| 5107 | Type Juggling and PHP Object Injection, and SQLi, Oh My! |
Type juggling
PHP Object Injection
Insecure deserialization
SQL injection |
NA |
Justin Kennedy (@jstnkndy) |
Bug Bounty | 2017-02-07 | 2023-06-13 |
| 5015 | How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! |
SSRF
RCE
CRLF injection
Insecure deserialization |
GitHub |
Orange Tsai (@orange_8361) |
Bug Bounty | 2017-07-28 | 2023-06-13 |
| 4621 | How i found a 1500$ worth Deserialization vulnerability |
Misconfigured JSF ViewState
Insecure deserialization |
NA |
Ashish Kunwar (@D0rkerDevil) |
Bug Bounty | 2018-08-28 | 2023-06-13 |
| 3351 | ZombieVPN, Breaking That Internet Security |
RCE
Insecure deserialization |
Bitdefender
AnchorFree |
0xSha (@0xsha) |
Bug Bounty | 2020-07-01 | 2023-06-13 |
| 2901 | GoCD Multiple Vulnerabilities |
RCE
Information disclosure
Insecure deserialization
Security code review |
GoCD |
Denis Andzakovic |
Bug Bounty | 2021-01-12 | 2023-06-13 |
| 2843 | Applying Offensive Reverse Engineering to Facebook Gameroom |
Insecure deserialization |
Meta / Facebook |
Eugene Lim (@spaceraccoonsec) |
Bug Bounty | 2021-02-02 | 2023-06-13 |
| 2712 | CVE-2021-27076: A Replay-style Deserialization Attack Against Sharepoint |
Insecure deserialization
RCE |
Microsoft |
Simon Zuckerbraun (@HexKitchen) |
Bug Bounty | 2021-03-17 | 2023-06-13 |
| 2664 | Remote code execution through unsafe unserialize in PHP |
Insecure deserialization
RCE |
NA |
Sjoerd Langkemper |
Bug Bounty | 2021-04-04 | 2023-06-13 |
| 2586 | Basic recon to RCE |
Insecure deserialization
RCE |
NA |
Joshua Martinelle (@J0_mart) |
Bug Bounty | 2021-05-02 | 2023-06-13 |
| 2437 | Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) |
RCE
Insecure deserialization |
NA |
Michael Stepankin (@artsploit) |
Bug Bounty | 2021-06-29 | 2023-06-13 |
| 2351 | Detecting Jackson deserialization vulnerabilities with CodeQL |
Insecure deserialization |
GitHub |
Artem Smotrakov (@artem_smotrakov) |
Bug Bounty | 2021-08-02 | 2023-06-13 |
| 2297 | The Nomulus rift |
Insecure deserialization |
Google |
Imre Rad (@ImreRad) |
Bug Bounty | 2021-08-25 | 2023-06-13 |
| 2140 | Shells And SOAP: Websphere Deserialization To RCE |
RCE
Insecure deserialization |
IBM |
Wyatt Dahlenburg (@wdahlenb) |
Bug Bounty | 2021-10-18 | 2023-06-13 |
| 2106 | Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 |
RCE
Insecure deserialization
Security code review |
Sitecore |
Shubham Shah (@infosec_au) |
Bug Bounty | 2021-11-01 | 2023-06-13 |
| 2073 | Diving into Open-source LMS Codebases |
Insecure file upload
Insecure deserialization
RCE
CSRF
SQL injection
Reflected XSS |
Moodle
Chamilo LMS |
Poh Jia Hao (@Chocologicall) |
Bug Bounty | 2021-11-16 | 2023-06-13 |
| 1922 | Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969) |
Insecure deserialization |
Microsoft |
Florian Hauser (@frycos) |
Bug Bounty | 2022-01-13 | 2023-06-13 |
| 1907 | Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1 |
Insecure deserialization
Cryptographic issues |
Swiss Post |
Ruben Santamarta (@reversemode) |
Bug Bounty | 2022-01-18 | 2023-06-13 |
| 1884 | The Story of an RCE on a Java Web Application |
Insecure deserialization |
NA |
LIL NIX (@Lil__Nix) |
Bug Bounty | 2022-01-27 | 2023-06-13 |
| 1882 | The Story of a RCE on a Java Web Application |
RCE
Insecure deserialization |
NA |
LIL NIX (@Lil__Nix) |
Bug Bounty | 2022-01-28 | 2023-06-13 |
| 1855 | HigherLogic Community RCE Vulnerability |
Insecure deserialization
RCE |
8x8
IBM |
0daystolive (@0daystolive) |
Bug Bounty | 2022-02-03 | 2023-06-13 |
| 1690 | Ruby Deserialization - Gadget on Rails |
Insecure deserialization
RCE |
Ruby on Rails |
HTTPVoid (@httpvoid0x2f) |
Bug Bounty | 2022-03-28 | 2023-06-13 |
| 1683 | Unauthenticated Remote Code Execution in Cisco Nexus Dashboard Fabric Controller (formerly DCNM) |
Insecure deserialization
Local Privilege Escalation
RCE |
Cisco |
Pedro Ribeiro (@pedrib1337) |
Bug Bounty | 2022-03-30 | 2023-06-13 |
| 1622 | CVE-2022-26133 - Bitbucket Data Center - Java Deserialization Vulnerability |
Insecure deserialization |
Atlassian |
Benny Jacob (@bennyyjacob) |
Bug Bounty | 2022-04-14 | 2023-06-13 |
| 1557 | New Wine in Old Bottle - Microsoft Sharepoint Post-Auth Deserialization RCE (CVE-2022-29108) |
Insecure deserialization
RCE |
Microsoft |
Nguyễn Tiến Giang (@testanull) |
Bug Bounty | 2022-05-12 | 2023-06-13 |
| 1543 | CVE-2022-21404: Another Story Of Developers Fixing Vulnerabilities Unknowingly Because Of CodeQL |
Insecure deserialization |
Oracle |
Paulino Calderon (@calderpwn) |
Bug Bounty | 2022-05-19 | 2023-06-13 |
