| 5165 | Critical LinkedIn vulnerability proactively resolved by Wallarm (XXE in application server) |
XXE |
LinkedIn |
Wallarm (@Wallarm)< |
Bug Bounty | 2016-06-10 | 2023-06-13 |
| 5113 | 0day writeup: XXE in uber.com |
XXE |
Uber |
- |
Bug Bounty | 2017-01-24 | 2023-06-13 |
| 5101 | From RSS to XXE: feed parsing on Hootsuite |
XSS
XXE |
Hootsuite |
Yasin Soliman (@SecurityYasin) |
Bug Bounty | 2017-02-17 | 2023-06-13 |
| 4977 | Multiple vulnerabilities in Oracle EBS |
SQL injection
XXE
XSS |
NA |
Shubham Gupta (@hackerspider1) |
Bug Bounty | 2017-09-19 | 2023-06-13 |
| 4917 | Bug Bounty: Fastmail |
Blind SSRF
Blind XXE |
Fastmail |
Brian Hyde (@0xHyde) |
Bug Bounty | 2017-12-08 | 2023-06-13 |
| 4731 | How I Found CVE-2018-8819: Out-of-Band (OOB) XXE in WebCTRL |
XXE |
NA |
Darrell Damstedt |
Bug Bounty | 2018-06-11 | 2023-06-13 |
| 4702 | CVE-2016-3473 |
XXE |
NA |
hateshape (@hateshaped) |
Bug Bounty | 2018-07-06 | 2023-06-13 |
| 4701 | CVE-2018-8819 |
XXE |
NA |
hateshape (@hateshaped) |
Bug Bounty | 2018-07-07 | 2023-06-13 |
| 4592 | XXE at Bol.com |
XXE |
Bol.com |
Jonathan Bouman (@JonathanBouman) |
Bug Bounty | 2018-09-11 | 2023-06-13 |
| 4546 | Blind XML External Entities Out-Of-Band Channel Vulnerability : PayPal Case Study |
Blind XXE |
Paypal |
Abdelmoughite Eljoaydi |
Bug Bounty | 2018-10-05 | 2023-06-13 |
| 4527 | XXE in IBM’s MaaS360 Platform |
XXE |
IBM |
Cody Wass |
Bug Bounty | 2018-10-16 | 2023-06-13 |
| 4516 | SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software |
XXE |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2018-10-24 | 2023-06-13 |
| 4479 | OOB XXE in PrizmDoc (CVE-2018–15805) |
OOB XXE |
PrizmDoc |
Nik srivastava |
Bug Bounty | 2018-11-13 | 2023-06-13 |
| 4458 | An interesting XXE in SAP. |
XXE |
SAP |
Zain Sabahat (@Zain_Sabahat) |
Bug Bounty | 2018-11-22 | 2023-06-13 |
| 4433 | XSS to XXE in Prince v10 and below (CVE-2018-19858) |
XSS
XXE |
NA |
Corben Leo (@hacker_) |
Bug Bounty | 2018-12-05 | 2023-06-13 |
| 4417 | Exploiting XXE with local DTD files |
XXE |
NA |
Arseniy Sharoglazov (@_mohemiv) |
Bug Bounty | 2018-12-13 | 2023-06-13 |
| 4285 | Swiss_E-Voting_Publications |
XSS
XXE
RCE
Missing authentication
Authentication flaw
Hardcoded credentials |
Swiss E-Voting |
setuid0 (@_setuid0_) |
Bug Bounty | 2019-02-21 | 2023-06-13 |
| 3989 | Exploiting Out Of Band XXE using internal network and php wrappers |
XXE |
NA |
Mahmoud Gamal (@Zombiehelp54) |
Bug Bounty | 2019-08-06 | 2023-06-13 |
| 3794 | Spilling Local Files via XXE when HTTP OOB fails |
XXE |
NA |
Rahul Maini (@iamnoooob) |
Bug Bounty | 2019-12-07 | 2023-06-13 |
| 3673 | External XML Entity via File Upload (SVG) |
XXE
Unrestricted file upload |
NA |
Atul (@atul_hax) |
Bug Bounty | 2020-02-08 | 2023-06-13 |
| 3657 | A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell |
XXE
RCE
Directory Traversal |
NA |
Eugene Lim (@spaceraccoonsec) |
Bug Bounty | 2020-02-18 | 2023-06-13 |
| 3623 | $5,005 worth vulnerability Duplicated, How I loose $5,005 in a day? Denial of Service - Billion LAUGH Attack (XXE) |
DoS
XXE |
NA |
Muhammad Asim Shahzad (@protector47) |
Bug Bounty | 2020-03-08 | 2023-06-13 |
| 3455 | Bug Hunting Stories: Schneider Electric & The Andover Continuum Web.Client |
XXE
Reflected XSS |
Uber |
Niv Levy (@restr1ct3d) |
Bug Bounty | 2020-05-27 | 2023-06-13 |
| 3434 | h1{Error based XXE - bug bounty writeup} |
XXE |
NA |
f4d3 (@f4d3_cl) |
Bug Bounty | 2020-05-31 | 2023-06-13 |
| 3335 | Why I paid 3.5K to become a TLD registrar reseller when doing bug bounty |
XXE |
NA |
hg_real (@hgreal1) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
