Corporate Responsibility

Acknowledgements

  • Share
    Two clicks for more data privacy: click here to activate the button and send your recommendation. Data will be transfered as soon as the activation occurs.
  • Print
  • Read out

We would like to take this opportunity to thank all the important contributors who provide us with helpful tips and hints that help us make our systems more secure. Our special thanks goes to:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

  • Aakash Kumar - facebook.com/Sscript.kiddie: Reported Clickjacking vulnerabilities.
  • Aakash Madaan ( Godsky ) https://www.linkedin.com/in/aakashmadaan13 - Reported Security misconfiguration.
  • Aamir Khan - www.hacking-articles.blogspot.com - www.fb.com/aamir9795734: Reported xss vulnerabilities.
  • Aaron Costello - ie.linkedin.com/in/aaron-costello-226858a7 - Reported Information Disclosure.
  • Aarshit Mittal: Reported XSS vulnerabilities.
  • Abdul Azeez Alaseeri - linkedin.com/in/0xx777 - Reported Cross-site scripting (XSS).
  • Abdul Haq Khokhar - https://twitter.com/ Abdulhaqkhokhar: Reported Policy Framework vulnerabilities and Missing SPF.
  • Abdullah Fares Muhanna - https://www.facebook.com/AbedullahFares - Reported outdated and vulnerable software.
  • Abdul Rehman - @facebook.com/shadowcreator: Reported host header vulnerabilities.
  • Abdulelah BinAqeel - Reported XSS (Reflected) vulnerabilities.
  • Abdullah Fares Muhanna - https://www.facebook.com/AbedullahFares - Reported a use of a vulnerable version of software.
  • Abdullah Hussam - @Abdulahhusam: Reported XSS vulnerability.
  • Abdulrahman Kamel https://www.linkedin.com/in/abdulrahman-kamel/- Reported Cross-site scripting (XSS).
  • Abdessamad DHASSI - URL: https://www.root-me.org/abdou358, Twitter: https://twitter.com/darlate - Reported XSS vulnerabilities.
  • Abelrhman Adel - twitter.com/k3r1it0 - Gefundene SQL Injection.
  • Abhibandu Kafle - http://nepsecurity.org - @kabhi_kav: Reported Clickjacking vulnerability.
  • Abhijeth Dugginapeddi - http://abhijeth.com: Reported multiple vulnerabilities.
  • Abhinav Karnawat - (\/ w4rri0r \/) - http://www.w4rri0r.com: Reported XSS Vulnerability.
  • Abhinav Porwal https://www.linkedin.com/in/abhinavporwal6 - Reported Clickjacking.
  • Abhishek Bundela - Twitter: twitter.com/abhibundela: Reported self XSS vulnerabilities.
  • Ace Candelario https://0xspa.de - Reported Cross-site scripting (XSS).
  • Adam Willard - https://www.linkedin.com/pub/adam-willard/20/575/30b/@aw7684512: Reported HTML manipulation vulnerability.
  • Adam Ziaja - http://adamziaja.com: Reported SSL weakness.
  • ADARSH VS https://twitter.com/adarshvs_ - Reported Data manipulation.
  • Adel Mahmoud - https://www.facebook.com/mohappaaa - Reported XSS (Reflected) vulnerabilities.
  • Adil Faizi - fb.com/adil.faizi.94 RMAR Technologies Pvt. Ltd: (www.rmar.in): Reflected XSS.
  • Aditya Dixit - http://fb.com/aditya008 - http://hackthedevil.blogspot.com: Reported DOM based XSS vulnerabilities.
  • Aditya Jadhav - www.securecyberfuture.com - Reported XSS vulnerabilities.
  • Ahmad Ashraff - @yappare: Reported path disclosure.
  • Ahmad Halabi (Cyber Ironclad) - hackerone.com/ahmd_halabi - Reported Information Disclosure.
  • Ahmed Aaish - https://parallel.solutions - Reported JavaServer Faces vulnerabilities.
  • Ahmed Alsanosi - facebook.com/01alsanosi - twitter.com/ahmed_alsanosi - Reported Unsecured communication.
  • Ahmed Adel Abdelfattah - https://www.facebook.com/00SystemError00/ - Reported XSS vulnerabilities.
  • Ahmed Elsadat - https://bugcrowd.com/GENERAL-SADAT / https://www.facebook.com/mido.gamal.9674 - Reported XSS vulnerabilities.
  • Ahmet Gurel - twitter.com/ahmettgurell - Reported Cross-site scripting (XSS) / reported SQL injection vulnerabilitie.
  • Ahmed Ismail linkedin.com/in/ahmed-ismail-38901168 twitter.com/MrOz1l facebook.com/AhmedOzil10 - Subdomain Takeover
  • Ahmed Max - https://www.facebook.com/profile.php?id=100004971255687; Twitter: @404NotF39672584- Reported content/text injection
  • Ahmed Salah Abdalhfaz https://twitter.com/Elsfa7110 - Reported Information Disclosure.
  • Ahmed Shawky @lnxg33k: Meldung von SQL Injection.
  • Ahmed sultan (0x4148) linked in :https://eg.linkedin.com/in/0x4148 - Reported SQL Injection.
  • Ahmet SUNA - linkedin.com/in/ahmet-suna-ab3ba9116 - Reported Information Disclosure, Host header injection, Cross-site scripting (XSS), Open Redirect and Database backup critical Information Disclosure
  • Ahmet Ümit BAYRAM - www.ahmetumitbayram.com - @ahmetumitbayram - Reported XSS (Reflected) vulnerabilities.
  • Ahmed Waheed - @ia7m4d0z: Reported XSS vulnerabilities.
  • Ahmed Y. Elmogy - Twitter: mogyhacker - Reported anti-CSRF/XSS vulnerabilities.
  • Ahmet Demirci - https://www.facebook.com/ahmet.demirc.17 and https://m-i-a.cf - Reported XSS (Reflected) vulnerabilities.
  • Ai Ho - https://twitter.com/j3ssiejjj - Reported Information Disclosure.
  • Ajay Anand - www.ctgsecuritysolutions.com: Reported XSS vulnerability.
  • Ajay Singh Negi - @AjaySinghNegi & Prashant Negi - @_prashantnegi & Mahipal Singh Rajpurohit - www.websecresearch.com: Reported Brutforce vulnerabilities.
  • Akalanka Ekanayake - https://twitter.com/ceo_akalanka - Reported Mixed Content Vulnerability.
  • Akash Saxena - https://m.facebook.com/akash.saxena.9421 - Loophole in registration functionality.
  • Akash Shukla - facebook.com/hybridakash at www.rmar.in: Cookie Disclosure.
  • Akhil Reni - @akhil_reni: Refelcted XSS.
  • Alan Roy - https://www.linkedin.com/in/alan-roy-0225a125 https://www.facebook.com/alanroy.thomas.7- Reported Clickjacking.
  • Alex Birsan - https://twitter.com/alxbrsn - Reported Remote Code Execution (RCE).
  • Alexander Anisimov und Yakov Shmelev (Eun014 Team) - https://twitter.com/rack2009 - Reported security misconfiguration.
  • Alexander Karl – Alexander 'twink0r' Karl – Subdomain Takeover.
  • Alexey Sabadash - www.linkedin.com/in/asabadash - Reported multiple vulnerabilites.
  • Ali Hasan Ghauri - alihassanpenetrationtester.blogspot.com - @alihasanghauri: Reported GIT Information Disclosure and XSS Vulnerabilities.
  • Alisha Sheikh - in.linkedin.com/in/alisha-sheikh-96059615a - Reported Security misconfiguration.
  • Al-Khateeb BI N-khalid - fb.com/kkhateebali RMAR Technologies Pvt. Ltd. (www.rmar.in) - Reflected XSS.
  • Alvyn McQuitty - twitter.com/alvynmcq - Reported Server-side request forgery (SSRF).
  • Alwaleed Alfayez - Reported SSRF vulnerability.
  • Aman Rawat - https://www.linkedin.com/in/theamanrawat/ - Reported Information Disclosure.
  • Amar Shankar & Piyush Malik: Reported XSS vulnerabilities.
  • Ameer Assadi - @AmeerAssadi, fb.me/Amirh4ck, http://linkedin.com/in/ameerassadi - Reported XSS vulnerabilities.
  • Amin Achour - www.th-online.ch - Reported XSS vulnerabilities.
  • Amit Sohana - https://www.facebook.com/amit.sohara: Reflected XSS.
  • Amol Bhola - Reported Clickjacking vulnerability.
  • Amr Al Hallak - Reported Cross-site scripting (XSS).
  • Anand M - https://twitter.com/anandm47: XSS Vulnerability
  • Anant Mudgal - https://www.varutra.com // Twitter: https://twitter.com/anantmudgal - Reported sensitive information disclosure-
  • Anas Laabab - www.linkedin.com/in/anas-laabab/ - Reported an Out-of-Band XXE vulnerability.
  • Anas Mahmood - @CyberTiger https://www.twitter.com/AnasIsHere - Reported Cross Site Scripting vulnerabilities.
  • Andrea Santese - Reported clickjacking vulnerability.
  • Andreas Kurtz - @aykay - http://www.andreas-kurtz.de: Reported vulnerabilities in a Mobile Application.
  • André Zingsheim: Reported XSS vulnerabilities.
  • Andrei Smolkin: Reported SQL Injection, xss and information disclosure vulnerabilities.
  • Angkan Chanda ( nightcr4wl3r ) - nightcr4wl3r.blogspot.com – Report of a configuration vulnerability
  • Aniket Pratap Singh - www.facebook.com/kotarockers/: Reported File Information Disclosure vulnerabilities.
  • Ankit Bharathan - fb.me/dibbu.bhadav: Reported XSS vulnerability.
  • Ankit Singh - https://www.facebook.com/AnkitCuriosity , LinkedIn: https://www.linkedin.com/in/AnkitSingh1579- Reported Open Redirect & XSS vulnerabilities.
  • Ankit Yadav - Hack Safe Indore: Reported user credential vulnerabilities.
  • Anil Kumar Behara: Reported XSS vulnerability.
  • Anirudh Kulkarni: Reflected XSS.
  • An Phuoc Trinh - @_tint0 - Reported unauthenticated RCE Injection.
  • An Phuoc Trinh - @_tint0 - Reported five RCE vulnerabilities.
  • Anurag Srivastava - http://fb.com/anurag424242 - www.rmar.in<http://www.rmar.in>: Reflected XSS.
  • Anusha Deekonda - twitter.com/KeerthiCrackers - Reported Cross-site scripting (XSS).
  • aqib shah - twitter.com/aqibshah - Reported Stored Cross-site scripting (XSS) and reflected Cross-site scripting (XSS) .
  • Aria Akhavan - https://facebook.com/aria.stefano: Reported xss vulnerabilities.
  • Arjun Singh http://linkedin.com/in/arjun-singh-33924018b - Reported Open Redirect.
  • Arpit Borawake https://linkedin.com/in/rpt - Reported Cross-site scripting (XSS).
  • Arpit Kubadia - https://twitter.com/aksquaretech - Reported several Information Disclosure / Reported Cross-site scripting (XSS) / Reported Default login / Reported Server-side request forgery (SSRF) vulnerabilities.
  • Ariq Ahmad - https://www.facebook.com/near.ardor: Reflected XSS.
  • Arndt Adler: Reported XSS vulnerabilities.
  • Arsiadi Sriyanto - @donrookie: Reported XSS vulnerability.
  • Arun K Mishra - https://twitter.com/arun_2512 -  Reported clickjacking vulnerability.
  • Ashesh Kumar - http://facebook.com/ashesh1708 - Reported XSS vulnerabilities.
  • Ashish Kunwar - @D0rkerDevil - Reported security misconfiguration vulnerability.
  • Ashutosh Singh - facebook.com/ashu.singboy - RMAR Technologies Pvt. Ltd. - www.rmar.in: Reflected XSS.
  • Asif Showkat wani and Muneeb Shah: Reported xss vulnerabilities.
  • Asim Delalic https://www.linkedin.com/in/asimd/- Reported several Information Disclosure.
  • Ataberk Yavuzer- https://0xsaiyajin.github.io/ - Reported XML-RPC vulnerability / WEB/LINKEDIN/TWITTER/FB - Reported Information Disclosure.
  • Aung Myat Thu - twitter.com/xai_yak - Reported XSS vulnerabilities.
  • Avi Chakravarti https://www.linkedin.com/in/avi-chakravarti-276881193/ - Reported Clickjacking.
  • Aviv Yahav - https://www.linkedin.com/in/aviv-yahav-3b87a414b - Reported several vulnerabilities.
  • Avram Marius Gabriel - www.randosmtorm: Reported XSS vulnerabilities.
  • Ayoub Nait Lamine - https://www.facebook.com/profile.php?id=100004407498249e: Reported host header injection and Open Redirect vulnerabilities.
  • Ayoub SAFA - https://www.linkedin.com/in/ayoub-safa-2a443938/ - Reported default credentials
  • Ayush Mangal - https://www.linkedin.com/in/ayush-mangal-48a168110/ - Reported Security misconfiguration / Reported Open Redirect, Reported Missing rate limit.
  • Aytaç Kalıncı - https://www.linkedin.com/in/aytackalincii/ - Reported Cookie Information Disclosure.

B

  • Babar Khan Akhunzada @babar1337khan - Reported Apache Tomcat/6.0.24.
  • Baburao Kittur - https://twitter.com/bk_cipher / https://in.linkedin.com/in/baburao-kittur - Reported Privilege escalation for server/application.
  • Bao Bui (@0xd0ff9) - twitter.com/Jok3rDb - Reported Privilege escalation for server/application.
  • Batee5a - hackerone.com/batee5a - Reported Local File Inclusion.
  • Battal Faik Aktaş - twitter.com/BattalFaikAktas - Reported Open Redirect.
  • B. Caller - WEB/LINKEDIN/TWITTER/FB - Reported Remote Code Execution (RCE).
  • Benjamin Kunz Mejri (Evolution Security GmbH - Vulnerability Laboratory) www.vulnerability-lab.com - twitter.com/vuln_lab - Reported XSS (Stored) vulnerability, SQLi, Exec
  • Bhanu Teja - twitter.com/bh4nut3j4 - Reported Subdomain takeover / Reported Unauthenticated Local File Read / Reported Cross-site scripting (XSS) / Reported User Enumerations / Reported Information Disclosure.
  • BHARAT CHOUDHARY - https://twitter.com/iambharat18 - Reported Information Disclosure and Open Redirect.
  • Bhavesh Naik: Reported XSS vulnerability.
  • Bibek Shah - @noobibek - Reported several Information Disclosure.
  • Bijesh Debbarma: Sqil & Path Disclosure.
  • Bilal Teke - https://luckywiki.org - Reported XSS vulnerabilities.
  • BITCOMSEC - http://bitcomsec.org - http://twitter.com/bitcomsec - Reported Remote Command Execution vulnerability.
  • Bill Ben Haim - https://www.linkedin.com/in/bill-ben-haim-b6775a48/ - Reported default credentials.
  • Björn Peeters: Reported CSRF/XSS vulnerabilities.
  • Björn Peeters: Reported xss vulnerabilities.
  • Bodgan Calin: Reported time based SQL injection.
  • Bryan Galao - Facebook: https://www.facebook.com/xbryan.galao - Reported Clickjacking, content spoofing & Information Disclosure vulnerabilities.
  • bsysop - twitter.com/bsysop - Reported Security misconfiguration. / Reported Information Disclosure.
  • Burak Ünal @_d4rkbrain - twitter.com/_d4rkbrain - Reported Information Disclosure.

C

  • Can Karacan - https://www.linkedin.com/in/can-karacan-69ba09b8/ - Reported Information Disclosure, Open Mail Relay and Cross-site scripting (XSS) vulnerabilities.
  • Cara Sharma - https://www.facebook.com/SharmaCara - https://twitter.com/Sharma_Cara - Reported Insecure Cross Domain and CSRF vulnerabilities.
  • Carl-Theodor Geilhufe – www.carl.geilhufe.de - Reported information disclosure.
  • Carlos Cardoso - https://websecauditors.com | facebook.com/cmscardoso - Reported misconfigured DNS records.
  • Cernica Ionut Cosmin: Reported Directory Listing vulnerabilties.
  • Charlie Briggs - @Charlie_N_B: Reported XSS vulnerabilities & SQL injection.
  • Chetan Gulhane - http://varutra.com: Reported xss vulnerabilities.
  • Chiheb Chebbi - twitter.com/chihebchebbi201 - Reported Remote Code Execution (RCE) / Reported Security misconfiguration.
  • Chilik Tamir - @_coreDump: Reported IOS App vulnerability.
  • chippa vijay kumar- https://twitter.com/vijay922 - Reported Information Disclosure.
  • Chinmay Barbade - https://www.linkedin.com/in/chinmay-barbade-a36400162/ - Reported Broken Access Control.
  • Chinmohan Nayak - @nayakchinmohan – http://securityonair.blogspot.in/: Reported information disclosure.
  • Chinmoy Mukherjee chinmoy.info - Reported Information Disclosure.
  • Chinmoy Pratim Borah - http://facebook.com/cpb2013: Reported XSS vulnerabilities.
  • Chirag Artani - https://twitter.com/chirag99artani https://3rag.com/chirag-artani - Reported Open Redirect.
  • Chirag Goyal - https://www.facebook.com/goyal.chirag23 - Reported XSS vulnerabilities.
  • Christian Galeone - https://thefacebook.com/christian.galeone.1: Reported xss vulnerabilities.
  • Christian Lopez Martin - insertco.in: Reported url redirection vulnerabilities.
  • Chris Green - @chris_t_green - Reported XSS vulnerabilities.
  • Chris McGowen – http://badcoding.net - @chrismcgowen: Reported DOM-based XSS vulnerability
  • Clifford Trigo - twitter: @mrtrizaeron: Reflected XSS.
  • Codermak https://twitter.com/arshadkazmi42 - Reported Information Disclosure.
  • Cody R Ward - www.risker.com.au / www.facebook.com/le.pandanator - Reported XSS vulnerabilities.
  • collinsmarra - https://twitter.com/CollinsMarra - Reported Information Disclosure.
  • Coltuneac Alexandru: Reported XSS vulnerabilities.
  • Cotic Madalin - Reported XSS vulnerabilities.
  • Craig Young - Web: https://secur3.us/ Twitter: https://twitter.com/craigtweets - Reported RCE.
  • Cristi Vlad - https://twitter.com/CristiVlad25 - Reported Cross-site scripting (XSS).
  • Cyber Chutiya Attacker (Randi ka pilla): Reported CCS Injection vulnerabilities and privilege escalation for server/application.

D

  • Dan Fabro - https://www.twitter.com/0x61_ - Reported Reflected XSS, Self-XSS, Open Redirect, External SSRF and Clickjacking vulnerabilities.
  • Dan Fabro - https://www.twitter.com/0x61_ - Reported Stored XSS vulnerabilities.
  • Danijel Maksimovic - @maxon3: Reported URL redirection vulnerability.
  • Daksh Patel - @Dakshxss: Reported Login Issues.
  • Dan Kelley - dak@thesecure.be - Reported Information Disclosure.
  • Daniel Bakker - https://twitter.com/jackds1986 - Reported Information Disclosure.
  • Daniel Blindu - https://twitter.com/eblindudaniel - Reported Server-side request forgery (SSRF).
  • Daoud Youssef - https://www.facebook.com/daoud.youssef.7 - Possible DDoS attack.
  • Darija Ivanovic - Web Develeper (Brcko Distrikt): Reported SQL Injection.
  • Darius Petrescu - twitter.com/@akkiliON_: Reflected XSS.
  • David Eckhardt: Reported "Full Path Disclosure“ and XSS vulnerabilities.
  • David Hoyt Hoyt LLC - http://xss.cx: Reflected XSS.
  • David Lassig - https://twitter.com/d_lassig / https://www.linkedin.com/in/davidlassig - Reported Information Disclosure.
  • Debarghya Sahoo - linkedin.com/in/debarghyasahoo - Reported Cross-site scripting (XSS).
  • Deepak Kumar ( CipherEra) - vedixera.com - Reported Information Disclosure.
  • Deepanker Chawla - www.deepanker.in - @deepankerchawla: Reported XSS vulnerabilties.
  • Denis Bazur - argv500@gmail.com: Reported XSS vulnerabilities.
  • Deniz Işık / bursali - Administrator - www.bursali.eu: Reported CSS and LFI vulnerabilities in Deutsche Telekom Message Boards.
  • Denis Werner – www.nobbd.de, @nobbd - Reported SQL injection vulnerabilities.
  • Devesh bhatt #deveshbhatt11: Reported Enumeration in login page.
  • Devjeet Singh: Sqli & Path Disclosure.
  • Dharmik Fichadiya - https://twitter.com/shelby67051949/ - Reported Broken Access Control.
  • Dhinu Ramachandran www.linkedin.com/in/dhinu-ramachandran-76683b206 - Reported HTTP header.
  • Dmitry Ivanof - Reported XSS (Reflected) vulnerabilities.
  • Divakar - https://www.facebook.com/kd.divakar: Reported XSS vulnerabilities.
  • Djaballah Mohamed Taher - https://www.facebook.com/djaballah.mohamedtaher - Reported XSS vulnerabilities.
  • Djaber Djoukhrab - http://www.facebook.com/djroot.dz - Reported XSS vulnerabilities.
  • D. Jaya Shankar - https://twitter.com/MrJayashankar - Reported Information Disclosure.
  • Dr. Sebastian Schrittwieser - www.fhstp.ac.at & Peter Kieseberg - www.sba-research.org: Static code analysis of mobile applications
  • Duc Nguyen Huu - @peterjson - https://twitter.com/peterjson - Reported Remote Code Execution (RCE).

E

  • Ebrahim Hegazy - twitter.com/Zigoo0: Reported XSS  and SQL Injection vulnerabilities.
  • Edis Konstantini - twitter.com/ediskonstantini: Reported XSS vulnerabilities (flash based).
  • Eeshwar Dronavalli https://www.linkedin.com/in/eeshwar-dronavalli-5a16ba16a - Reported Missing Rate Limit.
  • Ehraz Ahmed - www.twitter.com/securityexe: Reported XSS vulnerabilities.
  • Emad Shanab - Twitter: https://twitter.com/Alra3ees - Reported XSS and information disclosure vulnerabilities.
  • Emad Youssef - twitter.com/Sy3Omda - Reported XSS, SSRF, Cross Site Tracing, Server Misconfiguration, Privilege escalation for server/application, multiple Open Redirect vulnerabilities and multiple reports of Cross-site scripting (XSS).
  • Erchiqui Azzeddine - @zertox1: Information Disclosure.
  • Eric Flokstra - www.linkedin.com/pub/dir/Eric/Flokstra: Reported xss vulnerabilities.
  • Erik van Oosbree - www.erikvanoosbree.nl: Reported XSS vulnerabilities.
  • eslamXxX https://www.linkedin.com/in/eslam-sayed-842770160 - Reported Open Redirect.
  • Eugen Füchsle - http://fyx.li: Reported XSS vulnerabilities.
  • Eusebiu Blindu - Reported XSS vulnerabilities.
  • Evan Ricafort - @robinhood0x00 (www.twitter.com/robinhood0x00): Reported XSS vulnerabilities.

F

  • Fabian Henneke - https://hen.ne.ke / @fhenneke- Reported DOM XSS vulnerabilities.
  • Fabian Mucke- https://twitter.com/HerrFabs - Reported Subdomain takeover, Information Disclosure.
  • Fabian Patrik - fpatrik / https://websafe.hu/ - Reported XSS vulnerabilities.
  • Fady Othman - twitter.com/fady_othman - Reported Cross-site scripting (XSS).
  • Faisal Ait Hamou - https://facebook.com/Faissal.AitHamou: Reflected XSS.
  • Faisal Shadab Yazdani - fb.com/fsyazdani RMAR Technologies Pvt. Ltd. (www.rmar.in): Reflected XSS.
  • Faiz Ahmed - https://www.linkedin.com/in/faizzaidi/ - Reported outdated security mechanisms.
  • Faraz Ali - twitter.com/FarazAli94 - Reported Cross-site scripting (XSS).
  • Farhin Malek - https://www.linkedin.com/in/farhin-malek28 - Reported Clickjacking.
  • Filippos Mastrogiannis - @filipposmastro - Reported XSS vulnerability.
  • Florian Kunushevci - https://www.facebook.com/florianx00 - Reported multiple XSS vulnerabilities.
  • Florian Thie - https://florian-thie.de - Reported a CSRF vulnerability.
  • Florin Carja - @Quistertow – http://rstforums.com: Reported information disclosure.
  • Florindarck - http://twitter.com/QuisterTow: Reported path disclosure vulnerabilities.
  • Foysal Ahmed Fahim - hackerone.com/foysal1197 twitter.com/foysal1197 - Reported Information Disclosure, Subdomain takeover and HTTP header vulnerabilities.
  • Francisco Correa - panchocosil.blogspot.com - @panchocosil: Reported sql vulnerabilities.
  • Frank B. Vickers - https://www.linkedin.com/in/frank-vickers-199109a - Reported webservice misconfiguration
  • Frans Rosén - Detectify (https://detectify.com): Reported XSS vulnerabiltiy.
  • Fredrik Nordberg Almroth: Tilde vulnerability.

GGineesh George - gineesh-george: Reported XSS vulnerabilities.

  • Gaurang maheta https://www.linkedin.com/in/gaurang-mehta-35515a162- Reported Information Disclosure.
  • glatisant - https://twitter.com/glatisantbeast - Reported Open Redirect.
  • Guifre Ruiz – https://guif.re – Reported Information Disclosure
  • Gurjant Singh Sadhra - http://hackerdesk.com @GurjantSadhra: Multiple vulnerabilities and SQL Injection, reported XSS vulnerabilities.

H

  • Halil Ahmad https://twitter.com/Halilahmadd  - Reported XSS (Reflected) vulnerabilities.
  • Hammad Shamsi - https://sh3ifu.com: Reported XSS vulnerabilities.
  • Hanno Böck - https://hboeck.de/ - https://twitter.com/hanno - Reported Information Disclosure, Reported RCE; Report Outdated Software vulnerabilitie.
  • Hans-Martin Münch, Mogwai Security - SQL Injection and RCE Vulnerabililty.
  • H@ck3r h!t3sh - www.sriyaan.com: Reported XSS vulnerabilities.
  • Hardik Tailor - @iamhardiktailor: Reported XSS vulnerabilities.
  • Harikrishnan Dhandapani - https://www.linkedin.com/in/harikrishnan-d - Reported Broken Access Control.
  • Hari Krishnan - Facebook.com/c.hari1997: Reported clickjacking vulnerabilities.
  • Harinder Singh (S1N6H) - https://www.linkedin.com/in/lambardar - Reported Information Disclosure.
  • Haris Mamoun - Reported Remote Code Execution.
  • Hasibul Hasan Rifat - twitter.com/rifatsec - Reported Information Disclosure.
  • Harry Schreiner - http://schreinerit.de/?sites=penetrationtest: Reported XSS vulnerabilities.
  • Harsh Parekh https://www.linkedin.com/in/harshparekh11- Reported Remote Code Execution (RCE); Reported Information Disclosure.
  • Harsha Vardhan Boppana - @hvboppana: Reported cross site scripting.
  • Harshil Parikh https://www.linkedin.com/in/harshil-parikh-945bb8201 - Reported Clickjacking.
  • Harshit Shukla - http://facebook.com/lords001: Reported HTML Injection Vulnerability.
  • Hasan Basri Elisert - https://www.linkedin.com/in/hasanelisert - Reported Unsecured communication.
  • Hazem Mohamed - twitter.com/hazem0x - Reported XSS (Reflected) vulnerabilities.
  • Himanshu - Reported Security misconfiguration.
  • Hip - insight-labs.org: Reported Content Spoofing and CSRF vulnerabilities.
  • Hoang Quoc Thinh - @g4mm4 of CyberJutsu.IO - Reported RCE.
  • Honc (章哲瑜)- honcbb@gmail.com - Reported Open Redirect.
  • Horatau Marius - http://www.hackyard.net: Reported cross site scripting.
  • Hsu Myat Noe - https://www.linkedin.com/in/hsumyatno3: Reported Path disclosure.
  • Huy Kha - www.linkedin.com/in/huykha - Reported deprecated ciphers.
  • Hzllaga (宋昕岳) - hzllaga@gmail.com - Reported Other.

I

  • lalka - https://twitter.com/0x01alka - Reported XSS  vulnerability.
  • Ibrahim M.El-Sayed - the_storm: Reported SQL Injection vulnerabilities.
  • Ibrahim Raafat - @RaafatSEC - www.starware.net: Reported XSS vulnerabilities and Critical Information Disclosure.
  • Iem Prog - www.facebook.com/IEMPROG: Reported XSS vulnerabilities.
  • Ifrah Iman - www.ifrahiman.com / twitter.com/IfrahIman_ - Reported XSS vulnerabilities.
  • Ilca Lucian: Reported XSS vulnerabilities.
  • İlyas ORAK - tr.linkedin.com/in/ilyasorak - INNOVERABT - (2x) Reported XSS (Reflected) vulnerabilities.
  • Imen Essoussi: Reported SQL injection vulnerabilities.
  • Intrigue team - www.intrigue.io - Reported Information Disclosure.
  • Ishan Anand - @Zer0-Access: Reported XSS vulnerabilities.
  • ISHAN VYAS https://twitter.com/_snak3_/ - Reported Broken Access Control.
  • iskhaled nassar twitter.com/knassar702 - Reported User Enumeration, Cross-Site Scripting (XSS), Information Disclosure.
  • Ismael Hasan - https://www.facebook.com/ismaieil - Reported XSS vulnerabilities.
  • İsmail BÜLBÜL - Uluslararası Siber Güvenlik Federasyonu - Reported an XSS vulnerability.
  • Ismail Hossain - Twitter: https://twitter.com/cmsajib, Web: https://eesec.org - Reported an text injection vulnerability.
  • İsmail Taşdelen - https://linkedin.com/in/ismailtasdelen - Reported missing security mechanisms, clickjacking, information disclosure and other vulnerabilities, Reported Cross-site scripting (XSS), Reported HTTP header vulnerabilities, Reported Security misconfiguration, 
  • Issam Rabhi - https://sites.google.com/site/issrabhi/: Reported XSS vulnerability.

J

  • Jacob Soo Lead Re, @Gunther_AR: Reported xss vulnerabilities.
  • Jagadeesh -  https://www.linkedin.com/in/jagadeesh-jd-79308b93/  - Reported clickjacking vulnerabilities.
  • Jai Kumar B linkedin.com/in/jai-kumar-835a54183 - Reported Information Disclosure.
  • Jake Reynolds | www.depthsecurity.com | https://twitter.com/depthsecurity - Reported XXE vulnerabilities.
  • Jakub Zoczek - http://zoczus.blogspot.com: Stored XSS.
  • Jamal Eddine El Hadjeui - @jamalc0m: Reported vulnerabilities.
  • Jamal Eddine El Hadjeui – www.paytabs.co: Reported Open URL Redirection vulnerability
  • Jan Markus Schütz- Reported Broken Authentication.
  • Jannick Oursin - facebook.com/jannick.oursin - Reported Information Disclosure.
  • Javid Hussain - @javidhussain21: Reported XSS vulnerabilities.
  • Jayshree Bhattacharya - linkedin.com/in/jayshree-bhattacharya-4a399a135 - Reported Broken Authentication.
  • Jens Müller - hacking-printers.net – CORS misconfiguration.
  • Jigar Thakkar (Akhani) - www.infobittechnologies.com - @jigarthakkar39: Reported Clickjacking and Information Disclosure vulnerabilities.
  • Jignesh Mistry: Reflected XSS.
  • Jitendra Jaiswal - @Facebook/desihack @twitter/jeetjaiswal22: Reported xss vulnerabilities.
  • John Kronenberg - https://www.linkedin.com/in/johnkronenberg/- Reported Information Disclosure.
  • Jon Bitquark – https://bitquark.co.uk: Reported open redirect vulnerability.
  • Jon Bitquark - open redirect: XSS and SQLi vulnerabilities.
  • Jose Carlos Exposito Bueno - https://www.linkedin.com/in/josecarlosexposito - Reported Cross Site Scripting vulnerabilities.
  • José Rabal Sastre: Reflected XSS.
  • Joseph Thacker - rez0.blog - twitter.com/rez0__ - Reported Information Disclosure.
  • jub0bs - https://twitter.com/jub0bs - Reported Subdomain Takeover.
  • Julien Ahrens - @MrTuxracer (www.rcesecurity.com): Reported cross-site scripting.
  • Junaid Farhan - www.facebook.com/junaid.farhan.54 - Reported a clickjacking vulnerability.

K

  • KHAN mamun - https://twitter.com/mamunwhh - Reported Information Disclosure.
  • Kamil Jarosiński - https://twitter.com/ja_sec - Reported Cross-site scripting (XSS).
  • Kamil Sevi - @kamilsevi: Reported XSS vulnerability.
  • Kamil Sienicki - https://blog.sienicki.eu- Reported Cross-site scripting (XSS).
  • Kapil S. Kulkarni - Facebook: kapil.kulkarni.587 , Twitter: @kapilkulkarni91 , LinkedIn: https://www.linkedin.com/in/kapil-kulkarni-oscp-ceh-chfi-5a333763/ - Reported content spoofing vulnerability.
  • Karim Mohamed Ahmed - https://www.facebook.com/X.TiGeR.K: Reported XSS vulnerabilities.
  • Kashif Shoukat https://www.linkedin.com/in/kashif-shoukat-1o1/ - Reported Other.
  • kasme_memon_aya_tha - Reported Remote Code Execution (RCE).
  • Kasper Karlsson - Reported Cross-site scripting (XSS).
  • Kaushik Sardar - https://www.facebook.com/kaushiksardar.22 -  Reported Host Header Vulnerabilities.
  • Kazam Chaudhary aka p3n73st3r - www.twitter.com/p3n73st3r - Reported XSS vulnerabilities.
  • Kenneth Billones - https://twitter.com/k3nziy - Reported open redirect vulnerabilities.
  • Keyur Mehta - linkedin.com/in/keyur-mehta4455 - Reported Clickjacking.
  • khaled nassar - https://twitter.com/knassar702 - Reported Server-side request forgery (SSRF).
  • Khaled Essam Nassar - https://www.facebook.com/profile.php?id=100015121337012 - Reported XML-RPC vulnerability.
  • Khaled Mohamed [xElkomy] - xelkomy.github.io - twitter.com/0xelkomy - Reported several Cross-site scripting (XSS).
  • Khan Janny - https://www.facebook.com/bossjannykhan-  Reported Multiple Vulnerabilities.
  • Khôi Dương - Viettel Cyber Security - Reported IDOR vulnerability.
  • killua_21 - https://www.facebook.com/profile.php?id=100020497173263 - Reported Missing rate limit.
  • Kiran Chettri - twitter.com/kiranchettri_?s=09 - Reported User Enumeration, several Security misconfiguration and Possible DoS Attack; Reported HTML/CSS injection; Broken Access Control.
  • Kishan Kumar - https://twitter.com/hst_kishan?s=09 - Reported Clickjacking vulnerability.
  • Klaus @klaus_dev - Reported Information Disclosure.
  • Krishna Chaitanya N - linkedin.com/in/n-krishna-chaitanya-27926aba - Reported Information Disclosure.
  • KoF2002 & Sr33h4r!: Reported URL Redirection vulnerabilities.
  • Kolozsi András  https://twitter.com/bugh101 - Reported XSS vulnerabilities, SQLi, Information Disclosure, CSFR
  • Koutrouss Naddara: Reported XSS vulnerability.
  • Kunal Bahl - Twitter: https://twitter.com/KunalBahl3, Facebook: https://www.facebook.com/kunal.bahl59 - Reported an Information Disclosure vulnerability.

L

  • Lalith Rallahabandi - @Lalithr95: Reported XSS vulnerability.
  • Lars Morgenroth - @krankoPwnz: Reported Open Redirect and SQL Injection vulnerabilities.
  • Laurent De Vos: Reported XST vulnerabilities.#
  • Leo Starcevic - Reported Subdomain takeover vulnerabilities, reported Information Disclosure, Cross-site scripting (XSS), Unsecure communication.
  • Leo Switness – reportet SQL vulnerabilities.
  • Leonid Hartmann - https://twitter.com/_harleo - Reported Authentication Bypass and RCE vulnerabilities.
  • Leonid Krolle - twitter.com/KrolleLeonid - Reported information disclosure
  • Lion Nagenrauft, Msg Systems AG - https://www.linkedin.com/pub/lion-nagenrauft/ - Reported Information Disclosure vulnerability.
  • Lifeawa lifeawa@163.com- Reported Cross-site scripting (XSS).
  • Lokesh Bhade - https://www.linkedin.com/in/Lokeshbhade/ - Reported Clickjacking.
  • Lorepoint - linkedin.com/company/lorepoint - Reported Information Disclosure.
  • Lucas Carvalho - www.linkedin.com/in/lucascarvalho-/ - Reported Open Redirect.

M

  • Magrabur Alam Sofily, @masofily, www.linkedin.com/in/magrabur-sofily - Reported Remote Code Execution (RCE).
  • Mahesh Raykar - www.linkedin.com/in/maheshraykar1997 - Reported XSS vulnerability.
  • MAHIN VM - linkedin.com/in/mahin-vm-57413315a - Reported Clickjacking.
  • Mahmoud El-Said El-Naggar (Starware) - www.starware.net: Reported Stored XSS vulnerabilities.
  • Mahmoud Hegazy - https://twitter.com/Hegzous - Reported XSS (Reflected) vulnerabilities.
  • Mahmoud NourEldin - https://www.facebook.com/3mmarQassem - Reported user enumeration, Missing rate limit software, Subdomain takeover, XSS (Reflected) vulnerabilities and Missing rate limit, Clickjacking vulnerabilities, Information Disclosure to the list of reported vulnerabilities.
  • @mamunwhh: https://twitter.com/mamunwhh?s=07 - Reported Information Disclosure.
  • Mandeep – Reported SSL vulnerability.
  • Manish Bhandarkar - @leosecure: Cookie disclouser vulnerability
  • Manish Bhattacharya - http://twitter.com/umenmactech: Reported Clickjacking Attack, Clickjacking with SQLI.
  • Manoj Kumar: Reported XSS vulnerabilities.
  • Marc Ströbel – phroxvs: Reported SQL Injection.
  • Marcel Bilal - wslab.de/#MarcelBilal - Reported a configuration vulnerability.
  • Markus Krell - https://www.friendly-intruder.de/ - Reported XSS vulnerability.
  • Martin https://hackerone.com/mit0z - Reported several Information Disclosure / Reported Cross-site scripting (XSS) vulnerabilities / Reported Information Disclosure
  • Martijn B - https://hacksclusive.com https://twitter.com/x1m_martijn - Reported Possible DoS Attack.
  • Martijn Baalman - hacksclusive.com - twitter.com/hacksclusive - Reported Cross-site scripting (XSS).
  • Martin - hackerone.com/mit0z - Reported Security misconfiguration.
  • Martin "maride" Dessauer - Reported Critical Information Disclosure.
  • Martin Thirup Christensen - https://twitter.com/MThirup: Reported sql and xss vulnerabilities.
  • Marvin Heyder - www.heyder-net.de - Reported Security Misconfiguration.
  • Marwan Idrees Hasan nheli - https://www.facebook.com/marwannheli - Reported Clickjacking vulnerabilities.
  • Mateusz Goik - aliantsoft.pl: Reported XSS vulnerabilities.
  • Mathias Karlsson - https://detectify.com: Repored XSS vulnerabilties.
  • Matthias Fetzer - https://de.linkedin.com/in/matthias-fetzer-2b930b9a: Reported SQL Injection
  • Matthias Ungethuem - Prof. Pentesting, unnex.de: Reported CSRF vulnerability in the context of email address handling.
  • Martin - https://twitter.com/martinbydefault - Reported Subdomain Takeover vulnerabilities.
  • Maulik Shah: HTTP Header Injection.
  • Maulik Vaidh - Twitter: @Maulik1827 - Reported clickjacking vulnerability.
  • Maurice Woitzyk – mauricewoitzyk.de/ twitter.com/Maurice_Woitzyk – stored XSS
  • Maverick Vi - Reported XSS vulnerabilities.
  • Maxime Ropelewski - Reflected XSS via Client Side Template Injection. 
  • Max Prietzel: Reported XSS and information disclosure vulnerabilities.
  • Maxim Rupp: Reported XSS vulnerabilities.
  • Mayank Bhatodra - http://www.linkedin.com/pub/mayank-bhatodra/7b/82/887: Reported XSS and ‘bypass of HTTPS on exceptional flow‘ vulnerability.
  • Mayank Kapoor - @wHys0SerI0s: Reported Clickjacking Attack, multiple vulnerabilities and SQL Injection.
  • Mayuri Suhas Gaikwad: Reported Access Policy Misconfiguration.
  • Mazen Gamal Mesbah @MazenGamal - www.facebook.com/love.rasolallh: Reported persistent XSS.
  • MD Abdul Salam: Reported XSS vulnerability.
  • Md. Nur A Alam Dipu - fb.com/nuraalam.dipu2 - Reported XSS vulnerabilities.
  • Md Sameull Soykot - @S0yk0t / fb.com/remixx.soykot - Reported XSS vulnerabilities.
  • Mehdi Elyassa - www.twitter.com/kalimer0x00 - Reported RCE and Privilege Escalation, reported Remote Code Execution
  • Mehedi Hasan Remon - twitter.com/remonsec - Reported Information Disclosure.
  • Mehmet Can GÜNEŞ twitter.com/mehmetcangunes - Reported Open Redirect.
  • Mehtab Zafar https://twitter.com/0xmzfr - Reported Cross-site scripting (XSS) und Editace a čtení dat jiných uživatelů.
  • Mehul Bharat Lunagariya - TWITTER: https://twitter.com/Mrrain_1996 and LinkedIn: https://www.linkedin.com/in/mehul-lunagariya-bb5b29194/ - Reported clickjacking vulnerabilities.
  • Melardev (@melardev) - Reported Privilege escalation for server/application.
  • Memon_Aya_Tha - Reported Information Disclosure.
  • memon_chodpray - Reported Data manipulation.
  • Merlin Mayr - Reported XSS-Flaw.
  • Mert Daş linkedin.com/in/mertdas - Reported Privilege escalation for server/application.
  • Mexey Million - www.twitter.com/MexKretschmer: Reported XSS vulnerabilities.
  • Michael Schwarz - @bidde: Reported XSS vulnerabilities.
  • Miguel Corral - https://twitter.com/mcorral74 - Reported Information Disclosure.
  • MIHIR MISTRY - mdmmistry@ymail.com: Reported XSS vulnerabilities.
  • Milan Kyselica - Twitter: https://twitter.com/milan_kyselica  - Reported XSS and open redirect vulnerabilities.
  • Missoum SAID - https://twitter.com/missoum1307: Reported XSS vulnerabilities.
  • Missoum SAID - @gmail.com - Reported outdated Telekom DNS-entry pointing to an external, vulnerable site.
  • Missoum SAID - http:// missoum1307.blogspot.com – Reported vulnerable Drupal implementation
  • Mitulkumar Soni - HACKSTOCk: Reported XSS vulnerability.
  • MOGWAI LABS GmbH - Reportes SQLi vulnerabilities.
  • Mohamed Abdelfatah - https://www.facebook.com/X.Vector1 / https://github.com/X-Vector - Reported multiple (reflected) XSS vulnerabilities.
  • Mohamed Aborehab - https://twitter.com/MOOHAM33D - Reported Missing rate limit vulnerabilities.
  • Mohamed Dief https://twitter.com/DemoniaSlash - Reported Information Disclosure/ Reported CRLF injection vulnerabilities.
  • Mohamed Elbadry - https://twitter.com/_melbadry9 / https://linkedin.com/in/melbadry9 - Reported CRLF Injection / Cross-site scripting (XSS) to the list of reported vulnerabilities.
  • Mohammed Abdelbaset Elnoby - @SymbianSyMoh (W3Pwn.com): Information disclosure, Multiple XSS vulnerabilities.
  • Mohammed Ahmed Nassar - FB.COM/Mohammed.Ahmed.Nassar: Reported XSS vulnerabilities.
  • Mohamed Elsayed Maati - @MSM_1sT: Reported XSS vulnerability.
  • Mohamed Ragab - www.facebook.com/mohammed.ragab.562 - Reported XSS (Reflected) vulnerabilities.
  • Mohammed F. Al-Barbari - https://twitter.com/m4dm0e - Reported Cross-site scripting (XSS), Cross-site request forgery (CSRF).
  • Mohammed Fayez Albanna - www.facebook.com/bana2313: Reported XSS vulnerabilities.
  • Mohammed Israil - https://twitter.com/mdisrail2468: Reported Access Policy Misconfiguration.
  • Mohammed Kamal Darwish (Algorithmic) - https://mkalgorithmic.blogspot.com/ - facebook.com/Mohammed.Kamal.Darwish - Reported unsecured communication and Information Disclosure.
  • Mohammed Magdi Shafig https://twitter.com/mohammedmagdi77 https://www.facebook.com/mohammedmagdishafig smartech.sd - Reported Information Disclosure.
  • Mohammed Mido - https://www.facebook.com/Mr.notron - Missing rate limit
  • Mohammed Shine - https://twitter.com/mohammedshine8 - Reported Host Header Injection.
  • Mohammed Yasin https://twitter.com/DeogoYasin - Reported Broken Access Control.
  • Mohamed Sakr - facebook.com/X3rrOR - Reported XSS (Reflected) vulnerabilities.
  • Mohamed R. Serwah - @serwazzito0 - Reported Stored XSS and Reflected XSS vulnerabilities / Reported Cross-site scripting (XSS).
  • @mohammadhdg1 web: https://infogazine.com - Reported SSL Poodle vulnerabilities.
  • Mohd Asif Khan - linkedin.com/in/mohd-asif-khan-✪-5228a9179 - Reported Security misconfiguration.
  • Mohit Sahu - @mohitnitrr: Reported Content Spoofing.
  • Mohsin Khan https://twitter.com/mokhansec - Reported Information Disclosure.
  • Monendra Sahu - indishell: Reported Content Spoofing.
  • Mr.AnonDeek (Abedalrahman aldeek) - facebook.com/Mr.AnonDeek - Reported XSS (Reflected) vulnerabilities and CSRF vulnerabilities.
  • Mr.AnonDeek (Abedalrahman aldeek) - http://www.facebook.com/Mr.AnonDeek - Reported Missing rate limit vulnerabilities.
  • msion - msion@foxmail.com - Reported Cross-site scripting (XSS).
  • Muhammad Afaq Abid- https://www.linkedin.com/in/afaq/ - Reported Information Disclosure.
  • Muhammad Billadilathof - facebook.com/ToflaXploit - Reported Cross-site scripting (XSS).
  • Muhammad Julfikar Hyder https://thejulfikar.xyz - Reported Information Disclosure.
  • Muhammed Sadettin KARATAŞ - Reported Information Disclosure and Cross Site Scripting.
  • Muhammed Shahmeer (Maads Security) - https://www.facebook.com/Shahmeer.1994: Reported XSS vulnerabilities.
  • Muskan Shaikh - https://www.linkedin.com/in/muskan-shaikh-a77b801b2 - Reported Security misconfiguration.
  • Mustafa Can IPEKCI - nukedx.com - Reported Subdomain Takeover vulnerability.
  • Mustafa Diaa - @c0braBaghdad1 - Reported XML-RPC, Information disclosure, SSTI, SSL/TLS Authentication Gap, Local File Disclosure and Source Code Disclosure vulnerabilities and also usage of outdated and vulnerable software, Insecure Certificates, Configuration Files Disclosure, Cross-Site Tracing (XST) and Full Path Disclosure/ Reported Information Disclosure vulnerabilities.
  • Muzaffer Satiroglu:  https://www.linkedin.com/in/muzaffer-satiroglu-8558541a5 - Reported Broken Authentication.

N

  • Naman shah - https://www.twitter.com/naman_1910 - Reported Broken Access Control / Reported HTTP header vulnerabilities.
  • Name – snop. – rabbitz.org: Reported XSS vulnerabilities.
  • Naresh Chowdary, twitter.com/knc331 - Reported Privilege escalation for server/application.
  • Nayab keshodwala - : https://www.linkedin.com/in/nayab-keshodwala-994b1198 – Reported an XSS vulnerability
  • N B Sri Harsha - nbsriharsha.blogspot.in: Content Spoofing Bug.
  • Nehal Pillai - https://www.linkedin.com/in/nehal-pillai-02a854172 - Reported Security misconfiguration.
  • Nick Kelley - Reported Full Path Disclosure vulnerability.
  • Nicolas Thumann - n-thumann.de / @n_thumann - Bypassing two Captchas / Enumeration Attack / Reported Access Policy Misconfiguration / Reported Open Redirect / Reported XSS (Reflected) vulnerabilities / Reported multiple instances of Sensitive Information Disclosure /reported information, open redirect vulnerability/ disclosure vulnerability and other vulnerabilities /reported Insufficient Access Control, Information Disclosure, XSS, Account Existence Check / Host Header Injection and DoS Attack / DOM-XSS via File Input / Cross-site scripting (XSS) / Domain Ownership Validation Bypass /Reported Open Redirect vulnerabilities.
  • Nikhil Kumar - https://in.linkedin.com/in/nikhil-kumar-4b9443166: Open Redirect / Reported Information Disclosure.
  • Nikola Kojic - http://ras-it.rs/ -  Reported Open Redirect and XSS vulnerabilities.
  • Nipun Somani (twitter: https://twitter.com/nipunsomani) - Reported possible Privilege Escalation.
  • Nitin Santosh Gavhane - twitter.com/Nitin34627556?s=09 - linkedin.com/in/nitin-gavhane-949b69179 - Missing rate limit.
  • Noth (沈彧璿) - zxc7528064@gmail.com - Reported Cross-site scripting (XSS).
  • Nurullah Demir – ndemir.com - Reported XSS vulnerabilities.

O

  • Olivier beg - www.olivierbeg.nl: Reported XSS vulnerabilities.
  • Omar Badraan - omarmohamedsc.github.io - Reported CSRF vulnerabilities.
  • Omar ElSayed - fb.me/bxrr23 - Reported Missing rate limit, Security misconfiguration, Other, User Enumeration, Server-side request forgery (SSRF), Cross-site request forgery (CSRF), Cross-site scripting (XSS), Reported Privilege escalation for server/application / Reported Security misconfiguration / Reported Information Disclosure and Open Redirect vulnerabilities / Reported Information Disclosure vulnerabilities.
  • ome_mishra - Reported Remote Code Execution (RCE).
  • Omur UGUR - omurugur.com - Reported DOM-based XSS vulnerability.
  • Osama Ansari - www.twitter.com/ansariosama10: Reported DOM Based XSS vulnerability.
  • Osama Khan - facebook.com/KhanOsama775 - Reported Cross-site request forgery (CSRF).
  • Osanda Malith Jayathissa - @OsandaMalith: Reported vulnerable version of software.
  • Owais Mehtab - https://twitter.com/kc_8002: Reported Captcha Bypass vulnerabilities.

P

  • Pablo Santiago - https://www.linkedin.com/in/pablo-s-385647163/ - Reported Missing rate limit / Reported HTTP header.
  • pallab jyoti borah https://www.linkedin.com/in/pallab-jyoti-borah-20874a181 - Reported Cross-site request forgery (CSRF).
  • Paras Pilani - @cool_paras: Reported XSS vulnerability.
  • Parshwa Bhavsar - twitter.com/parshwa_bhavsar?s=08 - Reported HTTP header.
  • Parth Shukla https://www.linkedin.com/in/parthshu18 - Reported Information Disclosure.
  • Pascal Zenker - https://parzelsec.de - @parzel2 - Reported RCE and SSRF vulnerabilities.
  • Parveen Yadav: Reported XSS vulnerability.
  • Patrik Fehrenbach - IT-Securityguard.com @itsecurityguard: Reported XSS vulnerabilities.
  • Patrick Davidson Tremblay https://www.linkedin.com/in/patrick-davidson-tremblay/- Reported Default login.
  •  Patrick Lang - linkedin.com/in/patrick-lang-707809147 - Reported Security misconfiguration.
  • Paul Seekamp - www.linkedin.com/in/paulseekamp: Reported XSS vulnerability.
  • Paweł Hałdrzyński: Reflected XSS.
  • Peter Jaric - @peterjaric (javahacker.com): Reported XSS vulnerability.
  • Philippe Delteil @philippedelteil- Reported Possible DoS Attack.
  • Piyush P - linkedin.com/in/piyush-p-1b8a2312b - Reported Cross-site scripting (XSS).
  • Pritam Dash - https://www.linkedin.com/in/pritam-dash-116931171/ - Reported Information Disclosure, Security Misconfiguration, User Enumeration.
  • Pobereznicenco Dan - danyweb09 - rstforums.com - Reflected XSS.
  • Pradeep Jairamani: Reported security vulnerabilities.
  • Prajit Sindhkar (SAPT) https://www.linkedin.com/in/prajit-sindhkar-3563b71a6/ - Reported Information Disclosure.
  • Prakash Dhatti - https://www.linkedin.com/in/prakash-dhatti-53201167/  - Reported CORS vulnerabilities.
  • Pralhad Chaskar - @c0d3xpl0it: Reported Clickjacking Attack and XSS vulnerability.
  • Pramod.P Sargar - linkedin.com/in/impramodsargar - twitter.com/impramodsargar - Reported Clickjacking.
  • Prashant Rajput - fb.com/HACKDIVE RMAR Technologies Pvt. Ltd: (www.rmar.in): Reflected XSS.
  • Praveen N Air & Simone Memoli (Simon90_Italy): Reported XSS vulnerability.
  • Pranjal Singhal - https://www.facebook.com/pranj.4.u - Reported XSS vulnerabilities.
  • Prashant Khare - https://www.linkedin.com/in/prashantkhare001- Reported Content Injection vulnerabilities.
  • Prathamesh Joshi - https://twitter.com/@pr4th4m_joshi - Reported XSS vulnerabilities.
  • Prem Kumar - @iAmPr3m
  • Pritam Mukherjee - linkedin.com/in/pritam-mukherjee-urvil-b75ab9b9 - Reported Missing rate limit.
  • Priyank - fb.com/priyank3126 RMAR Technologies Pvt. Ltd: (www.rmar.in): Reflected XSS.
  • Priyanshu Upadhyay - linkedin.com/in/priyanshu-upadhyay - Reported Unsecured communication.
  • proabiral - https://twitter.com/proabiral- Reported Remote Code Execution (RCE).
  • Pulkit Pandey - twitter.com/pulkitpandey92 - Reported Privilege escalation for server/application.
  • Paul Seekamp - @nullenc0de - Reported Cross-site scripting (XSS).

Q

R

  • Rafael Fedler - https://www.linkedin.com/in/rafaelfedler- Reported open-redirect vulnerability.
  • Raghav sharma @Recon - Reported XSS vulnerabilities.
  • Rahul Parmar - linkedin.com/in/rahul-parmar31 - Reported Missing rate limit / Reported Clickjacking / Reported Cross-site scripting (XSS).
  • Rahul Raj-@rahulr0cks Reported xss vulnerabilities
  • Rahul Singh: Sqil & Path Disclosure.
  • Rahulvenati: Reported XSS vulnerability.
  • Raj Sukali - twitter.com/NoTty_rAj: Reflected XSS.
  • Raja Ahtisham - https://www.facebook.com/profile.php?id=100009347250717 - Reported Hyperlink Injection vulnerabilities.
  • Rajesh Mondal - facebook.com/r4j3sh
  • Rajnish Kumar Gupta - linkedin.com/in/geekyrajnish - Reported Clickjacking.
  • Rakesh Singh & Harish kumar & Sandeep Sodhi - https://twitter.com/zerodayguys: Reported HTTP header injection vulnerability
  • Raman Gupta - http://in.linkedin.com/pub/raman-gupta/27/66/2a0: Reported Internal Stack trace disclosure vulnerabilities.
  • Rashed Hasan – LinkedIn: https://www.linkedin.com/in/rashedhasan00 Twitter: https://twitter.com/rashed_hasan00 - Reported XSS vulnerabilities.
  • RAVI ASHOK PRAJAPATI - https://twitter.com/raviakp1004 https://www.linkedin.com/in/ravi-prajapati-346b15190 - Reported Cross-site scripting (XSS).
  • Ravi Pavan - linkedin.com/in/contact-pavan - Reported Information Disclosure.
  • Ravi Singh: Reported XSS vulnerability.
  • Ravinsta Antony - Reported Information Disclosure.
  • Ravikumar Paghdal - @_RaviRamesh: Reported Open Redirection.
  • Reinal Shetty - Reported outdated softeware.
  • Rémy Marot - https://twitter.com/r_marot - Reported RCE.
  • rez0 https://twitter.com/rez0__ - Reported Information Disclosure.
  • Riadh Benlamine - https://www.linkedin.com/in/riadh-benlamine-a35106189 / www.facebook.com/riadhbenlamineg - Reported Clickjacking vulnerabilities / Reported Cross-site request forgery (CSRF).
  • Ridoy Khan - Reported Clickjacking.
  • Rihana Shaikh - Website: www.extremehacking.org - Reported several clickjacking vulnerabilities.
  • Rishal Dwivedi - fb.com/rishaldwivedi, @rishaldwivedi & Manjot singh - @Manjotsinghg8: Reported xss vulnerabilities.
  • RITAJ SHARMA - linkedin.com/in/ritaj-sharma-578997199 - Reported Clickjacking.
  • Ritik Chaddha - twitter.com/RitikChaddha - Reported several User Enumeration; Information Disclosure 
  • Ritwick Dadhich - linkedin.com/in/ritwickdadhich -ritwick-dadhich.github.io/profile - Reported Security misconfiguration.
  • Robert Kugler - robert.kugler10@gmail.com - Reported OpenRedirect vulnerability.
  • Robin Descamps - https://www.linkedin.com/in/robindescamps- Reported Broken Authentication.
  • Rodolfo Godalle, Jr. - fb.com/junior.ns1de: Reported XSS vulnerability.
  • Rody Shahnazarian https://twitter.com/komradz86 - Reported Cross-site scripting (XSS).
  • Rohan Kulkarni - https://www.linkedin.com/in/rohan-kulkarni-6a073979/ - Reported Denial of Service vulnerability.
  • ROHIT SHARMA - linkedin.com/in/rohit-sharma-1386bb1bb - Reported Cross-site scripting (XSS).
  • Ronak Nahar - Reported Information Disclosure.
  • Roy Jansen - https://www.facebook.com/RoyJansen01 - Reported Open Redirect vulnerability.
  • rskvp93 (Viettel Cyber Security) - http://vnprogramming.com - https://twitter.com/rskvp93 - Reported RCE Injection.
  • Rudra16 twitter.com/rudra16t - Reported Information Disclosure.
  • Rudra Karn - @rudra11346926 - Reported Information Disclosure.
  • Rupesh Tanaji Kokare - https://www.linkedin.com/in/rupesh-kokare-b63a78145/ - Reported Clickjacking vulnerabilities.

S

  • S. Venkatesh (Shadow force), Sen Haxor, Rahul Singh(rmar.in), Manoj(Sneaker): SSL ciphers.
  • Sachin Rajput - fb.com/schngahlaut  RMAR Technologies Pvt. Ltd. (www.rmar.in): Reflected XSS.
  • SADDAM HUSSAIN - https://twitter.com/wisdomfreak1 - Reported Information Disclosure.
  • Sadegh Ahmadzadegan: Blind SQL injection.
  • SAFA Ayoub - Twitter: @SafaAyoub - Reported information disclosure, RCE and SQLI vulnerabilities.
  • Sahil Saif - @bewithsahilsaif: Clickjacking vulnerability.
  • Sahil Sehgal - @xXSehgalXx - breakingmesh.blogspot.com: Reported Information Disclosure Vulnerability.
  • Sajal Verma - https://www.facebook.com/sajalpentest: Reported information disclosure vulnerability
  • Sajith Shetty: Reported Clickjacking und Path Disclosure vulnerabilities.
  • Sattar Jabbar - https://www.facebook.com/vipexploiter - Reported Local File Disclosure vulnerabilities.
  • Samet Şahin - https://twitter.com/F4LCONE_/ https://www.linkedin.com/in/sametsahinn/- Reported XSS vulnerabilities.
  • Sánchez Garcés - http://enelpc.com - @enelpc: Reported xss vulnerabilities.
  • Sandip Oli https://www.linkedin.com/in/sandip-olee/ https://www.facebook.com/sandip.olee - Reported Information Disclosure and Open Redirect vulnerabilities.
  • Saphal Karki (kira) - twitter.com/k1ra__ - Reported Server-side request forgery (SSRF).
  • Saravana Kumar V - URL: http://linkedin.com/in/06saravana - Reported an Information Disclosure vulnerability.
  • Sardarescu Louis Aurel - https://www.facebook.com/sardarescu.louisaurel.7 - Reported Self-XSS vulnerabilities.
  • Sasi Levi @ Sasi 2103 - Reported XSS vulnerabilities.
  • Satheesh Raj - https://www.facebook.com/UaA3ks1: Reported XSS vulnerability.
  • Satish Bommisetty - http://www.securitylearn.net: Reported missing X-Frame-Options.
  • Satyasys Tech Private Limited - satyasys.com - Reported Broken Authentication.
  • Satyendra Prajapati - @satty032 - https://twitter.com/satty032: Reported IFrame Injection and XSS vulnerabilities.
  • Saurabh Siddharam Sanmane - https://twitter.com/@saurabhsanmane2 - Reported improper session handling vulnerabilities.
  • Saurabh Saxena - Reported XSS vulnerabilities.
  • Sebastian Feldmann - Reported HTML Injection.
  • Sebastian Neef - it-solutions-neef.de: Reported XSS vulnerabilities.
  • Sebastian Neef and Tim Schäfers - @internetwache (www.internetwache.org): Reported SQL Injection and XSS vulnerabilities.
  • SecuNinja - http://twitter.com/secuninja - Reported XSS vulnerabilities/ Reported XSS vulnerabilities and misconfiguration of webservers / Reported XSS (Reflected) vulnerabilities.
  • Sergio Galán aka NaxoneZ - @NaxoneZ: Reported XST vulnerabilities.
  • @serWazito0 - Reported Cross-site scripting (XSS).
  • Shady Gamal - https://twitter.com/5hady_- Reported RCE Injection.
  • Shaikh Yaser Arafat - Twitter.com/yaser_s - Reported Access Policy Misconfiguration.
  • Shaikh Yaser Arafat - https://linkedin.com/in/shaikhyaserarafat/ - Reported default credentials.
  • Shaikh Yaser Arafat - https://twitter.com/yaser_s - https://www.linkedin.com/in/shaikhyaserarafat/ - Critical Information Disclosure.
  • Shaikh Yaser Arafat - https://twitter.com/yaser_s - https://www.linkedin.com/in/shaikhyaserarafat/ - SubDomain Takeover
  • Shaikh Yaser Arafat - twitter.com/yaser_s - Reported default credentials.
  • Shailabh Singh - fb.com/shailabh2 RMAR Technologies Pvt. Ltd. (www.rmar.in): Reflected XSS.
  • Shailesh kumavat https://hackerone.com/0x240x23elu https://twitter.com/0x240x23elu - Reported Information Disclosure.
  • Shashank Dixit - Reported a misconfiguration.
  • Shaun Budding - https://twitter.com/pudsec - Reported Information Disclosure.
  • Shay ben tikva - WEB/LINKEDIN/TWITTER/FB - Reported Information Disclosure.
  • Sherin Panikar - Kerala Cyber Squad-India: Reported vulnerabilities.
  • Shesha Sai C - http://linkedin.com/in/shesha-sai-c-18585b125 - Reported Information Disclosure and Open Redirect.
  • Shivam Kamboj Dattana - https://twitter.com/sechunt3r | https://www.linkedin.com/in/sechunt3r/ - Reported broken authentication mechanism.
  • Shivam Pravin Khambe - linkedin.com/in/shivam-khambe-9a982b180/ - https://twitter.com/ShivaRa42316756 - Reported Host header injection.
  • Shivang Trivedi  https://www.linkedin.com/in/shivang-trivedi-a149b2190/ - Reported Remote Code Execution (RCE).
  • Shobhit Gautam: Authentication issues.
  • Shpend Kurtishaj - @shpendk: Open redirect.
  • Shrikant Antre - @shrikant_hell: Reported Clickjacking Attack.
  • Shubham Garg - twitter.com/nullb0t - Reported Information Disclosure.
  • Shubham Singh Jijania, kush_kira, kushkira, Paypal.me/kushkira - Reported Possible DoS Attack.
  • Shwetabh Suman - @SHWETABHSUMAN11/ https://www.facebook.com/profile.php?id=100011024580051 - Reported CSP bypass vulnerability.
  • Sibusiso Sishi https://twitter.com/sibusisosishi - Reported Information Disclosure.
  • Simon Bräuer - @redshark1802: Reported SQL Injection, RCEs, XSS, auth bypass, Clickjacking and Information Disclosure vulnerabilities.
  • Simone Memoli twitter.com/Simon90_Italy: Reflected XSS.
  • Sireesha: Reported XSS vulnerability.
  • Spyridon Chatzimichail - https://gr.linkedin.com/in/spyridon-chatzimichail-07467928 - Reported XSS Vulnerabilities.
  • Srikar V https://linkedin.com/in/exp1o1t9r exp1o1t9r.com - Reported Information Disclosure.
  • Sriram Naidu: Reported XSS vulnerability.
  • Stefan Schurtz – www.darksecurity.de : Reported XSS vulnerabilities.
  • Steven - https://twitter.com/keritzy - Reported XSS vulnerabilities.
  • subhasish mukherjee https://www.linkedin.com/in/subhasish-mukherjee-40208b29/ - Reported Other.
  • Sudhir Gaikwad - http://facebook.com/suhas00001: Reported XSS vulnerabilities.
  • Suhas Sunil Gaikwad - https://fb.me/suhas00001: Reported XSS vulnerabilities.
  • Sumit Grover - twitter.com/sumgr0 - Reported Subdomain takeover.
  • Sumit Sahoo - www.facebook.com/54H00: Reported XSS und Path Disclosure vulnerabilities.
  • Sunil Modi: Reported Logout CSRF (Cross Site Request Forgery) vulnerabilities.
  • Suresh Nadar - https://twitter.com/snadar73 - Reported Cross-site scripting (XSS).
  • surg4bij4k - https://webpentester.com/ - Reported SQL injection.
  • Suyash Bavalekar - https://bugcrowd.com/Suyash_777 - Reported Clickjacking vulnerabilities.
  • Suyog Palav (S.P.) - facebook.com/suyog.palav & linkedin.com/in/suyog-palav - Reported security mechanism bypass.
  • Sven Morgenroth - @asdizzle_ http://asdizzle.com/ - Reported XSS vulnerabilities.
  • Swapneil Kumar Dash - https://in.linkedin.com/in/swapneil-dash-7256a5b0 - Cross Site Scripting.
  • Swapnil A. Thaware - @swapnilthaware: Reported CSRF and Clickjacking vulnerabilities.

T

  • Tameem Khalid– https://www.linkedin.com/in/tameem-khalid-641a4b192/ - Vulnerability Disclosure
  • Tarun Mahour - https://twitter.com/sratarun?s=09 / https://www.facebook.com/tarunhacks - Reported XSS vulnerabilities.
  • T4 - http://twitter.com/llt4l - Reported multiple vulnerabilities.
  • Taufique Azad - taufique@indianhans.org (www.facebook.com/tauazad): Reflected XSS.
  • Tcaciuc Bogdan Vasile - https://twitter.com/xenonxesece - Reported XSS vulnerabilities.
  • Tejash Patel - @tejash1991: Open Redirect.
  • Teemu Kääriäinen - https://www.nixu.com - Reported Remote Code Execution vulnerabilities.
  • Th. Michael Eißele: Multiple XSS vulnerability.
  • Thierno Diop  - Reported outdated and vulnerable software.
  • Tijo Davis - https://www.linkedin.com/in/tijo-davis-a906a7141 - Reported Clickjacking, Host Header Injection, HTTP connection, Session Management misconfiguration, XML-RPC vulnerabilities and CSRF vulnerabilities.
  • Tim Philipp Schäfers - IT Consulting Schäfers: Reported XSS vulnerabilities.
  • Tim Wranik - IT-EXPERT - tw@it-expert.de - Reported multiple VoIP Phone firmware vulnerabilities.
  • Timo Lins - www.timolins.at: Reported XSS vulnerabilities.
  • Tobias Holl - https://tholl.xyz/ - Reported Cross-site request forgery (CSRF), Broken Authentication, Remote Code Execution (RCE).
  • Tobias Lins - @tobiaslin5: Reported XSS vulnerabilities.
  • Tomas Labuda (Tomas.Labud@gmail.com): Reported SQL injection.
  • Tushar Rajhans Kumbhare: Reported XSS vulnerability.
  • Tushar Sharma - https://www.linkedin.com/in/tushar-sharma-700657139/ - Reported Text Injection vulnerabilities.
  • Tusuubira Emmanuel (kenjoe41) - twitter.com/kenjoe41 - Reported Information Disclosure.

U

  • Udhaya Prakash - https://www.facebook.com/udhayaprakash.isro, https://www.linkedin.com/in/udhayaisro  - Reported RCE.
  • Umraz Ahmed - www.twitter.com/umrazahmed: Reported XSS vulnerabilities.
  • un_kn0wn - twitter.com/W3ld35u5W - Reported Information Disclosure.

V

  • Vaibhav Khatke-  https://in.linkedin.com/in/javaibs- Reported HTML Injection.
  • Vaibhav Lakhani - twitter.com/vlakhani28 - linkedin.com/in/vaibhav-lakhani - Reported Clickjacking, cross-site scripting (XSS) and security misconfiguration / Reported Information Disclosure and Data manipulation / Reported Broken Access Control / Reported Information Disclosure / Reported User Enumeration / Reported User Enumeration.
  • Vaibhav Nitin Gaikwad - linkedin.com/in/vaibhav-gaikwad-55071b152 - Reported Information Disclosure.
  • Varun Kakumani - Internshala.
  • Vasil A. - https://twitter.com/flexxpoint: Reflected XSS.
  • Vasim Shaikh - https://www.linkedin.com/in/vasim-shaikh-094507110 - https://twitter.com/Vasimsk49 - Reported multiple vulnerabilities.
  • Vasu Deva: Reported Full Path Disclosure vulnerabilities.
  • Vedachala - @vedachalaka: Reported clickjacking vulnerability.
  • Vedachala & Ajay Negi: Reported XSS vulnerability.
  • VEDHA PRAKASH ACHARY TALLOJU - @iamvedhaprakash - Reported Clickjacking vulnerabilities.
  • Veli-Pekka Vainio: Reported XSS vulnerability.
  • Venkata Sateesh Netti - https://twitter.com/str4n63r - Reported Other.
  • Venkateswara Reddy Yaruva & Abhijeth D - Reported XSS vulnerabilities.
  • Venugopal Thotakura - @venugopalt: Reported XSS vulnerability.
  • Vikas Arora - fb.com/vicky.arora.756412 RMAR Technologies Pvt. Ltd: (www.rmar.in): Reflected XSS.
  • Vikash Chaudhary - URL: www.hackersera.in- Reported XSS vulnerabilities.
  • Vikas ShivChandra Yadav - Twitter: @iamvikasyadav: Reported clickjacking vulnerabilities.
  • Vikas Srivastava, India - linkedin.com/in/007vikaxh - twitter.com/007vikaxh - Reported Information Disclosure
  • Vinayak Chaturvedi - linkedin.com/in/vinayak-chaturvedi-348b071a1 - Reported Clickjacking.
  • Vindhyachala: CSS.
  • Vineet Kumar - https://bughunter.withgoogle.com/profile/80ae25f5-877d-4402-94e8-7902cacdb4b9 - Reported incorrect DNS entries.
  • Vinesh N. Redkar - @b0rn2pwn AVsecurity.in: Open Redirect, Click Jacking.
  • Vinod Tiwari - @war_crack: Reported clickjacking vulnerability.
  • Vinod Tiwari & Sumit Shinde: Reported ClickJacking and CSRF vulnerabilities.
  • Vinod Tiwari & Himanshu Thakur: Reported XSS vulnerabilities.
  • Virang (imwaiting18) - linkedin.com/in/rajyaguruvirang - Reported Information Disclosure.
  • Vishnu Raghav - https://www.linkedin.com/in/vishnu-raghav-783162171 - Reported Open Redirect.

W

  • Wai Yan Aung – @waiyanaun9: Reported IP-address disclosure
  • Wan Ikram (@rinakikun): Content Spoofing & URL Redirection.
  • Wang Jing - http://tetraph.com/wangjing/ - @justqdjing: Reported open redirect vulnerabilities.
  • Waqeeh Ul Hasan - Twitter: @dowaqeeh: xss vulnerabilities.
  • Wasi Qazi: Reported XSS vulnerability.
  • Web Security Geeks, Narendra Bhati (R00t Sh3ll) - @NarendraBhatiB: Reported directory listing vulnerability.
  • Wen Bin Kong - @kongwenbin / https://www.linkedin.com/in/kongwenbin - Reported XSS vulnerabilities.
  • Whitesector from Serbia - URL: https://whitesector.wordpress.com, Twitter: https://twitter.com/DistrictWhit3 - Reported an open redirect vulnerability.
  • WSecure - We Secure IT - http://www.wsecure.de - Reported> XSS/MiTM/HSTS/CSP
  • wtm - http://offensi.com - Reported directory listing / information disclosure vulnerabilities.

X

  •  

Y

  • Yaranis Fonseca - @GordonShomway01: Reported XSS vulnerabilities.
  • Yash Pandya - www.facebook.com/yash.hacking: Reported XSS vulnerabilities and Information Disclosure.
  • Yasir Altaf Zargar Website - www.cybercoderss.blogspot.com: Reported XSS vulnerabilities.
  • Yasser Janah https://www.linkedin.com/in/yasserjanah/- Reported Remote Code Execution (RCE).
  • Yogeesh Seralathan - @y0g1337h: Reported XSS vulnerabilities.
  • Yogesh Modi - facebook.com/mistercracker: CSRF.
  • Youssef ABYAA - https://twitter.com/josef0x - Reported Open Redirect vulnerabilities.
  • Youssef Ahmed (yghonem) - https://www.facebook.com/yghonem14 - Reported Missing rate limit vulnerabilities.
  • Youssef A. Mohamed - generaleg0x01.com - Reported Arbitrary File Upload.
  • Y. Srikanth - entersoft.co.in: Reflected XSS.
  • Yuji Kosuga - @yujikosuga: Reported XSS vulnerability.
  • Yunus AYDIN https://twitter.com/aydinnyunuss - Reported Information Disclosure / Reported SQL Injection.
  • Yunus YILMAZ - https://twitter.com/ynsy34 - Reported XSS (Reflected) vulnerabilities / Reported Open Redirect / Reported Security misconfiguration.

Z

  • Zachary S. Stashis @Nu11ifidian https://redseersecurity.com/  https://www.linkedin.com/in/zacharysstashis/ - Reported Information Disclosure and Open Redirect vulnerabilities.
  • Zakaria Amous - https://www.linkedin.com/in/zamous - Reported XSS vulnerabilities.
  • Zehra Karabiber - https://twitter.com/ezehrakarabiber -  Reported XSS Vulnerability.
  • Zeyad Azima https://www.linkedin.com/in/zeyad-abdelazim-1357911a7/ - Reported Cross-site request forgery (CSRF).
  • Zhenwarx - Twitter.com/ZhenwarX - Reported Information Disclosure; Open Redirect.
  • Zin Min Phyo facebook.com/zinminphy0 - Reported Clickjacking.
  • Zoltan Panczel - https://twitter.com/SilentSignalHU - Reported XXE and File Inclusion vulnerabilities.
FAQ