| 5069 | Paypal Mobile Verification And Payment Restrictions Bypass |
Logic flaw |
Paypal |
Rafay Baloch (@rafaybaloch) |
Bug Bounty | 2017-06-01 | 2023-06-13 |
| 5068 | DOM Based XSS In Microsoft |
DOM XSS |
Microsoft |
Rafay Baloch (@rafaybaloch) |
Bug Bounty | 2017-06-01 | 2023-06-13 |
| 5067 | Android Browser Same Origin Policy Bypass < 4.4 - CVE-2014-6041 |
SOP bypass |
Google |
Rafay Baloch (@rafaybaloch) |
Bug Bounty | 2017-06-01 | 2023-06-13 |
| 5066 | A Tale Of Another SOP Bypass In Android Browser < 4.4 |
SOP bypass |
Google |
Rafay Baloch (@rafaybaloch) |
Bug Bounty | 2017-06-01 | 2023-06-13 |
| 5065 | Stored XSS, CSRF And Clickjacking Vulnerabilities in Opera |
Stored XSS
CSRF
Clickjacking |
Opera |
Rafay Baloch (@rafaybaloch) |
Bug Bounty | 2017-06-01 | 2023-06-13 |
| 5064 | Django Privilege Escalation – Zero To Superuser |
Privilege escalation |
NA |
Sean Melia (@seanmeals) |
Bug Bounty | 2017-06-01 | 2023-06-13 |
| 5063 | How I got 5500$ from Yahoo for RCE |
RCE |
Yahoo! / Verizon Media |
Th3G3nt3lman (@Th3G3nt3lman) |
Bug Bounty | 2017-06-04 | 2023-06-13 |
| 5062 | From JS to another JS files lead to authentication bypass |
Authentication bypass |
NA |
yappare (@yappare) |
Bug Bounty | 2017-06-06 | 2023-06-13 |
| 5061 | WhatsApp — Dos Vulnerability In iOS & Android |
DoS |
Meta / Facebook |
Vishnu Prasad P G (@vishnuprasadnta) |
Bug Bounty | 2017-06-07 | 2023-06-13 |
| 5060 | Let’s steal some tokens! |
CSRF
XSS
Account takeover |
Google
Shopify |
Mahmoud Gamal (@Zombiehelp54) |
Bug Bounty | 2017-06-11 | 2023-06-13 |
| 5059 | Godaddy XSS affects parked domains redirector/processor! |
Reflected XSS |
GoDaddy |
Mohamed A. Baset |
Bug Bounty | 2017-06-11 | 2023-06-13 |
| 5058 | Vulnerability in Metasploit Project aka CVE-2017-5244 |
CSRF |
Rapid7 |
Mohamed A. Baset |
Bug Bounty | 2017-06-12 | 2023-06-13 |
| 5057 | XSS on Bugcrowd and so many other website’s main Domain |
Reflected XSS |
Bugcrowd |
Bull (@v0sx9b) |
Bug Bounty | 2017-06-14 | 2023-06-13 |
| 5056 | How I hacked 23.900.000 tumblr domains at once :) |
IDOR |
Automattic |
Ak1T4 (@akita_zen) |
Bug Bounty | 2017-06-19 | 2023-06-13 |
| 5055 | Authentication bypass on Airbnb via OAuth tokens theft |
OAuth
Login CSRF
Open redirect
Authentication bypass |
Airbnb |
Arne Swinnen (@ArneSwinnen) |
Bug Bounty | 2017-06-22 | 2023-06-13 |
| 5054 | How I Built An XSS Worm On Atmail |
XSS |
Atmail |
Jake Miller |
Bug Bounty | 2017-06-23 | 2023-06-13 |
| 5053 | Yahoo Small Business (Luminate) and the Not-So-Secret Keys |
Blind SSRF |
Yahoo! / Verizon Media |
Tommy DeVoss / dawgyg (@thedawgyg) |
Bug Bounty | 2017-06-23 | 2023-06-13 |
| 5052 | Stored XSS in the heart of the Russian email provider giant (Mail.ru) |
Stored XSS |
Mail.ru |
Seif Elsallamy (@seifelsallamy) |
Bug Bounty | 2017-06-24 | 2023-06-13 |
| 5051 | Authentication bypass on Uber’s Single Sign-On via subdomain takeover |
Subdomain takeover
Authentication bypass |
Uber |
Arne Swinnen (@ArneSwinnen) |
Bug Bounty | 2017-06-25 | 2023-06-13 |
| 5050 | Road to (unauthenticated) recovery: downloading GitHub SSO bypass codes |
Authorization flaw |
GitHub |
Yasin Soliman (@SecurityYasin) |
Bug Bounty | 2017-06-25 | 2023-06-13 |
| 5049 | CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk – Open Source Risk Management System |
Reflected XSS |
SimpleRisk |
Mohamed A. Baset |
Bug Bounty | 2017-06-28 | 2023-06-13 |
| 5048 | Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read |
XSS
SSRF
LFI |
NA |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2017-06-29 | 2023-06-13 |
| 5047 | Posting on groups as people whenever their email was known by an attacker |
Authorization flaw |
Meta / Facebook |
Zahid Ali |
Bug Bounty | 2017-06-29 | 2023-06-13 |
| 5046 | OpenProject Session Management Security Vulnerability aka CVE-2017-11667 |
Session management issue |
OpenProject |
Mohamed A. Baset |
Bug Bounty | 2017-06-30 | 2023-06-13 |
| 5045 | Stored XSS in Bandcamp |
Stored XSS |
Bandcamp |
Corben Leo (@hacker_) |
Bug Bounty | 2017-06-30 | 2023-06-13 |
