| 1064 | Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286) |
Local Privilege Escalation
Windows
Driver hacking |
Seagate |
x86matthew (@x86matthew) |
Bug Bounty | 2022-09-20 | 2023-06-13 |
| 1063 | Privilege Escalation Leads to making authenticated actions (payment processing, creating invoices.. etc) |
Privilege escalation
Authorization flaw |
NA |
X-Vector (@XVector11) |
Bug Bounty | 2022-09-20 | 2023-06-13 |
| 1047 | Skype for Business Audit Part 1 - SKYPErsistence |
Local Privilege Escalation
Windows
Security code review |
Microsoft |
Florian Hauser (@frycos) |
Bug Bounty | 2022-09-22 | 2023-06-13 |
| 1038 | Microsoft Windows Shift F10 Bypass and Autopilot privilge escalation |
Local privilege escalation |
Microsoft |
Matek Kamilló (@k4m1ll0) |
Bug Bounty | 2022-09-24 | 2023-06-13 |
| 1031 | New Attack Paths? AS Requested Service Tickets |
Local Privilege Escalation
Windows
Kerberos
Active Directory |
Microsoft |
Charlie Clark (@exploitph) |
Bug Bounty | 2022-09-25 | 2023-06-13 |
| 1028 | Discovering The Less-known Vulnerability In Oracle Peoplesoft |
TockenChpoken
Privilege escalation
Bruteforce
Cookie manipulation |
NA |
RE:HACK (@rehackxyz) |
Bug Bounty | 2022-09-26 | 2023-06-13 |
| 1025 | Another Tale Of IBM I (AS/400) Hacking |
Local Privilege Escalation
Midrange system
Menu security |
NA |
pz |
Bug Bounty | 2022-09-28 | 2023-06-13 |
| 1024 | Two RCEs are better than one: write-up of an interesting lateral movement |
Local Privilege Escalation
RCE |
NA |
Riccardo Malatesta (@seeu_inspace) |
Bug Bounty | 2022-09-28 | 2023-06-13 |
| 992 | SSD Advisory – pfSense Post Auth RCE |
RCE
Privilege escalation |
pfSense |
이예랑 (@yelang123x) |
Bug Bounty | 2022-10-06 | 2023-06-13 |
| 976 | Cold Hard Cache — Bypassing RPC Interface Security with Cache Abuse |
Privilege escalation
Windows |
Microsoft |
- |
Bug Bounty | 2022-10-11 | 2023-06-13 |
| 971 | Broken Access Control leads to full team takeover and privilege escalation |
Broken Access Control
Privilege escalation |
NA |
Abdelhameed Ghazy (@El3Etraa1) |
Bug Bounty | 2022-10-12 | 2023-06-13 |
| 964 | Code flaws leads to Org/Admin Account Takeover |
Privilege escalation
Account takeover |
NA |
Saransh Saraf (@mr23r0) |
Bug Bounty | 2022-10-13 | 2023-06-13 |
| 953 | [CVE-2022-1786] A Journey To The Dawn |
Use-After-Free
Memory corruption
Local Privilege Escalation |
Google (kCTF)
Linux Kernel Organization |
kylebot (@ky1ebot) |
Bug Bounty | 2022-10-15 | 2023-06-13 |
| 942 | The Danger of Falling to System Role in AWS SDK Client |
Cloud
Privilege escalation
Security misconfiguration |
NA |
Fracensco Lacerenza (@lacerenza_fra) |
Bug Bounty | 2022-10-18 | 2023-06-13 |
| 931 | A New Attack Surface on MS Exchange Part 4 - ProxyRelay! |
RCE
Privilege escalation |
Microsoft |
Orange Tsai (@orange_8361) |
Bug Bounty | 2022-10-19 | 2023-06-13 |
| 922 | Sail away, sail away, sail away |
RCE
Privilege escalation |
NA |
Reino Mostert |
Bug Bounty | 2022-10-21 | 2023-06-13 |
| 918 | Finding Multiple Security Issues on Agorapulse |
Log4shell
RCE
Information disclosure
Broken Access Control
Privilege escalation |
Agorapulse |
Snap Sec (@snap_sec) |
Bug Bounty | 2022-10-24 | 2023-06-13 |
| 917 | Atlassian Jira Align, Version 10.107.4 Advisory |
SSRF
Broken Access Control
Privilege escalation |
Atlassian |
Jacob Shafer (@fibbot) |
Bug Bounty | 2022-10-24 | 2023-06-13 |
| 901 | SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri |
iOS
MacOS
Bluetooth
Local Privilege Escalation
TCC bypass |
Apple |
Guilherme Rambo (@_inside) |
Bug Bounty | 2022-10-26 | 2023-06-13 |
| 898 | RC4 Is Still Considered Harmful |
Kerberos
MiTM
Local Privilege Escalation
Downgrade attack |
Microsoft (Windows) |
James Forshaw (@tiraniddo) |
Bug Bounty | 2022-10-27 | 2023-06-13 |
| 893 | Abusing Windows’ tokens to compromise Active Directory without touching LSASS |
Local Privilege Escalation
Windows
Active Directory Privilege Escalation |
NA |
Aurélien Chalot (@Defte_) |
Bug Bounty | 2022-10-27 | 2023-06-13 |
| 889 | Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 - Part 1: Root Cause Analysis |
Local Privilege Escalation
Windows |
Microsoft |
Zscaler Threatlabz (@Threatlabz) |
Bug Bounty | 2022-10-28 | 2023-06-13 |
| 870 | The power of adaptability through experience. |
Lateral movement
Active Directory Privilege Escalation |
NA |
Mike Saunders (@hardwaterhacker) |
Bug Bounty | 2022-11-03 | 2023-06-13 |
| 869 | Invitation Hijacking |
Authorization flaw
Privilege escalation |
NA |
vFlexo (@vflexo) |
Bug Bounty | 2022-11-03 | 2023-06-13 |
| 856 | Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049) |
Local Privilege Escalation
Windows |
Microsoft |
Kuba Gretzky (@mrgretzky) |
Bug Bounty | 2022-11-08 | 2023-06-13 |
