Yasin Soliman

Yasin Soliman


I'm Yasin, a security analyst and researcher from the UK. This is my personal blog for sharing technical findings. I also write for Graham Cluley and Tripwire.

Yasin Soliman
Author

Share


Twitter


Advisories and acknowledgements

Yasin SolimanYasin Soliman

Advisories

Project maintainers have issued the following disclosures in response to specific remediated vulnerabilities of note.

Product/ServiceDisclosure DateIssue(s)CVE
GitLab (8.16.5)February 15th 2017Stored XSS via markup languagesN/A
GitLab (9.0.2)March 30th 2017Private group name disclosureN/A
GitLab (9.0.4)March 30th 2017Open redirect via importN/A

Acknowledgements

The following organisations have publicly* acknowledged my responsible disclosure and vulnerability research efforts. Follow my activities on HackerOne, Bugcrowd, and the Google VRP to keep updated with new findings.

Year (first recognised)Organisations
2016Ubiquiti Networks, General Motors, Hootsuite, Netflix, Instacart, Constant Contact, Xero, OwnCloud, Coursera, Shopify, GlassWire, Skyport Systems, and Legal Robot
2017GitHub, Recorded Future, Sourceforge, Uber, Automattic, Dell, AOL, Gogo, Sophos, Auto Trader, Envato, DigitalOcean, New Relic, Yahoo, Informatica Corporation, AT&T, Bosch, Etsy, Twitter, Mozilla (Firefox & Web Services), Algolia, Snapchat, Harvest, Plotly, Artsy, WordPress, and Google

*Recognition from invitation-only bug bounty engagements and private programs are not included in the list above.