| 4678 | Finding hidden gems vol. 1: forging OAuth tokens using discovered client id and client secret |
Information disclosure |
NA |
Mateusz Olejarka (@molejarka) |
Bug Bounty | 2018-07-23 | 2023-06-13 |
| 4676 | Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716] |
SSTI |
SEOmatic CMS plugin |
Sebastian (ha.cker.info) |
Bug Bounty | 2018-07-24 | 2023-06-13 |
| 4675 | SQL Injection and A silly WAF |
SQL injection |
NA |
Mahmoud Gamal (@Zombiehelp54) |
Bug Bounty | 2018-07-25 | 2023-06-13 |
| 4674 | Exfiltration via CSS Injection |
CSS injection |
NA |
d0nut (@d0nutptr) |
Bug Bounty | 2018-07-25 | 2023-06-13 |
| 4671 | Making a Blind SQL Injection a Little Less Blind |
SQL injection |
NA |
TomNomNom (@tomnomnom) |
Bug Bounty | 2018-07-28 | 2023-06-13 |
| 4667 | How I could access your internal servers, steal and modify your image repository |
RCE |
NA |
thehackerish (@thehackerish) |
Bug Bounty | 2018-07-31 | 2023-06-13 |
| 4666 | CRLF Injection Into PHP’s cURL Options |
CRLF injection |
NA |
TomNomNom (@tomnomnom) |
Bug Bounty | 2018-08-01 | 2023-06-13 |
| 4663 | Discovering and Exploiting a Vulnerability in Android’s Personal Dictionary (CVE-2018-9375) |
Privilege escalation
Android |
Google |
Daniel Kachakil (@Kachakil) |
Bug Bounty | 2018-08-01 | 2023-06-13 |
| 4661 | Blind-XSS in Chrome Experiments - Google (Write Up) |
Blind XSS |
Google |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2018-08-03 | 2023-06-13 |
| 4659 | Blind-XSS in Chrome Experiments - Google (Write Up) |
Blind XSS |
Google |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2018-08-03 | 2023-06-13 |
| 4656 | Self XSS leads to blind XSS and reflected XSS. |
Blind XSS
Reflected XSS |
NA |
Friendly (@SkeletorKeys) |
Bug Bounty | 2018-08-06 | 2023-06-13 |
| 4653 | Sending out phishing e-mails from @microsoft.com |
HTML injection |
Microsoft |
SI9INT (@si9int) |
Bug Bounty | 2018-08-07 | 2023-06-13 |
| 4651 | From data leak to account takeover |
Account takeover
Information disclosure
Password reset |
NA |
Antony Garand (@AntoGarand) |
Bug Bounty | 2018-08-07 | 2023-06-13 |
| 4650 | How I hacked a Crypto Exchange (Bug Bounty Writeup) |
IDOR |
NA |
Muhammad Abdullah |
Bug Bounty | 2018-08-07 | 2023-06-13 |
| 4649 | My First Critical Report |
Password reset
Account takeover |
NA |
Miguel Corral (@mcorral74) |
Bug Bounty | 2018-08-08 | 2023-06-13 |
| 4648 | This is how can I spoof ANY Sentry.Io log infinitely and create fake error-logs |
Content spoofing |
HackerOne
Sentry |
Carlos Daniel Giovanella |
Bug Bounty | 2018-08-09 | 2023-06-13 |
| 4646 | From TOMCAT to NT AUTHORITYSYSTEM |
Default credentials |
NA |
Rahul R |
Bug Bounty | 2018-08-09 | 2023-06-13 |
| 4642 | Misconfigured JIRA setting - Apigee |
Information disclosure |
Google
Atlassian |
Tutorgeeks |
Bug Bounty | 2018-08-10 | 2023-06-13 |
| 4641 | Adminer Script Results to Pwning Server?, Private Bug Bounty Program |
Authentication bypass |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2018-08-11 | 2023-06-13 |
| 4634 | IDOR leads to account takeover |
IDOR |
NA |
s0cket7 (@s0cket7) |
Bug Bounty | 2018-08-16 | 2023-06-13 |
| 4632 | YAHOO IDOR -elimination of any comment |
IDOR |
Yahoo! / Verizon Media |
Bada Diaz (@bada77) |
Bug Bounty | 2018-08-17 | 2023-06-13 |
| 4630 | https://www.updatelap.com/2018/08/privileged-escalation-in-facebook-rooms.html |
Authorization flaw
Privilege escalation |
Meta / Facebook |
Jafar Abo Nada (@Jafar_Abo_Nada) |
Bug Bounty | 2018-08-18 | 2023-06-13 |
| 4629 | API key: The real goldmine |
Information disclosure |
NA |
Yumi |
Bug Bounty | 2018-08-19 | 2023-06-13 |
| 4624 | My first valid xss(@Hackerone) |
XSS |
NA |
Jatin Aesthetic (@techyfreakk) |
Bug Bounty | 2018-08-25 | 2023-06-13 |
| 4623 | Traversing the Path to RCE |
Path traversal
RCE |
NA |
hawkinsecurity |
Bug Bounty | 2018-08-27 | 2023-06-13 |
