| 5080 | AWS S3 bucket misconfiguration - Paytm |
AWS misconfiguration |
Paytm |
Tutorgeeks (@tutorgeeks) |
Bug Bounty | 2017-04-18 | 2023-06-13 |
| 4642 | Misconfigured JIRA setting - Apigee |
Information disclosure |
Google
Atlassian |
Tutorgeeks |
Bug Bounty | 2018-08-10 | 2023-06-13 |
| 4137 | Security assessment on the staging domains |
Missing authentication |
NA |
Tutorgeeks (@tutorgeeks) |
Bug Bounty | 2019-05-24 | 2023-06-13 |
| 3990 | BugBounty WriteUp — Creative thinking is our everything (Race Condition + Business Logic Error) |
Race condition
Logic flaw |
NA |
Oleksandr Opanasiuk (@Lekssik2) |
Bug Bounty | 2019-08-05 | 2023-06-13 |
| 3975 | BugBounty WriteUp — take attention and get Stored XSS |
Stored XSS |
NA |
Oleksandr Opanasiuk (@Lekssik2) |
Bug Bounty | 2019-08-14 | 2023-06-13 |
| 3904 | Broken Link Hijacking - s3 buckets |
Broken link hijacking |
Google |
Tutorgeeks (@tutorgeeks) |
Bug Bounty | 2019-09-22 | 2023-06-13 |
| 3852 | XSS will never die |
XSS |
NA |
Oleksandr Opanasiuk (@Lekssik2) |
Bug Bounty | 2019-11-02 | 2023-06-13 |
| 2906 | Guest Blog Post: Leaking silhouettes of cross-origin images |
Side-channel information leakage
Browser hacking |
Mozilla
Google (Chrome) |
Aleksejs Popovs (@aleksejspopovs) |
Bug Bounty | 2021-01-11 | 2023-06-13 |
| 2517 | Metadata service MITM allows root privilege escalation (EKS / GKE) |
Kubernetes
Privilege escalation
MiTM |
Google |
Etienne Champetier / champtar |
Bug Bounty | 2021-05-30 | 2023-06-13 |
| 2491 | Second Order Race Condition |
Race condition |
NA |
Prasoon Gupta (@0xdekster) |
Bug Bounty | 2021-06-10 | 2023-06-13 |
| 2490 | Two weeks of securing Samsung devices: Part 1 |
Arbitrary file write
Insecure intent
Android |
Samsung |
Oversecured (@OversecuredInc) |
Bug Bounty | 2021-06-10 | 2023-06-13 |
| 2318 | Two weeks of securing Samsung devices: Part 2 |
Arbitrary file write
Arbitrary file read
Vulnerable Android content provider
Android |
Samsung |
Oversecured (@OversecuredInc) |
Bug Bounty | 2021-08-16 | 2023-06-13 |
| 1300 | Researching Open Source apps for XSS to RCE flaws |
XSS
RCE |
NA |
Aleksey Solovev |
Bug Bounty | 2022-07-28 | 2023-06-13 |
| 544 | MyBB <= 1.8.31: Remote Code Execution Chain |
RCE
SQL injection
Stored XSS |
MyBB |
Aleksey Solovev |
Bug Bounty | 2023-01-25 | 2023-06-13 |
| 30 | AWS Chain Attack- Thousands of Vulnerable EKS Clusters |
AWS Kubernetes
EKS
Container escape
Security misconfiguration |
NA |
Chen Shiri (@ChenShiri73) |
Bug Bounty | 2023-06-04 | 2023-06-13 |
