Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
BugBountyHunter Membership
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles Aspen Program Statistics
9 total issues disclosed
$0 total paid publicly
Most disclosed (3 disclosures) — None supplied
Disclosed Reports
| Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
|---|---|---|---|---|
| Session does't get expired after changing the password in https://readthedocs.org | None supplied | kalyani64 | No rating | 2017-11-16 |
| Email Spoofing | Violation of Secure Design Principles | abartan | Low | 2017-11-09 |
| Information leakage on django.aspen.io | Information Disclosure | rey_7 | No rating | 2017-09-29 |
| client_secret Token disclosure | None supplied | yumi | No rating | 2017-09-28 |
| No Rate Limit (Leads to huge email flooding/email bombing) | Improper Access Control - Generic | saikiran-10099 | Medium | 2017-09-28 |
| Password reset token leak on third party website via Referer header | Violation of Secure Design Principles | akaash_pantherdefence | Medium | 2017-09-27 |
| Cross-origin resource sharing (CORS) | Improper Access Control - Generic | nn1 | None | 2017-09-27 |
| Server Path Disclosure | None supplied | krazyhack3r | No rating | 2017-09-27 |
| aspen | clickjacking | UI Redressing (Clickjacking) | punkit | Low | 2017-09-27 |