| 4703 | Latex to RCE, Private Bug Bounty Program |
RCE |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2018-07-06 | 2023-06-13 |
| 4641 | Adminer Script Results to Pwning Server?, Private Bug Bounty Program |
Authentication bypass |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2018-08-11 | 2023-06-13 |
| 4073 | 1-Click Account Takeover in Virgool.io — a Nice Case Study |
Account takeover
Open redirect |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2019-06-27 | 2023-06-13 |
| 3346 | Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clear Text |
SSRF |
Cafebazaar |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2020-07-02 | 2023-06-13 |
| 3129 | Taking down the SSO, Account Takeover in the Websites of Kolesa due to Insecure JSONP Call |
Account takeover |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2020-09-28 | 2023-06-13 |
| 2777 | RCE On A Laravel Private Program |
RCE |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2021-02-20 | 2023-06-13 |
| 2299 | One Endpoint, Two Account Takeovers |
Account takeover |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2021-08-24 | 2023-06-13 |
| 2081 | Impact of an Insecure Deep Link |
Insecure deeplink |
CafeBazaar |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2021-11-13 | 2023-06-13 |
| 1552 | Impact of an Insecure DeepLink |
Insecure deeplink
Android |
CafeBazaar |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2022-05-16 | 2023-06-13 |
