| 3700 | Tale of a Misconfiguration in Password Reset |
Password reset
Information disclosure |
NA |
Naveenroy |
Bug Bounty | 2020-01-27 | 2023-06-13 |
| 2830 | Reflected XSS on a Public Program |
Reflected XSS |
NA |
Naveen J (@thevillagehackr) |
Bug Bounty | 2021-02-08 | 2023-06-13 |
| 2782 | Account Take Over by Response Manipulation |
Authentication bypass
Account takeover |
NA |
Naveen J (@thevillagehackr) |
Bug Bounty | 2021-02-17 | 2023-06-13 |
| 2721 | Finding keys under the door |
Stored XSS
Unrestricted file upload |
Paytm |
Naveen Prakaasham K S V |
Bug Bounty | 2021-03-12 | 2023-06-13 |
| 2551 | How i hijacked 12 Subdomains in one Program |
Subdomain takeover |
NA |
Naveen kumawat (@nvk0x) |
Bug Bounty | 2021-05-17 | 2023-06-13 |
| 2543 | Time-Based SQL Injection to Dumping the Database |
SQL injection
Android |
NA |
Naveen J (@thevillagehackr) |
Bug Bounty | 2021-05-19 | 2023-06-13 |
| 2312 | Disclose WhatsApp Number of Instagram Accounts Despite Setting Set to be Hidden |
Information disclosure
Logic flaw |
Meta / Facebook |
Naveen (@NaveenHax) |
Bug Bounty | 2021-08-19 | 2023-06-13 |
| 2295 | Retrieve Archived Stories Of Any Public Instagram Account. |
IDOR
GraphQL |
Meta / Facebook |
Naveen |
Bug Bounty | 2021-08-25 | 2023-06-13 |
| 2028 | Disclose Ad Accounts linked with Instagram Accounts |
Information disclosure
Logic flaw
GraphQL |
Meta / Facebook |
Naveen (@NaveenHax) |
Bug Bounty | 2021-12-02 | 2023-06-13 |
| 1711 | Broken session control leads to access private videos using the shared link even after revoking the access for specific time!! — #GoogleVRP |
Broken Access Control |
Google |
Naveenroy |
Bug Bounty | 2022-03-20 | 2023-06-13 |
| 1637 | Broken session control leads to access the admin panel even after revoking the access!! — #ZOHO |
Broken Access Control |
Zoho |
Naveenroy |
Bug Bounty | 2022-04-12 | 2023-06-13 |
| 1578 | Remotely permanent crash any Instagram user via permanent DoS in user DM%27s. |
DoS |
Meta / Facebook |
Naveen (@NaveenHax) |
Bug Bounty | 2022-05-04 | 2023-06-13 |
| 1411 | CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus |
XXE
SSRF
RCE |
Zoho |
Naveen Sunkavally |
Bug Bounty | 2022-06-29 | 2023-06-13 |
| 1329 | Permanent Crash Instagram Followers. |
DoS |
Meta / Facebook |
Naveen (@NaveenHax) |
Bug Bounty | 2022-07-22 | 2023-06-13 |
| 158 | CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code Execution |
RCE
Default Flask Secret Key
Hardcoded credentials |
Apache Superset |
Naveen Sunkavally |
Bug Bounty | 2023-04-25 | 2023-06-13 |
