| 5046 | OpenProject Session Management Security Vulnerability aka CVE-2017-11667 |
Session management issue |
OpenProject |
Mohamed A. Baset |
Bug Bounty | 2017-06-30 | 2023-06-13 |
| 4995 | Luminate Store Basics defacement and potential takeover |
CSRF
Session management issue |
Yahoo! / Verizon Media |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2017-08-30 | 2023-06-13 |
| 4691 | CVE-2018-13784: PrestaShop 1.6.x Privilege Escalation |
Privilege escalation
Session management issue |
PrestaShop |
Charles Fol (@cfreal_) |
Bug Bounty | 2018-07-16 | 2023-06-13 |
| 4445 | Broken Authentication — Bug Bounty |
Session management issue |
NA |
Vulnerables |
Bug Bounty | 2018-11-28 | 2023-06-13 |
| 3811 | CORS Misconfiguration to Account TakeOver [Out of scope to grab items In-Scope] |
CORS misconfiguration
Open redirect
Reflected XSS
Session management issue |
NA |
Mashoud1122 (@mashoud1122) |
Bug Bounty | 2019-11-24 | 2023-06-13 |
| 3795 | Reusing Cookies |
Session management issue |
NA |
Ricardo Iramar dos Santos |
Bug Bounty | 2019-12-07 | 2023-06-13 |
| 3786 | A $25 Easy Bug. |
Session management issue |
NA |
Navneet (@na5n33t) |
Bug Bounty | 2019-12-12 | 2023-06-13 |
| 3622 | Breaking the Competition (Bug Bounty Write-up) |
Race condition
DoS
Logic flaw
Session management issue |
NA |
George O (@georgeomnet) |
Bug Bounty | 2020-03-08 | 2023-06-13 |
| 3601 | Weak session validation bug let you login even after changing the session IDs and logging out from the accounts |
Logic flaw
Session management issue |
viator.com |
Manasjha (@manas_hunter) |
Bug Bounty | 2020-03-16 | 2023-06-13 |
| 3545 | [Writeup][Bug Bounty][Instagram] Instagram Still Send New DMs and Video Calls to Device After Logout [ID][EN] |
Session management issue |
Meta / Facebook |
Muhammad Thomas Fadhila Yahya (@fadhilthomas) |
Bug Bounty | 2020-04-16 | 2023-06-13 |
| 2480 | Exploiting outdated Apache Airflow instances |
Session management issue |
NA |
Ian Carroll (@iangcarroll) |
Bug Bounty | 2021-06-14 | 2023-06-13 |
| 2423 | Account Takeovers — Believe the Unbelievable |
Account takeover
Session management issue
Weak credentials
Components with known vulnerabilities
Password reset |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2021-07-09 | 2023-06-13 |
| 1936 | Exploiting Redash instances with CVE-2021-41192 |
Privilege escalation
Session management issue
SSRF |
NA |
Ian Carroll (@iangcarroll) |
Bug Bounty | 2022-01-06 | 2023-06-13 |
| 1929 | Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle%27s Shibboleth |
Session hijacking
Session management issue
Account takeover
RCE |
Moodle |
Johannes Moritz |
Bug Bounty | 2022-01-10 | 2023-06-13 |
| 1677 | Pwning a Cisco RV340 with a 4 bug chain exploit |
Local Privilege Escalation
OS command injection
RCE
Session management issue |
Cisco |
Liv (@terminatorLM) |
Bug Bounty | 2022-04-01 | 2023-06-13 |
| 677 | Cengage LTI Session Management Leakage |
SSO
Session management issue |
Cengage |
Tony Porterfield |
Bug Bounty | 2022-12-20 | 2023-06-13 |
| 316 | [Netflix][Smart TV] — Chaining Self-XSS with Session poisoning. |
Self-XSS
Cookie injection
Session management issue |
Netflix |
Lyubomir Tsirkov (@lyubo_tsirkov) |
Bug Bounty | 2023-03-11 | 2023-06-13 |
