| 4245 | Should you be concerned about LastPass uploading your passwords to its server? |
Information disclosure
Logic flaw |
LastPass |
Wladimir Palant (@WPalant) |
Bug Bounty | 2019-03-18 | 2023-06-13 |
| 3965 | Kaspersky in the Middle – what could possibly go wrong? |
Clickjacking
Universal XSS
MiTM |
Kaspersky |
Wladimir Palant (@WPalant) |
Bug Bounty | 2019-08-19 | 2023-06-13 |
| 3724 | Pwning Avast Secure Browser for fun and profit |
RCE
Command injection |
Avast |
Wladimir Palant (@WPalant) |
Bug Bounty | 2020-01-13 | 2023-06-13 |
| 3368 | Exploiting Bitdefender Antivirus: RCE from any website |
RCE
Information disclosure |
Bitdefender |
Wladimir Palant (@WPalant) |
Bug Bounty | 2020-06-22 | 2023-06-13 |
| 1989 | Yes, fun browser extensions can have vulnerabilities too! |
XSS
Browser extension hacking
postMessage |
Meow |
Wladimir Palant (@WPalant) |
Bug Bounty | 2021-12-20 | 2023-06-13 |
| 1773 | Skype extension: All functionality broken? Still exploitable! |
Information disclosure
Privacy issue |
Microsoft |
Wladimir Palant (@WPalant) |
Bug Bounty | 2022-03-01 | 2023-06-13 |
| 1739 | Party time: Injecting code into Teleparty extension |
HTML injection
Open redirect
Browser extension hacking |
Teleparty |
Wladimir Palant (@WPalant) |
Bug Bounty | 2022-03-14 | 2023-06-13 |
| 1611 | Adobe Acrobat hollowing out same-origin policy |
XSS
SOP bypass
Open redirect
postMessage |
Adobe |
Wladimir Palant (@WPalant) |
Bug Bounty | 2022-04-19 | 2023-06-13 |
| 1439 | Exploiting Bitdefender Antivirus: RCE from any website |
RCE
Command injection |
Bitdefender |
Wladimir Palant (@WPalant) |
Bug Bounty | 2022-06-22 | 2023-06-13 |
