H1 Disclosed - Public Disclosures
@h1Disclosed
Followers
10K
Following
275
Media
2K
Statuses
2K
User friendly unofficial HackerOne public disclosures, keeps you updated about the recently disclosed bugs. Made With ♥ By Hackers For Hackers. - @rohsec
127.0.0.1
Joined September 2022
⚡ on the implications of permitting procedural culling .👨🏻💻 lyb_unaffiliated ➟ curl .🟨 Low.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
0
0
7
⚡ curl ASSERTs when accessing an LDAP URL .👨🏻💻 cmeister2 ➟ curl .⬜ None.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
0
0
1
⚡ XSS on Amazon Aquisition: elemental .👨🏻💻 muhammad_kasim ➟ AWS VDP .🟥 High.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
0
1
9
⚡ [CRITICAL] 0-Click Account Takeover via Password Reset [AUTH-3243] /orchestrator/v1/password_rese. 👨🏻💻 db3wy ➟ Remitly .🆘 Critical.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
1
7
86
⚡ API Key Exposed in JavaScript File on 1Password Developer Site .👨🏻💻 @sudosu01 ➟ 1Password - Enterprise Password Manager .⬜ None.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
2
1
24
⚡ Account takeover of existing HackerOne accounts through SCIM provisioning .👨🏻💻 boy_child_ ➟ HackerOne .🟥 High.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
0
2
18
⚡ Stored Cross-Site Scripting (XSS) in "Add Contact" Name Field – MainWP Plugin .👨🏻💻 rishail01 ➟ MainWP .⬜ None.💰 $50.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
0
1
2
⚡ Reflected XSS in "Create Category" Functionality of Post Creation Module .👨🏻💻 rishail01 ➟ MainWP .🟨 Low.💰 $50.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
1
0
11
⚡ Reflected XSS in "Manage Tags" Notes Field .👨🏻💻 rishail01 ➟ MainWP .🟨 Low.💰 $50.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
0
0
6
⚡ Reflected XSS in "Cost Tracker" Notes Field .👨🏻💻 rishail01 ➟ MainWP .🟨 Low.💰 $50.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
0
0
4
⚡ exposure of personal IP address via email. 👨🏻💻 micael1 ➟ Weblate .⬜ None.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
0
0
6
⚡ Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize() .👨🏻💻 @theoblivionsage ➟ Node.js .🟥 High.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
1
3
15
⚡ HashDoS in V8 .👨🏻💻 sharp_edged ➟ Node.js .🟥 High.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
0
0
1
⚡ Banned user still has access to their deleted account via HackerOne's API using their API key .👨🏻💻 @MrMax404 ➟ HackerOne .🟧 Medium.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
1
2
50
⚡ Default Minimum TLS Version Set to TLS v1.0 (Cryptographic Weakness) .👨🏻💻 monkey_dee ➟ curl .🟧 Medium.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
0
0
0
⚡ Leaked reused password for a few Khan Academy users .👨🏻💻 @A0xTrojan ➟ Khan Academy .🟥 High.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
2
2
8
⚡ HTTP Request Smuggling Vulnerability Analysis - cURL Security Report .👨🏻💻 youssef111 ➟ curl .🟧 Medium.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
1
0
2
⚡ Reflected XSS in "Client Notes" Field .👨🏻💻 rishail01 ➟ MainWP .🟨 Low.💰 $50.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
0
0
12
⚡ Uncontrolled File Write/Arbitrary File Creation .👨🏻💻 tryhackplanet ➟ curl .🟥 High.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
0
0
0
⚡ Not a Vuln: Race Condition Allows Creation of Multiple Organizations with the Same Name .👨🏻💻 @calvin_minyate ➟ WakaTime .⬜ None.💰 None.🔗 #bugbounty #bugbountytips #cybersecurity #infosec
0
3
8