100 brain coinbase 2015-10-07T10:03:52.049Z 2015-10-14T08:27:59.867Z
90912 https://hackerone.com/reports/90912 Inadequate input validation on API endpoint leading to self denial of service and increased system load. $500 mantis irccloud 2015-09-29T13:59:37.609Z 2015-10-12T17:45:20.270Z
93106 https://hackerone.com/reports/93106 Subdomain Takeover in http://staging.wepay.com/ pointing to Fastly $100 harry_mg wepay 2015-10-09T12:45:53.500Z 2015-12-10T09:04:22.900Z
62174 https://hackerone.com/reports/62174 Internet Explorer Enhanced Protected Mode sandbox escape via a broker vulnerability $3,000 ashutoshmehra sandbox 2015-05-12T19:27:16.779Z 2015-10-09T07:00:24.622Z
66958 https://hackerone.com/reports/66958 Microsoft Internet Explorer ActiveX Broker Allows EPM Bypass $3,000 yopwn sandbox 2015-06-09T19:16:17.803Z 2015-10-09T06:59:17.234Z
49935 https://hackerone.com/reports/49935 rails-ujs will send CSRF tokens to other origins $1,000 mastahyeti rails 2015-03-03T18:42:54.912Z 2015-06-16T19:21:31.440Z
44513 https://hackerone.com/reports/44513 RCE due to Web Console IP Whitelist bypass in Rails 4.0 and 4.1 $500 joernchen rails 2015-01-21T12:51:04.867Z 2015-06-16T19:21:46.422Z
92350 https://hackerone.com/reports/92350 CSV Injection $128 strukt trello 2015-10-04T22:34:00.717Z 2015-10-13T20:43:53.539Z
92050 https://hackerone.com/reports/92050 Normal User can add new users to group $256 sarwarjahan trello 2015-10-02T16:42:09.867Z 2015-10-14T17:08:04.277Z
92453 https://hackerone.com/reports/92453 unauthorized access to all customers first and last name $2,500 pouya shopify 2015-10-05T18:54:10.867Z 2015-10-06T18:04:12.916Z
92344 https://hackerone.com/reports/92344 customers password hash leak!!!! $500 pouya shopify 2015-10-04T21:38:16.541Z 2015-10-05T18:44:48.271Z
87577 https://hackerone.com/reports/87577 Stored XSS on vimeo.com and player.vimeo.com $200 esevece vimeo 2015-09-05T06:28:15.228Z 2015-11-30T14:17:08.376Z
89505 https://hackerone.com/reports/89505 Self-XSS in posts by formatting text as code $100 harry_mg slack 2015-09-18T04:55:10.911Z 2015-11-10T18:33:51.508Z
55546 https://hackerone.com/reports/55546 Open Redirect after login at http://ecommerce.shopify.com $500 dhaval shopify 2015-04-09T20:00:50.208Z 2015-10-05T18:38:33.749Z
90690 https://hackerone.com/reports/90690 change Login Services settings without owner access $1,000 pouya shopify 2015-09-27T20:38:00.359Z 2015-10-14T19:54:09.411Z
56626 https://hackerone.com/reports/56626 Shop admin can change external login services $1,000 satishb3 shopify 2015-04-16T09:53:14.564Z 2015-10-02T03:34:59.280Z
90753 https://hackerone.com/reports/90753 Content Spoofing $50 girish_s_pattanashetty zendesk 2015-09-28T13:16:01.331Z 2015-11-02T22:43:27.979Z
80298 https://hackerone.com/reports/80298 _Í___µ_Çãó_µ___Ÿ_µ _Ëãó___Ÿ_‡_____éãë________ javascript-ããÊ_µ___Áãó_Ÿã __ ã‹ã€____ãÊ_Ÿ_____Á_é_µ _Ëãó__ã____ã‰ãó_Á _Ÿ_‡___±ãó_Á___µ___Ÿ__ _____±_Ÿ_éãë______ ___µãóã_Ÿ_Ÿ ã_Á__ã‰_Á $500 bo0om vkcom 2015-08-03T11:26:58.890Z 2015-10-30T12:10:41.684Z
66121 https://hackerone.com/reports/66121 XSS at http://vk.com on IE using flash files $500 tunnelshade vkcom 2015-06-05T09:56:45.013Z 2015-10-30T12:23:19.628Z
65330 https://hackerone.com/reports/65330 __µ _Ç__ãã‰_Áã‰__ãˆ___Á㏠_Ëãó_____µãó___Á _é_____Ÿ___Á ã___Á___Ë $100 abr1k0s vkcom 2015-06-01T22:34:48.127Z 2015-10-30T11:34:43.884Z
87561 https://hackerone.com/reports/87561 OAUTH pemission set as true= lead to authorize malicious application $100 paresh_parmar coinbase 2015-09-05T01:31:17.205Z 2015-12-01T14:26:06.718Z
90274 https://hackerone.com/reports/90274 CSV Excel Macro Injection Vulnerability in export chat logs $100 psychomantis zopim 2015-09-24T05:20:48.138Z 2015-11-05T19:38:38.503Z
90131 https://hackerone.com/reports/90131 CSV Excel Macro Injection Vulnerability in export customer tickets $100 psychomantis zendesk 2015-09-23T09:18:02.387Z 2015-11-02T22:43:14.705Z
56936 https://hackerone.com/reports/56936 Notification request disclose private information about other myshopify accounts $4,000 dvl shopify 2015-04-17T14:39:07.291Z 2015-09-24T03:24:56.776Z
89624 https://hackerone.com/reports/89624 Cross-site Scripting https://www.zendesk.com/product/pricing/ $100 mdv zendesk 2015-09-19T11:48:48.895Z 2015-12-09T02:06:13.759Z
67557 https://hackerone.com/reports/67557 Bypass access restrictions from API $1,000 pouya shopify 2015-06-12T09:03:50.585Z 2015-09-18T19:44:41.027Z
56726 https://hackerone.com/reports/56726 Invitation issue $500 frozen shopify 2015-04-16T17:36:16.848Z 2015-09-16T20:35:43.934Z
81736 https://hackerone.com/reports/81736 XSS in WordPress $100 blinkms automattic 2015-08-11T15:25:36.288Z 2015-10-16T16:17:29.199Z
88395 https://hackerone.com/reports/88395 Information leakage through Graphviz blocks $300 jbeta phabricator 2015-09-11T01:18:57.641Z 2015-09-13T19:55:14.805Z
87040 https://hackerone.com/reports/87040 XSS on OAuth authorize/authenticate endpoint $2,520 filedescriptor twitter 2015-09-02T15:24:28.460Z 2015-11-20T18:49:04.664Z
85720 https://hackerone.com/reports/85720 IDOR on remoing Share $250 crab romit 2015-08-30T18:46:30.968Z 2015-11-27T06:26:11.492Z
85720 https://hackerone.com/reports/85720 IDOR on remoing Share $250 crab romit 2015-08-30T18:46:30.968Z 2015-11-27T06:26:11.492Z
78412 https://hackerone.com/reports/78412 Cross site scripting $150 smitgajra007 mailru 2015-07-24T15:23:23.592Z 2015-12-11T10:54:10.198Z
56779 https://hackerone.com/reports/56779 XSS on ecommerce.shopify.com $500 killr0x33d shopify 2015-04-16T19:50:58.471Z 2015-09-06T20:25:01.310Z
86504 https://hackerone.com/reports/86504 [CRITICAL] Login To Any Account Linked With Google+ With Email Only $100 egyxos anghami 2015-09-01T15:08:44.057Z 2015-10-02T23:54:35.464Z
81757 https://hackerone.com/reports/81757 Self XSS in chat. $500 00day shopify 2015-08-11T17:25:34.010Z 2015-09-02T16:43:15.599Z
86468 https://hackerone.com/reports/86468 [https://www.anghami.com/updatemailinfo/] Sql Injection $300 aaj__ anghami 2015-09-01T14:51:06.092Z 2015-10-02T11:49:34.547Z
86022 https://hackerone.com/reports/86022 Multiple so called 'type juggling' attacks. Most notably PhabricatorUser::validateCSRFToken() is 'bypassable' in certain cases. $450 superkritisch phabricator 2015-09-01T01:08:56.393Z 2015-10-01T22:57:15.654Z
85291 https://hackerone.com/reports/85291 XSS https://www.shopify.com/signup $500 mdv shopify 2015-08-27T22:32:52.176Z 2015-08-31T22:37:28.032Z
75357 https://hackerone.com/reports/75357 Session Cookie without HttpOnly and secure flag set $100 pradeepch99 qiwi 2015-07-14T10:05:39.855Z 2015-09-27T08:36:43.881Z
84709 https://hackerone.com/reports/84709 [API ISSUE] agents can Create agents even after they are disabled ! $100 harshafriend4all zopim 2015-08-25T19:41:28.508Z 2015-09-10T01:23:51.084Z
72785 https://hackerone.com/reports/72785 CSV Injection with the CVS export feature $500 appsec3 security 2015-06-26T19:53:52.138Z 2015-09-21T22:04:25.799Z
10801 https://hackerone.com/reports/10801 report a reflected XSS $400 faisal123 99designs 2014-05-03T13:29:28.124Z 2014-07-08T10:00:29.595Z
81441 https://hackerone.com/reports/81441 XSS https://delivery.shopifyapps.com/ (Digital Downloads App in myshopify.com) $500 00day shopify 2015-08-09T20:12:25.508Z 2015-08-24T22:29:00.454Z
67389 https://hackerone.com/reports/67389 SSRF via 'Insert Image' feature of Products/Collections/Frontpage $500 alpha shopify 2015-06-11T09:05:59.151Z 2015-08-24T14:47:13.085Z
67660 https://hackerone.com/reports/67660 Verification code issues for Two-Step Authentication $100 maverickrocky02 automattic 2015-06-12T20:58:31.999Z 2015-09-20T16:05:47.316Z
82725 https://hackerone.com/reports/82725 Stored XSS in comments $500 zombiehelp54 zendesk 2015-08-16T06:14:48.821Z 2015-11-13T22:07:11.539Z
79393 https://hackerone.com/reports/79393 __ã‰__ãóã†ã‰ã†__ _Ç__ãã‰ã€_Ë __ ____ãó_Ë__ãó_Áã‰_Ÿ____ã†__ _Ç_Á____ã†__. $500 sw3nlab qiwi 2015-07-29T08:05:52.425Z 2015-11-02T21:33:31.949Z
77802 https://hackerone.com/reports/77802 TCP Source Port Pass Firewall $1,000 salmankhanchampion shopify 2015-07-22T14:55:39.324Z 2015-08-11T15:10:49.339Z
73566 https://hackerone.com/reports/73566 Reflected XSS in chat $500 skavans shopify 2015-07-01T23:40:29.545Z 2015-08-11T16:02:24.281Z
80936 https://hackerone.com/reports/80936 Private Program and bounty details disclosed as part of JSON search response $500 techguynoob security 2015-08-06T15:41:19.751Z 2015-08-31T04:10:14.675Z
60573 https://hackerone.com/reports/60573 http://fitter1.i.mail.ru/browser/ ã‰__ãóãˆ_Ÿã‰ Graphite __ ___Ÿãó $400 isox mailru 2015-05-11T11:43:04.820Z 2015-09-13T13:04:18.332Z
67161 https://hackerone.com/reports/67161 Possible xWork classLoader RCE: shared.mail.ru $200 isox mailru 2015-06-10T09:27:21.118Z 2015-09-13T13:03:37.088Z
77076 https://hackerone.com/reports/77076 GA code not verified on the server side allows sending Verification Documents on behalf of another user $250 crab romit 2015-07-20T20:42:07.571Z 2015-11-27T06:28:47.665Z
80597 https://hackerone.com/reports/80597 Number of invited researchers disclosed as part of JSON search response $500 jessescitech security 2015-08-04T22:46:14.051Z 2015-08-05T00:22:04.355Z
77319 https://hackerone.com/reports/77319 Full path disclosure at https://keybase.io/_/api/1.0/invitation_request.json $100 s_p_q_r keybase 2015-07-21T13:27:47.914Z 2015-09-04T18:16:23.265Z
77067 https://hackerone.com/reports/77067 No rate limiting for sensitive actions (like "forgot password") enables user enumeration $250 paresh_parmar keybase 2015-07-20T20:27:29.820Z 2015-08-04T05:11:44.793Z
77081 https://hackerone.com/reports/77081 Content Sniffing not disabled $250 alihassanghori keybase 2015-07-20T20:48:50.106Z 2015-08-05T01:28:42.527Z
79185 https://hackerone.com/reports/79185 Content spoofing through Referel header $25 pradeepch99 flox 2015-07-28T07:45:34.191Z 2015-08-29T03:15:17.821Z
76738 https://hackerone.com/reports/76738 Open redirect filter bypass $25 aaj__ zaption 2015-07-19T10:59:20.289Z 2015-08-24T16:58:58.952Z
77060 https://hackerone.com/reports/77060 SMTP protection not used $500 mom keybase 2015-07-20T20:08:46.575Z 2015-08-28T21:02:16.110Z
77060 https://hackerone.com/reports/77060 SMTP protection not used $500 mom keybase 2015-07-20T20:08:46.575Z 2015-08-28T21:02:16.110Z
77221 https://hackerone.com/reports/77221 Open/Unvalidated Redirect Issue $25 bugs3ra mavenlink 2015-07-21T06:41:37.203Z 2015-08-06T20:24:08.015Z
77065 https://hackerone.com/reports/77065 Stealing CSRF Tokens $500 wesecureapp keybase 2015-07-20T20:20:11.116Z 2015-07-22T20:45:48.771Z
77231 https://hackerone.com/reports/77231 Weak Cryptographic Hash $25 ru94mb wordpoints 2015-07-21T07:29:14.331Z 2015-07-23T06:47:08.280Z
75727 https://hackerone.com/reports/75727 Stored Cross site scripting In developer.zendesk.com $200 dipak_das zendesk 2015-07-15T23:23:44.424Z 2015-09-02T21:37:18.018Z
75702 https://hackerone.com/reports/75702 No rate limit which leads to "Users information Disclosure" including verfification documents etc. $250 crab romit 2015-07-15T22:19:27.309Z 2015-11-27T06:24:38.895Z
71614 https://hackerone.com/reports/71614 XSS in Myshopify Admin Site in DISCOUNTS $500 nismo shopify 2015-06-19T08:30:40.360Z 2015-07-20T14:37:18.182Z
76713 https://hackerone.com/reports/76713 XSS - Gallery Search Listing $50 bugs3ra zaption 2015-07-19T09:28:07.837Z 2015-08-12T17:13:16.483Z
75556 https://hackerone.com/reports/75556 Accessing title of the report of which you are marked as duplicate $500 mafia security 2015-07-15T10:04:45.012Z 2015-07-17T18:17:49.548Z
35237 https://hackerone.com/reports/35237 Gain reputation by creating a duplicate of an existing report $500 huzaifa_jawaid security 2014-11-11T21:07:29.379Z 2015-08-14T18:08:47.019Z
67220 https://hackerone.com/reports/67220 Expire User Sessions in Admin Site does not expire user session in Shopify Application in IOS $500 nismo shopify 2015-06-10T13:02:05.436Z 2015-07-15T17:38:10.419Z
73567 https://hackerone.com/reports/73567 Attention! Remote Code Execution at http://wpt.ec2.shopify.com/ $3,000 prakharprasad shopify 2015-07-02T00:05:27.600Z 2015-07-16T12:02:44.547Z
67377 https://hackerone.com/reports/67377 SSRF via 'Add Image from URL' feature $500 alpha shopify 2015-06-11T07:49:05.596Z 2015-07-15T01:04:36.189Z
58679 https://hackerone.com/reports/58679 SSL cookie without secure flag set $500 pratikpanchal_infobit shopify 2015-04-27T10:52:29.273Z 2015-07-13T19:10:32.578Z
66151 https://hackerone.com/reports/66151 Invitation is not properly cancelled while inviting to bug reports. $500 batman security 2015-06-05T14:05:01.385Z 2015-07-10T00:32:32.240Z
37301 https://hackerone.com/reports/37301 CSRF Token in cookies! $150 protector_47 invision 2014-11-24T20:55:06.710Z 2015-10-22T14:21:24.072Z
74147 https://hackerone.com/reports/74147 Potential for financial loss, negative Values for "Buy fee" and "Sell Fee" $250 crab romit 2015-07-06T16:12:45.378Z 2015-11-26T20:49:47.993Z
73260 https://hackerone.com/reports/73260 Integer overflow in _json_encode_unicode leads to crash $1,000 nilch ibb-python 2015-06-27T00:00:00.000Z 2015-06-27T00:00:00.000Z
73259 https://hackerone.com/reports/73259 Integer overflow in _pickle.c $500 tukan ibb-python 2015-06-27T00:00:00.000Z 2015-06-27T00:00:00.000Z
73258 https://hackerone.com/reports/73258 Python: imageop Unsafe Arithmetic $1,000 johnleitch ibb-python 2015-05-22T00:00:00.000Z 2015-05-31T00:00:00.000Z
73257 https://hackerone.com/reports/73257 PHP yaml_parse/yaml_parse_file/yaml_parse_url Unsafe Deserialization $500 johnleitch ibb-php 2015-05-10T00:00:00.000Z 2015-05-18T00:00:00.000Z
73256 https://hackerone.com/reports/73256 PHP yaml_parse/yaml_parse_file/yaml_parse_url Double Free $1,500 johnleitch ibb-php 2015-05-10T00:00:00.000Z 2015-05-18T00:00:00.000Z
73255 https://hackerone.com/reports/73255 str_repeat() sign mismatch based memory corruption $500 andreapalazzo ibb-php 2015-04-09T00:00:00.000Z 2015-05-12T00:00:00.000Z
73253 https://hackerone.com/reports/73253 Multiple type confusions in unicode error handlers $500 pakt_ ibb-python 2015-05-01T00:00:00.000Z 2015-05-18T00:00:00.000Z
73252 https://hackerone.com/reports/73252 Use after free in get_filter $500 pakt_ ibb-python 2015-05-01T00:00:00.000Z 2015-05-03T00:00:00.000Z
73251 https://hackerone.com/reports/73251 Multiple use after free bugs in json encoding $1,500 pakt_ ibb-python 2015-05-01T00:00:00.000Z 2015-05-03T00:00:00.000Z
73250 https://hackerone.com/reports/73250 Multiple use after free bugs in heapq module $1,500 pakt_ ibb-python 2015-05-01T00:00:00.000Z 2015-05-03T00:00:00.000Z
73249 https://hackerone.com/reports/73249 Multiple use after free bugs in element module $1,500 pakt_ ibb-python 2015-05-01T00:00:00.000Z 2015-05-18T00:00:00.000Z
73248 https://hackerone.com/reports/73248 Tokenizer crash when processing undecodable source code $500 hugbounter ibb-python 2015-04-21T00:00:00.000Z 2015-04-21T00:00:00.000Z
73247 https://hackerone.com/reports/73247 php_stream_url_wrap_http_ex() type-confusion vulnerability $500 mongo ibb-php 2015-03-31T00:00:00.000Z 2015-04-14T00:00:00.000Z
73246 https://hackerone.com/reports/73246 Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER $500 mongo ibb-php 2015-03-27T00:00:00.000Z 2015-04-14T00:00:00.000Z
73245 https://hackerone.com/reports/73245 Type Confusion Vulnerability in SoapClient $500 ryat ibb-php 2015-03-01T00:00:00.000Z 2015-04-16T00:00:00.000Z
73244 https://hackerone.com/reports/73244 Use after free vulnerability in unserialize() with DateInterval $1,500 ryat ibb-php 2015-02-27T00:00:00.000Z 2015-03-17T00:00:00.000Z
73242 https://hackerone.com/reports/73242 libcurl: URL request injection $3,000 isciurus internet 2014-12-25T00:00:00.000Z 2015-01-08T00:00:00.000Z
73241 https://hackerone.com/reports/73241 Malformed ECParameters causes infinite loop $2,500 ctz ibb-openssl 2015-06-11T00:00:00.000Z 2015-06-11T00:00:00.000Z
73240 https://hackerone.com/reports/73240 Integer overflow in ftp_genlist() resulting in heap overflow $1,500 ruben ibb-php 2015-04-28T00:00:00.000Z 2015-05-12T00:00:00.000Z
73239 https://hackerone.com/reports/73239 ZIP Integer Overflow leads to writing past heap boundary $1,500 libnex ibb-php 2015-03-18T00:00:00.000Z 2015-03-18T00:00:00.000Z
73238 https://hackerone.com/reports/73238 Buffer Over-read in unserialize when parsing Phar $1,000 libnex ibb-php 2015-03-29T00:00:00.000Z 2015-04-14T00:00:00.000Z
73237 https://hackerone.com/reports/73237 Buffer Over flow when parsing tar/zip/phar in phar_set_inode $1,000 libnex ibb-php 2015-04-14T00:00:00.000Z 2015-04-14T00:00:00.000Z
73236 https://hackerone.com/reports/73236 X509_to_X509_REQ NULL pointer deref $500 geeknik ibb-openssl 2015-03-15T00:00:00.000Z 2015-03-15T00:00:00.000Z
73235 https://hackerone.com/reports/73235 Use After Free Vulnerability in unserialize() $1,500 ryat ibb-php 2015-02-03T00:00:00.000Z 2015-03-17T00:00:00.000Z
73234 https://hackerone.com/reports/73234 out of bounds read crashes php-cgi $500 geeknik ibb-php 2014-12-17T00:00:00.000Z 2014-12-30T00:00:00.000Z
66235 https://hackerone.com/reports/66235 _£ã_‡___Ÿ____ãã‰ãë __ _£___Á_‡_Á___Ÿ_µ ___µãã‰ ___Á ã‹__ã‰__ + ã‹_Ÿãˆ_Á + ãƒ_Á___Ÿ____ $200 pisarenko vkcom 2015-06-06T01:24:11.281Z 2015-09-07T15:53:07.286Z
64963 https://hackerone.com/reports/64963 API: Bug in method auth.validatePhone $500 vladislav805 vkcom 2015-05-30T20:47:56.380Z 2015-07-17T22:20:17.497Z
18845 https://hackerone.com/reports/18845 Unauthorized Access via Join Email Link $100 anshuman_bh wepay 2014-07-03T05:32:45.856Z 2015-06-24T07:05:30.591Z
72331 https://hackerone.com/reports/72331 XSS at Bulk editing ProductVariants $500 mafia shopify 2015-06-24T07:36:00.263Z 2015-06-25T04:12:57.741Z
56494 https://hackerone.com/reports/56494 Get email ID of any user on hackpad.com $216 mafia dropbox-acquisitions 2015-04-15T20:41:47.281Z 2015-07-22T06:57:46.562Z
52035 https://hackerone.com/reports/52035 Open redirect in "Language change". $500 seifelsallamy security 2015-03-15T05:24:49.733Z 2015-06-19T21:03:20.893Z
67125 https://hackerone.com/reports/67125 XSS at importing Product List $500 mafia shopify 2015-06-10T08:06:48.627Z 2015-06-17T15:04:11.294Z
67132 https://hackerone.com/reports/67132 XSS at Bulk editing products $500 mafia shopify 2015-06-10T08:15:22.843Z 2015-06-17T15:04:22.964Z
63888 https://hackerone.com/reports/63888 Cross site scripting $50 jaikeysarraf romit 2015-05-27T06:54:57.538Z 2015-07-12T18:45:43.511Z
66386 https://hackerone.com/reports/66386 [www.*.myshopify.com] CRLF Injection $500 bobrov shopify 2015-06-07T08:01:57.318Z 2015-06-10T17:31:32.341Z
66262 https://hackerone.com/reports/66262 mailto: link injection on https://hackerone.com/directory $500 ashesh security 2015-06-06T08:37:34.778Z 2015-06-10T05:03:10.438Z
63865 https://hackerone.com/reports/63865 Potential denial of service in hackerone.com/<program>/reward_settings $100 ashesh security 2015-05-27T04:30:15.478Z 2015-06-10T04:13:53.662Z
55911 https://hackerone.com/reports/55911 CSRF token fixation in facebook store app that can lead to adding attacker to victim acc $500 harshafriend4all shopify 2015-04-11T14:06:20.330Z 2015-06-25T20:05:05.521Z
55716 https://hackerone.com/reports/55716 Force 500 Internal Server Error on any shop (for one user) $500 4lemon shopify 2015-04-10T14:57:24.777Z 2015-06-09T23:43:40.005Z
62861 https://hackerone.com/reports/62861 Bulk Discount App in myshopify.com exposes http://bulkdiscounts.shopifyapps.com vulnerable to XSS $500 nismo shopify 2015-05-18T14:34:45.258Z 2015-07-23T16:45:06.222Z
62427 https://hackerone.com/reports/62427 XSS in myshopify.com Admin site in TAX Overrides $500 nismo shopify 2015-05-14T17:15:39.076Z 2015-06-09T20:55:33.836Z
47223 https://hackerone.com/reports/47223 Javascript Injection $200 ddworken invision 2015-02-09T18:23:49.489Z 2015-07-08T18:47:12.952Z
63729 https://hackerone.com/reports/63729 Logic error with notifications: user that has left team continues to receive notifications and can not 'clean' this area on account $500 brdoors2 security 2015-05-25T19:31:24.774Z 2015-06-04T16:29:50.996Z
62544 https://hackerone.com/reports/62544 http://tp-dev1.tp.smailru.net/ $150 isox mailru 2015-05-15T11:34:19.314Z 2015-09-13T12:59:17.827Z
62531 https://hackerone.com/reports/62531 tt-mac.i.mail.ru: Quagga 0.99.23.1 (Router) : Default password and default enable password $200 isox mailru 2015-05-15T10:32:32.096Z 2015-09-13T12:58:52.194Z
55530 https://hackerone.com/reports/55530 Authentication Failed Mobile version $500 lccunha shopify 2015-04-09T19:34:24.650Z 2015-06-02T19:26:26.134Z
57914 https://hackerone.com/reports/57914 HTML injection in email sent by romit.io $50 crab romit 2015-04-23T17:24:46.665Z 2015-11-26T20:49:08.402Z
39486 https://hackerone.com/reports/39486 No bruteforce protection leads to enumeration of emails in http://e.mail.ru/ $100 niyaax mailru 2014-12-16T10:39:32.909Z 2015-06-28T14:41:06.705Z
60420 https://hackerone.com/reports/60420 store-agent.mail.ru: stacked blind injection $400 isox mailru 2015-05-10T08:46:45.586Z 2015-09-13T12:27:56.920Z
54719 https://hackerone.com/reports/54719 e.mail.ru stored XSS in agent via sticker (smile) $500 reactors08 mailru 2015-04-03T18:00:23.905Z 2015-06-28T13:29:20.074Z
57692 https://hackerone.com/reports/57692 Server responds with the server error logs on account creation $50 crab romit 2015-04-21T23:51:02.249Z 2015-11-26T20:49:08.409Z
63537 https://hackerone.com/reports/63537 XSS in https://app.mavenlink.com/workspaces/ $100 enderun07 mavenlink 2015-05-23T12:34:09.730Z 2015-06-22T22:57:42.457Z
53628 https://hackerone.com/reports/53628 XSS in https://hackpad.com/ $216 mahitman dropbox-acquisitions 2015-03-27T13:05:12.179Z 2015-06-02T18:36:01.681Z
59356 https://hackerone.com/reports/59356 XSS in dropbox main domain $512 missoum1307 dropbox 2015-05-02T20:57:19.892Z 2015-06-09T00:34:30.880Z
57459 https://hackerone.com/reports/57459 XSS in experts.shopify.com $500 cj71f shopify 2015-04-20T12:56:43.159Z 2015-05-19T18:46:17.280Z
59179 https://hackerone.com/reports/59179 Race condition when redeeming coupon codes $216 franjkovic dropbox 2015-05-01T06:04:52.353Z 2015-05-11T21:04:17.506Z
60402 https://hackerone.com/reports/60402 Content Spoofing - External Link Warning Page $500 jedimaster security 2015-05-10T07:15:04.633Z 2015-05-11T20:50:41.501Z
59659 https://hackerone.com/reports/59659 Reopen Disable Accounts/ Hidden Access After Disable $500 antrax security 2015-05-05T09:07:36.045Z 2015-06-08T20:55:21.474Z
56742 https://hackerone.com/reports/56742 SPF whitelist of mandrill leads to email forgery $1,000 mikebrooks security 2015-04-16T18:15:09.759Z 2015-06-08T00:26:08.156Z
59369 https://hackerone.com/reports/59369 Making any Report Failed to load $500 aj-_- security 2015-05-03T01:16:24.683Z 2015-05-09T14:06:12.170Z
59375 https://hackerone.com/reports/59375 Homograph attack $500 filedescriptor security 2015-05-03T02:29:04.941Z 2015-05-09T02:15:41.252Z
59469 https://hackerone.com/reports/59469 Fake URL + Additional vectors for homograph attack $500 killr0x33d security 2015-05-03T20:50:16.860Z 2015-05-09T21:03:08.050Z
58630 https://hackerone.com/reports/58630 Content Spoofing $500 zerohat shopify 2015-04-26T20:33:30.137Z 2015-05-05T15:06:26.924Z
58612 https://hackerone.com/reports/58612 Homograph attack $500 killr0x33d security 2015-04-26T17:58:53.549Z 2015-05-02T22:34:51.056Z
57603 https://hackerone.com/reports/57603 API: missing invalidation of OAuth2 Authorization Code during access revocation causes authorization bypass $500 dor1s vimeo 2015-04-21T14:44:49.464Z 2015-05-31T17:40:09.964Z
59015 https://hackerone.com/reports/59015 Stored XSS in the Shopify Discussion Forums $500 sukhjiwansingh shopify 2015-04-29T19:48:20.965Z 2015-05-31T14:54:43.895Z
51817 https://hackerone.com/reports/51817 Post in private groups after getting removed $250 niyaax vimeo 2015-03-13T22:50:28.924Z 2015-05-01T14:21:08.112Z
52708 https://hackerone.com/reports/52708 Share your channel to any user on vimeo without following him $250 vijay_kumar1110 vimeo 2015-03-20T07:14:08.457Z 2015-09-28T21:56:18.909Z
54631 https://hackerone.com/reports/54631 Vulnerable to JavaScript injection. (WXS) (Javascript injection)! $100 protector_47 snapchat 2015-04-03T11:21:29.485Z 2015-10-22T14:22:09.262Z
52181 https://hackerone.com/reports/52181 Insecure Direct Object References that allows to read any comment (even if it should be private) $150 patrik vimeo 2015-03-16T11:56:07.679Z 2015-05-04T16:51:07.517Z
52176 https://hackerone.com/reports/52176 Insecure Direct Object References in https://vimeo.com/forums $500 patrik vimeo 2015-03-16T10:55:05.899Z 2015-05-04T16:51:07.369Z
37593 https://hackerone.com/reports/37593 Open Redirect in unmask.sucuri.net $250 masatokinugawa sucuri 2014-11-27T06:32:18.299Z 2015-05-27T16:19:33.476Z
56828 https://hackerone.com/reports/56828 SSRF vulnerablity in app webhooks $512 haquaman dropbox 2015-04-17T02:37:51.483Z 2015-04-23T23:52:45.539Z
55670 https://hackerone.com/reports/55670 Fabric.io: Ex-admin of an organization can delete team members $280 satishb3 twitter 2015-04-10T09:53:25.964Z 2015-11-01T15:46:20.209Z
53858 https://hackerone.com/reports/53858 Insecure Direct Object Reference - access to other user/group DM's $420 wesecureapp twitter 2015-03-29T17:15:04.612Z 2015-10-03T18:48:57.984Z
57163 https://hackerone.com/reports/57163 Open-redirect on hackerone.com $500 killr0x33d security 2015-04-18T10:50:57.996Z 2015-04-23T15:38:54.773Z
55842 https://hackerone.com/reports/55842 [persistent cross-site scripting] customers can target admins $1,000 wesecureapp shopify 2015-04-11T07:51:20.741Z 2015-07-01T15:35:20.996Z
44052 https://hackerone.com/reports/44052 Hadoop Node available to public $150 isox mailru 2015-01-16T15:30:28.845Z 2015-09-13T12:17:30.116Z
49035 https://hackerone.com/reports/49035 HDFS NameNode Public disclosure: http://185.5.139.33:50070/dfshealth.jsp $150 isox mailru 2015-02-24T08:32:46.730Z 2015-09-13T12:16:57.090Z
56511 https://hackerone.com/reports/56511 IDOR expire other user sessions $1,000 sappi shopify 2015-04-15T22:02:37.726Z 2015-04-17T01:32:54.829Z
56002 https://hackerone.com/reports/56002 Shopify android client all API request's response leakage, including access_token, cookie, response header, response body content $2,000 sukhoi shopify 2015-04-12T08:51:42.562Z 2015-07-04T15:45:09.606Z
54779 https://hackerone.com/reports/54779 Missing spf flags for myshopify.com $500 jenglish shopify 2015-04-03T22:16:30.301Z 2015-04-16T10:35:32.194Z
55525 https://hackerone.com/reports/55525 Open redirection in OAuth $500 pranav_hivarekar shopify 2015-04-09T19:26:47.044Z 2015-07-03T17:17:57.442Z
47932 https://hackerone.com/reports/47932 Privilege Escalation at invite feature @hackpad.com $729 daksh dropbox-acquisitions 2015-02-17T04:53:17.186Z 2015-04-04T04:30:02.046Z
53843 https://hackerone.com/reports/53843 HTTP Response Splitting (CRLF injection) due to headers overflow $2,800 filedescriptor twitter 2015-03-29T10:52:52.117Z 2015-05-04T22:51:22.707Z
55033 https://hackerone.com/reports/55033 Use after free vulnerability in unserialize() $3,000 sesser ibb-php 2014-12-12T00:00:00.000Z 2015-01-20T00:00:00.000Z
55030 https://hackerone.com/reports/55030 SoapClient's __call() type confusion through unserialize() $2,500 andreapalazzo ibb-php 2015-02-19T00:00:00.000Z 2015-03-03T00:00:00.000Z
55029 https://hackerone.com/reports/55029 Use after free vulnerability in unserialize() with DateTimeZone $2,500 ryat ibb-php 2015-01-29T00:00:00.000Z 2015-02-27T00:00:00.000Z
55028 https://hackerone.com/reports/55028 Free called on unitialized pointer in exif.c $2,500 endeavor ibb-php 2015-01-11T00:00:00.000Z 2015-01-20T00:00:00.000Z
55018 https://hackerone.com/reports/55018 Segmentation fault for invalid PSS parameters $3,000 geeknik ibb-openssl 2015-01-31T00:00:00.000Z 2015-03-19T00:00:00.000Z
55017 https://hackerone.com/reports/55017 Multiple Python integer overflows $9,000 pakt_ ibb-python 2015-02-01T00:00:00.000Z 2015-02-04T00:00:00.000Z
26962 https://hackerone.com/reports/26962 open redirect in rfc6749 $3,000 asanso internet 2014-09-04T19:15:25.612Z 2015-04-06T17:40:18.093Z
51265 https://hackerone.com/reports/51265 Flash Cross Domain Policy Bypass by Using File Upload and Redirection - only in Chrome $2,000 irsdl ibb-flash 2015-03-12T23:35:49.486Z 2015-05-06T02:43:27.561Z
47779 https://hackerone.com/reports/47779 Heap overflow in H. Spenceräó»s regex library on 32 bit systems $3,000 guido internet 2015-02-15T03:28:07.748Z 2015-04-06T02:42:11.446Z
31756 https://hackerone.com/reports/31756 Drupal 7 pre auth sql injection and remote code execution $3,000 shorst internet 2014-10-17T10:50:36.095Z 2015-04-06T09:40:09.432Z
54610 https://hackerone.com/reports/54610 Logout any user of same team $100 uttam5oren slack 2015-04-03T06:32:13.344Z 2015-05-05T05:59:54.329Z
54641 https://hackerone.com/reports/54641 Captcha Bypass in Snapchat's Geofilter Submission Process $100 zero snapchat 2015-04-03T12:44:21.990Z 2015-05-04T01:15:06.517Z
54733 https://hackerone.com/reports/54733 Sandboxed iframes don't show confirmation screen $1,000 homakov coinbase 2015-04-03T18:34:58.274Z 2015-04-04T15:31:37.435Z
46747 https://hackerone.com/reports/46747 Team admin can change unauthorized team setting (require_at_for_mention) $200 satishb3 slack 2015-02-05T14:16:40.217Z 2015-04-30T06:07:57.989Z
52982 https://hackerone.com/reports/52982 [URGENT ISSUE] Add or Delete the videos in watch later list of any user . $250 prashanth vimeo 2015-03-22T12:07:22.727Z 2015-05-01T15:46:57.935Z
50170 https://hackerone.com/reports/50170 FREAK: Factoring RSA_EXPORT Keys to Impersonate TLS Servers $7,500 prosecco-inria internet 2015-03-05T16:18:06.711Z 2015-04-01T07:30:30.475Z
52644 https://hackerone.com/reports/52644 confirmation bypass of 2FA devices while they are deleting $200 harshafriend4all itbit 2015-03-19T18:48:31.859Z 2015-04-29T10:03:36.379Z
52645 https://hackerone.com/reports/52645 secretKey for OTP , is getting leaked in response of a delete request ! $200 harshafriend4all itbit 2015-03-19T18:57:30.034Z 2015-04-29T10:03:01.443Z
53098 https://hackerone.com/reports/53098 XSS in twitter.com/safety/unsafe_link_warning $1,400 masatokinugawa twitter 2015-03-23T16:31:41.943Z 2015-04-03T23:31:12.903Z
52646 https://hackerone.com/reports/52646 Insecure direct object reference - have access to deleted DM's $420 wesecureapp twitter 2015-03-19T19:01:36.118Z 2015-10-12T04:56:07.348Z
53088 https://hackerone.com/reports/53088 SSRF vulnerability (access to metadata server on EC2 and OpenStack) $300 agarri_fr phabricator 2015-03-23T15:08:49.061Z 2015-03-26T18:37:57.571Z
38682 https://hackerone.com/reports/38682 Delayed, fraudulent transactions possible with encrypted Square Reader devices due to lack of server-side verification of device transaction counter $500 jmoore15 square 2014-12-08T21:28:43.839Z 2015-07-24T23:58:18.431Z
46916 https://hackerone.com/reports/46916 Markdown parsing issue enables insertion of malicious tags and event handlers $5,000 danlec security 2015-02-06T17:34:25.616Z 2015-04-07T21:12:33.546Z
52042 https://hackerone.com/reports/52042 HTTP Response Splitting (CRLF injection) in report_story $3,500 filedescriptor twitter 2015-03-15T07:49:31.208Z 2015-04-21T17:59:23.057Z
52822 https://hackerone.com/reports/52822 XSS with Time-of-Day Format $300 candux phabricator 2015-03-20T21:32:08.402Z 2015-04-19T21:58:26.684Z
44588 https://hackerone.com/reports/44588 Email Length Verification $50 simon90 itbit 2015-01-21T18:05:22.462Z 2015-10-11T22:07:11.704Z
49561 https://hackerone.com/reports/49561 Vimeo + & Vimeo PRO Unautorised Tax bypass $250 michelgaschet vimeo 2015-02-28T05:41:33.817Z 2015-04-18T08:35:39.009Z
50786 https://hackerone.com/reports/50786 A user can add videos to other user's private groups $250 satishb3 vimeo 2015-03-10T10:32:17.246Z 2015-04-23T16:36:36.979Z
49139 https://hackerone.com/reports/49139 scfbp.tng.mail.ru: Heartbleed $150 isox mailru 2015-02-25T07:49:11.753Z 2015-09-13T12:16:27.816Z
49408 https://hackerone.com/reports/49408 RCE ãˆ_µãó_µ_‡ JDWP $300 isox mailru 2015-02-27T09:13:28.705Z 2015-09-13T12:14:53.016Z
49652 https://hackerone.com/reports/49652 Improperly validated fields allows injection of arbitrary HTML via spoofed React objects $5,000 danlec security 2015-02-28T17:38:13.663Z 2015-03-18T13:11:50.503Z
50752 https://hackerone.com/reports/50752 open redirect sends authenticity_token to any website or (ip address) $560 seifelsallamy twitter 2015-03-10T01:01:35.464Z 2015-03-14T02:05:46.716Z
47940 https://hackerone.com/reports/47940 Team admin can add billing contacts $200 satishb3 slack 2015-02-17T08:46:56.981Z 2015-04-03T00:45:03.393Z
49974 https://hackerone.com/reports/49974 The csrf token remains same after user logs in $50 crab romit 2015-03-04T05:38:37.035Z 2015-11-26T20:47:27.692Z
50884 https://hackerone.com/reports/50884 Bypass pin(4 digit passcode on your android app) $100 adrianbelen whisper 2015-03-11T04:36:09.341Z 2015-04-12T02:24:32.481Z
48065 https://hackerone.com/reports/48065 open authentication bug $100 prashanth coinbase 2015-02-18T13:26:26.398Z 2015-03-11T16:19:22.122Z
47536 https://hackerone.com/reports/47536 [ishop.qiwi.com] XSS + Misconfiguration $200 kxyry qiwi 2015-02-12T13:09:49.842Z 2015-08-31T08:40:13.734Z
50885 https://hackerone.com/reports/50885 CVE-2014-0224 openssl ccs vulnerability $10 paresh_parmar whisper 2015-03-11T04:42:02.964Z 2015-04-10T05:04:11.969Z
36211 https://hackerone.com/reports/36211 Logic Issue with Reputation: Boost Reputation Points $500 prakharprasad security 2014-11-16T16:06:58.345Z 2015-04-28T04:51:43.873Z
50829 https://hackerone.com/reports/50829 A user can post comments on other user's private videos $500 satishb3 vimeo 2015-03-10T18:13:51.208Z 2015-03-11T14:37:49.514Z
50776 https://hackerone.com/reports/50776 A user can edit comments even after video comments are disabled $250 satishb3 vimeo 2015-03-10T09:12:26.084Z 2015-03-11T14:37:33.636Z
50134 https://hackerone.com/reports/50134 XSS in original referrer after follow $1,400 wesecureapp twitter 2015-03-05T11:34:49.909Z 2015-03-09T18:37:58.303Z
49806 https://hackerone.com/reports/49806 Twitter Ads Campaign information disclosure through admin without any authentication. $560 avicoder twitter 2015-03-02T15:00:30.732Z 2015-04-25T08:22:05.808Z
49759 https://hackerone.com/reports/49759 Open Redirect leak of authenticity_token lead to full account take over. $1,400 seifelsallamy twitter 2015-03-02T01:07:46.725Z 2015-04-03T21:20:11.985Z
48516 https://hackerone.com/reports/48516 Redirect URL in /intent/ functionality is not properly escaped $1,400 homakov twitter 2015-02-21T23:47:32.767Z 2015-02-24T21:55:21.923Z
47140 https://hackerone.com/reports/47140 Leakage of sensitive wallet tokens to third party sites $50 shahmeer-amir itbit 2015-02-08T22:24:00.833Z 2015-03-28T20:04:45.130Z
48422 https://hackerone.com/reports/48422 Team member invitations to sandboxed teams are not invalidated consistently (v2) $500 siddiki security 2015-02-20T23:58:42.957Z 2015-02-27T23:27:32.912Z
46429 https://hackerone.com/reports/46429 Team member invitations to sandboxed teams are not invalidated consistently $500 mazengamal security 2015-02-04T07:46:58.687Z 2015-03-28T22:38:44.128Z
47472 https://hackerone.com/reports/47472 CSP Bypass: Click handler for links with data-method="post" can cause authenticity_token to be sent off domain $2,000 danlec security 2015-02-11T20:03:01.597Z 2015-02-26T21:50:46.056Z
48682 https://hackerone.com/reports/48682 Taking over a Business Account Admin $25 cliffordtrigo todoist 2015-02-23T06:49:02.108Z 2015-02-26T22:35:08.437Z
48690 https://hackerone.com/reports/48690 Remotely removing credit cards from business accounts! $25 cliffordtrigo todoist 2015-02-23T07:02:16.342Z 2015-02-26T15:16:37.424Z
44294 https://hackerone.com/reports/44294 Heartbleed: my.com (185.30.178.33) port 1433 $150 isox mailru 2015-01-19T13:54:12.505Z 2015-09-13T12:13:15.737Z
20720 https://hackerone.com/reports/20720 cloud.mail.ru: File upload XSS using Content-Type header $150 isox mailru 2014-07-19T08:40:07.001Z 2015-09-13T12:10:54.947Z
47495 https://hackerone.com/reports/47495 Same Origin Policy bypass $600 zoczus mailru 2015-02-12T00:35:46.540Z 2015-03-27T14:29:12.748Z
47627 https://hackerone.com/reports/47627 Email Enumeration (POC) $50 kabeel romit 2015-02-13T11:07:15.303Z 2015-05-27T15:57:29.968Z
48100 https://hackerone.com/reports/48100 Bad Write in TTF font parsing (win32k.sys) $5,000 dirtybit internet 2015-02-18T17:46:07.583Z 2015-03-01T08:29:00.467Z
47012 https://hackerone.com/reports/47012 Adobe Flash Player Out-of-Bound Access Vulnerability $2,000 hhj4ck ibb-flash 2015-02-07T14:50:18.485Z 2015-03-25T19:39:25.200Z
47234 https://hackerone.com/reports/47234 Use After Free in Flash MessageChannel.send can cause arbitrary code execution $7,500 biloulehibou ibb-flash 2015-02-09T18:50:52.771Z 2015-03-25T19:39:16.979Z
47232 https://hackerone.com/reports/47232 Use after free during the StageVideoAvailabilityEvent can result in arbitrary code execution $10,000 biloulehibou ibb-flash 2015-02-09T18:44:09.226Z 2015-03-25T19:39:16.982Z
47227 https://hackerone.com/reports/47227 Race condition in workers may cause an exploitable double free by abusing bytearray.compress() $10,000 biloulehibou ibb-flash 2015-02-09T18:36:18.158Z 2015-03-25T19:40:38.137Z
46618 https://hackerone.com/reports/46618 Frictionless Transferring of Wallet Ownership $50 anshuman_bh romit 2015-02-05T06:03:36.983Z 2015-03-23T19:16:57.716Z
47888 https://hackerone.com/reports/47888 Reporting user's profile by using another people's ID $140 hussein98d twitter 2015-02-16T16:05:58.583Z 2015-06-11T18:19:31.185Z
46397 https://hackerone.com/reports/46397 Insecure Direct Object Reference vulnerability $500 anshuman_bh security 2015-02-04T02:08:22.357Z 2015-02-20T03:07:05.939Z
46485 https://hackerone.com/reports/46485 Problem with OAuth $1,260 sandeep100928 twitter 2015-02-04T19:03:25.578Z 2015-11-14T16:50:09.783Z
46750 https://hackerone.com/reports/46750 Team admin can change unauthorized team setting (allow_message_deletion) $100 satishb3 slack 2015-02-05T14:57:49.577Z 2015-05-30T17:17:13.155Z
46954 https://hackerone.com/reports/46954 Red October 1511493148.cloud.vimeo.com $250 shahmeer-amir vimeo 2015-02-06T23:08:43.296Z 2015-03-13T01:28:15.402Z
41469 https://hackerone.com/reports/41469 Error stack trace $100 4lemon romit 2014-12-20T22:58:47.669Z 2015-04-03T14:01:36.254Z
29234 https://hackerone.com/reports/29234 Credit Card Validation Issue $100 whitj00 coinbase 2014-09-27T04:34:52.509Z 2015-03-12T19:01:21.440Z
42240 https://hackerone.com/reports/42240 chrome allows POST requests with custom headers using flash + 307 redirect $1,000 netfuzzer ibb-flash 2014-12-31T20:18:20.632Z 2015-02-09T08:03:32.414Z
31408 https://hackerone.com/reports/31408 Adobe Flash Player Out-of-Bound Read/Write Vulnerability $5,000 hhj4ck ibb-flash 2014-10-15T07:18:36.549Z 2015-03-11T04:19:46.285Z
30567 https://hackerone.com/reports/30567 Adobe Flash Player MP4 Use-After-Free Vulnerability $2,000 hhj4ck ibb-flash 2014-10-08T02:03:48.260Z 2015-03-11T04:19:40.947Z
36279 https://hackerone.com/reports/36279 Adobe Flash Player MP4 Use-After-Free Vulnerability $2,000 hhj4ck ibb-flash 2014-11-17T06:20:07.759Z 2015-03-11T04:19:11.042Z
46818 https://hackerone.com/reports/46818 Twitter Card - Parent Window Redirection $560 batuhan twitter 2015-02-05T22:56:25.001Z 2015-05-04T22:54:25.679Z
43988 https://hackerone.com/reports/43988 twitter android app Fragment Injection $420 miantaiduo twitter 2015-01-16T06:26:28.004Z 2015-04-11T23:57:14.017Z
44492 https://hackerone.com/reports/44492 Flaw in login with twitter to steal Oauth tokens $140 wesecureapp twitter 2015-01-21T05:37:34.318Z 2015-02-18T18:39:53.370Z
44864 https://hackerone.com/reports/44864 Unsecure data in "device" response - OTP $200 4lemon itbit 2015-01-23T13:47:55.296Z 2015-02-27T15:32:53.350Z
44888 https://hackerone.com/reports/44888 Improper way of validating a program $500 aj-_- security 2015-01-23T17:15:40.717Z 2015-02-04T15:25:50.666Z
44555 https://hackerone.com/reports/44555 Notification Emails: IP + Content-Spoofing $500 zoczus itbit 2015-01-21T16:27:17.316Z 2015-02-27T15:32:10.577Z
46072 https://hackerone.com/reports/46072 Vulnerability with the way \ escaped characters in <http://danlec.com> style links are rendered $5,000 danlec security 2015-02-01T23:52:18.498Z 2015-02-03T17:34:45.891Z
44909 https://hackerone.com/reports/44909 weird bug ! ( missing validation on new email verfication ) $50 harshafriend4all itbit 2015-01-23T20:42:45.463Z 2015-02-14T17:35:21.209Z
43770 https://hackerone.com/reports/43770 Ability to Download Music Tracks Without Paying (Missing permission check on`/musicstore/download`) $250 fin1te vimeo 2015-01-14T17:59:02.757Z 2015-03-01T23:09:50.388Z
45368 https://hackerone.com/reports/45368 ftp upload of video allows naming that is not sanitized as the manual naming $100 testalways vimeo 2015-01-27T10:16:48.739Z 2015-01-29T16:36:13.045Z
45484 https://hackerone.com/reports/45484 XSS on Vimeo $100 niyaax vimeo 2015-01-28T06:05:28.660Z 2015-01-29T00:16:26.664Z
44727 https://hackerone.com/reports/44727 Insecure Data Storage in Vine Android App $140 avicoder twitter 2015-01-22T11:40:01.178Z 2015-06-24T05:07:26.161Z
44512 https://hackerone.com/reports/44512 XSS on any site that includes the moogaloop flash player | deprecated embed code $1,000 batram vimeo 2015-01-21T12:44:31.205Z 2015-02-22T00:10:26.198Z
43065 https://hackerone.com/reports/43065 Fabric.io - an app admin can delete team members from other user apps $1,120 satishb3 twitter 2015-01-09T04:26:42.758Z 2015-03-09T02:31:28.332Z
29263 https://hackerone.com/reports/29263 Redirect while opening link in new tabs $250 niyaax square 2014-09-27T10:39:10.117Z 2015-02-19T21:51:26.624Z
29471 https://hackerone.com/reports/29471 Privilege Escalation $250 aaj__ square 2014-09-30T12:19:57.384Z 2015-03-28T14:41:07.071Z
43998 https://hackerone.com/reports/43998 CRITICAL full source code/config disclosure for Cameo $100 avlidienbrunn vimeo 2015-01-16T07:43:31.882Z 2015-05-11T08:07:15.130Z
43850 https://hackerone.com/reports/43850 abusing Thumbnails(https://vimeo.com/upload/select_thumb) to see a private video $1,000 adrianbelen vimeo 2015-01-15T01:33:39.733Z 2015-04-03T07:33:14.053Z
43672 https://hackerone.com/reports/43672 player.vimeo.com - Reflected XSS Vulnerability $100 dekeeu vimeo 2015-01-14T02:05:52.425Z 2015-03-09T16:00:00.050Z
43602 https://hackerone.com/reports/43602 Buying ondemand videos that 0.1 and sometimes for free $260 harshafriend4all vimeo 2015-01-13T21:20:26.620Z 2015-02-13T15:49:58.750Z
42587 https://hackerone.com/reports/42587 Vimeo.com Insecure Direct Object References Reset Password $5,000 tfairane vimeo 2015-01-05T19:37:50.943Z 2015-02-26T00:13:38.080Z
42702 https://hackerone.com/reports/42702 APIs for channels allow HTML entities that may cause XSS issue $100 artem vimeo 2015-01-06T18:33:35.843Z 2015-01-08T21:37:35.134Z
42584 https://hackerone.com/reports/42584 Vimeo.com - reflected xss vulnerability $100 dekeeu vimeo 2015-01-05T19:13:00.421Z 2015-03-09T03:02:57.144Z
42582 https://hackerone.com/reports/42582 Vimeo.com - Reflected XSS Vulnerability $100 dekeeu vimeo 2015-01-05T19:09:07.645Z 2015-04-08T01:31:52.229Z
43443 https://hackerone.com/reports/43443 PyUnicode_FromFormatV crasher $1,000 guido ibb-python 2014-12-15T00:00:00.000Z 2014-12-15T00:00:00.000Z
43440 https://hackerone.com/reports/43440 Arbitrary file existence disclosure in Action Pack $1,000 nahamsec rails 2014-11-04T00:00:00.000Z 2014-11-20T00:00:00.000Z
41856 https://hackerone.com/reports/41856 HTML/XSS rendered in Android App of Crashlytics through fabric.io $1,400 wesecureapp twitter 2014-12-25T09:40:56.422Z 2015-02-18T18:38:02.252Z
41240 https://hackerone.com/reports/41240 POODLE Bug: 199.16.156.44, 199.16.156.108, mx4.twitter.com $140 isox twitter 2014-12-19T14:51:03.373Z 2015-09-20T08:40:12.167Z
42236 https://hackerone.com/reports/42236 URGENT - Subdomain Takeover on users.tweetdeck.com , the same issue of report #32825 $420 missoum1307 twitter 2014-12-31T18:59:44.713Z 2015-01-01T00:07:17.032Z
30015 https://hackerone.com/reports/30015 CSRF on adding a calendar event $250 anshuman_bh square 2014-10-05T04:04:42.633Z 2015-02-04T19:01:25.829Z
30238 https://hackerone.com/reports/30238 New Device confirmation tokens are not properly validated. $100 mohdhaji87 coinbase 2014-10-06T19:06:07.299Z 2015-05-25T18:36:59.890Z
39631 https://hackerone.com/reports/39631 Open redirection in fabric.io $280 avicoder twitter 2014-12-17T13:48:21.831Z 2014-12-18T18:17:22.364Z
38343 https://hackerone.com/reports/38343 Issue with password change $500 dawidczagan security 2014-12-05T17:10:05.265Z 2015-05-28T04:44:05.518Z
39428 https://hackerone.com/reports/39428 Phabricator Phame Blog Skins Local File Inclusion $500 nullsub phabricator 2014-12-15T15:52:43.735Z 2015-01-14T18:50:23.905Z
6017 https://hackerone.com/reports/6017 Facebook Takeover using Slack using 302 from files.slack.com with access_token $500 fransrosen slack 2014-04-06T07:24:52.591Z 2015-01-11T15:25:45.229Z
38965 https://hackerone.com/reports/38965 Phabricator Diffusion application allows unauthorized users to delete mirrors $300 nullsub phabricator 2014-12-10T15:33:37.117Z 2015-01-09T23:26:33.210Z
20391 https://hackerone.com/reports/20391 m.agent.mail.ru: _ô___Ç_Ç_µ_éã†___Á_µ__ j2me app-descriptor $100 isox mailru 2014-07-17T16:05:25.381Z 2015-09-13T12:08:11.984Z
11919 https://hackerone.com/reports/11919 Stored XSS on http://top.mail.ru $300 4lemon mailru 2014-05-13T11:05:15.908Z 2015-01-10T10:12:21.446Z
34686 https://hackerone.com/reports/34686 __ãš_Ÿ_±___Á ã‹_Ÿ_éãëã‰ãó_ÁãÊ_Ÿ_Ÿ $500 sw3nlab mailru 2014-11-06T16:01:11.926Z 2015-11-02T21:32:07.156Z
38232 https://hackerone.com/reports/38232 Breaking Bugs as team member $500 melvin security 2014-12-04T17:18:07.896Z 2014-12-09T19:03:12.619Z
38189 https://hackerone.com/reports/38189 xss in /browse/contacts/ $100 harshafriend4all openfolio 2014-12-04T11:14:57.152Z 2015-01-14T18:46:53.790Z
38170 https://hackerone.com/reports/38170 Misc Python bugs (Memory Corruption & Use After Free) $6,500 pakt_ ibb-python 2014-09-29T00:00:00.000Z 2014-10-04T00:00:00.000Z
1171 https://hackerone.com/reports/1171 Security.allowDomain("*") in SWFs on img.autos.yahoo.com allows data theft from Yahoo Mail (and others) $2,500 jordanmilne yahoo 2014-02-09T06:04:21.676Z 2015-08-14T20:07:44.150Z
36594 https://hackerone.com/reports/36594 New Device Confirmation, token is valid until not used. $100 lovepakistan coinbase 2014-11-18T14:53:31.691Z 2015-05-24T21:14:41.227Z
38007 https://hackerone.com/reports/38007 Subdomain Takeover using blog.greenhouse.io pointing to Hubspot $1,000 fransrosen greenhouse 2014-12-01T23:27:54.941Z 2015-02-26T13:51:15.430Z
37622 https://hackerone.com/reports/37622 XSS in www.eobot.com(IE9 only) $10 masatokinugawa eobotcom 2014-11-27T13:32:39.807Z 2014-11-29T02:39:54.073Z
35363 https://hackerone.com/reports/35363 [static.qiwi.com] XSS proxy.html $200 smiegles qiwi 2014-11-13T09:54:09.968Z 2014-12-27T12:37:20.525Z
35287 https://hackerone.com/reports/35287 getting emails of users/removing them from victims account [using typical attack] $140 wesecureapp twitter 2014-11-12T13:04:55.177Z 2015-03-13T04:17:05.335Z
36986 https://hackerone.com/reports/36986 [Stored XSS] vine.co - profile page $1,400 xorb twitter 2014-11-21T13:39:29.380Z 2015-03-26T22:34:57.111Z
36319 https://hackerone.com/reports/36319 [qiwi.com] /oauth/confirm.action XSS $100 wesecureapp qiwi 2014-11-17T12:33:08.786Z 2014-12-20T15:45:06.970Z
26935 https://hackerone.com/reports/26935 XSS via .eml file $1,337 reactors08 mailru 2014-09-04T13:15:19.995Z 2014-12-10T19:01:58.292Z
23852 https://hackerone.com/reports/23852 money.mail.ru: _çã‰ãó_Á_______µ _Ë_____µ_Ç_µ___Ÿ_µ SMS $150 isox mailru 2014-08-12T12:54:15.183Z 2015-09-13T12:07:06.140Z
32570 https://hackerone.com/reports/32570 OpenSSL HeartBleed (CVE-2014-0160) $200 c37hun mailru 2014-10-23T15:12:13.551Z 2014-12-10T19:29:15.198Z
8846 https://hackerone.com/reports/8846 localStorage ___µ ãˆ_Ÿãã‰_Ÿã‰ãã _Ë__ã_é_µ __ã†ãƒ___Ç_Á $150 kamil_hism mailru 2014-04-21T21:13:28.618Z 2014-12-10T19:05:41.425Z
36450 https://hackerone.com/reports/36450 [send.qiwi.ru] Soap-based XXE vulnerability /soapserver/ $1,000 bitquark qiwi 2014-11-17T22:31:53.825Z 2014-12-18T15:05:45.315Z
33935 https://hackerone.com/reports/33935 File Name Enumeration $500 nahamsec security 2014-11-04T20:21:36.697Z 2014-11-17T22:28:55.710Z
35413 https://hackerone.com/reports/35413 [send.qiwi.ru] XSS at auth?login= $200 psych0tr1a qiwi 2014-11-13T11:41:39.349Z 2014-12-17T17:21:53.212Z
20873 https://hackerone.com/reports/20873 rsync hash collisions may allow an attacker to corrupt or modify files $3,000 mik internet 2014-07-20T22:42:52.832Z 2014-11-17T23:54:19.088Z
36264 https://hackerone.com/reports/36264 mod_proxy_fcgi buffer overflow $500 talko ibb-apache 2014-09-17T00:00:00.000Z 2014-11-12T00:00:00.000Z
34084 https://hackerone.com/reports/34084 Bad extended ascii handling in HTTP 301 redirects of t.co $420 cqoicebordel twitter 2014-11-05T23:38:17.735Z 2015-08-09T16:10:51.215Z
30011 https://hackerone.com/reports/30011 square google calendar integration CSRF,https://squareup.com/appointments/business/settings(state parameter not checking properly) $500 adrianbelen square 2014-10-05T03:13:32.524Z 2014-12-18T23:30:13.103Z
501 https://hackerone.com/reports/501 TLS Virtual Host Confusion $7,500 adl internet 2013-12-04T14:17:56.532Z 2014-11-10T17:57:51.107Z
35102 https://hackerone.com/reports/35102 Locale::parseLocale Double Free $2,500 johnleitch ibb-php 2014-05-28T00:00:00.000Z 2014-06-27T00:00:00.000Z
33083 https://hackerone.com/reports/33083 Backup of wordpress configuration file found. Leaking database users/passwords $300 internetwache invision 2014-10-28T20:57:52.265Z 2014-12-06T15:21:12.344Z
34112 https://hackerone.com/reports/34112 SMPT Protection not used, I can hijack your email server. $150 ashesh blockio 2014-11-06T05:35:08.435Z 2015-08-13T13:36:19.065Z
30004 https://hackerone.com/reports/30004 CSRF on adding clients $500 anshuman_bh square 2014-10-05T01:11:08.863Z 2015-02-04T19:17:48.467Z
32825 https://hackerone.com/reports/32825 URGENT - Subdomain Takeover on media.vine.co due to unclaimed domain pointing to AWS $1,680 fransrosen twitter 2014-10-25T23:46:23.949Z 2014-11-03T23:37:26.039Z
33091 https://hackerone.com/reports/33091 DOM Cross-Site Scripting ( XSS ) $1,400 avram twitter 2014-10-28T21:35:03.228Z 2014-12-03T23:28:19.558Z
29420 https://hackerone.com/reports/29420 Horizontal Privilege Escalation $350 esamhacks wepay 2014-09-29T19:08:21.614Z 2015-06-19T13:44:14.947Z
31168 https://hackerone.com/reports/31168 Cryptographic Side Channel in OAuth Library $50 voodookobra wp-api 2014-10-12T18:27:30.330Z 2014-10-29T19:57:02.804Z
30852 https://hackerone.com/reports/30852 Relateiq SSLv3 deprecated protocol vulnerability. $250 hasanemrebeyy relateiq 2014-10-09T15:00:29.703Z 2014-12-24T18:18:08.583Z
32519 https://hackerone.com/reports/32519 XSS in fabric.io $280 aj-_- twitter 2014-10-22T20:05:46.941Z 2014-12-23T15:56:03.855Z
27468 https://hackerone.com/reports/27468 Reflected XSS in widget script thru cookie $400 4lemon square 2014-09-08T19:19:59.447Z 2014-12-21T10:01:57.717Z
28832 https://hackerone.com/reports/28832 touch.mail.ru XSS via message id $500 reactors08 mailru 2014-09-21T06:53:28.949Z 2014-12-10T18:50:41.837Z
31082 https://hackerone.com/reports/31082 Unauthorized Tweeting on behalf of Account Owners $420 anshuman_bh twitter 2014-10-12T05:10:55.486Z 2015-05-07T15:11:16.932Z
30975 https://hackerone.com/reports/30975 Improper Verification of email address while saving Account Settings $560 anshuman_bh twitter 2014-10-10T17:56:31.045Z 2015-08-13T13:36:18.927Z
31554 https://hackerone.com/reports/31554 Singup Page HTML Injection Vulnerability $140 ashwarya_me twitter 2014-10-15T16:33:09.460Z 2015-03-22T14:19:25.069Z
29288 https://hackerone.com/reports/29288 Usage of HTTP for exporting graph data as images $250 webpentest sucuri 2014-09-27T17:23:43.855Z 2014-11-17T14:30:52.724Z
31415 https://hackerone.com/reports/31415 PoodleBleed $500 mtk relateiq 2014-10-15T07:33:57.601Z 2015-08-13T13:36:18.968Z
27357 https://hackerone.com/reports/27357 Editing Client Details of other People $750 cliffordtrigo square 2014-09-07T16:16:25.580Z 2014-11-17T14:30:50.783Z
31383 https://hackerone.com/reports/31383 Ability to see common response titles of other teams (limited) $1,000 prakharprasad security 2014-10-14T23:37:10.258Z 2014-10-15T14:14:10.542Z
26866 https://hackerone.com/reports/26866 Critical : Account removing using CSRF attack $350 yassineaboukir wepay 2014-09-03T21:54:15.808Z 2015-08-13T13:36:18.460Z
26527 https://hackerone.com/reports/26527 XSS in Client Past Activity $500 cliffordtrigo square 2014-08-30T23:26:00.227Z 2014-11-17T14:30:49.126Z
29491 https://hackerone.com/reports/29491 homograph attack. IDNs displayed in unicode in bug reports and on external link warning page $500 mrrm security 2014-09-30T18:51:48.699Z 2014-10-09T17:08:05.146Z
12497 https://hackerone.com/reports/12497 Adobe Flash Player FileReference Use-after-Free Vulnerability $7,500 hhj4ck ibb-flash 2014-05-19T04:49:05.660Z 2014-10-07T23:00:14.297Z
27651 https://hackerone.com/reports/27651 Flash Local Sandbox Bypass $1,000 kinine ibb-flash 2014-09-09T20:51:19.206Z 2014-10-07T22:55:38.832Z
28500 https://hackerone.com/reports/28500 iOS App can establish Facetime calls without user's permission $420 gepeto42 twitter 2014-09-18T18:35:13.304Z 2015-04-27T13:03:04.167Z
29360 https://hackerone.com/reports/29360 XSS platform.twitter.com | video-js metadata $1,120 batram twitter 2014-09-29T09:49:48.027Z 2014-11-17T14:30:53.543Z
29328 https://hackerone.com/reports/29328 XSS platform.twitter.com $1,120 batram twitter 2014-09-28T18:18:12.595Z 2014-11-17T14:30:52.825Z
27704 https://hackerone.com/reports/27704 malicious file upload $2,000 adrianbelen square 2014-09-10T09:43:02.021Z 2014-11-17T14:30:51.689Z
29839 https://hackerone.com/reports/29839 GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability $20,000 stephane-chazelas internet 2014-09-24T00:00:00.000Z 2014-10-01T00:00:00.000Z
29480 https://hackerone.com/reports/29480 Unvalidated Channel names causes IRC Command Injection $300 mantis irccloud 2014-09-30T14:12:25.005Z 2014-10-01T13:47:16.521Z
29331 https://hackerone.com/reports/29331 No email verification on username change $500 shahmeer-amir security 2014-09-28T18:50:16.476Z 2014-11-17T14:30:53.164Z
28865 https://hackerone.com/reports/28865 Redirect FILTER bypass in report/comment $500 pranav_hivarekar security 2014-09-21T12:11:18.120Z 2014-10-19T09:00:10.712Z
18501 https://hackerone.com/reports/18501 Session Fixation $500 anshuman_bh wepay 2014-06-30T02:14:17.065Z 2014-10-23T17:55:10.766Z
14552 https://hackerone.com/reports/14552 Session fixation in wepay.com $100 shahmeer-amir wepay 2014-06-03T00:01:38.170Z 2014-10-10T22:23:07.379Z
28150 https://hackerone.com/reports/28150 Cross site scripting on ads.twitter.com $1,400 anand786 twitter 2014-09-15T16:03:30.235Z 2014-10-16T09:51:19.275Z
27987 https://hackerone.com/reports/27987 Window Opener Property Bug $500 prakharprasad security 2014-09-13T17:14:26.342Z 2014-10-28T23:18:36.550Z
27704 https://hackerone.com/reports/27704 malicious file upload $2,000 adrianbelen square 2014-09-10T09:43:02.021Z 2014-11-17T14:30:51.689Z
28450 https://hackerone.com/reports/28450 Active Record SQL Injection Vulnerability Affecting PostgreSQL $1,500 seantheprogrammer rails 2014-07-02T00:00:00.000Z 2014-07-02T00:00:00.000Z
28449 https://hackerone.com/reports/28449 Active Record SQL Injection Vulnerability Affecting PostgreSQL $1,500 seantheprogrammer rails 2014-07-02T00:00:00.000Z 2014-07-02T00:00:00.000Z
28445 https://hackerone.com/reports/28445 SPL ArrayObject/SPLObjectStorage Unserialization Type Confusion Vulnerabilities $2,500 sesser ibb-php 2014-06-20T00:00:00.000Z 2014-07-04T00:00:00.000Z
15412 https://hackerone.com/reports/15412 Leaking CSRF token over HTTP resulting in CSRF protection bypass $1,000 anshuman_bh coinbase 2014-06-07T04:44:03.487Z 2014-10-16T01:53:12.884Z
27404 https://hackerone.com/reports/27404 Delete Credit Cards from any Twitter Account in ads.twitter.com [New Vulnerability] $2,800 secgeek twitter 2014-09-08T01:41:13.306Z 2014-09-30T21:44:48.384Z
27166 https://hackerone.com/reports/27166 Missing Rate Limiting on https://twitter.com/account/complete $140 surgent10cross twitter 2014-09-06T09:44:22.590Z 2014-11-10T20:10:50.766Z
27511 https://hackerone.com/reports/27511 ads.twitter.com xss $1,400 arbitrarycode twitter 2014-09-09T02:32:00.993Z 2014-11-17T14:30:51.415Z
27846 https://hackerone.com/reports/27846 Stored xss $1,400 letshunt twitter 2014-09-11T22:17:13.781Z 2014-09-27T08:25:07.849Z
27389 https://hackerone.com/reports/27389 Reflected XSS in connect.square.com $1,000 avlidienbrunn square 2014-09-07T19:50:14.183Z 2014-10-11T06:34:39.866Z
26700 https://hackerone.com/reports/26700 CRITICAL Account takeover via AngularJS template injection in connect.squareup.com $2,000 avlidienbrunn square 2014-09-02T08:23:56.681Z 2014-11-17T14:30:49.706Z
5314 https://hackerone.com/reports/5314 Coinbase Android Application - Bitcoin Wallet Leaks OAuth Response Code $1,000 prakharprasad coinbase 2014-03-31T06:12:33.653Z 2014-11-26T21:54:19.265Z
26825 https://hackerone.com/reports/26825 Full path disclosure at ads.twitter.com $140 internetwache twitter 2014-09-03T18:06:44.011Z 2014-11-17T14:30:50.498Z
25332 https://hackerone.com/reports/25332 XSS [BookFresh] $500 cliffordtrigo square 2014-08-20T03:35:18.735Z 2014-11-17T14:30:48.353Z
25334 https://hackerone.com/reports/25334 Open Redirect [FreshBook] $250 cliffordtrigo square 2014-08-20T03:46:21.785Z 2014-10-04T07:15:55.159Z
14631 https://hackerone.com/reports/14631 Clickjacking at https://www.mavenlink.com/ main website $50 vineet mavenlink 2014-06-03T02:46:01.085Z 2014-09-19T15:34:56.815Z
17506 https://hackerone.com/reports/17506 Default /docs folder of PHPBB3 installation on gamesnet.yahoo.com $50 michelgaschet yahoo 2014-06-25T09:14:06.612Z 2014-08-08T13:36:01.934Z
25281 https://hackerone.com/reports/25281 Change Any username and profile link in hackerone $100 anand_m security 2014-08-19T18:28:47.434Z 2014-09-25T22:33:35.433Z
23098 https://hackerone.com/reports/23098 Blind SQL injection in www.bookfresh.com $1,500 avlidienbrunn square 2014-08-08T11:46:11.453Z 2014-10-02T12:14:01.104Z
16414 https://hackerone.com/reports/16414 Yahoo Sports Fantasy Golf (Join Public Group) $200 mchooo yahoo 2014-06-14T09:34:15.723Z 2014-08-20T17:48:47.928Z
15762 https://hackerone.com/reports/15762 SQL Injection on 11x11.mail.ru $150 bigbear mailru 2014-06-09T16:55:19.164Z 2014-09-16T05:08:14.311Z
18507 https://hackerone.com/reports/18507 CSRF on email address operations. Also performing unintended operations. $150 anshuman_bh wepay 2014-06-30T04:09:11.578Z 2014-08-19T18:32:10.984Z
25160 https://hackerone.com/reports/25160 Open redirection on secure.phabricator.com $400 anand786 phabricator 2014-08-18T17:30:01.292Z 2014-09-17T21:28:51.834Z
21110 https://hackerone.com/reports/21110 Clickjacking $50 cliffordtrigo mavenlink 2014-07-22T22:05:46.019Z 2014-08-21T17:13:49.708Z
12708 https://hackerone.com/reports/12708 Testing for user enumeration (OWASPäóATäó002) - https://gh.bouncer.login.yahoo.com $100 cmaruti yahoo 2014-05-21T12:43:07.136Z 2014-08-20T17:47:38.886Z
23386 https://hackerone.com/reports/23386 Redirect while opening links in new tabs $500 thetime security 2014-08-09T23:53:26.688Z 2014-09-12T22:26:42.694Z
16935 https://hackerone.com/reports/16935 e.mail.ru: SMS spam with custom content $400 isox mailru 2014-06-19T11:29:48.024Z 2015-09-13T12:05:09.763Z
10468 https://hackerone.com/reports/10468 SQL inj $150 vah13 mailru 2014-04-30T19:48:23.279Z 2014-09-12T13:12:19.006Z
12583 https://hackerone.com/reports/12583 XXE and SSRF on webmaster.mail.ru $700 4lemon mailru 2014-05-20T01:13:14.623Z 2014-12-10T19:09:45.137Z
23363 https://hackerone.com/reports/23363 Forgot Password Issue $300 xtross1 phabricator 2014-08-09T20:02:01.015Z 2014-09-10T19:16:02.866Z
11414 https://hackerone.com/reports/11414 Infrastructure and Application Admin Interfaces (OWASPäóCMäó007) $250 cmaruti yahoo 2014-05-08T15:29:48.890Z 2014-08-20T17:44:21.750Z
18698 https://hackerone.com/reports/18698 Resubmitted with POC #18685 Password reset CSRF $190 shahmeer-amir relateiq 2014-07-01T18:06:26.190Z 2014-09-16T17:46:11.996Z
17160 https://hackerone.com/reports/17160 Password Policy issue (Weak Protect) $100 simon90 slack 2014-06-22T07:25:16.687Z 2014-09-04T09:23:07.150Z
20049 https://hackerone.com/reports/20049 Cross-site Scripting in mailing (username) $100 melvin relateiq 2014-07-14T17:01:53.000Z 2014-12-27T13:43:20.853Z
21210 https://hackerone.com/reports/21210 privilege escalation $50 niks mavenlink 2014-07-23T13:15:52.763Z 2014-08-05T16:33:52.257Z
17474 https://hackerone.com/reports/17474 Broken Authentication and Session Management $300 anand786 phabricator 2014-06-24T16:46:28.892Z 2014-08-05T05:37:48.223Z
22093 https://hackerone.com/reports/22093 Content Spoofing all Integrations in https://team.slack.com/services/new/ $200 asdjsonyou slack 2014-08-01T15:11:46.208Z 2014-09-03T18:12:16.123Z
16330 https://hackerone.com/reports/16330 Multiple issues in looking-glass software (aka from web to BGP injections) $5,000 kaeso internet 2014-06-13T14:30:13.410Z 2014-09-17T19:43:06.035Z
6700 https://hackerone.com/reports/6700 CSRF Token missing on http://baseball.fantasysports.yahoo.com/b1/127146/messages $400 surgent10cross yahoo 2014-04-09T12:04:15.046Z 2014-08-20T17:52:07.098Z
20616 https://hackerone.com/reports/20616 e.mail.ru: File upload "Chapito" circus $1,000 isox mailru 2014-07-18T17:21:36.410Z 2015-09-13T12:03:27.818Z
21069 https://hackerone.com/reports/21069 Login CSRF $100 mikkz mavenlink 2014-07-22T18:30:55.925Z 2014-07-31T23:38:35.502Z
17688 https://hackerone.com/reports/17688 LZ4 Core $6,000 donb internet 2014-06-26T20:11:22.416Z 2014-07-25T19:18:39.479Z
18279 https://hackerone.com/reports/18279 Yahoo! Reflected XSS $250 the_pr0ph3t yahoo 2014-06-28T22:34:05.748Z 2014-08-06T21:17:18.618Z
21150 https://hackerone.com/reports/21150 Flash XSS on swfupload.swf showing at app.mavenlink.com $200 panchocosil mavenlink 2014-07-23T03:17:46.034Z 2014-07-24T17:48:10.462Z
16568 https://hackerone.com/reports/16568 Failed Certificate Validation On Custom Server (Register) $200 pum relateiq 2014-06-15T15:54:42.012Z 2014-08-25T15:18:13.940Z
8284 https://hackerone.com/reports/8284 information disclosure (LOAD BALANCER + URI XSS) $300 nnwakelam yahoo 2014-04-21T06:57:19.764Z 2014-08-06T01:50:46.000Z
8281 https://hackerone.com/reports/8281 https://caldav.calendar.yahoo.com/ - XSS (STORED) $500 nnwakelam yahoo 2014-04-21T06:10:28.199Z 2014-08-06T01:50:33.531Z
7779 https://hackerone.com/reports/7779 Local File Include on marketing-dam.yahoo.com $2,500 redshark1802 yahoo 2014-04-16T16:59:52.320Z 2014-05-16T17:58:40.753Z
21248 https://hackerone.com/reports/21248 Content spoofing at Stripe Integrations $100 asdjsonyou slack 2014-07-23T20:06:01.081Z 2014-08-25T21:50:02.362Z
21034 https://hackerone.com/reports/21034 Invoice Details activate JS that filled in $1,000 sasi2103 coinbase 2014-07-22T12:11:50.502Z 2015-03-30T00:30:49.375Z
15166 https://hackerone.com/reports/15166 Password reset token not expiring $100 siddiki mavenlink 2014-06-05T01:44:26.837Z 2014-07-10T18:23:38.608Z
15852 https://hackerone.com/reports/15852 Non Validation of session after password reset $50 shahmeer-amir mavenlink 2014-06-10T15:30:58.282Z 2014-07-22T19:17:17.021Z
14570 https://hackerone.com/reports/14570 Login password guessing attack $50 shahmeer-amir mavenlink 2014-06-03T00:18:07.228Z 2014-07-22T19:19:06.493Z
20861 https://hackerone.com/reports/20861 moderate: mod_deflate denial of service $500 gianko ibb-apache 2014-02-19T00:00:00.000Z 2014-07-14T00:00:00.000Z
20671 https://hackerone.com/reports/20671 integer overflow in 'buffer' type allows reading memory $1,500 removed ibb-python 2014-06-23T09:15:00.000Z 2014-06-24T03:01:40.000Z
10373 https://hackerone.com/reports/10373 Bypassing Same Origin Policy With JSONP APIs and Flash $3,000 molnarg internet 2014-04-29T23:54:14.670Z 2014-07-19T17:32:22.258Z
7608 https://hackerone.com/reports/7608 invite1.us2.msg.vip.bf1.yahoo.com/ - CSRF/email disclosure $400 nnwakelam yahoo 2014-04-14T18:54:16.481Z 2014-08-06T01:50:28.511Z
6665 https://hackerone.com/reports/6665 Comment Spoofing at http://suggestions.yahoo.com/detail/?prop=directory&fid=97721 $500 surgent10cross yahoo 2014-04-09T06:05:19.870Z 2014-08-20T17:52:18.961Z
1203 https://hackerone.com/reports/1203 XSS in my yahoo $800 mildata yahoo 2014-02-10T11:08:03.986Z 2015-08-14T20:09:00.793Z
10081 https://hackerone.com/reports/10081 SQL $150 vah13 mailru 2014-04-28T03:47:13.161Z 2014-08-16T07:22:06.669Z
14033 https://hackerone.com/reports/14033 connect.mail.ru: SSRF $300 isox mailru 2014-05-29T19:02:07.188Z 2015-09-13T12:02:27.399Z
9919 https://hackerone.com/reports/9919 SQL injection [_Çã†ãó___Á __ _Ç___Ÿ_____µ ã‹__ãóã€___Á] $200 psych0tr1a mailru 2014-04-26T20:07:59.131Z 2014-11-16T18:46:32.947Z
9921 https://hackerone.com/reports/9921 Time based sql injection $200 psych0tr1a mailru 2014-04-26T20:09:51.754Z 2014-12-10T18:51:39.356Z
5442 https://hackerone.com/reports/5442 XSS in Yahoo! Web Analytics $100 cliffordtrigo yahoo 2014-04-01T07:06:10.158Z 2014-08-06T21:14:36.959Z
6702 https://hackerone.com/reports/6702 CSRF Token is missing on DELETE message option on http://baseball.fantasysports.yahoo.com/b1/127146/messages $200 surgent10cross yahoo 2014-04-09T12:19:36.968Z 2014-08-20T17:52:28.808Z
12685 https://hackerone.com/reports/12685 Authorization issue on creative.yahoo.com $50 cmaruti yahoo 2014-05-21T07:31:39.805Z 2014-08-06T21:19:48.676Z
17785 https://hackerone.com/reports/17785 Denial of Service $100 pranav_hivarekar security 2014-06-27T16:23:28.815Z 2015-04-28T05:46:40.563Z
2598 https://hackerone.com/reports/2598 http://conf.member.yahoo.com configuration file disclosure $100 nnwakelam yahoo 2014-03-01T18:35:18.829Z 2014-08-06T01:50:23.780Z
8082 https://hackerone.com/reports/8082 Password Reset Bug $100 christypriory security 2014-04-18T22:41:09.474Z 2014-09-25T22:34:35.437Z
13482 https://hackerone.com/reports/13482 https://217.69.135.63/rb/: money.mail.ru sources disclosure $1,000 isox mailru 2014-05-26T13:17:53.073Z 2015-09-13T10:29:27.802Z
13959 https://hackerone.com/reports/13959 privilege escalation $250 niks automattic 2014-05-29T09:09:04.533Z 2014-08-10T06:00:52.864Z
18851 https://hackerone.com/reports/18851 .NET Type Traversal Vulnerability $5,000 tyranid sandbox 2014-02-11T00:00:00.000Z 2014-02-11T00:00:00.000Z
18850 https://hackerone.com/reports/18850 OSX ATS memory corruption may lead to App Sandbox bypass Bounty Info Not sure No Reporter Information FOund sandbox 2014-02-26T00:00:00.000Z 2014-02-26T00:00:00.000Z
18849 https://hackerone.com/reports/18849 OSX ATS arbitrary free issue may lead to App Sandbox bypass Bounty Info Not sure No Reporter Information FOund sandbox 2014-02-26T00:00:00.000Z 2014-02-26T00:00:00.000Z
18721 https://hackerone.com/reports/18721 Multiple Full Path Disclosure (FPD) Vulnerability on Dccompendium.com domain $25 rodgodalle dccompendium 2014-07-01T23:54:32.255Z 2014-08-02T01:44:35.749Z
17903 https://hackerone.com/reports/17903 Error page Cross-site scripting $25 smiegles dccompendium 2014-06-28T16:33:49.737Z 2014-07-30T09:26:57.032Z
18295 https://hackerone.com/reports/18295 source code disclosure $25 adrianbelen dccompendium 2014-06-29T02:10:17.017Z 2014-08-27T03:11:55.743Z
17909 https://hackerone.com/reports/17909 XSS on Home page $25 xtross1 dccompendium 2014-06-28T16:37:32.090Z 2014-07-02T18:07:07.370Z
17896 https://hackerone.com/reports/17896 Clickjacking: X-Frame-Options header missing $25 huzaifa_jawaid dccompendium 2014-06-28T16:27:55.588Z 2014-08-01T13:00:45.390Z
7264 https://hackerone.com/reports/7264 Bypass of the Clickjacking protection on Flickr using data URL in iframes $250 joserabal yahoo 2014-04-11T21:55:10.481Z 2014-06-06T18:18:46.548Z
18691 https://hackerone.com/reports/18691 XSS in editor by any user $1,000 tunnelshade phabricator 2014-07-01T16:57:02.513Z 2014-08-13T12:59:52.123Z
18389 https://hackerone.com/reports/18389 Backend source code disclosure on 404 pages $50 shahmeer-amir dccompendium 2014-06-29T10:32:16.808Z 2014-08-01T14:50:31.012Z
6322 https://hackerone.com/reports/6322 Header injection on rmaitrack.ads.vip.bf1.yahoo.com $1,000 redshark1802 yahoo 2014-04-07T20:15:01.479Z 2014-07-31T15:54:24.273Z
6268 https://hackerone.com/reports/6268 Cross-origin issue on rmaiauth.ads.vip.bf1.yahoo.com $250 redshark1802 yahoo 2014-04-07T19:47:34.038Z 2014-07-31T15:54:41.481Z
6195 https://hackerone.com/reports/6195 reflected XSS, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean $300 nnwakelam yahoo 2014-04-07T15:45:59.539Z 2014-08-06T01:52:43.763Z
6194 https://hackerone.com/reports/6194 Significant Information Disclosure/Load balancer access, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean $500 nnwakelam yahoo 2014-04-07T15:43:38.151Z 2014-08-06T01:49:48.423Z
14699 https://hackerone.com/reports/14699 Open Redirect $300 cliffordtrigo wepay 2014-06-03T05:35:01.692Z 2014-07-08T09:25:08.872Z
17540 https://hackerone.com/reports/17540 Reflected XSS in Pastebin-view $500 pseudochu irccloud 2014-06-26T01:59:19.878Z 2014-06-28T13:48:03.078Z
17383 https://hackerone.com/reports/17383 Category- Broken Authentication and Session Management (leads to account compromise if some conditions are met) $100 anand786 security 2014-06-23T19:33:37.309Z 2014-07-26T07:34:59.979Z
10563 https://hackerone.com/reports/10563 CSRF on "Set as primary" option on the accounts page $100 anshuman_bh coinbase 2014-05-02T01:24:48.948Z 2014-07-26T00:27:57.634Z
3370 https://hackerone.com/reports/3370 Directory traversal attack in view resolver $1,500 lautis rails 2014-03-06T11:13:20.634Z 2015-07-09T19:15:27.083Z
13748 https://hackerone.com/reports/13748 Potential denial of service in hackerone.com/teams/new $100 idps security 2014-05-28T06:10:49.800Z 2014-06-20T22:39:34.537Z
13388 https://hackerone.com/reports/13388 Linux PI futex self-requeue bug $10,000 comex sandbox 2014-05-26T05:00:49.707Z 2014-06-19T19:51:27.419Z
15362 https://hackerone.com/reports/15362 Flash Sandbox Bypass $3,000 kinine ibb-flash 2014-06-06T18:39:15.242Z 2014-06-19T18:07:45.941Z
16718 https://hackerone.com/reports/16718 Open Redirect login account $100 asdjsonyou slack 2014-06-17T08:19:28.976Z 2014-08-25T21:58:02.476Z
16571 https://hackerone.com/reports/16571 SSRF (Portscan) via Register Function (Custom Server) $250 pum relateiq 2014-06-15T16:19:41.558Z 2014-07-26T10:44:31.133Z
16392 https://hackerone.com/reports/16392 Abusing daemon logs for Privilege escalation under certain scenarios $300 tunnelshade phabricator 2014-06-14T03:09:35.523Z 2014-06-18T13:44:53.500Z
16315 https://hackerone.com/reports/16315 Abusing VCS control on phabricator $600 tunnelshade phabricator 2014-06-13T12:49:59.335Z 2014-06-13T15:04:00.726Z
4461 https://hackerone.com/reports/4461 Server Side Request Forgery $500 santese yahoo 2014-03-20T17:00:20.714Z 2014-06-05T15:09:17.537Z
2628 https://hackerone.com/reports/2628 CSRF vulnerability on https://sehacure.slack.com/account/settings $100 anand786 slack 2014-03-01T22:30:04.475Z 2014-07-26T20:43:19.231Z
12588 https://hackerone.com/reports/12588 XSS in a file or folder name $500 reactors08 mailru 2014-05-20T05:26:35.769Z 2014-07-09T09:24:50.764Z
11410 https://hackerone.com/reports/11410 XSS in https://e.mail.ru/cgi-bin/lstatic (Limited use) $400 4lemon mailru 2014-05-08T14:24:00.038Z 2014-12-10T19:07:13.133Z
15785 https://hackerone.com/reports/15785 Session not invalidated after password reset $100 guido security 2014-06-10T00:12:06.324Z 2014-06-10T01:45:10.430Z
454 https://hackerone.com/reports/454 PNG compression DoS $500 dutchgraa security 2013-11-23T21:21:28.099Z 2015-05-28T04:45:07.299Z
7813 https://hackerone.com/reports/7813 readble .htaccess + Source Code Disclosure (+ .SVN repository) $250 nahamsec yahoo 2014-04-17T06:35:22.709Z 2014-08-20T17:54:30.624Z
14127 https://hackerone.com/reports/14127 SSRF on https://whitehataudit.slack.com/account/photo $300 4lemon slack 2014-05-30T12:42:48.729Z 2014-12-21T10:03:57.732Z
2168 https://hackerone.com/reports/2168 XSS on Every sports.yahoo.com page $1,500 kenb yahoo 2014-02-21T19:16:17.052Z 2014-08-20T17:53:20.974Z
1533 https://hackerone.com/reports/1533 Flickr: Invitations disclosure (resend feature) $750 d4d1a179c0f3 yahoo 2014-02-16T01:00:13.662Z 2014-04-05T19:27:10.372Z
1483 https://hackerone.com/reports/1483 HTML Injection on flickr screename using IOS App $800 panchocosil yahoo 2014-02-15T03:12:24.991Z 2015-10-27T20:27:41.988Z
13195 https://hackerone.com/reports/13195 auth.mail.ru: XSS in login form $500 isox mailru 2014-05-24T14:41:33.459Z 2015-09-13T12:00:50.027Z
11927 https://hackerone.com/reports/11927 Stored XSS on http://cards.mail.ru $150 4lemon mailru 2014-05-13T12:23:15.140Z 2014-12-10T19:09:03.423Z
13286 https://hackerone.com/reports/13286 Host Header Injection - irccloud.com $100 ethicalhacker irccloud 2014-05-25T10:41:44.901Z 2014-07-08T10:00:33.687Z
7266 https://hackerone.com/reports/7266 XSS in https://hk.user.auctions.yahoo.com $500 quistertow yahoo 2014-04-11T22:07:07.361Z 2014-08-20T17:47:02.582Z
11861 https://hackerone.com/reports/11861 SQL injection update.mail.ru $250 vah13 mailru 2014-05-12T18:30:36.120Z 2014-05-30T11:39:42.303Z
9479 https://hackerone.com/reports/9479 Anti-MIME-Sniffing header X-Content-Type-Options header has not been set. $100 uname security 2014-04-24T04:17:10.001Z 2015-04-28T05:06:57.061Z
5946 https://hackerone.com/reports/5946 Marking notifications as read CSRF bug $100 redkan security 2014-04-05T12:35:00.350Z 2015-04-28T15:37:35.678Z
10554 https://hackerone.com/reports/10554 Bypassing 2FA for BTC transfers $1,000 michiel coinbase 2014-05-01T19:58:58.192Z 2014-09-25T06:48:37.171Z
1538 https://hackerone.com/reports/1538 SQLi on http://sports.yahoo.com/nfl/draft $3,705 esevece yahoo 2014-02-16T02:12:34.048Z 2014-04-05T17:37:25.241Z
6704 https://hackerone.com/reports/6704 Open Proxy, http://www.smushit.com/ysmush.it/, 4/09/14, #SpringClean $2,000 internetwache yahoo 2014-04-09T12:27:35.581Z 2014-08-20T17:53:33.824Z
10037 https://hackerone.com/reports/10037 SQL inj $150 vah13 mailru 2014-04-27T19:12:28.460Z 2014-05-30T11:40:23.153Z
8724 https://hackerone.com/reports/8724 Clickjacking $150 help4u mailru 2014-04-21T17:07:18.310Z 2014-06-06T09:53:17.145Z
9318 https://hackerone.com/reports/9318 Home page reflected XSS $250 bitquark mailru 2014-04-23T10:58:46.134Z 2014-06-06T11:43:17.708Z
10829 https://hackerone.com/reports/10829 CSRF in function "Set as primary" on accounts page $100 0ctac0der coinbase 2014-05-03T19:46:07.517Z 2014-06-06T04:56:45.797Z
6182 https://hackerone.com/reports/6182 captcha missing $200 niks invision 2014-04-07T14:25:24.072Z 2014-07-16T09:07:14.747Z
6674 https://hackerone.com/reports/6674 REMOTE CODE EXECUTION/LOCAL FILE INCLUSION/XSPA/SSRF, view-source:http://sb*.geo.sp1.yahoo.com/, 4/6/14, #SpringClean $3,000 nnwakelam yahoo 2014-04-09T07:51:17.063Z 2014-08-06T01:52:37.528Z
4836 https://hackerone.com/reports/4836 From Unrestricted File Upload to Remote Command Execution $800 santese yahoo 2014-03-26T10:36:57.922Z 2014-04-07T16:42:53.804Z
6353 https://hackerone.com/reports/6353 Wildcard DNS in website $100 shahmeer-amir relateiq 2014-04-07T21:43:19.990Z 2014-06-01T00:31:47.303Z
10297 https://hackerone.com/reports/10297 Stored XSS in slack.com (integrations) $500 mchooo slack 2014-04-29T15:12:00.326Z 2014-05-29T19:55:54.201Z
9774 https://hackerone.com/reports/9774 Stored XSS Found $500 karshxz7593 slack 2014-04-25T16:26:45.261Z 2014-06-01T06:26:54.111Z
7531 https://hackerone.com/reports/7531 Login CSRF can be bypassed (Similar approach to previous one). $100 uname irccloud 2014-04-14T13:24:23.085Z 2014-05-20T12:03:13.727Z
5933 https://hackerone.com/reports/5933 Multiple Issues related to registering applications $1,000 anshuman_bh coinbase 2014-04-05T09:03:16.501Z 2014-05-29T01:07:30.884Z
7369 https://hackerone.com/reports/7369 2 factor authentication design flaw $100 ryancollins coinbase 2014-04-12T17:47:25.145Z 2014-06-06T04:09:56.472Z
7357 https://hackerone.com/reports/7357 Host Header is not validated resulting in Open Redirect $100 anshuman_bh irccloud 2014-04-12T16:54:31.765Z 2014-04-24T09:52:31.637Z
7931 https://hackerone.com/reports/7931 Issue with remember_user_token $150 dawidczagan security 2014-04-17T21:30:55.231Z 2015-05-28T04:48:47.701Z
6883 https://hackerone.com/reports/6883 Bruteforcing irccloud login $100 cliffordtrigo irccloud 2014-04-10T21:41:29.872Z 2014-05-26T08:35:47.565Z
4256 https://hackerone.com/reports/4256 XSS Vulnerability (my.yahoo.com) $250 mchooo yahoo 2014-03-18T00:04:31.275Z 2014-05-07T21:51:27.195Z
9391 https://hackerone.com/reports/9391 Xss in CampTix Event Ticketing $25 atulshedage iandunn-projects 2014-04-23T17:39:15.556Z 2014-04-24T17:50:51.204Z
9375 https://hackerone.com/reports/9375 Stored XSS in all fields in Basic Google Maps Placemarks Settings $25 cliffordtrigo iandunn-projects 2014-04-23T16:29:12.971Z 2014-04-23T23:41:22.633Z
5928 https://hackerone.com/reports/5928 Uncontrolled Resource Consumption with XMPP-Layer Compression $500 gianko internet 2014-04-05T07:14:39.739Z 2014-04-20T21:15:34.837Z
7803 https://hackerone.com/reports/7803 Security bypass could lead to information disclosure $2,000 masatokinugawa ibb-flash 2014-04-08T00:00:00.000Z 2014-04-08T00:00:00.000Z
2140 https://hackerone.com/reports/2140 Flash local-with-fileaccess Sandbox Bypass $2,000 kinine ibb-flash 2014-02-21T01:47:59.228Z 2014-04-17T00:41:53.991Z
6877 https://hackerone.com/reports/6877 Unsecure cookies, cookie flag secure not set $100 cliffordtrigo irccloud 2014-04-10T21:34:38.332Z 2014-05-15T16:16:10.381Z
7041 https://hackerone.com/reports/7041 iOS application does not destroy session upon logout. $100 uname irccloud 2014-04-11T05:34:06.299Z 2014-05-22T22:46:40.787Z
7036 https://hackerone.com/reports/7036 Bug in iOS application which could lead to unauthorised access. $100 uname irccloud 2014-04-11T04:48:36.732Z 2014-05-15T14:16:41.277Z
6935 https://hackerone.com/reports/6935 Missing X-Content-Type-Options $100 shipcode irccloud 2014-04-11T00:10:01.272Z 2014-05-15T10:51:54.878Z
6350 https://hackerone.com/reports/6350 creating titleless and non-closable bugs $150 leander security 2014-04-07T21:37:17.452Z 2014-04-17T05:36:56.573Z
2421 https://hackerone.com/reports/2421 Value of JSESSIONID and XSRF token parameter in cookie remains same before and after login $100 shahmeer-amir relateiq 2014-02-28T13:01:01.487Z 2014-05-14T21:58:04.296Z
6907 https://hackerone.com/reports/6907 Session Token is not Verified while changing Account Setting's which Result In account Takeover $500 exploitprotocol irccloud 2014-04-10T22:58:58.649Z 2014-04-23T11:16:00.693Z
6872 https://hackerone.com/reports/6872 Sign up CSRF $100 cliffordtrigo irccloud 2014-04-10T21:24:11.161Z 2014-05-14T13:01:59.583Z
6871 https://hackerone.com/reports/6871 Login CSRF $100 cliffordtrigo irccloud 2014-04-10T21:22:34.406Z 2014-04-21T16:02:37.838Z
7121 https://hackerone.com/reports/7121 Persistent Cross Site Scripting within the IRCCloud Pastebin $500 mantis irccloud 2014-04-11T11:31:46.703Z 2014-10-01T13:47:10.420Z
6626 https://hackerone.com/reports/6626 TLS heartbeat read overrun Bounty Info Not sure No Reporter Information FOund ibb-openssl 2014-04-05T23:51:06.000Z 2014-04-07T16:53:31.000Z
6389 https://hackerone.com/reports/6389 Integer overflow in strop.expandtabs $1,500 ianbeer ibb-python 2014-03-31T00:09:44.000Z 2014-03-31T00:09:44.000Z
6380 https://hackerone.com/reports/6380 Same Origin Security Bypass Vulnerability $2,000 masatokinugawa ibb-flash 2014-03-11T00:00:00.000Z 2014-03-11T00:00:00.000Z
6002 https://hackerone.com/reports/6002 Stored XSS in Slack.com $300 aj-_- slack 2014-04-06T02:40:01.137Z 2015-03-09T18:52:47.846Z
6002 https://hackerone.com/reports/6002 Stored XSS in Slack.com $300 aj-_- slack 2014-04-06T02:40:01.137Z 2015-03-09T18:52:47.846Z
5786 https://hackerone.com/reports/5786 Coinbase Android Security Vulnerabilities $100 bryanstern coinbase 2014-03-11T20:05:00.000Z 2014-05-07T21:58:00.252Z
4561 https://hackerone.com/reports/4561 Stored XSS in Slackbot Direct Messages $500 prakharprasad slack 2014-03-22T10:54:27.583Z 2014-05-04T18:38:21.252Z
3039 https://hackerone.com/reports/3039 SQL Injection ON HK.Promotion $1,000 nahamsec yahoo 2014-03-04T04:40:45.194Z 2014-03-17T16:34:36.700Z
4409 https://hackerone.com/reports/4409 TRACE disclosure attack may be possible $100 cliffordtrigo relateiq 2014-03-19T23:20:32.245Z 2014-07-25T20:58:25.806Z
2127 https://hackerone.com/reports/2127 HK.Yahoo.Net Remote Command Execution $1,276 nahamsec yahoo 2014-02-20T17:40:29.222Z 2014-03-17T16:31:13.256Z
4690 https://hackerone.com/reports/4690 SPDY heap buffer overflow $3,000 lmolas ibb-nginx 2014-03-24T21:54:37.486Z 2014-03-24T21:54:37.486Z
4689 https://hackerone.com/reports/4689 SPDY memory corruption $3,000 lmolas ibb-nginx 2014-03-24T21:54:07.136Z 2014-03-24T21:54:07.136Z
4638 https://hackerone.com/reports/4638 Duplicate of #4550 $500 prakharprasad slack 2014-03-23T19:51:54.159Z 2014-05-21T15:08:07.830Z
3441 https://hackerone.com/reports/3441 Captcha Bypass With Extension $100 robin relateiq 2014-03-07T09:10:27.296Z 2014-04-20T22:34:17.821Z
2427 https://hackerone.com/reports/2427 XSRF token problem $100 shahmeer-amir relateiq 2014-02-28T13:56:52.823Z 2014-04-20T22:09:02.690Z
3986 https://hackerone.com/reports/3986 Securing sensitive pages from SearchBots $100 siddiki security 2014-03-14T10:03:32.070Z 2014-04-20T15:13:00.462Z
4114 https://hackerone.com/reports/4114 Persistent XSS: Editor link $300 tomvg phabricator 2014-03-16T11:30:47.494Z 2014-04-16T20:02:21.407Z
3930 https://hackerone.com/reports/3930 OAuth Stealing Attack (New) $400 goldshlager phabricator 2014-03-13T14:08:40.477Z 2014-04-13T12:37:27.935Z
3921 https://hackerone.com/reports/3921 Control character allowed in username $300 dawidczagan phabricator 2014-03-13T12:32:49.566Z 2014-04-12T19:55:37.054Z
2575 https://hackerone.com/reports/2575 Slack OAuth2 "redirect_uri" Bypass $100 prakharprasad slack 2014-03-01T15:12:55.080Z 2014-05-29T22:15:44.983Z
2559 https://hackerone.com/reports/2559 Broken Authentication (including Slack OAuth bugs) $100 anand786 slack 2014-03-01T11:56:40.224Z 2014-08-30T07:19:16.157Z
3596 https://hackerone.com/reports/3596 OAuth access_token stealing in Phabricator $450 goldshlager phabricator 2014-03-10T12:03:49.078Z 2014-04-11T14:23:15.622Z
3227 https://hackerone.com/reports/3227 Control Characters Not Stripped From Username on Signup $100 fin1te security 2014-03-04T21:46:39.784Z 2014-03-11T20:33:27.097Z
1675 https://hackerone.com/reports/1675 Local file inclusion $1,390 alexandru yahoo 2014-02-17T19:27:35.477Z 2014-03-27T17:33:19.223Z
3455 https://hackerone.com/reports/3455 flash content type sniff vulnerability in api.slack.com $500 netfuzzer slack 2014-03-07T14:17:25.238Z 2014-04-08T23:56:03.546Z
2439 https://hackerone.com/reports/2439 Cross Site Scripting (XSS) - app.relateiq.com $100 quistertow relateiq 2014-02-28T17:16:44.292Z 2014-08-07T16:09:28.649Z
2735 https://hackerone.com/reports/2735 HTML injection in "Invite Collaborators" $100 melvin relateiq 2014-03-02T19:23:13.655Z 2014-04-06T19:10:37.234Z
3356 https://hackerone.com/reports/3356 UnAuthorized Editorial Publishing to Blogs $300 mlitchfield phabricator 2014-03-06T08:41:22.840Z 2014-04-05T22:08:45.681Z
2777 https://hackerone.com/reports/2777 Reflected Xss $500 niks slack 2014-03-03T09:18:31.827Z 2014-05-19T08:28:09.846Z
2622 https://hackerone.com/reports/2622 URL redirection flaw $200 anand786 slack 2014-03-01T22:03:05.186Z 2014-08-30T07:20:16.157Z
2617 https://hackerone.com/reports/2617 Stored XSS in www.slack-files.com $200 prakharprasad slack 2014-03-01T21:29:41.229Z 2014-05-23T22:59:09.590Z
2625 https://hackerone.com/reports/2625 Stored XSS in username.slack.com $500 prakharprasad slack 2014-03-01T22:11:51.624Z 2014-08-07T18:20:45.404Z
2652 https://hackerone.com/reports/2652 Stored XSS in Channel Chat $500 prakharprasad slack 2014-03-02T00:34:11.203Z 2014-05-21T15:03:41.674Z
2584 https://hackerone.com/reports/2584 Weird Bug - Ability to see partial of other user's notification $500 wcypierre security 2014-03-01T16:55:36.988Z 2014-04-19T20:59:45.280Z
2497 https://hackerone.com/reports/2497 Reflective XSS can be triggered in IE $150 shahmeer-amir slack 2014-02-28T23:48:51.975Z 2015-03-15T03:32:00.231Z
2221 https://hackerone.com/reports/2221 CSS leaks SCSS debug info $100 guido security 2014-02-23T13:23:11.998Z 2014-02-28T16:46:22.053Z
940 https://hackerone.com/reports/940 Store XSS Flicker main page $1,960 panchocosil yahoo 2014-02-03T20:51:52.286Z 2015-08-14T19:07:22.801Z
914 https://hackerone.com/reports/914 XSS Yahoo Messenger Via Calendar.Yahoo.Com $677.50 nahamsec yahoo 2014-02-03T16:52:20.123Z 2014-03-23T18:23:33.017Z
2170 https://hackerone.com/reports/2170 Flash double free vulnerability leads to code execution $10,000 clem1 ibb-flash 2014-02-21T20:37:47.654Z 2014-02-27T21:44:27.694Z
2245 https://hackerone.com/reports/2245 Win32k Window Handle Vulnerability (EoP) $5,000 datuzi sandbox 2014-01-14T00:00:00.000Z 2014-01-14T00:00:00.000Z
2228 https://hackerone.com/reports/2228 Login CSRF using Twitter OAuth $300 mathias phabricator 2014-02-23T17:25:25.462Z 2014-03-26T01:09:32.610Z
2233 https://hackerone.com/reports/2233 Bypass auth.email-domains (2) $500 tomvg phabricator 2014-02-23T18:44:37.166Z 2014-03-26T01:04:47.585Z
2224 https://hackerone.com/reports/2224 Bypass auth.email-domains $1,000 tomvg phabricator 2014-02-23T16:08:39.974Z 2014-03-25T18:23:30.689Z
916 https://hackerone.com/reports/916 Cross-site scripting on the main page of flickr by tagging a user. $2,173.75 smiegles yahoo 2014-02-03T17:35:32.694Z 2014-03-07T00:44:02.745Z
2107 https://hackerone.com/reports/2107 Handling of jar: URIs bypasses AllowScriptAccess=never $2,000 masatokinugawa ibb-flash 2014-01-14T00:00:00.000Z 2014-01-14T00:00:00.000Z
2106 https://hackerone.com/reports/2106 Flash type confusion vulnerability leads to code execution $10,000 bannedit ibb-flash 2013-12-10T00:00:00.000Z 2013-12-10T00:00:00.000Z
1509 https://hackerone.com/reports/1509 DNS Misconfiguration $100 szgru security 2014-02-15T15:52:47.317Z 2014-02-15T21:04:41.142Z
1356 https://hackerone.com/reports/1356 PHP Heap Overflow Vulnerability in imagecrop() $1,500 kubabrecka ibb-php 2013-12-27T02:57:00.000Z 2014-02-06T00:00:00.000Z
960 https://hackerone.com/reports/960 Linux 3.4+: arbitrary write with CONFIG_X86_X32 $3,000 pageexec sandbox 2014-01-28T23:52:58.000Z 2014-01-31T00:11:16.000Z
842 https://hackerone.com/reports/842 Autocomplete enabled in Paypal preferences $100 xtross1 security 2014-02-01T09:55:39.277Z 2015-05-28T04:50:18.149Z
809 https://hackerone.com/reports/809 Improperly implemented password recovery link functionality $300 dawidczagan phabricator 2014-01-27T20:49:36.770Z 2014-02-27T00:54:55.437Z
774 https://hackerone.com/reports/774 Log in a user to another account $300 dawidczagan phabricator 2014-01-23T12:54:26.529Z 2014-02-22T22:21:32.666Z
742 https://hackerone.com/reports/742 A password reset page does not properly validate the authenticity token at the server side. $100 niks security 2014-01-17T14:53:50.225Z 2014-04-19T20:59:39.929Z
727 https://hackerone.com/reports/727 Switching the user to the attacker's account $150 dawidczagan security 2014-01-15T22:24:14.153Z 2014-02-20T00:04:27.563Z
737 https://hackerone.com/reports/737 Improper session management $100 dawidczagan security 2014-01-16T23:48:19.888Z 2014-02-19T23:57:04.759Z
738 https://hackerone.com/reports/738 Information disclosure (reset password token) and changing the user's password $100 dawidczagan security 2014-01-17T00:49:34.781Z 2014-02-19T23:44:04.883Z
575 https://hackerone.com/reports/575 Email spoofing $250 introvertmac security 2014-01-10T11:44:11.303Z 2015-05-28T04:51:46.358Z
713 https://hackerone.com/reports/713 Upload profile photo from URL $500 laceratus security 2014-01-14T17:04:41.419Z 2014-02-15T03:07:33.332Z
547 https://hackerone.com/reports/547 CSRF login $100 andrisatteka security 2014-01-03T11:22:33.052Z 2014-01-13T16:42:18.010Z
546 https://hackerone.com/reports/546 Logical issues with account settings $150 introvertmac security 2014-01-01T15:23:05.995Z 2015-05-28T04:52:35.867Z
523 https://hackerone.com/reports/523 PHP openssl_x509_parse() Memory Corruption Vulnerability $4,000 sesser ibb-php 2013-11-30T23:00:00.000Z 2013-12-13T00:00:00.000Z
500 https://hackerone.com/reports/500 OpenSSH: Memory corruption in AES-GCM support $1,500 markus internet 2013-11-07T00:00:00.000Z 2013-11-07T00:00:00.000Z
499 https://hackerone.com/reports/499 Ruby: Heap Overflow in Floating Point Parsing $1,500 charliesome ibb-ruby 2013-11-22T00:00:00.000Z 2013-11-22T00:00:00.000Z
487 https://hackerone.com/reports/487 DNS Cache Poisoning $100 michael1026 security 2013-12-01T00:58:34.856Z 2014-01-09T14:36:41.000Z
477 https://hackerone.com/reports/477 Flawed account creation process allows registration of usernames corresponding to existing file names $100 mortes security 2013-11-30T11:42:13.022Z 2014-04-19T20:59:27.067Z
400 https://hackerone.com/reports/400 GIF flooding $250 dutchgraa security 2013-11-15T01:35:22.622Z 2013-11-30T12:44:26.582Z
390 https://hackerone.com/reports/390 Pixel flood attack $500 dutchgraa security 2013-11-12T16:04:27.096Z 2013-11-30T12:50:43.920Z
353 https://hackerone.com/reports/353 Session not expired on logout $100 satishb3 security 2013-11-09T05:54:35.279Z 2014-04-19T20:59:16.332Z
321 https://hackerone.com/reports/321 CSP not consistently applied $250 janpaul123 security 2013-11-08T09:59:03.704Z 2013-11-30T01:10:30.353Z
298 https://hackerone.com/reports/298 RTL override symbol not stripped from file names $500 mathias security 2013-11-07T19:12:41.742Z 2015-05-28T04:49:32.247Z
288 https://hackerone.com/reports/288 Session Management $100 javidhussain21 security 2013-11-07T17:19:36.545Z 2014-04-19T20:59:20.960Z
284 https://hackerone.com/reports/284 Broken Authentication and session management OWASP A2 $100 anand786 security 2013-11-07T13:27:06.643Z 2014-01-09T14:36:45.000Z
280 https://hackerone.com/reports/280 Real impersonation $100 janpaul123 security 2013-11-07T11:05:32.899Z 2013-11-30T01:10:48.953Z
120 https://hackerone.com/reports/120 Missing SPF for hackerone.com $500 szgru security 2013-11-06T21:55:00.483Z 2014-01-09T14:36:47.000Z
You can’t perform that action at this time.