| 4890 | My Research on Misconfigured Jenkins Servers |
Information disclosure
Missing authentication
Exposed Jenkins instance |
Google
Tesco
Pearson
News Uk |
Mikail Tunç (@emtunc) |
Bug Bounty | 2018-01-18 | 2023-06-13 |
| 4305 | Third Party Android App Storing Facebook Data Insecurely (Facebook Data Abuse Program) |
Information disclosure
Missing authentication |
Meta / Facebook |
Nightwatch Cybersecurity (@nightwatchcyber) |
Bug Bounty | 2019-02-14 | 2023-06-13 |
| 4285 | Swiss_E-Voting_Publications |
XSS
XXE
RCE
Missing authentication
Authentication flaw
Hardcoded credentials |
Swiss E-Voting |
setuid0 (@_setuid0_) |
Bug Bounty | 2019-02-21 | 2023-06-13 |
| 4137 | Security assessment on the staging domains |
Missing authentication |
NA |
Tutorgeeks (@tutorgeeks) |
Bug Bounty | 2019-05-24 | 2023-06-13 |
| 3918 | How I found a simple and weird Account takeover bug |
Account takeover
Missing authentication |
NA |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2019-09-14 | 2023-06-13 |
| 3884 | How i Hacked BASF Company !! |
Missing authentication |
BASF |
Murtada Kamil |
Bug Bounty | 2019-10-10 | 2023-06-13 |
| 3827 | This is How I was able to hunt a rare bug in a private program |
Missing authentication
Privilege escalation |
NA |
Abida Fahd |
Bug Bounty | 2019-11-18 | 2023-06-13 |
| 3581 | Exploiting magic links, critical bugs are one line away |
Information disclosure
Missing authentication |
Razer |
0xSha (@0xsha) |
Bug Bounty | 2020-03-27 | 2023-06-13 |
| 3468 | Teradici and CVE-2020-10965: An issue of routing. |
Missing authentication |
Teradici |
Benjamin Heald (@heald_ben) |
Bug Bounty | 2020-05-18 | 2023-06-13 |
| 3417 | Multiple Information exposed due to misconfigured Service-now ITSM instances |
Missing authentication
Information disclosure |
NA |
Th3G3nt3lman (@Th3G3nt3lman) |
Bug Bounty | 2020-06-05 | 2023-06-13 |
| 3372 | How i was able to chain bugs and gain access to internal okta instance |
Missing authentication |
NA |
Mmohammed Eldeeb (@malcolmx0x) |
Bug Bounty | 2020-06-22 | 2023-06-13 |
| 3212 | InfluxDB Access at redact.8x8.com |
Missing authentication |
8x8 |
Myo Min Thu (@myominthu1337) |
Bug Bounty | 2020-08-16 | 2023-06-13 |
| 3200 | A perfect duplicate or how to send an email with a spoofed invoice’s content |
Email spoofing
Open mail relay
Missing authentication |
NA |
Mateusz Olejarka (@molejarka) |
Bug Bounty | 2020-08-19 | 2023-06-13 |
| 3170 | From Android Static Analysis to RCE on Prod |
RCE
Directory listing
Missing authentication |
NA |
Aditya Dixit (@zombie007o) |
Bug Bounty | 2020-09-07 | 2023-06-13 |
| 3083 | 300$ P3 Easy Bug in 30 Seconds |
Missing authentication
Broken Access Control |
NA |
Omar Hamdy (@seaman00o) |
Bug Bounty | 2020-10-22 | 2023-06-13 |
| 2970 | How I hacked Facebook: Part One |
Missing authentication
Authentication bypass
Account takeover |
Meta / Facebook |
Alaa Abdulridha (@alaa0x2) |
Bug Bounty | 2020-12-11 | 2023-06-13 |
| 2569 | Unauthorized access to Django Admin Dashboard by endpoint leaked on GitHub |
Missing authentication
Forced browsing |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-05-10 | 2023-06-13 |
| 2393 | Unauthenticated Access To MongoDB Database of Oracle Corporation |
Missing authentication
Exposed administrative interface |
Oracle |
Pratikkhalane (@KhalanePratik) |
Bug Bounty | 2021-07-22 | 2023-06-13 |
| 2363 | From Hobby to Hacking |
Unrestricted file upload
RCE
Missing authentication |
NA |
Muhammad Syahrul Haniawan (@b0x_in) |
Bug Bounty | 2021-07-31 | 2023-06-13 |
| 2213 | From Google Dorking to Information Disclosure |
Information disclosure
Missing authentication |
NA |
MikeChan |
Bug Bounty | 2021-09-18 | 2023-06-13 |
| 1350 | Good things takes time | Story of my first “valid” critical bug! |
Missing authentication
Exposed administrative interface |
NA |
Kr1shna 4garwal (@Kr1shna4garwal) |
Bug Bounty | 2022-07-18 | 2023-06-13 |
| 1268 | From Shodan to RCE: That one time I hacked a Fortune 500 company. |
Missing authentication
Arbitrary file read
RCE
Exposed Jenkins instance |
NA |
vimanari_ (@vimanari_) |
Bug Bounty | 2022-08-08 | 2023-06-13 |
| 1230 | Story of 5000$ bounty for Grafana Panel Access in Apple |
Missing authentication
Information disclosure |
Apple |
hckerl00 (@lokeshg62498939) |
Bug Bounty | 2022-08-13 | 2023-06-13 |
| 1227 | How I got into the United Nations’ Hall of Fame |
Missing authentication |
United Nations |
Ameya Andhare (@cryptoknight028) |
Bug Bounty | 2022-08-14 | 2023-06-13 |
| 1226 | Hacking Zyxel IP cameras to gain a root shell |
Missing authentication
DoS
Information disclosure
Local Privilege Escalation |
Zyxel |
Eric Urban |
Bug Bounty | 2022-08-14 | 2023-06-13 |
