| 2174 | A short story of Content Spoofing to HTML Injection in Apple using Dangling Markup Injection |
HTML injection
Dangling Markup Injection |
Apple |
Rishu Ranjan (@tweetit_rrj) |
Bug Bounty | 2021-10-03 | 2023-06-13 |
| 2172 | Bypassing 403 Protection To Get Pagespeed Admin Access |
403 bypass |
NA |
Prajit Sindhkar (@PrajitSindhkar) |
Bug Bounty | 2021-10-04 | 2023-06-13 |
| 2171 | CVE-2021-43136 – FormaLMS – The evil default value that leads to Authentication Bypass |
Authentication bypass
Security code review |
Forma LMS |
Cristian Giustini |
Bug Bounty | 2021-10-05 | 2023-06-13 |
| 2170 | CVE-2021-26084 |
RCE |
Atlassian |
snowyyowl (@bennyyjacob) |
Bug Bounty | 2021-10-05 | 2023-06-13 |
| 2169 | How I got access to many PIIs through a source code leak |
Information disclosure |
NA |
Supras (@LdrTom) |
Bug Bounty | 2021-10-05 | 2023-06-13 |
| 2168 | [EN] Stored XSS in the administrator’s panel due to misuse of MarkupSafe |
Stored XSS |
pass Culture |
Aethlios (@AethliosIK) |
Bug Bounty | 2021-10-06 | 2023-06-13 |
| 2167 | CSRF to one tray Red-bull |
CSRF |
Redbull |
Mohammed Saneem |
Bug Bounty | 2021-10-06 | 2023-06-13 |
| 2166 | Hacking Netflix Eureka! |
SSRF
XSS |
Netflix |
Maxim Tyukov (@maxtyukov) |
Bug Bounty | 2021-10-06 | 2023-06-13 |
| 2165 | CVE-2021-26420: Remote Code Execution In Sharepoint Via Workflow Compilation |
RCE |
Microsoft |
- |
Bug Bounty | 2021-10-06 | 2023-06-13 |
| 2164 | Accessing Apple’s internal UAT Slackbot for fun and non-profit |
Authorization flaw |
Apple |
Shail Patel (@shail_official) |
Bug Bounty | 2021-10-07 | 2023-06-13 |
| 2163 | Request Smuggling In Major Crypto Site — road to disappointment |
HTTP Header Smuggling |
NA |
CeloIme Prezime |
Bug Bounty | 2021-10-09 | 2023-06-13 |
| 2162 | Power of Your Own Wordlist — Fuzz for Log File Leads to Information Leakage |
Information disclosure |
NA |
MikeChan |
Bug Bounty | 2021-10-09 | 2023-06-13 |
| 2161 | Auth Bypass in Google Assistant |
Insecure deeplink |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-10-10 | 2023-06-13 |
| 2160 | Account Takeover — Story of 2 same issues in a single program but different sub-domains. |
Account takeover |
NA |
Himanshu Pdy (@himanshu_pdy) |
Bug Bounty | 2021-10-10 | 2023-06-13 |
| 2159 | Stumbling across a DOM XSS on google.com |
DOM XSS |
Google |
tkiela (@svennergr) |
Bug Bounty | 2021-10-10 | 2023-06-13 |
| 2158 | How I got $500 with Open redirect |
Open redirect |
NA |
khan mamun (@mamunwhh) |
Bug Bounty | 2021-10-10 | 2023-06-13 |
| 2157 | How I Hacked Billion Android Users Social And 3rd Party Account | A Story About 5000$ Bug |
Android |
Google |
Karthikeyan.V (@karthithehacker) |
Bug Bounty | 2021-10-10 | 2023-06-13 |
| 2156 | Exploiting HTML-to-PDF Converters through HTML Imports |
XSS
LFI |
NA |
Mohammed Diaa (@mhmdiaa) |
Bug Bounty | 2021-10-10 | 2023-06-13 |
| 2155 | Hacking YouTube With MP4 |
Logic flaw
DoS |
Google |
KeyboardWarrior (@Keyb0ardWarr10r) |
Bug Bounty | 2021-10-11 | 2023-06-13 |
| 2154 | Pulse Secure version number disclosure in error messages |
Information disclosure |
Pulse Secure |
Mehdi Alouache |
Bug Bounty | 2021-10-12 | 2023-06-13 |
| 2153 | ESET Endpoint Security credentials theft |
Credentials sent over unencrypted channel
MiTM |
ESET |
Mehdi Alouache |
Bug Bounty | 2021-10-12 | 2023-06-13 |
| 2152 | Stealing all your secrets using IPFS Mounts |
Web3 hacking
Local Privilege Escalation |
Filecoin Security |
Joran Honig (@joranhonig) |
Bug Bounty | 2021-10-12 | 2023-06-13 |
| 2151 | Bypassing required reviews using GitHub Actions |
Privilege escalation
Logic flaw |
GitHub |
Omer Gil (@omer_gil) |
Bug Bounty | 2021-10-12 | 2023-06-13 |
| 2150 | ESET Endpoint Security credentials theft |
Credentials sent over unencrypted channel |
ESET |
Mehdi Alouache |
Bug Bounty | 2021-10-12 | 2023-06-13 |
| 2149 | Abusing Slack’s file-sharing functionality to de-anonymise fellow workspace members |
XSLeaks |
Slack |
Julien Cretel (@jub0bs) |
Bug Bounty | 2021-10-12 | 2023-06-13 |
