| 4720 | Manage Engine OpManager Multiple Authenticated RCE Vulnerabilities |
RCE
Path traversal
Unrestricted file upload
Information disclosure
Arbitrary file write |
Zoho (ManageEngine) |
Denis Andzakovic |
Bug Bounty | 2018-06-18 | 2023-06-13 |
| 3020 | OpenEMR 5.0.1.3 Arbitrary File Actions |
Arbitrary file write
Arbitrary file read
Security code review |
OpenEMR |
Josh Fam (@Pullerze) |
Bug Bounty | 2020-11-17 | 2023-06-13 |
| 3015 | Arbitrary File Write On Client By ADB Pull |
Arbitrary file write |
Google |
Serafina (Sera) Tonin Brocious (@daeken) |
Bug Bounty | 2020-11-19 | 2023-06-13 |
| 3007 | SD-PWN — Part 3 — Cisco vManage — Another Day, Another Network Takeover |
RCE
SSRF
Arbitrary file write
Path traversal
OS command injection
Local Privilege Escalation |
Cisco |
Realmode Labs (@RealmodeLabs) |
Bug Bounty | 2020-11-23 | 2023-06-13 |
| 2490 | Two weeks of securing Samsung devices: Part 1 |
Arbitrary file write
Insecure intent
Android |
Samsung |
Oversecured (@OversecuredInc) |
Bug Bounty | 2021-06-10 | 2023-06-13 |
| 2472 | Why dynamic code loading could be dangerous for your apps: a Google example |
Arbitrary file write
Insecure intent
Android |
Google |
Oversecured (@OversecuredInc) |
Bug Bounty | 2021-06-17 | 2023-06-13 |
| 2318 | Two weeks of securing Samsung devices: Part 2 |
Arbitrary file write
Arbitrary file read
Vulnerable Android content provider
Android |
Samsung |
Oversecured (@OversecuredInc) |
Bug Bounty | 2021-08-16 | 2023-06-13 |
| 2116 | Apple XAR – Arbitrary File Write (CVE-2021-30833) |
Arbitrary file write |
Apple |
Richard Warren (@buffaloverflow) |
Bug Bounty | 2021-10-28 | 2023-06-13 |
| 1806 | Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2) |
Arbitrary file write
Race condition
Printer hacking |
Lexmark |
Cedric Halbronn (@saidelike) |
Bug Bounty | 2022-02-18 | 2023-06-13 |
| 1788 | CVE-2021-45467: CWP CentOS Web Panel – preauth RCE |
RCE
LFI
Arbitrary file write |
Centos Web Panel (CWP) |
Paulos Yibelo (@PaulosYibelo) |
Bug Bounty | 2022-01-22 | 2023-06-13 |
| 1728 | Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582) |
Arbitrary file write |
Apple |
Richard Warren (@buffaloverflow) |
Bug Bounty | 2022-03-15 | 2023-06-13 |
| 1417 | Unrar Path Traversal Vulnerability affects Zimbra Mail |
Path traversal
Arbitrary file write
RCE |
Zimbra |
Sonar (@SonarSource) |
Bug Bounty | 2022-06-28 | 2023-06-13 |
| 1284 | (ZOHO) Manage Engine Desktop Central – SQL Injection / Arbitrary File Write |
SQL injection
Arbitrary file write
Path traversal |
Zoho |
Tom Ellson (@tde_sec) |
Bug Bounty | 2022-08-02 | 2023-06-13 |
| 1152 | CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM |
Arbitrary file write
Local Privilege Escalation |
Fortinet |
David Yesland (@daveysec) |
Bug Bounty | 2022-08-30 | 2023-06-13 |
| 1100 | Riding The Inforail To Exploit Ivanti Avalanche Part 2 |
RCE
Insecure deserialization
Path traversal
Authentication bypass
Unrestricted file upload
Arbitrary file write
Arbitrary file read |
Ivanti |
Piotr Bazydło (@chudyPB) |
Bug Bounty | 2021-09-08 | 2023-06-13 |
| 1046 | Exploiting Distroless Images |
Command injection
Arbitrary file read
Arbitrary file write
Container escape |
Google |
Daniel Teixeira (@TheRedOperator) |
Bug Bounty | 2022-09-22 | 2023-06-13 |
| 972 | Pwning ManageEngine — From Endpoint to Exploit: A deep dive into CVE-2021–42847 |
Arbitrary file write
XXE
RCE |
Zoho |
Erik Wynter (@WynterErik) |
Bug Bounty | 2022-10-12 | 2023-06-13 |
| 950 | Toner Deaf – Printing your next persistence (Hexacon 2022) |
Path traversal
Arbitrary file write
RCE
Printer hacking |
Lexmark |
Alex Plaskett (@alexjplaskett) |
Bug Bounty | 2022-10-17 | 2023-06-13 |
| 930 | 23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite |
JWT
Authentication bypass
Arbitrary file write
Unrestricted file upload |
NA |
Souhaib Naceri (@h4x0r_dz) |
Bug Bounty | 2022-10-19 | 2023-06-13 |
| 693 | CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution |
Websockets
RCE
Arbitrary file write
Path traversal |
OnlyOffice |
Iain Wallace (@strawp) |
Bug Bounty | 2022-12-14 | 2023-06-13 |
| 691 | CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution |
Websockets
XSS
RCE
Arbitrary file write
Path traversal |
OnlyOffice |
Iain Wallace (@strawp) |
Bug Bounty | 2022-12-14 | 2023-06-13 |
| 609 | Uploading the Webshell using filename of Content-Disposition Header Story! |
Unrestricted file upload
Arbitrary file write |
NA |
Yashar Mohagheghi |
Bug Bounty | 2023-01-09 | 2023-06-13 |
| 532 | Froxlor v2.0.6 Remote Command Execution (CVE-2023-0315) |
RCE
Arbitrary file write
SSTI
Security code review |
Froxlor |
Askar (@mohammadaskar2) |
Bug Bounty | 2023-01-29 | 2023-06-13 |
| 440 | EoP via Arbitrary File Write/Overwite in Group Policy Client “gpsvc” – CVE-2022-37955 |
Local Privilege Escalation |
Microsoft (Windows) |
ap (@decoder_it) |
Bug Bounty | 2023-02-16 | 2023-06-13 |
| 376 | A New Vector For “Dirty” Arbitrary File Write to RCE |
Arbitrary file write
RCE |
NA |
Maxence Schmitt (@maxenceschmitt) |
Bug Bounty | 2023-02-28 | 2023-06-13 |
