2646 | Bug Bounty - Information Disclosure through error message + WAF Bypass led to Local File Inclusion |
LFI
Information disclosure |
NA |
Arben Shala (@arbennsh) |
Bug Bounty | 2021-04-13 | 2023-06-13 |
2645 | Advisory: Cisco RV34X Series – Authentication Bypass and Remote Command Execution |
Authentication bypass
OS command injection
RCE |
Cisco |
T. Shiomitsu |
Bug Bounty | 2021-04-13 | 2023-06-13 |
2643 | Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Microsoft Azure Sphere |
RCE |
Microsoft |
Cisco Talos |
Bug Bounty | 2021-04-14 | 2023-06-13 |
2642 | Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027) |
Man-in-the-Disk attack |
Meta / Facebook |
CENSUS |
Bug Bounty | 2021-04-14 | 2023-06-13 |
2641 | How I got 9000 USD by hacking into iCloud |
XSS |
Apple |
Alexandre Fernandes (@fernale) |
Bug Bounty | 2021-04-15 | 2023-06-13 |
2640 | Allow arbitrary URLs, expect arbitrary code execution |
RCE |
Nextcloud
Telegram
VLC |
Fabian Bräunlein |
Bug Bounty | 2021-04-15 | 2023-06-13 |
2639 | Fun sql injection — mod_security bypass |
SQL injection |
NA |
_Y000_ (@_Y000_) |
Bug Bounty | 2021-04-16 | 2023-06-13 |
2638 | How I earned $$$$ through Stored XSS |
Stored XSS
CSTI |
NA |
Harish |
Bug Bounty | 2021-04-16 | 2023-06-13 |
2637 | (POC) Update business fyi message as Facebook page analyst |
IDOR
GraphQL |
Meta / Facebook |
Ahmad Talahmeh |
Bug Bounty | 2021-04-17 | 2023-06-13 |
2636 | Lets Learn English - Hacking 10M+ Users |
AWS misconfiguration
Insecure Firebase database
OTP bypass
Account takeover
Logic flaw |
NA |
Aseem Shrey (@AseemShrey) |
Bug Bounty | 2021-04-17 | 2023-06-13 |
2635 | (POC) Remove any Facebook’s live video ($14,000 bounty) |
Logic flaw |
Meta / Facebook |
Ahmad Talahmeh |
Bug Bounty | 2021-04-17 | 2023-06-13 |
2634 | Discoure themes OS Command Injection |
RCE
OS command injection |
Discourse |
joernchen (@joernchen) |
Bug Bounty | 2021-04-18 | 2023-06-13 |
2633 | XSS via Exif Data - The P2 Elevator |
Stored XSS |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-04-18 | 2023-06-13 |
2632 | Misconfiguration in Change-password Functionality Leads to Account Takeover |
IDOR
Logic flaw
Password reset
Account takeover |
NA |
Mahmoud Radwan (@0x___2m) |
Bug Bounty | 2021-04-18 | 2023-06-13 |
2631 | Pwning your assignments: Stored XSS via GraphQL endpoint |
Stored XSS
GraphQL |
NA |
Kartik Sharma (@dominat0r98) |
Bug Bounty | 2021-04-18 | 2023-06-13 |
2630 | Exploiting Unrestricted File Upload to achieve Remote Code Execution on a bug bounty program |
Unrestricted file upload
RCE |
NA |
Jadek Mark (@mase289) |
Bug Bounty | 2021-04-18 | 2023-06-13 |
2629 | (POC) Untrim any live video on Facebook |
Authorization flaw |
Meta / Facebook |
Ahmad Talahmeh |
Bug Bounty | 2021-04-18 | 2023-06-13 |
2628 | Unauthorized access to admin setpassword page BY bypassing 403 Forbidden |
Authorization flaw |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-04-18 | 2023-06-13 |
2627 | Blind SSRF to Port Scanning through response time |
SSRF |
NA |
Harish |
Bug Bounty | 2021-04-19 | 2023-06-13 |
2626 | Harvesting Active Directory credentials via HTTP Request Smuggling |
HTTP request smuggling |
NA |
Tijme Gommers (@tijme) |
Bug Bounty | 2021-04-19 | 2023-06-13 |
2625 | IDOR leads to leaked the likes count even though is hidden by victim | YouTube ($XXXX) |
IDOR
Logic flaw |
Google |
R ando (@Rando02355205) |
Bug Bounty | 2021-04-20 | 2023-06-13 |
2624 | Auth Bypass in Google Workspace Real Time Collaboration |
Authentication bypass
Information disclosure |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-04-20 | 2023-06-13 |
2623 | Playing With iframes: Bypassing Content-Security-Policy |
CSP bypass
Open redirect
HTML injection |
NA |
JM Sanchez / 0xEchidonut (@jmrcsnchz) |
Bug Bounty | 2021-04-20 | 2023-06-13 |
2622 | CVE-2021-30481: Source engine remote code execution via game invites |
RCE
Integer underflow |
Valve |
floesen (@floesen_) |
Bug Bounty | 2021-04-20 | 2023-06-13 |
2621 | DMCA.COM Hack, Full Disclosure (With Proof-of-Concept) |
Privilege escalation
Client-side enforcement of server-side security
Stored XSS
Broken Access Control |
DMCA |
Joël Aviad Ossi |
Bug Bounty | 2021-04-21 | 2023-06-13 |