| 4565 | Arbitrary File Read in one of the largest CRMs |
LFI |
NA |
Richard Clifford (@MantisSTS) |
Bug Bounty | 2018-09-26 | 2023-06-13 |
| 4123 | Chaining multiple low-impact bugs to arbitrary file read in GitLab |
Path traversal |
GitLab |
Li Rongxi (@nyan_gawa) |
Bug Bounty | 2019-06-04 | 2023-06-13 |
| 3668 | CVE-2019-18426 - WhatsApp Vulnerabilities Disclosure - Open Redirect + CSP Bypass + Persistent XSS + FS read permissions + potential for RCE |
RCE
Stored XSS
CSP bypass
Arbitrary file read
Open redirect
Security code review |
Meta / Facebook (WhatsApp) |
Gal Weizman (@WeizmanGal) |
Bug Bounty | 2020-02-14 | 2023-06-13 |
| 3022 | Firefox: How a website could steal all your cookies |
Arbitrary file read |
Mozilla |
Pedro Oliveira (@kanytu) |
Bug Bounty | 2020-11-16 | 2023-06-13 |
| 3020 | OpenEMR 5.0.1.3 Arbitrary File Actions |
Arbitrary file write
Arbitrary file read
Security code review |
OpenEMR |
Josh Fam (@Pullerze) |
Bug Bounty | 2020-11-17 | 2023-06-13 |
| 2834 | Facebook Messenger Desktop App Arbitrary File Read |
Arbitrary file read |
Meta / Facebook |
Renwa (@RenwaX23) |
Bug Bounty | 2021-02-04 | 2023-06-13 |
| 2614 | Brave — Stealing your cookies remotely |
Arbitrary file read |
Brave Software |
Pedro Oliveira (@kanytu) |
Bug Bounty | 2021-04-22 | 2023-06-13 |
| 2525 | GitLab Arbitrary File Read & Write through Kroki - CVE-2021-22203 |
Arbitrary file read |
NA |
Anh Duc Nguyen (@ledz1996) |
Bug Bounty | 2021-05-25 | 2023-06-13 |
| 2504 | Android: Exploring vulnerabilities in WebResourceResponse |
Arbitrary file read
Android |
Amazon |
Oversecured (@OversecuredInc) |
Bug Bounty | 2021-06-03 | 2023-06-13 |
| 2444 | Escalating XSS to Arbitrary File Read |
XSS
LFI |
NA |
Pethuraj (@Pethuraj) |
Bug Bounty | 2021-06-27 | 2023-06-13 |
| 2334 | OVE-20210809-0001 Visual Studio Code .ipynb Jupyter Notebook XSS (Arbitrary File Read) |
XSS
Arbitrary file read |
Microsoft |
Justin Steven (@justinsteven) |
Bug Bounty | 2021-08-11 | 2023-06-13 |
| 2318 | Two weeks of securing Samsung devices: Part 2 |
Arbitrary file write
Arbitrary file read
Vulnerable Android content provider
Android |
Samsung |
Oversecured (@OversecuredInc) |
Bug Bounty | 2021-08-16 | 2023-06-13 |
| 2069 | Write Up – Apple N/A: PII Information, Full Contact List, Main Phone No. And Main Icloud Email Extracted; Bug Patched: Arbitrary Local File Read Via Zip File And Symlinks On Ios Files App. |
Arbitrary file read |
Apple |
Omar Espino (@omespino) |
Bug Bounty | 2021-11-17 | 2023-06-13 |
| 2040 | NodeBB 1.18.4 - Remote Code Execution With One Shot |
RCE
XSS
Authentication bypass
Arbitrary file read |
NodeBB |
Sonar (@SonarSource) |
Bug Bounty | 2021-11-30 | 2023-06-13 |
| 2038 | VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability |
LFI
SSRF
XSS
Arbitrary file read |
VMware |
Khoa Dinh (@_l0gg) |
Bug Bounty | 2021-11-30 | 2023-06-13 |
| 1832 | How I hacked Google to read files from their servers for free! |
Arbitrary file read |
Google |
Harish SG (@CoderHarish) |
Bug Bounty | 2022-02-09 | 2023-06-13 |
| 1698 | Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044) |
XSS
Arbitrary file read
Authentication bypass
OS command injection
RCE |
Netgear |
stypr (@stereotype32) |
Bug Bounty | 2022-03-25 | 2023-06-13 |
| 1436 | CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed) |
Argument injection |
WatchGuard |
Jake Baines (@Junior_Baines) |
Bug Bounty | 2022-06-23 | 2023-06-13 |
| 1268 | From Shodan to RCE: That one time I hacked a Fortune 500 company. |
Missing authentication
Arbitrary file read
RCE
Exposed Jenkins instance |
NA |
vimanari_ (@vimanari_) |
Bug Bounty | 2022-08-08 | 2023-06-13 |
| 1177 | Chaining Telegram bugs to steal session-related files. |
Arbitrary file read
Android |
Telegram |
Sayed Abdelhafiz (@dPhoeniixx) |
Bug Bounty | 2022-08-25 | 2023-06-13 |
| 1100 | Riding The Inforail To Exploit Ivanti Avalanche Part 2 |
RCE
Insecure deserialization
Path traversal
Authentication bypass
Unrestricted file upload
Arbitrary file write
Arbitrary file read |
Ivanti |
Piotr Bazydło (@chudyPB) |
Bug Bounty | 2021-09-08 | 2023-06-13 |
| 1046 | Exploiting Distroless Images |
Command injection
Arbitrary file read
Arbitrary file write
Container escape |
Google |
Daniel Teixeira (@TheRedOperator) |
Bug Bounty | 2022-09-22 | 2023-06-13 |
| 933 | Second Order XXE Exploitation |
XXE
Arbitrary file read |
NA |
Kuldeep Pandya (@kuldeepdotexe) |
Bug Bounty | 2022-10-19 | 2023-06-13 |
| 906 | GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown |
OS command injection
Arbitrary file read
Information disclosure
Account takeover
Stored XSS
Lack of rate limiting
Weak credentials
Password policy bypass |
GL.iNet |
Olivier Laflamme (@olivier_boschko) |
Bug Bounty | 2022-10-26 | 2023-06-13 |
| 895 | Visual Studio Code Jupyter Notebook RCE |
RCE
XSS
Arbitrary file read
Electron |
Microsoft |
Luca Carettoni (@lucacarettoni) |
Bug Bounty | 2022-10-27 | 2023-06-13 |
