Bug Report / Publication

Author: YoKo Kho | Posted in Bug Report No comments

List of Bug Report / Publication (sort by date):

General information could be found at https://id.linkedin.com/in/config (2013 – 2018)

2018
List of Bug Report / Publication at 2018

  • Microsoft (Mar 06th, 2018) – Acknowledged;
  • Brave Browser (Mar 04th, 2018) – Acknowledged but Duplicate;
  • #3, #4 Samsung (Feb 25th, 2018) – Acknowledged but Duplicate;
  • #4 International Travel Company – Private (Jan 24th, 2018) – Acknowledged and Rewarded;
  • #3 International Travel Company – Private (Jan 20th, 2018) – Acknowledged and Rewarded;
  • #1, #2 International Travel Company – Private (Jan 15th, 2018) – Acknowledged and Rewarded;
  • #2 Mozilla (Jan 02nd, 2018) – Acknowledged.

2017
List of Bug Report / Publication at 2017

  • #4, #5 Lenovo (Dec 01st, 2017) – Acknowledged via email for the 5th (P2 – High Risk Vulnerability);
  • #3 Lenovo (Nov 25th, 2017) – Acknowledged but Duplicate;
  • #2 Lenovo (Nov 20th, 2017) – Acknowledged via email;
  • #1 Lenovo (Nov 19th, 2017) – Acknowledged via email;
  • #2 Motorola (Nov 16th, 2017) – Acknowledged;
  • #1 Motorola (Nov 01st, 2017) – Acknowledged via email;
  • #10 PayPal (Oct 29th, 2017) – Acknowledged but another Duplicate;
  • #3 Pinterest (Oct 24th, 2017) – Acknowledged but Duplicate (P2 – High Risk Vulnerability) – Hall of Fame;
  • #2 Ribose (Oct 10th, 2017);
  • #1 Ribose (Oct 09th, 2017) – Acknowledged via email – Hall of Fame;
  • #2 HubSpot (Sep 22nd, 2017) – Acknowledged but Another Duplicate (P2 – High Risk Vulnerability) – Hall of Fame;
  • #1 HubSpot (Sep 21st, 2017) – Acknowledged but Duplicate (P3);
  • #3, #4, #5, #6, #7 Asus (Sep 18th, 2017) – Acknowledged via email (CVE-ID).
  • #2 Samsung (Sep 06th, 2017) – Acknowledged via email (Rewarded);
  • AT&T (Aug 23rd, 2017) – Acknowledged – Hall of Fame;
  • #1 Samsung (Aug 17th, 2017) – Acknowledged via email (Rewarded);
  • #3 LINE (Aug 14th, 2017) – Acknowledged as “a pretty complex issue to fix” – Hall of Fame;
  • #1, #2 Asus Browser for Android (Aug 13th, 2017) – Acknowledged via email;
  • Mozilla (Aug 11th, 2017) – Acknowledged;
  • Blanja.com (Aug 03rd, 2017) – No response so far;
  • #9 PayPal (Jul 22nd, 2017) – Acknowledged via email (rewarded);
  • #8 PayPal (Jul 22nd, 2017) – Acknowledged but duplicate;
  • #4 Bit Defender (Jul 13th, 2017) – Acknowledged via email (first valid status after 3 duplicates) – Hall of Fame – rewarded;
  • #3 Bit Defender (Jul 11th, 2017) – Acknowledged via email but another Duplicate;
  • #7 PayPal (Jul 09th, 2017) – Acknowledged via email (rewarded);
  • #6 PayPal (Jul 07th, 2017) – Acknowledged via email (rewarded – initial payment;
  • #1, #2 Bit Defender (Jun 30th, 2017) – Acknowledged via email but both of this are Duplicate;
  • #4, #5 PayPal (Jun 11th, 2017) – Acknowledged via email (rewarded) – Hall of Fame;
  • #1, #2, #3 PayPal (May 30th, 2017) – Acknowledged via email but All of this are Duplicate;
    FortiNet (May 2nd, 2017) – Acknowledged via email by their PSIRT;
  • #1, #2 Oppo (May 2nd, 2017) – via Open Bug Bounty – since there is no information about reporting Security Issue at Oppo;
  • Linkedin (Apr 15th, 2017) – Acknowledged via Email;
  • #1, #2, #3, #4, #5, #6 BigTree CMS (Mar 15th, 2017) – Acknowledged via email and Github (CVE-ID);
  • #3 Battle Camp (Mar 5th, 2017) – a nostalgic moment with this game (found and reported 2 bugs at 2015).

2016
List of Bug Report / Publication at 2016

  • #3, #4 Blackberry (Dec, 2016) – Acknowledged via email;
  • Starbucks Coffee Company (Dec, 2016) – Acknowledged via HackerOne (Duplicate);
  • #6 – #8 Tokopedia (Sep, 2016) – Acknowledged via email;
  • #1 – #5 Tokopedia (Aug, 2016) – Acknowledged via email;
  • #2 Harvest Online Time Tracking Software (Jul 22nd, 2016) – Acknowledged via Hackerone;
  • #1 Harvest Online Time Tracking Software (Jul 21st, 2016), with Rungga – Acknowledged via Hackerone;
  • NextCloud and OwnCloud Server (Jul 7th, 2016 – Acknowledged – Security Advisory – CVE-ID);
  • Adobe Creative Cloud for Windows (Jun 14th, 2016 – Fixed Confirmation Date), with Dicky – Hall of Fame (Security Bulletin – CVE-ID);
  • Microsoft Service Account (unfortunately, it’s not a valid vulnerability from MSRC Point of View). Well, it’s a risk (May 24th, 2016), with Dicky;
  • #1, #2, & #3 Deezer Music-Streaming Service (May 3rd, 2016), with @DickysOfficial – Acknowledged via email;
  • iTunes for Windows (Apr 13th, 2016 – Fixed Confirmation Date) – Hall of Fame (Security Advisory – CVE-ID);
  • CoreFTP Server (beta version) for Windows (Mar 10th, 2016);
  • #2 TrendMicro AntiVirus for Windows (Feb 15th, 2016) – Hall of Fame.

2015
List of Bug Report / Publication at 2015

  • #2 Blackberry Link for Windows (Nov 22nd, 2015) – Hall of Fame;
  • #1 TrendMicro AntiVirus for Windows (Nov 18th, 2015) – Hall of Fame (given at 2016);
  • AVG AntiVirus for Windows – Duplicate (P2 – High Risk Vulnerability) – (Nov 8th, 2015) – Acknowledged via BugCrowd;
  • Tomabo App for Windows (Aug 30th, 2015), with Edwin and @Rungga_Reksya;
  • #1 Blackberry Messenger for iOS (Aug 8th, 2015) – Hall of Fame;
  • #1, #2 Battle Camp – Acknowledged via Supporting Ticket (July 17th, 2015);
  • Reuters (Mar 3rd, 2015) – Via Supporting Ticket, was Fixed, and Published at OpenBugBounty.org;
  • #2 Twitter (Feb 3rd, 2015) – Acknowledged via HackerOne;
  • WhatsApp for iOS (Jan 16th, 2015) – Acknowledged via email.

2013 – 2014
List of Bug Report / Publication at 2013 - 2014

  • #1, #2 BlitzMegaplex (Dec 26th, 2017) – Via email and Open Bug Bounty;
  • One of SEGA Games for iOS (Dec 23rd, 2014) – Acknowledged via email;
  • Volusion (Oct 2nd, 2014) – Acknowledged via BugCrowd (Duplicate);
  • #2 LINE for iOS (Sep 24th, 2014), with @ngrhedwin – Acknowledged via email;
  • #1 Twitter for iOS (Aug 12th, 2014) – Acknowledged via HackerOne (Hall of Fame);
  • Path (August 11th, 2014);
  • #1 LINE for iOS (Jul 11th, 2014), with @HarjunaCandra – Acknowledged via email;
  • BlueTgs (Pocket Expense for iOS) (Jul 7th, 2014);
  • #2 Pinterest (Jun 3rd, 2014) – Acknowledged via BugCrowd (said reproducible and won’t fix but fixed at the next year);
  • #1 Pinterest (Jun 3rd, 2014) – Acknowledged via BugCrowd (Duplicate) – Hall of Fame;
  • Facebook (May 6th, 2014) – Acknowledged with noted condition;
  • Source of Knowledge (BlackHat Conf. Media Partner) (Apr 23rd, 2014) – Acknowledged via email.
  • War of Nation for iOS (Gree International Inc.) (Nov 2nd, 2013), with @ngrhedwin – Acknowledged via email.

 

Add Your Comment