| 2016 | Privilege Escalation in Microsoft Teams |
Privilege escalation
Broken Access Control |
Microsoft |
Vikas Anil Sharma (@vikzsharma) |
Bug Bounty | 2021-12-07 | 2023-06-13 |
| 2015 | Microsoft Vancouver leaking website credentials via overlooked DS_STORE file |
Information disclosure |
Microsoft |
CyberNews Team |
Bug Bounty | 2021-12-08 | 2023-06-13 |
| 2014 | Another Admin panel |
HTTP response manipulation
Authentication bypass |
NA |
Rizwan_siddiqui (@Rizwan_SiDdiqu1) |
Bug Bounty | 2021-12-08 | 2023-06-13 |
| 2013 | CVE-2021-43798 - Path Traversal Vulnerability In Grafana |
Path traversal |
Grafana Labs |
Jordy Versmissen / J0VSEC (@j0v0x0) |
Bug Bounty | 2021-12-08 | 2023-06-13 |
| 2012 | Account Takeover via Stored XSS |
Account takeover
Stored XSS |
NA |
Demon (@R29k_) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
| 2011 | From Finding AWS S3 Bucket to Sensitive Data Exposure |
AWS misconfiguration |
NA |
Demon (@R29k_) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
| 2010 | Exploiting S3 bucket with path folder to Access PII info of A BANK |
AWS misconfiguration
Information disclosure |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
| 2009 | File Upload to RCE |
Unrestricted file upload |
NA |
Ahmed Magdy (@8Ahmed88Magdy8) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
| 2008 | A phishing document signed by Microsoft – part 1 |
Phishing
RCE |
Microsoft |
Pieter Ceelen (@ptrpieter) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
| 2007 | Don’t Reply: A Clever Phishing Method In Apple’s Mail App |
Phishing |
Apple |
Jon Bottarini (@jon_bottarini) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
| 2006 | ProtoBuffer ReUtilization “New Way to Security Test GoogleCaptcha” |
Captcha bypass |
Rapid7 |
ChooK |
Bug Bounty | 2021-12-10 | 2023-06-13 |
| 2003 | Open Redirection - QR Code Magic |
Open redirect |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-12-11 | 2023-06-13 |
| 2002 | A story about a not-so-direct SSRF |
SSRF |
NA |
Preetham Bomma (@cyber01_) |
Bug Bounty | 2021-12-12 | 2023-06-13 |
| 2001 | SVG based Stored XSS |
Stored XSS |
NA |
xaonan44 |
Bug Bounty | 2021-12-12 | 2023-06-13 |
| 2000 | Zero Click To Account Takeover |
Account takeover
Password reset |
NA |
M7.Arman (@ArmanSecurity) |
Bug Bounty | 2021-12-14 | 2023-06-13 |
| 1999 | How I Bypassed Incapsula WAF By Imperva |
SQL injection |
NA |
Dawood Ikhlaq |
Bug Bounty | 2021-12-14 | 2023-06-13 |
| 1998 | How I found XSS vulnerability in Amazon in 5 minutes using shodan |
XSS |
Amazon |
Mohamed Taha (@Mohamed12742780) |
Bug Bounty | 2021-12-15 | 2023-06-13 |
| 1997 | Bypassing the macOS Gatekeeper |
Local Privilege Escalation
Gatekeeper bypass
MacOS |
Apple |
Ron Masas (@RonMasas) |
Bug Bounty | 2021-12-15 | 2023-06-13 |
| 1996 | How I found the Authentication Bypass bug and Earn $$$$ |
Session expiration issue |
NA |
Thedarkwayg (@shadow_CLAY) |
Bug Bounty | 2021-12-15 | 2023-06-13 |
| 1995 | Gumtree – leaking your data and not really listening |
IDOR |
Gumtree |
Alan Monie (@AlanMonie) |
Bug Bounty | 2021-12-15 | 2023-06-13 |
| 1994 | GHSL-2021-1053: Path traversal in Grafana REST API - CVE-2021-43813, CVE-2021-43815 |
Path traversal |
Grafana Labs |
Alvaro Muñoz (@pwntester) |
Bug Bounty | 2021-12-15 | 2023-06-13 |
| 1993 | Broken Access Control |
IDOR |
Microsoft |
Meareg |
Bug Bounty | 2021-12-16 | 2023-06-13 |
| 1992 | Exploitation Of CVE-2021-21220 – From Incorrect JIT Behavior To RCE |
Browser hacking
Memory corruption
RCE |
Google
Microsoft |
Bruno Keith (@bkth_) |
Bug Bounty | 2021-12-16 | 2023-06-13 |
| 1991 | Hacked Google-Meet…??! |
Authorization flaw |
Google |
7𝖍3𝖍4𝖈kv157 (@7h3h4ckv157) |
Bug Bounty | 2021-12-18 | 2023-06-13 |
| 1990 | Flickr Account Takeover |
Account takeover
Authentication flaw |
Flickr |
Lauritz Holtmann (@_lauritz_) |
Bug Bounty | 2021-12-18 | 2023-06-13 |
